This is a simple landing zone for Nutanix Cloud Clusters on Google Cloud Platform
This repo contains terraform code to deploy a simple network landing zone for Nutanix Cloud Cluster (NC2) on Google Cloud with a VPN site to site connection to On-premises Datacenter (using a Google Cloud Classic VPN)
-
Of course a VPN Gateway running on premises (or on a public cloud platform)
-
More information about NC2 on GCP : [NC2 on Google Cloud Overview] (https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Cloud-Clusters-Google-Cloud:nc2-clusters-google-cloud-overview-c.html)
-
An Google Project with enough privileges (create Role, ...)
-
Google Cloud CLI x.x. or > : https://cloud.google.com/sdk/docs/install-sdk
-
Terraform CLI 1.13 or > : https://www.terraform.io/downloads.html
You can also clone this repo in your Google Cloud Shell and use terraform in your cloud shell.
For additional information about creating manually your ressources on Google Cloud for Nutanix Cloud Cluster : https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Cloud-Clusters-Google-Cloud:nc2-clusters-google-cloud-manual-setup-gc-c.html
NC2 on Google Cloud requires 2 Services Accounts with specifics permissions :
-
one to be used by NC2 Portal (aka MCM)
-
one to used by GCE Metal instances of the cluster
This landing zone is designed for an NC2 on Google Cloud with Nutanix Flow Networking and a VPN Site to Site connexion with on premises (or other cloud) network.
IP ranges and all variables can be defined/customized by editing example-configuration.tfvars. Then rename example-configuration.tfvars to configuration.tfvars
This landing zone also include the option to have a dedicated private subnet and a virtual machine to use as a jumbox. All Google Cloud resources related to Jumbox are in jumbox.tf file.
Clone this repo.
Edit example-configuration.tfvars to define your Google Cloud resources names or tags, your Google region... Then rename example-configuration.tfvars to configuration.tfvars
Important DO NOT USE 192.168.5.0/24, 10.100.0.0/16, 10.200.0.0/16, 10.200.0.0/22, 100.64.1.0/24 CIDRs that is reserved for communications between AHV and the CVM, VTEP subnet or CSMP.
To get these information, you can use the Google CLI on your workstation or in Google Cloud Shell
gcloud auth application-default loginYou can list your Google regions available with quotas using the following command :
gcloud compute regions list
The following command gives the region actually used by the CLI regardless of whether environment variables are or are not set: https://cloud.google.com/sdk/gcloud/reference/config/set
gcloud config configurations listSupported Google Cloud regions for Nutanix Cloud Clusters on Google Cloud : https://portal.nutanix.com/page/documents/details?targetId=Nutanix-Cloud-Clusters-Google-Cloud:nc2-clusters-google-cloud-regions-c.html
If you don't need a Jumpbox VM (that uses the latest Windows Server 2025 image) and its associated resources, you can define EnableJumbox=0 in tfvars file or delete jumbox.tf file
- Terraform Init phase
terraform init- Terraform Plan phase
terraform plan --var-file=configuration.tfvars- Terraform deployment phase (add TF_LOG=info at the beginning of the following command line if you want to see what's happen during deployment)
terraform apply --var-file=configuration.tfvars
- Wait until the end of deployment (It should take around 3-4 minutes)
- Get the Public IP used for VPN Tunnels on the Google VPN Gateway that is provided as an terraform output or on the Google Console :
Then use this public IP in the on-premises VPN Gateway tunnel configuration.
Example using a Unifi Gateway :
On Google Console, check that the VPN Tunnel is up
On your on premises VPN Gateway management UI, check VPN Tunnel Status :
- Deploy an GCE instance in the NC2 VPC (for example in the management subnet) to perform a connectivity test between Google network and on-premises network
Ping the GCE instance from an on premises device and validate that VPN Site to site is up and running
- Go to Nutanix Cloud Cluster (NC2) Portal https://cloud.nutanix.com and start your Nutanix Cluster deployment wizard.
In Step 1 (General) choose the same Google region and Availability Zone that you used in your terraform deployment
In Step 4 (Network) choose the cluster VPC and cluster Subnet created with terraform
In Step 6 (Flow Networking) choose the FVN (Flow Virtual Networking) NAT range subnet and FVN No-NAT subnet range created with terraform
-
After the deployment of the cluster is successfull, you can add connectivity with on-premises or other Google Cloud VPC or services by peering a SharedVPC or a Hub. If you enabled a bastion and a Jumpbox VM, you can login to the Jumbox VM and connect Prism Element or Prism Central through a web browser.
-
Use the solution and configure Nutanix features like categories, VM, replication...
-
When you want to destroy the Nutanix Cluster, use the NC2 Portal (https://cloud.nutanix.com) to terminate it.
-
After Nutanix cluster terminaison, you can destroy the landing zone using the following command :
terraform destroy --var-file=configuration.tfvars
It's cheap to test and customize this simple landing zone.
You can use infracost (available on https://www.infracost.io/) to check the estimate price for 1 month. Here is an example for Netherland (eu-west-4) Google Region without enabling a GCE Jumbox.
❗ Important : this landing zone cost estimation does not include the cost of Google GCE Metal instance(s) used as node(s) in the Nutanix Cluster and network traffic. Please have a look of metal instances prices here : https://cloud.google.com/products/calculator?hl=en&dl=CjhDaVF3Tmprek1qVmpNUzAzWlRGaExUUXdZVGN0T0RrNE55MDVZVFZrTkRaaE56YzVPREVRQVE9PRAIGiREMUQ5QTgzOC00RjY1LTRGMkEtOEY5Qi1DMDlCQkUyRkI5Mzk . Pricing is per instance-hour consumed for each instance, from the time an instance is launched until it is terminated or stopped.
- Add additional labels to every GCP resources