USM Anywhere™

Quick Start Guide for GCP Sensor

Pre-installation Checklist

  • Cloud Deployment Manager template provided by AT&T Cybersecurity to create all required GCP resources for deployment, including an instance, volume, and firewall rules for use by the USM Anywhere Sensor instance.
  • Privileged user account in Google Cloud Platform (GCP) with Compute Engine permissions, permission to create and edit service accounts, as well as write permission to the Deployment Manager.
  • A standard instance with 2 vCPUs and 7.5 GB of memory.
  • Zonal SSD persistent disk 50GB to have reliable network storage that your instances can access like physical disks. A 50GB volume is designated as the default size for optimal performance.

  • Internet connection to the USM Anywhere secure cloud. See Sensor Ports and Connectivity for more information.
  • Enable required APIs to allow the features dependent on them to operate as designed. See Enable Required APIs for more information.
  • Create a new service account. The sensor deploys with the created service account and then USM Anywhere grants permissions to other projects.
  • If the pre-defined roles Project: Viewer and Pub/Sub: Pub/Sub Subscriber are too broad for your use, or are otherwise unsuitable for you, you can define a new role whose access is limited according to your needs. See Creating a Custom Role for more information.
  • Keep the SSH private key and provide the public key to the sensor.

GCP Sensor Deployment

See GCP Sensor Deployment for detailed information about how to deploy a GCP Sensor. The main steps are outlined below:

1 Preparing Your GCP Environment for Sensor Deployment

After you have ensured that your GCP environment meets the sensor requirements, you must complete both of the following tasks before deploying a GCP Sensor in your environment:

  • Enable Required APIs to allow the features dependent on them to operate as designed. See Enable Required APIs for more information.

  • Create a new service account. The sensor deploys with the created service account and then USM Anywhere grants permissions to other projects. See Create a New Service Account for more information.

2 Deploy the GCP Sensor

You must create a new sensor in the GCP console. Launch the USM Anywhere product from the GCP console using the Google Cloud Deployment Manager template. See Deploy the GCP Sensor for more information.

3 Connect the GCP Sensor to USM Anywhere

After deploying the sensor, you must connect it to USM Anywhere through registration. See Connect the GCP Sensor to USM Anywhere for more information.

  • Register the sensor with USM Anywhere.

  • Configure the initial login credentials.

4 Complete the GCP Sensor Setup

After you initialize a new USM Anywhere Sensor, you must configure it in the Setup Wizard. See Complete the GCP Sensor Setup for more information.

  • About Accessing the Setup Wizard.

  • Configuring the sensor in the Setup Wizard.

    The Setup Wizard displays the configuration steps for the GCP sensor

4 Start Using USM Anywhere

See USM Anywhere User Guide for more information.