Integration in GCP

Updated
  • Updated on Jul 24, 2025
  • Published on Mar 2, 2023
  • 3 minute(s) read
  • Andrea Hilton
  • Henrik Nydell
 Prev Next

This article explains how Provider Connectivity Assurance (formerly Skylight) is integrated in Google Cloud Platform​ (GCP).

Cloud Challenges

More Complexity. More Users. Less Visibility.

image.png

No access to the network layer

There is no network layer access! How can I capture the network traffic?

image.png

GCP: Basic Concepts to Know

image.png

image.png

Provider Connectivity Assurance in the Cloud: General Principles and Architectures

Cloud visibility using Google packet mirroring

8.png

The picture above shows the simplest configuration where the mirrored subnet and the collector subnet are in the same VPC. See GCP packet mirroring for details on how to configure GCP for packet mirroring.

Assurance Sensor Capture deployed within collector-subnet

  • Receives monitored network traffic
  • Computes Per Packet Intel
  • Sends Per Packet Intel to Provider Connectivity Assurance (formerly Skylight analytics) through HTTPS (TCP port 443)

Technical Requirements

Assurance Sensor Capture

  • Version 21.02.10-r1 release and above

Network Flows Requirements

Ingress traffic Egress traffic
Assurance Sensor Capture TCP port 443 to Provider Connectivity Assurance and TCP port 443 to NATS on same Provider Connectivity Assurance

Main Deployment Steps

▶ To Deploy

  1. Deploy Assurance Sensor Capture(s).

  2. Link deployed Assurance Sensor Capture(s) to your Provider Connectivity Assurance tenant.

Deploying an Assurance Sensor Capture in GCP

Note that the Assurance Sensor Capture image is not available on GCP marketplace.

The whole process requires the following steps.

▶ To deploy an Assurance Sensor Capture in GCP

  1. Create a storage bucket.

  • Go to the Storage menu of your GCP account and click CREATE BUCKET.
    image.png

  • Give it a name and click Create.
    image.png

  • You can leave all options by default and simply click CREATE.
    image.png

  1. Convert .qcow2 file in raw format.
  • In the CLI on your local machine, convert the .qcow2 file provided by Cisco to raw format.
  • For this, you can use the qemu-img tool :
qemu-ing convert -f qcow2 -0 raw Skylight-PVX-sensor-20.11.4.qcow2 disk.raw

CAUTION: The destination file must be called “disk.raw”. Otherwise, it will not be recognized by GCP.

  1. Convert raw format in tar.gz
  • From your local CLI again, convert the raw file into .tar.gz.
  • At this stage, you can provide any name you like so as to easily recognize the file once it is uploaded to GCP:
tar -Sczf skylight-sensor.tar.gz disk.raw
  1. Upload the file to the storage bucket.

  • Now that your file is ready, you can upload it to GCP by using the UPLOAD FILES menu in the GCP storage bucket menu.
    image.png

  • The upload process may take awhile.
    image.png

  • If the upload is successful, you should see the following uploaded file:
    image.png

  1. Create an image based on the uploaded file.

  • You can now create an image based on the uploaded file.

  • Go to the Compute Engine menu and select CREATE IMAGE.
    image.png

  • Give it a name and select the Cloud Storage file option under Source menu.

image.png

  • Select the storage bucket and the upload file. Once the file is selected, click CREATE to finalize the process.
    image.png

  • Do not be surprised if you do not see anything on the screen (no “ongoing process” or any message).

image.png

  • You have to wait a few seconds or minutes to see the newly created image appear on the screen (simply refresh).

image.png

  1. Deploy an Assurance Sensor Capture from the created image.

  • Go to the Compute engine menu and click on Create an instance.

  • The only specific point here is to change the boot disk provided by default, and select your image in the custom images menu.
    image.png

  • Once your instance is created, you should see it in your running instances list:
    image.png

Linking an Assurance Sensor Capture to a Provider Connectivity Assurance tenant

▶ To Link an Assurance Sensor Capture to a Provider Connectivity Assurance Tenant

  1. Select deployment model.

  • Type deploy show to check the actual deployment model.
    23.png

  • Type deploy disable PVX to disable the PVX deployment model.
    24.png

  • Type deploy enable Analytics to activate the appropriate deployment model.
    25.png

  1. Link the Sensor to your Provider Connectivity Assurance own tenant.
  • Type register skylight to initiate the process.
  • When being prompted, provide the following information:
    • Tenant Host: URL of your Provider Connectivity Assurance tenant
    • Username: your admin username
    • Password: password linked to your username

26.png

  • You can check the presence of your sensor under Data Connections menu in Provider Connectivity Assurance.

image.png

© 2025 Cisco and/or its affiliates. All rights reserved.
 
For more information about trademarks, please visit: Cisco trademarks
For more information about legal terms, please visit: Cisco legal terms
For legal information about Accedian Skylight products, please visit: Accedian legal terms and tradmarks