Install the agent on Google Cloud Platform VMs
Read this page if you want to protect existing Google Cloud Platform (GCP) VM instances with Deep Security.
To protect your existing GCP VMs:
- Add a GCP service account to Deep Security Manager. For instructions, see Add a Google Cloud Platform account.
- Set the communication direction to Agent Initiated. For instructions, see Configure communication directionality.
- Configure agent-initiated activation (AIA). For instructions, see Activate and protect agents using agent-initiated activation and communication.
- Open ports so that Deep Security components can access your GCP VMs and the GCP API. For information on which ports to open, see Port numbers, URLs, and IP addresses. For instructions on how to open ports, see this GCP webpage.
- Deploy agents to your GCP VMs. You must use Deep Security Agent 12 or later.
To deploy agents, you have two options:
Option Use if... Instructions Option 1:
Use a deployment script to install, activate, and assign a policy to the agent
You need to deploy many agents to your GCP VMs.
See Use deployment scripts to add and protect computers for instructions. Option 2:
Manually install and activate the agent
You only need to deploy a few agents.
- Obtain the Deep Security Agent software, copy it to the GCP VM, and then install it. For details, see Get Deep Security Agent software
- Activate the agent. You can do so on the agent or on the Deep Security Manager. For details, see Activate the agent
- Verify that the agent was installed and activated properly:
- Log in to Deep Security Manager.
- Click Computers at the top.
- On the navigation pane on the left, make sure your GCP VM appears under Computers > your_GCP_service_account > your_GCP_project .
- In the main pane, make sure your GCP VMs appear with a Status of Managed (Online) and a green dot next to them.
- Assign a policy if you installed and activated the agent manually. For instructions, see Assign a policy to a computer. Assigning the policy sends the necessary protection modules to the agent so that your computer is protected.
Skip the policy assignment step if you ran a deployment script to install and activate the agent. The script already assigned a policy so no further action is required.
After assigning a policy, your GCP VM is now protected.