Read this page if you want to protect existing Google Cloud Platform (GCP) VM instances with Workload Security.
To protect your existing GCP VMs:
- Add a GCP service account to the Workload Security console. For instructions, see Add a Google Cloud Platform account.
- Configure agent-initiated activation (AIA). For instructions, see Activate and protect agents using agent-initiated activation and communication.
- Open ports so that Workload Security components can access your GCP VMs and the GCP API. For information on which ports to open, see Port numbers, URLs, and IP addresses. For instructions on how to open ports, see this GCP webpage.
- Deploy agents to your GCP VMs. You must use Deep Security Agent 12 or later.
To deploy agents, you have two options:
Option Use if... Instructions
Use a deployment script to install, activate, and assign a policy to the agent
You need to deploy many agents to your GCP VMs.
See Use deployment scripts to add and protect computers for instructions.
Manually install and activate the agent
You only need to deploy a few agents.
- Verify that the agent was installed and activated properly:
- Log in to the Workload Security console.
- Click Computers at the top.
- On the navigation pane on the left, make sure your GCP VM appears under Computers > your_GCP_service_account > your_GCP_project .
- In the main pane, make sure your GCP VMs appear with a Status of Managed (Online) and a green dot next to them.
- Assign a policy if you installed and activated the agent manually. For instructions, see Assign a policy to a computer. Assigning the policy sends the necessary protection modules to the agent so that your computer is protected.
Skip the policy assignment step if you ran a deployment script to install and activate the agent. The script already assigned a policy so no further action is required.
After assigning a policy, your GCP VM is now protected.