Table of contents

Add GCP stacks

After deploying File Storage Security, you might want to add more stacks.

Topics:


How many stacks should I add?

Storage stacks

You'll need one storage stack per Protecting bucket.

There is no limit to the number of storage stacks you can add, but keep in mind that costs will go up as the number of stacks increases. If you have a lot of files to scan that are spread across many storage accounts, consider deploying just one storage stack, and transferring files into its associated storage account to scan and then back out after scanning. We provide a sample Google Cloud Function that automates some of this work. See Post-Scan Action: Promote or Quarantine on GitHub for details.

The number of storage stacks you deploy will not affect performance, so deploy as many or as few as you want.

Scanner stacks

Typically, you'll only need one scanner stack for your entire deployment regardless of size. This is because the scanner stack auto-scales to handle increases in load. (For details on performance, see How long do scans take?)

Where can I add stacks?

Unless otherwise noted below, you can add stacks anywhere in GCP in separate GCP regions.

Add a scanner stack

Add the scanner stack following the instructions below.

  1. In the File Storage Security console, select the Stack Management page, select GCP, then select Deploy.

  2. To deploy the stacks, select Scanner Stack.

    1. On the Deploy Scanner Stack dialog box:
    2. Make sure you're signed in to your GCP account.
    3. Under Step 2: Service Account, type in the GCP project ID.
    4. Under Step 3: Cloud Shell Editor, click Launch Stack to launch the deployment script in the GCP Cloud Shell.

Configure and deploy the stacks

Specify the following fields and execute the deployment script in the Cloud Shell:

  1. Deployment name: Specify the name of this deployment. Use a maximum of 22 characters.

  2. Region: Specify the region of your bucket. For the list of supported GCP regions, please see Supported GCP Regions.

  3. Cloud One region: Specify the region ID of your Trend Micro Cloud One account. For the list of supported Cloud One regions, see supported Cloud One regions.

  4. Service account: Copy and paste the service account information from the File Storage Security console.

./deployment-script-scanner.sh -d <DEPLOYMENT_NAME> -r <REGION> -c <CLOUD_ONE_REGION> -m <SERVICE_ACCOUNT>

Configure JSON in File Storage Security console

To complete the deployment process, once the scanner stack is deployed, follow the steps to configure the management role:

  1. Copy the contents of <DEPLOYMENT_NAME>.json from the Cloud Shell script output.
  2. Paste the content back to the File Storage Security console in the Step 4: Scanner Stack text field.

Add a storage stack

Add the storage stack following the instructions below.

  1. In the File Storage Security console, select the Stack Management page, select GCP, then select Deploy.

  2. To deploy the stacks, select Storage Stack.

    1. On the Deploy Storage Stack dialog box:
    2. Make sure you're signed in to your GCP account.
    3. Under Step 2: Service Account, type in the GCP project ID.
    4. Under Step 3: Cloud Shell Editor, click Launch Stack to launch the deployment script in the GCP Cloud Shell.
    5. Under Step 4: Storage Stack, copy the file <DEPLOYMENT_NAME>.json from the Explorer tab and paste it into the text box.
    6. Click Submit.

Configure and deploy the stacks

Specify the following fields and execute the deployment script in the Cloud Shell:

  1. Scanning bucket name: Specify the existing bucket name that you wish to protect.

  2. Deployment name: Specify the prefix of this deployment. Use a maximum of 22 characters.

  3. Region: Specify the region of your bucket. For the list of supported GCP regions, please see Supported GCP Regions.

  4. Scanner information JSON: Copy and paste the scanner information from the File Storage Security console.

  5. Service account: Copy and paste the service account information from the File Storage Security console.

./deployment-script-storage.sh -s <SCANNING_BUCKET_NAME> -d <DEPLOYMENT_NAME> -r <REGION> -i <SCANNER_INFORMATION> -m <SERVICE_ACCOUNT>

Configure JSON in File Storage Security console

To complete the deployment process, once the storage stack is deployed, follow the steps to configure the management role:

  1. Copy the contents of <DEPLOYMENT_NAME>.json from the Cloud Shell script output.

  2. Paste the contents back to the File Storage Security console in the Step 4: Storage Stack text box.

  3. Click Submit.

Deployment Status

To determine the status of your deployment, go to Deployment Manager and search for:

  • <DEPLOYMENT_NAME>