How to create a Google account?
As a prerequisite to use the Google Cloud Platform (GCP) you must have a Google account. To set up a Google Account, go to the create your Google Account page.
How to create a Cloud Platform project?
Check this How-to guide to learn how to create and manage projects in the Google Cloud Platform console.
How do I enable the GCP services for your project?
To enable GCP services for your account you must associate a payment method to your account. For more information, see this information from GCP documentation.
To take advantage of SAP Cloud Appliance Library on Google Cloud Platform, you need to enable the following APIs:
- Cloud Resource Manager API
- Compute Engine API
You can enable these APIs via the Google API dashboard: https://console.developers.google.com/apis/dashboard
What are the additional services for your project if you using Kubernetes based solutions?
You need to enable the following additional APIs for Kubernetes based solutions:
- Kubernetes Engine API
- Container Registry API
- Google Cloud Storage
What is a service account?
A service account is a special Google account that belongs to your application or a virtual machine (VM), instead of to an individual end user. Your application uses the service account to call the Google API of a service, so that the users aren't directly involved.
For more information, see the Google Cloud Platform documentation.
How to create a service account?
When you create a new Cloud project, Google Cloud Platform automatically creates one Compute Engine service account and one App Engine service account under that project. You can create up to 98 additional service accounts to your project to control access to your resources.
Check this How-to guide to learn how to create and manage service accounts using the Google Cloud Platform console.
Caution: The roles that are required for the service account to grant permissions to SAP Cloud Appliance Library are the following (see the screenshot):
You must select the main role Compute Engine and then these three roles: Compute Instance Admin (v1), Compute Network Admin, Compute Security Admin.
Note: When you create a service account, you must create access keys (JSON file) for this account to establish a connection to the SAP Cloud Appliance Library. While you are in the Create service account dialog box choose the Furnish a new private key checkbox and then for the Key type choose JSON. Then choose Create and save the file on your computer.
For your information, when you create an instance in the SAP Cloud Appliance Library on the step for the account you must upload this JSON file.
How to create service account keys (JSON file)?
To use a service account outside of the Google Cloud Platform (on other platforms or on premise), you must establish the identity of the service account. Public/private key pairs will let you do that.
Check this How-to guide to learn how to create and manage service account keys (JSON file) using the Google Cloud Platform console.
How to check and grant roles to service accounts?
You grant roles to a service account so that the service account has permission to complete specific actions on the resources in your Cloud Platform project.
For example, you might grant the storage.admin role to a service account so that it has control over objects and buckets in Google Cloud Storage.
Check this How-to guide to learn how to grant roles to service accounts using the Google Cloud Platform console.
What are the roles required for the service account to grant permissions to SAP Cloud Appliance Library?
The required roles for the service account are the following:
You have to select the main role Compute Engine and then these three roles:
- Compute Instance Admin (v1)
- Compute Network Admin
- Compute Security Admin
What are the additional roles for service accounts if you using Kubernetes based solutions?
If you want to use Kubernetes based solutions, on top of the above Compute Engine roles, you also need to select the following roles:
- Kubernetes Engine Admin
- Service Account User
- Storage Admin
How to access to backend servers on the Operating System (OS) level?
Depending on the overall requirements your solution may consist of one or more servers running either on a Linux OS and/or on a Windows OS.
- Access to Linux OS on Backend
If you need OS access, you can use SSH connectivity:
OS User Name
The default Operating System administrator user.
Use the private key (downloaded during the activation of the SAP instance in SAP Cloud Appliance Library) for logging on with the root user.
- Access to Windows OS on Backend
If you need OS access, you can use RDP connectivity:
- Microsoft Windows : Start the Remote Desktop Connection using the Start Menu (All Programs > Accessories) or executing mstsc.exe.
- Apple Mac OS X Use the free Microsoft Remote Desktop app available in the Mac App Store to connect to your frontend.
- Linux : Use your preferred RDP client.
OS User Name
The default OS administrator user for Windows.
The master password is used for accessing the system. It is provided by the user during the creation of the solution instance in SAP Cloud Appliance Library.
How to increase the quota for your project in Google Cloud Platform console?
To see the procedure how to increase the quota in your project, please check this GCP page.