Adding a Google Cloud project

As part of adding a Google Cloud project as a source to R‑Cloud, you enable the HMSA, a special type of account that is designed specifically for R‑Cloud to run data protection operations. The HMSA provides business continuity of your data protection environment by enforcing a single service account that cannot be deleted accidentally, and at the same time it also delivers enhanced security by uniquely identifying the service and using key rotation to limit risks associated with potential service account key leaks.

Prerequisites

  • To add the HMSA to the Google Cloud project, your Google Cloud account must be granted the following permissions:

    • resourcemanager.projects.getIamPolicy

    • resourcemanager.projects.setIamPolicy

    Instead of granting the individual permissions, you can also assign your Google Cloud account one of the following roles: Project Owner, Project Editor, or IAM Admin.

  • Only if you plan to add your Google Cloud project to a protection set other than the default one. The protection set must be created. For instructions, see Creating protection sets.

  • To access the Sources dialog box from the toolbar, click  Administration, and then select Sources.

  • To access the Sources dialog box from R-Graph, in an empty R-Graph with no sources configured, click Set Up Source.

You can also add sources directly from the Marketplace panel by clicking Configure in the product details page, bypassing the initial Sources dialog box.

Procedure

  1. Not applicable if you are redirected from the Marketplace panel. In the Sources dialog box, click the Google Cloud tab, and then click New New.

  2. From the Protection Set drop-down menu, select the protection set to which you want to add the Google Cloud project. By default, the Google Cloud project is added to the currently selected protection set.

  3. Enter the Google Cloud project ID, and then click Add. The HMSA email is displayed.

  4. Click  Copy to Clipboard to copy the HMSA email to the clipboard. You need the email address to assign permissions to the HMSA.

  5. Click Grant Access to open the HYCU Managed Service Account configuration wizard.

    The HYCU Managed Service Account configuration wizard guides you through all the required steps of enabling the HMSA for the Google Cloud project.

  6. Return to the R‑Cloud web user interface, and then click Save.

The Google Cloud project is added to the list of sources.

Note  If you do not complete the steps in the HYCU Managed Service Account configuration wizard or if you enter an incorrect Google Cloud project ID, adding a Google Cloud project as a source to R‑Cloud is suspended and the status of the source is Preparing. If this happens, remove the source, and then add it to R‑Cloud again.

You can later delete the Google Cloud projects that you do not need anymore (click Delete Delete). Keep in mind that deleting the Google Cloud project from R‑Cloud does not delete any IAM permissions that were created in the Google Cloud project.