Add a Google Cloud Platform account
When you add a Google Cloud Platform (GCP) account to Deep Security, all GCP VM instances associated with that account are imported into Deep Security Manager and become visible in:
- Deep Security Manager > Computers > your_GCP_service_account > your_GCP_project
Once imported, the GCP VM instances can be managed like any other computer.
Adding a GCP account to Deep Security Manager is equivalent to adding a GCP connector through the Deep Security API.
- What are the benefits of adding a GCP account?
- Configure a proxy setting for the GCP account
- Add a GCP account to Deep Security
- Remove a GCP account
- Synchronize a GCP account
The benefits of adding a GCP account (through Deep Security Manager > Computers > Add GCP Account) instead of adding individual GCP VMs (through Deep Security Manager > Computers > Add Computer), are:
- Changes in your GCP VM inventory are automatically reflected in Deep Security Manager. For example, if you delete a number of VM instances in GCP, those instances disappear automatically from the manager. By contrast, if you use Computers > Add Computer, GCP instances that you've deleted remain visible in the manager until you manually delete them.
- VMs are organized into projects in the manager, which lets you easily see which GCP VMs are protected and which are not. Without the GCP account, all your GCP VMs appear at the same root level under Computers.
Optionally, you can configure the Deep Security Manager to use a proxy server to access resources in GCP service accounts. For details, see Connect to cloud accounts via proxy.
To add a GCP account to Deep Security Manager:
- If you have not done so already, Create a Google Cloud Platform service account for Deep Security.
- In Deep Security Manager, go to Computers > Add > Add GCP Account.
- Enter a Display Name. We recommend using the GCP service account name. Examples: GCP Deep Security, Finance GCP Deep Security, Marketing GCP Deep Security.
- Choose the Service Account Key. The key is a JSON file that you saved earlier, when creating the GCP service account. See Create a Google Cloud Platform service account for details.
- Click Next.
- Review the summary information, and then click Close.
The following occurs:
- Deep Security Manager displays your GCP service account and its associated projects in their own branch on the left side of the Computers page (see image below). Associated VMs are displayed in the main pane. You can right-click your GCP service account name and select Synchronize Now to see the latest set of GCP VMs.
- If you previously added VM instances from this service account through the Computers > Add Computers option (instead of the Computers > Add GCP Account option described here), these VMs are moved to the correct project under the service account you just added. This move occurs only for VMs that have Deep Security Agent 12.0 or later installed. VMs with pre-12.0 agents remain listed under the root Computers folder.
The following image shows the imported GCP service account, projects, and a VM.
- Repeat the steps in this procedure for each GCP service account you want to add.
You have now added a GCP service account to Deep Security Manager. Proceed to Install the agent on Google Cloud Platform VMs if you have not done so already.
Removing a GCP account from the Deep Security Manager permanently removes the account from the Deep Security database. This does not affect the GCP account. VM instances with Deep Security Agents continue to be protected, but do not receive security updates. If you later reactivate Deep Security Agents on these VM instances, the Deep Security Agents will download the latest security updates at the next scheduled update.
To remove a GCP account:
- In Deep Security Manager, click Computers at the top.
- Right-click the GCP account in the tree view on the left, and select Remove Cloud Account.
- Confirm that you want to remove the account.
The account is removed from the Deep Security Manager.
When you synchronize (sync) a GCP account, Deep Security Manager connects to the GCP API to obtain and display the latest set of GCP VMs.
To force a sync immediately:
- In Deep Security Manager, click Computers.
- On the left, right-click your GCP account and select Synchronize Now.
There is also a background sync that occurs every 10 minutes, and this interval is not configurable. If you force a sync, the background sync is unaffected and continues to occur according to its original schedule.