Cloud Execution for Desktop in GCP
Follow this guide to deploy the Cloud Execution for Desktop (CEfD) module for Google Cloud Platform (GCP) private data processing.
Prerequisite
Before you deploy the CEfD module, you must complete these steps on the Set Up GCP Project and VPC for Private Data page...
Configured a VPC dedicated to AACAAC as mentioned in the Configure Virtual Private Network section.
Service account and base IAM roles attached to the service account as mentioned in the Configure IAM section.
Successfully triggered private data processing provisioning as mentioned in the Trigger Private Data Handling Provisioning section.
Project Setup
Step 1: Configure IAM
Step 1a: IAM Binding to the Service Account
Assign these additional roles to the aac-automation-sa
service account that you created during Set Up GCP Project and VPC for Private Data:
Compute Load Balancer Admin:
roles/compute.loadBalancerAdmin
Compute Instance Admin (v1):
roles/compute.instanceAdmin.v1
Step 2: Configure Subnet
CEfD in the private data processing environment requires 1 subnet.
aac-option (required): Use this group if you enable Cloud Execution for Desktop within your private data processing environment. If you enable this option, an AMI swarm runs in this subnet to handle Designer Desktop processing jobs that run in the cloud.
Step 2a: Create Subnets in the VPC
Configure subnets in the aac-vpc
VPC.
Follow this example to create subnets with subnet name, subnet size, and other configurations (modify values, as needed, to meet your network architecture).
Subnet Name | Subnet | Secondary Subnet Name | Secondary Subnet Size |
---|---|---|---|
aac-option | 10.30.0.0/23 | N/A | N/A |
Importante
The subnet IP addresses and sizes in the table are an example. Modify values, as needed, to meet your network architecture.
The subnet region must match the region where you provision Private Data Handling.
The subnet name must match with the name as shown in the table.
Step 2b: Subnet Route Table
Create the route table for your subnets.
Importante
You must configure the Vnet with a network connection to the internet in your subscription.
Nota
This route table is an example.
Address Prefix | Next Hop Type |
---|---|
/23 CIDR Block (aac-option) | aac-vpc |
0.0.0.0/0 | <gateway_ID> |
Nota
Your <gateway id>
can be either a NAT gateway or an internet gateway, depending on your network architecture.
Private Data Processing
Atención
Si modificas o quitas cualquiera de los recursos en la nube pública aprovisionados con AAC una vez que se aprovisiona el manejo de datos privados, se produce un estado incoherente. Esta incoherencia genera errores durante la ejecución de la tarea o el desaprovisionamiento de la configuración del manejo de planos de datos privados.
Step 1: Trigger CEfD Deployment
Data processing provisioning triggers from the Admin Console inside AACAAC. You need Workspace Admin privileges within a workspace in order to see it.
From the AACAAC landing page, select the Profile menu and then select Workspace Admin.
From the Admin Console, select Private Data Handling and then select Processing.
Select the Cloud Execution for Desktop checkbox and then select Update.
Selecting Update triggers the deployment of the cluster and resources in the GCP project. This runs a set of validation checks to verify the correct configuration of the GCP project.
Nota
The provisioning process takes approximately 35–40 minutes to complete.
After the provisioning completes, you can view the created resources (for example, VM instances and node groups) through the GCP console. It is very important that you don't modify them on your own. Manual changes might cause issues with the function of the private data processing environment.