Console
    Contact Us Start free

    Mirroring deployment groups overview

    A mirroring deployment group is a collection of mirroring deployments that are set up across multiple zones. This collection represents a producer's mirroring service that the consumers can connect to.

    A mirroring deployment group is identified by a unique URL identifier. This URL is used in the mirroring endpoint group to identify the producer mirroring service where the mirrored packets are sent for deep packet inspection.

    This document provides a detailed overview of the mirroring deployment groups and their capabilities.

    Specifications

    • A mirroring deployment group is a global project-level resource.

    • Each mirroring deployment group is uniquely identified by a URL with the following elements:

      • Project ID: ID of the project.
      • Location: scope of the mirroring deployment group. Location is always set to global .
      • Name: mirroring deployment group name in the following format:
        • A string 1-63 characters long
        • Includes only lowercase alphanumeric characters or hyphens (-)
        • Must start with a letter

      To construct a unique URL identifier for a mirroring deployment group, use the following format:

       projects/ PROJECT_ID 
/locations/global/mirroringDeploymentGroups/ DEPLOYMENT_GROUP_ID

      Replace the following:

      • PROJECT_ID : ID of the project

      • DEPLOYMENT_GROUP_ID : ID of the mirroring deployment group

      For example, project 2345678432 in a global mirroring deployment example-mirroring-deployment-group has the following unique identifier:

       projects/2345678432/locations/global/mirroringDeploymentGroups/example-mirroring-deployment-group

    • You can use a single mirroring deployment group to inspect the mirrored traffic from multiple Virtual Private Cloud (VPC) instances across different projects and accounts.

    • If the deployment group doesn't have a deployment in a specific zone, then, on the consumer side, the packets in that zone are not mirrored.

    • To delete a deployment group, you must delete all the deployments in that deployment group.

    Identity and Access Management roles

    Identity and Access Management (IAM) roles govern the following actions for managing the mirroring deployment groups:

    • Creating a mirroring deployment group in a project
    • Modifying or deleting a mirroring deployment group
    • Viewing details about a mirroring deployment group
    • Viewing all the mirroring deployment groups configured in your project

    The following table describes the roles that are necessary for each step.

    Ability
    Necessary role
    Create a new mirroring deployment group
    Mirroring Deployment Admin role ( networksecurity.mirroringDeploymentAdmin ) on the project where the mirroring deployment group is created.
    Modify an existing mirroring deployment group
    Mirroring Deployment Admin role ( networksecurity.mirroringDeploymentAdmin ) on the project where the mirroring deployment group is created.
    View details about the mirroring deployment group in a project
    Any of the following roles for the project:
    • Mirroring Deployment Admin role ( networksecurity.mirroringDeploymentAdmin )
    • Mirroring Deployment Viewer role ( networksecurity.mirroringDeploymentViewer )
    View all the mirroring deployment groups in your project
    Any of the following roles for the project:
    • Mirroring Deployment Admin role ( networksecurity.mirroringDeploymentAdmin )
    • Mirroring Deployment Viewer role ( networksecurity.mirroringDeploymentViewer )
    Delete a mirroring deployment group
    Mirroring Deployment Admin role ( networksecurity.mirroringDeploymentAdmin ) on the project.

    Quotas

    To view quotas associated with mirroring deployment groups, see Quotas and limits .

    What's next
    Create a Mobile Website
    View Site in Mobile | Classic
    Share by: