After you review the requirements and make sure that your Google Cloud environment is configured as needed, you can deploy the Google Cloud Platform (GCP) Sensor. This sensor must be deployed using the gcloud command-line interface (CLI).

The following procedure describes how to launch the GCP Sensor when provisioning the USM Anywhere service for the first time. In this process, you launch the USM Anywhere product using Google Cloud commands from your preferred command line interface.

To create a new sensor using gcloud CLI commands

1. Go to the USM Anywhere Sensor Downloads page and click the icon of your specific sensor. After clicking, your browser starts to download the USM Anywhere Sensor package.

2. Use the following command to log into GCP using the service account you created in Preparing Your GCP Environment for Sensor Deployment, replacing the variables below with the information relating to the service account key you downloaded:

   • path_to_sa_file: The path to your Google service account key

   • service_account_key: The name of your Google service account key

   gcloud auth activate-service-account --key-file <path_to_sa_key>/<service_account_key>

3. Navigate to the location where you saved the zip file and unzip it.

4. Define the required properties, replacing the variables below with your information:

   • service_account_id: Google service account ID
     This ID is in the form of an email address.

   • public_key: The full contents of the public SSH key downloaded from Google in Create and Add an SSH Key

   • network_id: The name of your network
     You can find this network name in your GCP Console by going to VPC network > VPC networks and copying the name of the network.

   Linux/Mac command

   PROPS="service_account:<service_account_id>,ssh_key:<public_key>,network:<network_id>,public_ip:True"

   Windows command

   set PROPS="service_account:<service_account_id>,ssh_key:<public_key>,network:<network_id>,public_ip:True"

   You can also include the following optional parameters in this command:

   • public_ip: "True"
     By default, your sensor is deployed to a private IP address. Setting this value to "True" will deploy to a public IP address.

   • ip_ranges: Specify to which range of IP addresses your firewall rules apply
     By default, the sensor will allow traffic from all IP addresses (0.0.0.0/0).

5. Use the following command to deploy the sensor, replacing the variables below with your information:

   • VM_name: The name of your virtual machine (VM)

   Warning: This name must not be used by another VM in your environment, or your deployment will fail.

   • project_id: The project ID of your GCP project
     You can find this project ID from anywhere in your GCP Console by clicking the drop-down in the upper left of the screen and copying the project ID displayed in the window that opens.

   Linux/Mac command

   gcloud deployment-manager deployments create "<VM_name>" --template "./usm-anywhere-sensor-gcp.template.py" --properties "${PROPS}" --project "<project_id>"
   

   Windows command

   gcloud deployment-manager deployments create "<VM_name>" --template ".\usm-anywhere-sensor-gcp.template.py" --properties %PROPS% --project "<project_id>"
   

   Your sensor is now deployed.

6. After the deployment has finished, locate the sensor's IP address by reviewing the output of the previous command. You will find the URL under OUTPUTS VALUE.

   The fingerprint of the deployment is b'CWA2KOQCDI7zYAWMRTAriQ=='
   Waiting for create [operation-1624951011359-5c5e263cf3c43-333918e7-9c21733e]...done.
   Create operation operation-1624951011359-5c5e263cf3c43-333918e7-9c21733e completed successfully.
   OUTPUTS VALUE
   URL http://<sensor_ip_address>/
   CLIUser sysadmin

   Note: Make note of this IP address so that you have it for configuring your data sources to send data to the GCP Sensor.

7. Paste the IP address in your browser to launch the USM Anywhere Sensor Setup page.

Next...

See Connect the GCP Sensor to USM Anywhere.