USM Anywhere™

Deploy the GCP Sensor

After you review the requirements and make sure that your Google Cloud environment is configured as needed, you can deploy the Google Cloud Platform (GCP) Sensor. This sensor must be deployed using the gcloud command-line interface (CLI).

Important: You must download and install the Google Cloud Software Development Kit (SDK) on your system and initialize it before you can use the gcloud CLI. See the Google Cloud SDK documentation for instructions on how to install and initialize the SDK.

The following procedure describes how to launch the GCP Sensor when provisioning the USM Anywhere service for the first time. In this process, you launch the USM Anywhere product using Google Cloud commands from your preferred command line interface.

To create a new sensor using gcloud CLI commands

  1. Go to the USM Anywhere Sensor Downloads page and click the icon of your specific sensor.
    After clicking, your browser starts to download the USM Anywhere Sensor package.

  2. Use the following command to log into GCP using the service account you created in Preparing Your GCP Environment for Sensor Deployment, replacing the variables below with your information:

    • path_to_sa_file: the path to your Google service account key

    • service_account_key: the name of your Google service account key

    gcloud auth activate-service-account --key-file <path_to_sa_key>/<service_account_key>

  3. Navigate to the location where you saved the zip file and unzip it.

  4. Define the required properties, replacing the variables below with your information:

    • service_account_id: Google service account ID

    • public_key: the public key downloaded from Google

    • network_id: your network ID

    PROPS="service_account:<service_account_id>,ssh_key:<public_key>,network:<network_id>,public_ip:True"

    You can also include the following optional parameters in this command:

    • pulbic_ip: "true"
      By default, your sensor is deployed to a private IP address. Setting this value to "true" will deploy to a public IP address.

    • ip_ranges: specify to which range of IP addresses your firewall rules apply

  5. Use the following command to deploy the sensor, replacing the variables below with your information:

    • VM_name: the name of your virtual machine (VM)

    • project: the project ID of your GCP project

    gcloud deployment-manager deployments create "<VM_name>" --template "./usm-anywhere-sensor-gcp.template.py" --properties "${PROPS}" --project "<project_id"

    Your sensor is now deployed.

  6. After the deployment has finished, locate the sensor's IP address by reviewing the output of the previous command. You will find the URL under OUTPUTS VALUE.

    The fingerprint of the deployment is b'CWA2KOQCDI7zYAWMRTAriQ=='
    Waiting for create [operation-1624951011359-5c5e263cf3c43-333918e7-9c21733e]...done.
    Create operation operation-1624951011359-5c5e263cf3c43-333918e7-9c21733e completed successfully.
    OUTPUTS VALUE
    URL http://<sensor_ip_address>/
    CLIUser sysadmin

    Note: Make note of this IP address so that you have it for configuring your data sources to send data to the GCP Sensor.

  7. Paste the IP address in your browser to launch the USM Anywhere Sensor Setup page.

Next...

See Connect the GCP Sensor to USM Anywhere.