Table of contents
Topics on this page

Deploy scanner and storage stacks on GCP

Follow the procedure below to deploy a scanner and a storage stack into your GCP account.

  1. In the File Storage Security console, select the Stack Management page, select GCP, then select Deploy.

  2. To deploy the stacks, select Scanner Stack and Storage Stack.
    The Deploy Scanner Stack and Storage Stack dialog box opens.

    There is also the option to add a scanner stack by itself.

  3. Make sure you're signed in to your GCP account.

  4. Retrieve your Service Account:

    1. Type in the GCP project ID.
    2. Click Get.

    The GCP account must be connected in the Cloud One Cloud Provider Account list first. See Connect GCP account to Trend Micro Cloud One.

  5. Configure and run the deployment script:

    1. Click Launch Stack to launch the deployment script in the GCP Cloud Shell.

    2. Click the Trust Repo check box to select it.

    3. Set up your project:

      1. Under Project setup, select the project from the drop-down list.
      2. Execute the script in Cloud Shell.
        If you do not have a project ID, you need to create one:
        1. Under Project setup, click create a new one.
        2. Create the project.
        3. Under Project setup, select the project from the drop-down list.
        4. Execute the script in Cloud Shell.

    4. Specify the following fields:

      • Scanning bucket name: Specify the existing bucket name that you wish to protect.
      • Deployment name prefix: Specify the prefix of this deployment. Use a maximum of 22 characters.
      • Region: Specify the region of your bucket. For the list of supported GCP regions, please see Supported GCP Regions.
      • Cloud One region: Specify the region ID of your Trend Micro Cloud One account. For the list of supported Cloud One regions, see supported Cloud One regions.
      • Service account: Copy and paste the service account information from the File Storage Security console.
      • Function auto update: Enables or disables automatic remote code update. The default value is 'True'. Allows values "True', 'False'

    5. Execute the deployment script in the Cloud Shell:

      ./deployment-script.sh -s <SCANNING_BUCKET_NAME> -d <DEPLOYMENT_NAME_PREFIX> -r <REGION> -c <CLOUD_ONE_REGION> -m <SERVICE_ACCOUNT> -f <FUNCTION_AUTO_UPDATE>

  6. To complete the deployment process follow the steps to configure the management role:

    1. Copy the contents of <DEPLOYMENT_NAME_PREFIX>-scanner.json from the Cloud Shell script output.
    2. Paste the content back to the File Storage Security console in the Step 4: Scanner stack - configure JSON text box.
    3. Copy the contents of <DEPLOYMENT_NAME_PREFIX>-storage.json from the Cloud Shell script output.
    4. Paste the contents back to the File Storage Security console in the Step 5: Storage stack - configure JSON text box.

  7. Click Submit.

To determine the status of your deployment, go to Deployment Manager and search for:

  • <DEPLOYMENT_NAME_PREFIX>-scanner
  • <DEPLOYMENT_NAME_PREFIX>-storage