Google Cloud Satellite
Discover the projects, Compute Engine instances, disks and networks across your Google Cloud environment and roll them into the CMDB — securely and read-only.
Google Cloud Platform
Google Cloud resources brought into the CMDB
- Available Google Cloud projects, their hierarchy & state
- Compute Engine instances with machine type & CPU platform
- Status, zone, hostname, source image & lifecycle timestamps
- Attached disks — size, type, interface, boot & mode
- Network interfaces — network, subnetwork, internal & IPv6 IPs
- Each instance rolled into the CMDB and linked to its project
Deploy in your Google Cloud project
Run the Google Cloud Satellite as a Docker container or install it on any supported Linux host — ideally within the customer’s Google Cloud project, so credentials and discovered data stay inside their environment.
Docker image
Pull the public CMDB-360 Google Cloud Satellite image from Docker Hub and run it on any host that already has Docker installed.
Universal Installer
Install on any Oracle Linux 8/9 or Ubuntu 20.04/22.04 host (ARM or x86_64) with the graphical Installer or the non-interactive AutoInstaller for scripted setups.
We recommend deploying the Satellite within the customer’s Google Cloud project so credentials and discovered data stay inside their environment — though, because it uses the public Google Cloud APIs, it can run anywhere with outbound internet access. Minimum footprint: 1 vCPU, 4 GB RAM, 10 GB disk. It needs only outbound HTTPS (443) to the Google Cloud APIs and to the Base Station; no inbound ports are required.
A simple two-step setup
When you deploy with the Installer or AutoInstaller, configuration is handled for you. Otherwise the on-instance tools walk you through two steps.
1 · Connect to the Base Station
Using the AdminTool, point the Satellite at your MSP’s CMDB-360 Base Station with its URL and the unique access token issued for the Satellite. These are held in an encrypted config.yml, then services are restarted.
2 · Grant read-only Google Cloud access
Create a service account with a read-only role — the basic Viewer role, or granular roles such as Compute Viewer and Browser — at the organization, folder or project scope. Generate a key and provide it to the Satellite with the ConfigTool.
The Satellite needs only read-only access to Google Cloud and reaches the Google Cloud APIs over outbound HTTPS (443). You can disable discovery of any resource type — or turn off the on-demand detail channel entirely — from the Satellite scheduler, so it only ever sees what you choose to expose.
How the Google Cloud Satellite protects data
The Google Cloud Satellite never touches your virtual machine instances directly — it reads only from the Google Cloud APIs using a read-only service account and sends non-sensitive rosters to the CMDB-360 Base Station. Detailed information is streamed on demand and only while a user is viewing a record, so nothing proprietary is stored outside the environment.