Understanding Google Buckets

The database uses a single communal storage location for all data and for the catalog (metadata). Communal storage is the database's centralized storage location, shared among the database nodes. This mode supports communal storage in Google Bucket Storage, which must be set up by your cloud administrator before you can install the database. To install the database with communal storage as Google Bucket Storage, you need the following:

• Service account permissions

• The HMAC key

• The communal storage location

Service account permissions

Service accounts allow automated processes to authenticate with Google Cloud. The ArcSight Suite database deployment process uses the project's service account for your Google Cloud project to deploy instances.

When a new project is created, Google Cloud automatically creates a default service account (identified by project_number-compute@developer.gserviceaccount.com) for the project, and grants it the IAM Editor role. See IAM basic and predefined roles reference for details about this and other IAM roles.

The HMAC key

The ArcSight Suite Database uses a hash-based message authentication code (HMAC) key to authenticate requests to access the communal storage location. This key has two parts: an access ID and a secret. Running the installation in Google Cloud, requires both parts of an HMAC key for the nodes to use to access communal storage.

To create an HMAC key:

1. Log in to your Google Cloud account.

2. If the name of the project you will use to create your database does not appear in the top banner, click the dropdown and select the correct project.

3. In the navigation menu in the upper-left corner, under the Cloud Storage heading, click Cloud Storage and select Settings.

4. In the Settings page, click Interoperability.

5. Scroll to the bottom of the page and find the User account HMAC heading.

6. Unless you have already set a default project, you will see the message stating you haven’t set a default project for your user account yet. Click the Set project-id as default project button to choose the current project as your default for interoperability.

   The project ID appears in the button label, not the project name.

7. Under Access keys for service account, click Create a key.

8. Your new access key and secret will appear in the HMAC key list. You can copy them to a handy location (such as a text editor), or leave the browser tab open while you use another tab or window to create your database.

   These keys will remain available on this page, so you do not need to record them elsewhere.

The communal storage location

The database needs a storage location for its communal storage. Databases running on Google Cloud use Google Cloud Storage (GCS) for their communal storage location.

This location needs to meet the following criteria:

• The URL must include at least a bucket name.

• One or more levels of folders can be used as well.

For example, the following GCS URLs are valid:

• gs://arcsight-suite/mydatabase

• gs://arcsight-suite/databases/mydatabase

• gs://arcsight-suite

   

  When creating the communal storage location, the lowest-level folder in the URL must not already exist. For example, in the GCS URL gs://arcsight-suite/databases/mydatabase, the bucket named arcsight-suite and the directory named databases must exist, but the subdirectory named mydatabase must not exist yet. The database install process expects to create the final folder itself. If the folder already exists, the installation process will fail.

  The permissions on the bucket must be set to allow the service account read, write, and delete privileges on the bucket. The best role to assign to the user to gain these permissions is Storage Object Admin.

  To prevent performance issues, the bucket must be in the same region as all of the nodes running the Eon Mode database.