Link Search Menu Expand Document

Cloud Hubs in GCP

Configuration > Cloud Services > IaaS > Deploy Cloud Hubs in GCP

The Cloud Hubs in GCP tab provides the Google Cloud Platform account details and EC-V deployment configuration details for all cloud EC-Vs that have been deployed.

Use this tab to:

  • Add and modify GCP accounts

  • Deploy EC-Vs in GCP

  • Manage EC-V instances deployed in GCP

NOTE: Before you can deploy EC-Vs to the GCP cloud, you must perform several tasks in GCP. For more information, see GCP Account Configuration.

The following table describes each field on this tab.

Field Description
Project Project ID for the EC-V deployment.
Region GCP Region in which the EC-V instance was deployed.
Zone GCP zone in which the EC-V was deployed.
Tag Appliance tag for an EC-V instance. If not configured, this value is automatically assigned.
Status Status of an EC-V instance deployed in GCP. If more information is available, an info icon is displayed.

NOTE: If the deployment failed for the selected instance, the info dialog contains a link to download the log file and steps to resolve the issue.
Terminate To terminate an EC-V instance in GCP, click Terminate. This action deletes all resources associated with the selected EC-V instance.
Deployment Info Click the info icon in this column to view details of the selected EC-V instance, including the IP addresses associated with the mgmt0, wan0, and lan0 interfaces.
Resources Click the info icon in this column to view details about all GCP resources that Orchestrator created during the deployment for the selected EC-V instance.
Info The appliance hostname after it has been approved and added to Orchestrator. If an appliance has not been approved, this column will be blank.
Comment Comments that were added to the deployment when the EC-V was created. To edit the comment, click the edit icon.

Add or Modify a GCP Account

To add or modify a GCP account to Orchestrator:

  1. Click GCP Service Accounts.

    The GCP Service Accounts dialog box opens.

  2. Click New GCP Account or click the edit icon next to the account you want to edit.

    The GCP Account Configuration dialog box opens.

  3. Complete or modify the elements as necessary.

Deploy a New EC-V

To deploy one or more EC-V instances in GCP, click New Deployment.

Manage an EC-V

If a deployment does not complete or you no longer want the EC-V in the GCP cloud, you can remove the deployment and all associated artifacts.

To remove a deployment, locate the deployment you want to remove, and then click Terminate in that row.

GCP Accounts

The GCP Service Accounts dialog box lists all of the GCP accounts that have been added.


  • To create a new account for EC-V deployments, click New GCP Account.

  • To modify an existing account’s details, click the edit icon next to the account.

GCP Account Configuration

Complete the following steps to create an GCP user account with the required permissions for creating EC-V instances in GCP.

Create a GCP Project

  1. Log in to GCP (

  2. On the right-side menu, hover over IAM & Admin, and then click Create a Project.

  3. Enter the required information, and then click Create.

Enable GCP APIs

This section explains how to enable two different APIs required for creating EC-V instances in GCP.

Enable Compute Engine API

  1. On the right-side menu, hover over APIs & Services, and then click Library.

  2. In the search bar, search for Compute Engine API.

  3. Click Compute Engine API.

  4. Click Enable.

Enable Google Cloud Resource Manager API

  1. On the right-side menu, hover over APIs & Services, and then click Library.

  2. In the search bar, search for Cloud Resource Manager API.

  3. Click Cloud Resource Manager API.

  4. Click Enable.

Create a Custom Role

This section explains how to create a custom role and attach permissions in GCP. There are two ways to do this. Select one of the following options (you do not need to do them both):

Create a Custom Role Using Google Cloud Shell (Recommended)

Create a Custom Role Using Google Cloud Console

Create a Custom Role Using Google Cloud Shell (Recommended)

  1. In Google Cloud, click the Activate Cloud Shell icon on the top menu bar.

  2. Paste the following into the command line, making sure to replace the ** variable with the project name you created above:

    gcloud iam roles create CustomRoleForArubaOrchestrator --project=<PROJECT NAME> --title="Custom Role for SD-WAN Orchestrator" --description="Custom Role for SD-WAN Orchestrator." --permissions="compute.disks.create,compute.firewalls.create,compute.firewalls.delete,compute.firewalls.get,compute.images.get,compute.instances.create,compute.instances.delete,compute.instances.get,compute.instances.setMetadata,compute.networks.create,compute.networks.delete,compute.networks.get,compute.networks.updatePolicy,compute.regions.list,compute.subnetworks.create,compute.subnetworks.delete,compute.subnetworks.get,compute.subnetworks.use,compute.subnetworks.useExternalIp,compute.zones.get" --stage=GA
  3. Exit Cloud Shell and verify that Custom Role for SD-WAN Orchestrator is enabled in the list of roles for your project.

Create a Custom Role Using Google Cloud Console

  1. On the right-side menu, hover over IAM & Admin, and then click Roles.

  2. Click Create Role.

  3. Fill in the Title and ID fields.

  4. In the Role launch stage field, select General Availability.

  5. Click Add Permissions.

  6. Add the following permissions to the role:

    • compute.disks.create
    • compute.firewalls.create
    • compute.firewalls.delete
    • compute.firewalls.get
    • compute.images.get
    • compute.instances.create
    • compute.instances.delete
    • compute.instances.get
    • compute.instances.setMetadata
    • compute.networks.create
    • compute.networks.delete
    • compute.networks.get
    • compute.networks.updatePolicy
    • compute.regions.list
    • compute.subnetworks.create
    • compute.subnetworks.delete
    • compute.subnetworks.get
    • compute.subnetworks.use
    • compute.subnetworks.useExternalIp
    • compute.zones.get

    NOTE: These permissions cannot be batch-added in GCP. For each entry, you must search for the permission, select the check box next to it, and then click Add.

  7. On the Create Role page, verify the assigned permissions, and then click Create.

Create a GCP Service Account

  1. On the right-side menu, hover over IAM & Admin, and then click Service Accounts.

  2. Click the project created in the previous steps.

  3. Click Create Service Account.

  4. Enter the required information, and then click Create and Continue.

  5. In the Select a role field, select Custom Role for SD-WAN Orchestrator, and then click Continue.

  6. Click Done.

Create a Service Account Key Pair

  1. On the right-side menu, click Service Accounts.

  2. From your project home page, click your service account from the list.

  3. Click the Keys tab.

  4. From the drop-down menu, click Create new key.

  5. Leave the key type as JSON, and then click Create.

    The .json file saves to your system.

Add the GCP Account to Orchestrator

  1. In Orchestrator, navigate to Configuration > IaaS > Cloud Hubs in GCP.

  2. Click GCP Service Accounts.

  3. Click New GCP Account.

  4. Paste all content from the .json file saved in the previous section into the Key field, and then click Save.

    Orchestrator validates the account information. This takes approximately 45 seconds.

GCP Deployment Configuration

Use the GCP Deployment Configuration page to create one or more EC-V instances in a GCP region.

NOTE: If you do not have a GCP account configured in Orchestrator, the GCP Deployment Configuration dialog box is blank. To create a GCP account, click the Service Accounts link.


Field Description
Project Select the GCP project created earlier in this procedure.
Name Enter a name for the deployment. This name is used only for identifying the deployment. A deployment consists of one or more EC-Vs that an Orchestrator creates in GCP. Only alphanumerical letters and hyphens are allowed in the deployment name. The maximum allowed length is 20 characters.
Virtual network CIDR Enter a Virtual Classless Inter-Domain Routing (CIDR) block. The CIDR block must be at least /16. Orchestrator carves out three x /26 global subnets (mgmt, wan, lan) from Virtual Network CIDR for each region. A /16 CIDR supports deploying in 300 regions.

NOTE: You only need to enter this value once per GCP project.
Region Select the GCP region where you want to deploy the EC-V.
Boost (Optional) Boost requires additional resources on a GCP instance. After Boost and an appropriate WAN Bandwidth value are selected, Orchestrator displays the appropriate GCP instance types for the deployment on the Instance Type drop-down menu.

NOTE: Selecting the Boost check box does not enable Boost on the EC-V. It only allows Orchestrator to display appropriate GCP instance types that can support Boost for the selected WAN bandwidth. To enable Boost on the EC-V, go to the Deployment page and the Business Intent Overlay (BIO) page after the deployment is complete.
WAN bandwidth The Bandwidth drop-down list displays the current EdgeConnect license tiers. After you select a WAN Bandwidth value, Orchestrator displays the appropriate GCP instance types for the deployment on the Instance Type drop-down menu.
Instance type Based on your selection of Boost and WAN Bandwidth values, Orchestrator displays the appropriate GCP instance types on this drop-down menu.
SSH public key Enter the SSH public key for the deployment.
Instances Zone: You can deploy multiple EC-Vs by clicking + and selecting the Zone for each EC-V. If the selected region supports multiple zones, each zone is shown on the drop-down menu. When deploying multiple EC-Vs, it is best practice to deploy each EC-V in a unique zone.

Appliance tag (Optional): Enter an Appliance Tag in this field if you want to assign a pre-configuration file to the deployment. If this field is left blank, Orchestrator will automatically assign an Appliance Tag for its own configuration purposes.
Advanced Settings Custom image: If you want to deploy the EC-V with a specific public or private image, specify the image ID here. You can obtain the image ID from the GCP console.

Leave this field blank to allow Orchestrator to deploy the EC-V with the base image obtained from GCP.

When you have completed all of the required fields, click Review and Deploy. Review the configuration summary, and then click Deploy to create the EC-V instances.

Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP.

To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

This product includes code licensed under certain open source licenses which require source compliance. The corresponding source for these components is available upon request. This offer is valid to anyone in receipt of this information and shall expire three years following the date of the final distribution of this product version by Hewlett Packard Enterprise Company. To obtain such source code, please check if the code is available in the HPE Software Center at but, if not, send a written request for specific software version and product for which you want the open source code. Along with the request, please send a check or money order in the amount of US $10.00 to:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America