With a growing share of the public-cloud pie, Google Cloud Platform has been increasing the number of managed services it offers for the enterprise IT market. Traditionally, this has been the territory of Azure and AWS, but Google is starting to shake things up. One of the newest Google Cloud managed services is focused on a mainstay of enterprise IT deployment: Microsoft Active Directory (AD).
What is this new managed service from Google Cloud and how can you take advantage of it if you’re already using AD alongside a Cloud Volumes ONTAP deployment in Google Cloud?
In this post we’ll walk you through how you can configure Google Cloud Managed Service for Microsoft Active Directory with Cloud Volumes ONTAP. This is essential for configuring SMB/ CIFS so you don’t have to set up your own AD server.
What Is Managed Service for Microsoft AD?
Microsoft AD is essentially the central controller of an IT network, identifying, authenticating, and managing all of the disparate computing devices that are part of that network. Through AD, admins can direct traffic, uses, and devices. There is much more that the service is capable of with some of the expanded services that Microsoft has added to the base service, but its core function is still an essential part of large-scale computing networks.
However, there are tasks involved with maintaining an AD deployment that can become tedious for IT staff when they have other, more critical projects they need to devote their time to. Google Cloud Managed Service for Microsoft AD seeks to solve that problem. This highly available and secure service takes the tasks of securing, authenticating, and authorizing AD workloads off the admin’s list of tasks. It also facilitates connectivity between on-prem AD deployments and the (Google) cloud. This focus on hybrid cloud management is one of Google Cloud’s main selling points of the service.
How is Google Cloud’s Managed Service for Microsoft AD going to be best put to use in your organization? One use case is with virtual desktop infrastructures (VDI). With a growing emphasis on VDI deployments, AD is more important than ever. AD can be used as the basis for single-sign-on (SSO) authentication for users. With the many tasks involved in maintaining such a deployment, taking some of the basic configurations and maintenance out of running AD and giving it to Google Cloud is an ideal situation.
How to Configure Google Cloud Managed Service for AD with Cloud Volumes ONTAP
Let’s see how to integrate this Google Cloud managed service into your Cloud Volumes ONTAP for Google Cloud deployment.
This section details the requirements to access Cloud Volumes ONTAP.
It should go without saying, but you should also be fairly familiar with operating Cloud Volumes ONTAP before you attempt to carry out this procedure. The following admin-level capabilities are required to access Cloud Volumes ONTAP:
- An existing Google Cloud deployment with appropriate permissions to use Cloud Manager, Cloud Volume ONTAP.
- Cloud Manager and Cloud Volume ONTAP permissions, which can be found here: https://mysupport.netapp.com/cloudontap/iampolicies.
You will also need have some basic information at hand about your Google Cloud account in order to connect to Cloud Volumes ONTAP, including:
- Working knowledge of Google Cloud.
- Access to your Google Cloud account.
- Control over your Google Cloud Managed Service for Microsoft AD and network settings.
For more insight, read up on Active Directory Design considerations here. If you haven’t started using the service yet, find out how to start using Google Cloud Managed Service for Microsoft AD here.
How to Create Your Google Cloud Managed Service for Microsoft AD
Here we will show you how to set up the Google Cloud Managed Service for Microsoft AD. This process will entirely be carried out at the Google Cloud level, without Cloud Volumes ONTAP.
1. Go to the Google Cloud Management console and sign in. If you do not have a domain page set up, see this Quickstart guide on how to create a domain page here.
2. Head to the Security dashboard in the console. Look for the Google Cloud Managed Microsoft AD option at the bottom of the list on the left-hand side of the screen.
3. Select the option to Create New AD Domain.
4. Next, fill in the details to create the AD directory service. These include your fully qualified domain name (FQDN), NetBIOS name, your network details, CIDR range, and the region you are going to deploy in.
Once all the information has been added, click the “Create Domain” button.
5. It will take Google Cloud and AD about an hour to create the domain. When it’s finished, the directory will be seen listed in the console screen for Managed Service for Microsoft AD.
Adding the AD Server to Cloud Volumes ONTAP
Now that your Google Cloud Managed Service for AD is set up, next you’ll add it to a Cloud Volumes ONTAP deployment. For the purposes of this example, we will assume that you don’t have an existing Cloud Volumes ONTAP working environment.
1. To get started, launch Cloud Manager. If you need to do this for the first time, you can find out how to launch Cloud Manager for Google Cloud here.
2. Navigate to the Working Environments tab at the top of the screen. Click on “Create Cloud Volumes ONTAP” to begin the creation process of a Cloud Volumes ONTAP for Google Cloud.
3. The setup wizard will walk you through the basic steps. When you reach the Create Volume screen, switch the protocol setting to CIFS. You will also need to provide the volume name, the share, and designate size for the volume.
4. Next you will set up the CIFS share. The following fields all need to be completed:
- DNS: You can either use the internal Google DNS or you can use your own DNS server, if you have one set up already. Find out more on Google’s internal DNS here.
- AD domain to join: Here you will add the same domain name (FQDN) that you entered when you created the AD service.
- Credentials authorized to join the domain: The name you enter here should be a user that has appropriate credentials to join the domain. The default choice here will be “setupadmin” username. Enter the password as well.
- Organizational Unit: Read more on the options for organizational unit here. The default option will be “OU=cloud,” and that should be sufficient.
5. Proceed with the rest of the Cloud Volumes ONTAP set up wizard until it reaches the Review & Approve screen. At this point you will be able to review all your settings and create the instance.
It will take about 25 minutes for Cloud Volume ONTAP to deploy, during which you can see the progress of the set up.
Creating Volumes for Use with AD
Now that you have a Cloud Volumes ONTAP instance set up, we can connect it to AD.
1. Head back to the Working Environments tab in Cloud Manager. You will see your Cloud Volumes ONTAP instance for Google Cloud.
2. Click on the “Add New Volume” button to create a new Cloud Volumes ONTAP volume.
3. Define the volume name, size, and select the CIFS protocol.
Continue to the next step.
4. When you get to the AD section of the volume setup, select the Microsoft AD that you created previously using the Google Cloud console.
Continue to the next step.
5. In the next screen you’ll select your preferred disk type and create the volume by clicking “Go.”
6. Now that the volume is created, you can get the mount command:
You’ve just seen how to set up your Google Cloud Managed Service for AD configuration with Cloud Volumes ONTAP. As one of the latest in a growing number of Google Cloud managed services, Google Managed Service for AD can be an integral part of your IT deployment on Google Cloud.
The same is true for Cloud Volumes ONTAP, which fully supports AD integration and Google Cloud Managed Service for AD.