Has anyone deployed agents to compute resources in GCP? If so, do your agents report back to an on prem beacon or internet facing or x?
GCP Cloud Asset Inventory beta is starting to collect information regarding the OS and installed packages. With this data, is it necessary to have agents deployed to cloud targets for simple use cases? Has any looked at an adapter to leverage GCP inventory data over installing agents?
Jan 12, 2021 02:52 PM
I would recommend a tiered approach to beacons. If possible, then operate a central beacon within the GCP and all agents report their data to it. The central GCP beacon is then connected to your DMZ or intranet beacon via only one necessary firewall rule. A normal configuration.
When it comes to agent deployment, I think it depends on how dynamic your environment is. If VMs are only active for a short time and then deleted again, then the results of the inventory may be wrong and have an impact on your balance.
Here I would recommend a solution like the AWS/Azure Connector. On the one hand, the inventories are determined by the agent (agent in the template incl. first start after deployment) and, on the other hand, the infrastructure data (status of the VMs, similar to the vCenter Adapter) is determined. Based on this information, inventories that are no longer in the structure are cleaned up. You can find more information about the procedure in the documentation.
Terminated instances are a special case. 1.Before termination, the running instance may have had an inventory device record (provided that it was reporting inventory). 2. When you terminate the instance, Microsoft Azure keeps the terminated instance visible through the API for about an hour, and if you have implemented your Azure PowerShell connector on an inventory beacon with the default 30 minute schedule, the termination is imported through the connector, and the record in the CloudServiceInstance table is updated with the terminated status. (This record, with its terminated status, is visible in the Cloud Service Provider Inventory page, if you set the filters on that page appropriately.) 3. At the next full inventory import (by default, overnight, immediately before the license compliance calculations), any inventory device record linked to a terminated instance is deleted, because you do not want terminated instances consuming from your licenses. 4. Of course, the terminated instance no longer reports inventory; but its previously-recorded inventory is still in the inventory database (and in normal processes is not cleaned up for a while). Although the next full import (typically the next night) normally imports records from the inventory database, for terminated instances this is prevented by the terminated flag in the CloudServiceInstance table. This prevents the deleted inventory device record from reappearing.
Jan 20, 2021 01:54 PM