web
You’re offline. This is a read only version of the page.
close

Online Help Center
  • Search
  • Support
    • For Home
    • For Business
  • English (US)
    • Bahasa Indonesia (Indonesian)
    • Dansk (Danish)
    • Deutsch (German)
    • English (Australia)
    • English (US)
    • Español (Spanish)
    • Français (French)
    • Français Canadien
      (Canadian French)
    • Italiano (Italian)
    • Nederlands (Dutch)
    • Norsk (Norwegian)
    • Polski (Polish)
    • Português - Brasil
      (Portuguese - Brazil)
    • Português - Portugal
      (Portuguese - Portugal)
    • Svenska (Swedish)
    • ภาษาไทย (Thai)
    • Tiếng Việt (Vietnamese)
    • Türkçe (Turkish)
    • Čeština (Czech)
    • Ελληνικά (Greek)
    • Български (Bulgarian)
    • Русский (Russian)
    • עברית (Hebrew)
    • اللغة العربية (Arabic)
    • 日本語 (Japanese)
    • 简体中文
      (Simplified Chinese)
    • 繁體中文
      (Traditional Chinese)
    • 繁體中文 HK
      (Traditional Chinese)
    • 한국어 (Korean)
  • Online Help Center
  • Security for the Hybrid Cloud
  • ...
    Deep SecurityDeep Security 20 Long-Term SupportUser GuideAdd computers
  • Add GCP instances
  • Create a Google Cloud Platform service account
Table of Contents
The page you're looking for can't be found or is under maintenance
Try again later or go to the home page
Go to home page
  • About Deep Security
    • Deep Security Help Center
    • Deep Security Trust Center
    • Deep Security 20 release strategy and lifecycle policy
    • Deep Security life cycle dates
      • Deep Security LTS lifecycle dates
      • Deep Security FR life cycle dates
    • About the Deep Security components
    • About the Deep Security protection modules
    • About billing and pricing
  • About this release
    • What's new?
      • What's new in Deep Security Manager?
      • What's new in Deep Security Agent?
      • What's new in Deep Security Virtual Appliance?
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
      • Sizing for Azure Marketplace
      • Deep Security Manager performance features
    • Port numbers, URLs, and IP addresses
  • Get Started
    • Check digital signatures on software packages
    • Deploy Deep Security Manager
      • Prepare a database
        • Database requirements
        • Install a database server
        • Configure the database
      • Deploy Deep Security AMI from AWS Marketplace
        • Configure an IAM role
        • Deploy the Deep Security AMI using CloudFormation
        • Deploy the Deep Security AMI manually
      • Deploy Deep Security Manager VM for Azure Marketplace
      • Run a readiness check
      • Install Deep Security Manager
      • Install Deep Security Manager silently
      • Add activation codes
      • Set up multi-tenancy
        • Set up a multi-tenant environment
        • Multi-tenant settings
      • Set up multiple nodes
        • Install Deep Security Manager on multiple nodes
        • View active Deep Security Manager nodes
    • Deploy Deep Security Relay
    • Deploy Deep Security Agent
      • Get Deep Security Agent software
      • Configure Linux Secure Boot for agents
      • Install the agent
      • Install the agent on Amazon EC2 and WorkSpaces
      • Install the agent on an AMI or WorkSpace bundle
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Install the agent on VMware vCloud
      • Activate the agent
      • Common issues when installing or updating the agent
    • Deploy Deep Security Virtual Appliance
      • Protection for VMware environments
      • Choose agentless vs. combined mode protection
      • Before deploying the appliance
      • Configure VMware DRS
      • Deploy the appliance (NSX-T 3.x)
        • Import the appliance
        • Prepare Fabric settings
        • Add vCenter to Deep Security Manager
        • Install the appliance on NSX-T 3.x
        • Create a group for protection
        • Configure east-west security
        • Configure Endpoint Protection
        • Configure activation
        • Next steps (how to add new VMs)
      • Deploy the appliance (NSX-V)
      • Deploy the appliance in a vCloud environment
      • Automated policy management in NSX environments
      • Synchronize Deep Security policies with NSX
      • Configure DPDK mode
      • Configure NSX security tags
      • Configure the appliance OVF location
      • Deep Security Virtual Appliance memory allocation
      • Start or stop the appliance
    • Deploy Deep Security notifier
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
      • Add Active Directory computers
      • Add AWS instances
        • About adding AWS accounts
        • Add an AWS account using a manager instance role
        • Add an AWS account using an access key
        • Add an AWS account using a cross-account role
        • Add Amazon WorkSpaces
        • Manage an AWS account
        • Manage an AWS account external ID
        • Manage AWS regions
        • Protect an account running in AWS Outposts
      • Add Azure instances
        • Create an Azure application for Deep Security
        • Add a Microsoft Azure account to Deep Security
        • Why should I upgrade to the new Azure Resource Manager connection functionality?
      • Add GCP instances
        • Create a Google Cloud Platform service account
        • Add a Google Cloud Platform account
      • Add VMWare VMs
        • Add a VMware vCenter
        • Add virtual machines hosted on VMware vCloud
        • Change IP address or FQDN of NSX Manager
        • Add an ESXi to a protected NSX cluster
      • Control CPU usage
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect OpenShift containers
    • Configure policies
      • Create policies
      • Policies, inheritance, and overrides
      • Manage and run recommendation scans
      • Detect and configure the interfaces available on a computer
      • Overview section of the computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Create a firewall rule
        • Configure intrusion prevention rules
        • Create an Integrity Monitoring rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
        • Create a list of files for use in policies
        • Create a list of IP addresses for use in policies
        • Create a list of ports for use in policies
        • Create a list of MAC addresses for use in policies
        • Define contexts for use in policies
        • Define stateful firewall configurations
        • Define a schedule that you can apply to rules
    • Configure protection modules
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure anti-malware
          • Configure malware scans and exclusions
          • Performance tips for anti-malware
          • Coexistence of Deep Security Agent with Microsoft Defender Antivirus
          • Virtual Appliance Scan Caching
        • Detect emerging threats using Predictive Machine Learning
        • Detect emerging threats using Threat Intelligence
        • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • Smart Protection in Deep Security
        • Handle malware
          • View and restore identified malware
          • Configure advanced exploit exceptions
          • Increase debug logging for anti-malware in protected Linux instances
      • Configure Web Reputation
      • Configure Intrusion Prevention (IPS)
        • About Intrusion Prevention
        • Set up Intrusion Prevention
        • Configure intrusion prevention rules
        • Configure an SQL injection prevention rule
        • Application types
        • Inspect TLS traffic
        • TLS inspection support
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Firewall
        • About Firewall
        • Set up the Deep Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
        • Firewall settings
        • Firewall settings with Oracle RAC
        • Define stateful firewall configurations
        • Scan for open ports
        • Container Firewall rules
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
        • Create an Integrity Monitoring rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
        • Virtual Appliance Scan Caching
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
        • Set up Application Control
        • Verify that Application Control is enabled
        • Monitor Application Control events
        • View and change Application Control rulesets
        • Application Control Trust Entities
        • Reset Application Control after too much software change
        • Use the API to create shared and global rulesets
    • Configure events and alerts
      • About Deep Security event logging
      • Log and event storage best practices
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Deep Security events to a Syslog or SIEM server
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
      • Access events with Amazon SNS
        • Set up Amazon SNS
        • SNS configuration in JSON format
        • Events in JSON format
      • Forward system events to a remote computer via SNMP
      • Configure alerts
      • Configure SMTP settings for email notifications
      • Generate reports about alerts and other activity
      • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity monitoring events
        • Log inspection events
        • Web reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the firewall module is off?
        • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Troubleshoot "Smart Protection Server disconnected" errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
        • Error: Device Control Engine Offline
        • Error: AWS Marketplace billing usage data has not been successfully submitted in over 48 hours
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Integrity Monitoring Engine Offline and other errors occur after activating a virtual machine
        • Error: Interface out of sync
        • Error: Intrusion Prevention Rule Compilation Failed
        • Error: Log Inspection Rules Require Log Files
        • Error: Module installation failed (Linux)
        • Error: There are one or more application type conflicts on this computer
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Alert: Manager Time Out of Sync
        • Alert: The memory warning threshold of Manager Node has been exceeded
        • Event: Max TCP connections
        • Warning: Anti-Malware Engine has only Basic Functions
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
    • Configure relays
      • How relays work
      • Deploy additional relays
      • Remove relay functionality from an agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Agent-manager communication
      • Configure agents that have no internet access
      • Activate and protect agents using agent-initiated activation and communication
      • Automatically upgrade agents on activation
      • Using Deep Security with iptables
      • Enable Managed Detection and Response
      • Enable or disable agent self-protection
      • Are offline agents still protected by Deep Security?
      • Automate offline computer removal with inactive agent cleanup
      • Agent settings
      • User mode solution
      • Deep Security notifier
    • Manage users
      • Add and manage users
      • Define roles for users
      • Add users who can only receive reports
      • Create an API key for a user
      • Unlock a locked out user name
      • Implement SAML single sign-on (SSO)
        • About SAML single sign-on (SSO)
        • Configure SAML single sign-on
        • Configure SAML single sign-on with Microsoft Entra ID
    • Manage the database
      • General database maintenance
      • Maintain PostgreSQL
      • Maintain Microsoft SQL Server Express
      • Migrate Microsoft SQL Server Express to Enterprise
      • Migrate to a larger RDS database instance
      • Back up and restore your database
    • Manage your billing account
      • Check your billing and usage
      • Change your billing method
    • Navigate and customize Deep Security Manager
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Harden Deep Security
      • About Deep Security hardening
      • Protect Deep Security Manager with an agent
      • Protect Deep Security Agent
      • Replace the Deep Security Manager TLS certificate
      • Update the load balancer's certificate
      • Encrypt communication between the Deep Security Manager and the database
      • Change the Deep Security Manager database password
      • Configure HTTP security headers
      • Upgrade the Deep Security cryptographic algorithm
      • Enforce user password rules
      • Set up multi-factor authentication
      • Manage trusted certificates
      • SSL implementation and credential provisioning
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Deep Security
      • About upgrades
      • Apply security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
      • Upgrade Deep Security Manager
      • Upgrade Deep Security Relay
      • Upgrade Deep Security Agent
      • Upgrade Deep Security Manager AMI
      • Upgrade Deep Security Manager VM for Azure Marketplace
      • Upgrade Deep Security Virtual Appliance
        • Check if new appliance software is available
        • Before upgrading the appliance
        • Upgrade the appliance
      • Upgrade the database
      • Error: The installer could not establish a secure connection to the database server
      • Upgrade the NSX license for more Deep Security features
      • Migrate an agentless solution from NSX-V to NSX-T
    • Uninstall Deep Security
      • Uninstall Deep Security
      • Uninstall Deep Security from your NSX environment
    • Configure Deep Security Manager memory usage
    • Restart the Deep Security Manager
    • Check your license information
    • Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection
      • Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate cloud accounts to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection
    • Migrate Deep Security to Trend Cloud One - Endpoint & Workload Security
      • Migrate to Trend Cloud One - Endpoint & Workload Security
      • Migrate policies to Trend Cloud One - Endpoint & Workload Security
      • Migrate common objects to Trend Cloud One - Endpoint & Workload Security
      • Migrate cloud accounts to Trend Cloud One - Endpoint & Workload Security
      • Migrate agents to Trend Cloud One - Endpoint & Workload Security
  • DevOps, automation, and APIs
    • About DevOps, automation, and APIs
    • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
    • Command-line basics
    • Use the Deep Security API to automate tasks
    • Schedule Deep Security to perform tasks
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
    • AWS Auto Scaling and Deep Security
    • Azure virtual machine scale sets and Deep Security
    • GCP auto scaling and Deep Security
    • Use deployment scripts to add and protect computers
    • URL format for download of the agent
    • Automatically assign policies using cloud provider tags/labels
  • Trust and compliance
    • About compliance
    • Agent package integrity check
    • Deep Security Trust Center
    • Meet PCI DSS requirements with Deep Security
    • Common Criteria configuration
    • GDPR
    • FIPS 140 support
    • Set up AWS Config Rules
    • Bypass vulnerability management scan traffic in Deep Security
    • Use TLS 1.2 with Deep Security
    • Enable TLS 1.2 strong cipher suites
    • Legal disclosures
      • Privacy and personal data collection disclosure
      • Deep Security Product Usage Data Collection
      • Legal disclaimer
  • Integrations
    • Integrate with AWS Control Tower
    • Integrate with AWS PrivateLink
    • Integrate with AWS Systems Manager Distributor
    • Integrate with Apex Central
    • Integrate with SAP NetWeaver
    • Integrate with Trend Vision One
      • Integrate with Trend Vision One (XDR)
      • Integrate with Trend Vision One Service Gateway
  • FAQs
    • Why does my Windows machine lose network connectivity when I turn on protection?
    • How do I get news about Deep Security?
    • How does agent protection work for Solaris zones?
    • How do I protect AWS GovCloud (US) instances?
    • How do I protect Azure Government instances?
    • How does Deep Security Agent use the Amazon Instance Metadata Service?
    • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all of the VMs in an Azure subscription in Deep Security?
    • Deep Security coverage of Log4j vulnerability
  • Troubleshooting
    • AWS Marketplace CloudFormation Template
    • Offline agent
    • High CPU usage
    • Diagnose problems with agent deployment (Windows)
    • "Anti-Malware Driver Offline" status with VMware
    • Anti-Malware Windows platform update failed
    • Performance issues on an agentless virtual machine
    • Security update connectivity
    • SQL Server domain authentication problems
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Issues adding your AWS account to Deep Security
    • Create a diagnostic package
    • Increase verbose diagnostic package process memory
    • Removal of older software versions
    • Troubleshoot SELinux alerts
    • Troubleshoot Azure code signing
    • Network Engine Status (Windows OS)
  • PDFs
    • Deep Security Administration Guide
    • Deep Security Best Practice Guide
Create a Google Cloud Platform service account
Below is all the information you need to create a Google Cloud Platform (GCP) service account for use with Deep Security.
Tip
Tip
For information on why you might want to create a GCP service account to use with Deep Security Manager, see What are the benefits of adding a GCP account?.
Topics:
  • Prerequisite: Enable the Google APIs
  • Create a GCP service account
  • Add more projects to the GCP service account
  • Create multiple GCP service accounts

Prerequisite: Enable the Google APIs

Before you can create a GCP service account for Deep Security Manager, you'll need to enable a few Google APIs under your existing GCP account.
Follow the procedure below to enable these APIs inside each of your projects:
  1. Log in to Google Cloud Platform using your existing GCP account. This account must have access to all the GCP projects that contain VMs that you want to protect with Deep Security.
  2. At the top, select a project that includes VMs that you want to add to Deep Security Manager.  If you have multiple projects, you can select them later.
    For example: Project01
    google-gcp-select-proj=3455f3a3-6a44-419b-9a6e-e7aa31ab04e6.png
  3. Click Google Cloud Platform at the top to make sure you're on the Home screen.
  4. From the tree view on the left, select APIs & Services > Dashboard.
  5. Click + ENABLE APIS AND SERVICES.
  6. In the search box, enter cloud resource manager API and then click the Cloud Resource Manager API box.
  7. Click ENABLE.
  8. Repeat steps 5 - 7 of this procedure, entering compute engine API and clicking the Compute Engine API box.
  9. Repeat steps 1 - 9 of this procedure for any other projects that include VMs that you want to add to Deep Security Manager.
For more information on how to enable or disable APIs in GCP, refer to this page from Google:
https://cloud.google.com/apis/docs/getting-started

Create a GCP service account

Note
Note
A service account is a special type of Google account that is associated with an application or VM, instead of an individual end user. Deep Security Manager assumes the identity of the service account to call Google APIs, so that users aren't directly involved.
Follow the procedure below to create a service account for Deep Security Manager:
  1. Before you begin, make sure you've enabled the GCP APIs. See Prerequisite: Enable the Google APIs.
  2. Log in to Google Cloud Platform using your existing GCP account.
  3. At the top, select a project. If you have multiple projects, you can select any one. For example: Project01.
  4. Click Google Cloud Platform at the top to make sure you're on the Home screen.
  5. From the tree view on the left, select IAM & admin > Service accounts.
  6. Click + CREATE SERVICE ACCOUNT.
    google-gcp-create-svc-accnt=e981f1d6-b56e-4794-ac8a-5981aabd1afa.png
  7. Enter a service account name, ID and description.
    google-gcp-svc-accnt-details=b799b398-b4d9-4cf8-8863-d82a58b9c9e3.png
    For example:
    • Service account name: GCP Deep Security
    • Service account ID: gcp-deep-security@<your_project_ID>.iam.gserviceaccount.com
    • Service account description: GCP service account for connecting Deep Security Manager to GCP.
  8. Click Create.
  9. In the Select a role drop-down list, select the Compute Engine > Compute Viewer role, or click inside the Type to filter area and enter compute viewer to find it.
  10. Click CONTINUE.
    google-gcp-svc-accnt-roles=4a20b7f3-db2c-4238-9539-5fcb4ed13f1a.png
    You have now assigned the Compute Viewer role.
  11. Click + CREATE KEY.
    google-gcp-create-key=53ec3020-910f-4fc1-a65b-18d2a88731aa.png
  12. Select JSON and click CREATE.
    google-gcp-json=50f4f36e-eb43-41d6-aa57-65d9a6e3112f.png
    The key is generated and placed in a JSON file.
  13. Save the key (JSON file) to a safe place.
  14. Place the JSON file in a location that is accessible to Deep Security Manager for later upload. If you need to move or distribute the file, make sure you do so using secure methods.
  15. Click DONE.
    You have now created a GCP service account with necessary roles, as well as a service account key in JSON format. The service account is created under the selected project (Project01), but can be associated with additional projects. For details, see the following section.
    Note
    Note
    It will take 60 seconds - 7 minutes for the IAM permissions to propagate through the system. See this Google article for details.

Add more projects to the GCP service account

If you have multiple projects in GCP, you must associate them with the service account you just created. All your projects (and underlying VMs) will then become visible in Deep Security Manager when you later add the service account to Deep Security Manager.
Note
Note
If you have many projects, you might find it easier to divide them up across multiple GCP accounts instead of adding them all to just 1, as described below. For details on a multi-GCP account setup, see Create multiple GCP service accounts.
Follow this procedure to associate additional projects with 1 service account:
  1. Before you begin, make sure you have completed the procedures in Prerequisite: Enable the Google APIs and Create a GCP service account.
  2. Determine the email of the GCP service account you just created, as follows:
    1. In Google Cloud Platform, from the drop-down list at the top, select the project under which you created the GCP service account (in our example, Project01).
    2. On the left, expand IAM & Admin > Service accounts.
    3. In the main pane, look under the Email column to find the GCP service account email. For example:
      gcp-deep-security@project01.iam.gserviceaccount.com
      The service account email includes the name of the project under which it was created.
    4. Note this address or copy it to the clipboard.
  3. Still in Google Cloud Platform, go to another project by selecting it from the drop-down list at the top. For example: Project02.
    google-gcp-proj02=b2129c52-439b-4828-9781-930e00f51008.png
  4. Click Google Cloud Platform at the top to make sure you're on the Home screen.
  5. From the tree view on the left, click IAM & admin > IAM.
  6. Click ADD at the top of the main pane.
  7. In the New members field, paste the Project01 GCP service account email address. For example:
    gcp-deep-security@project01.iam.gserviceaccount.com
    Tip
    Tip
    You can also start typing the email address to auto-fill the field.
  8. In the Select a role drop-down list, select the Compute Engine > Compute Viewer role, or click inside the Type to filter area and enter compute viewer to find it.
    google-gcp-members=e343f436-4f4a-4d9f-9418-69a2ee87b738.png
    You have now added the service account with the Compute Viewer role to Project02.
  9. Click SAVE.
  10. Repeat steps 1 - 9 in this procedure for each project that you want to associate with the GCP service account.
For more information on how to create a service account, refer to the following page from Google:
https://cloud.google.com/compute/docs/access/create-enable-service-accounts-for-instances
You are now ready to add the GCP account you just created to Deep Security Manager. Proceed to Add a Google Cloud Platform account.

Create multiple GCP service accounts

Normally, you would create a single GCP service account for Deep Security Manager and associate all your projects to it. This configuration is straightforward and works well for smaller organizations with fewer projects. If, however, you have a large number of projects, having them all under the same GCP service account might make them difficult to manage. In this scenario, you can divide your projects across multiple GCP service accounts. Here's how you would set this up, assuming your projects were spread across your organization's Finance and Marketing departments:
  1. Create a Finance GCP Deep Security GCP service account for Deep Security Manager.
  2. Add finance-related projects to Finance GCP Deep Security.
  3. Create a  Marketing GCP Deep Security GCP service account for Deep Security Manager.
  4. Add marketing-related projects to  Marketing GCP Deep Security.
    For detailed instructions, see Create a Google Cloud Platform service account and Add more projects to the service account.
  5. After creating the GCP service accounts, add them to Deep Security Manager one by one, following the instructions Add a Google Cloud Platform account.
Was this article helpful?

Please share more details.

Please share more details.

Please share more details.

Please share more details.

Online Help Center
Support
For Home For Business
Privacy Notice
© 2025 Trend Micro Incorporated. All rights reserved.
Table of Contents
  • About Deep Security
    • Deep Security Help Center
    • Deep Security Trust Center
    • Deep Security 20 release strategy and lifecycle policy
    • Deep Security life cycle dates
      • Deep Security LTS lifecycle dates
      • Deep Security FR life cycle dates
    • About the Deep Security components
    • About the Deep Security protection modules
    • About billing and pricing
  • About this release
    • What's new?
      • What's new in Deep Security Manager?
      • What's new in Deep Security Agent?
      • What's new in Deep Security Virtual Appliance?
  • Compatibility
    • System requirements
    • Agent requirements
      • Agent platform compatibility
      • Linux kernel compatibility
      • Linux file system compatibility
      • Linux systemd support
      • Linux Secure Boot support
      • SELinux support
      • Supported features by platform
    • Sizing
      • Sizing for Azure Marketplace
      • Deep Security Manager performance features
    • Port numbers, URLs, and IP addresses
  • Get Started
    • Check digital signatures on software packages
    • Deploy Deep Security Manager
      • Prepare a database
        • Database requirements
        • Install a database server
        • Configure the database
      • Deploy Deep Security AMI from AWS Marketplace
        • Configure an IAM role
        • Deploy the Deep Security AMI using CloudFormation
        • Deploy the Deep Security AMI manually
      • Deploy Deep Security Manager VM for Azure Marketplace
      • Run a readiness check
      • Install Deep Security Manager
      • Install Deep Security Manager silently
      • Add activation codes
      • Set up multi-tenancy
        • Set up a multi-tenant environment
        • Multi-tenant settings
      • Set up multiple nodes
        • Install Deep Security Manager on multiple nodes
        • View active Deep Security Manager nodes
    • Deploy Deep Security Relay
    • Deploy Deep Security Agent
      • Get Deep Security Agent software
      • Configure Linux Secure Boot for agents
      • Install the agent
      • Install the agent on Amazon EC2 and WorkSpaces
      • Install the agent on an AMI or WorkSpace bundle
      • Install the agent on Azure VMs
      • Install the agent on Google Cloud Platform VMs
      • Install the agent on VMware vCloud
      • Activate the agent
      • Common issues when installing or updating the agent
    • Deploy Deep Security Virtual Appliance
      • Protection for VMware environments
      • Choose agentless vs. combined mode protection
      • Before deploying the appliance
      • Configure VMware DRS
      • Deploy the appliance (NSX-T 3.x)
        • Import the appliance
        • Prepare Fabric settings
        • Add vCenter to Deep Security Manager
        • Install the appliance on NSX-T 3.x
        • Create a group for protection
        • Configure east-west security
        • Configure Endpoint Protection
        • Configure activation
        • Next steps (how to add new VMs)
      • Deploy the appliance (NSX-V)
      • Deploy the appliance in a vCloud environment
      • Automated policy management in NSX environments
      • Synchronize Deep Security policies with NSX
      • Configure DPDK mode
      • Configure NSX security tags
      • Configure the appliance OVF location
      • Deep Security Virtual Appliance memory allocation
      • Start or stop the appliance
    • Deploy Deep Security notifier
  • User Guide
    • Add computers
      • About adding computers
      • Add local network computers
      • Add Active Directory computers
      • Add AWS instances
        • About adding AWS accounts
        • Add an AWS account using a manager instance role
        • Add an AWS account using an access key
        • Add an AWS account using a cross-account role
        • Add Amazon WorkSpaces
        • Manage an AWS account
        • Manage an AWS account external ID
        • Manage AWS regions
        • Protect an account running in AWS Outposts
      • Add Azure instances
        • Create an Azure application for Deep Security
        • Add a Microsoft Azure account to Deep Security
        • Why should I upgrade to the new Azure Resource Manager connection functionality?
      • Add GCP instances
        • Create a Google Cloud Platform service account
        • Add a Google Cloud Platform account
      • Add VMWare VMs
        • Add a VMware vCenter
        • Add virtual machines hosted on VMware vCloud
        • Change IP address or FQDN of NSX Manager
        • Add an ESXi to a protected NSX cluster
      • Control CPU usage
      • Migrate to the new cloud connector functionality
      • Protect Docker containers
      • Protect OpenShift containers
    • Configure policies
      • Create policies
      • Policies, inheritance, and overrides
      • Manage and run recommendation scans
      • Detect and configure the interfaces available on a computer
      • Overview section of the computer editor
      • Overview section of the policy editor
      • Network engine settings
      • User mode solution
      • Define rules, lists, and other common objects used by policies
        • About common objects
        • Create a firewall rule
        • Configure intrusion prevention rules
        • Create an Integrity Monitoring rule
        • Define a Log Inspection rule for use in policies
        • Create a list of directories for use in policies
        • Create a list of file extensions for use in policies
        • Create a list of files for use in policies
        • Create a list of IP addresses for use in policies
        • Create a list of ports for use in policies
        • Create a list of MAC addresses for use in policies
        • Define contexts for use in policies
        • Define stateful firewall configurations
        • Define a schedule that you can apply to rules
    • Configure protection modules
      • Configure Anti-Malware
        • About Anti-Malware
        • Set up Anti-Malware
          • Enable and configure anti-malware
          • Configure malware scans and exclusions
          • Performance tips for anti-malware
          • Coexistence of Deep Security Agent with Microsoft Defender Antivirus
          • Virtual Appliance Scan Caching
        • Detect emerging threats using Predictive Machine Learning
        • Detect emerging threats using Threat Intelligence
        • Enhanced anti-malware and ransomware scanning with behavior monitoring
        • Smart Protection in Deep Security
        • Handle malware
          • View and restore identified malware
          • Configure advanced exploit exceptions
          • Increase debug logging for anti-malware in protected Linux instances
      • Configure Web Reputation
      • Configure Intrusion Prevention (IPS)
        • About Intrusion Prevention
        • Set up Intrusion Prevention
        • Configure intrusion prevention rules
        • Configure an SQL injection prevention rule
        • Application types
        • Inspect TLS traffic
        • TLS inspection support
        • Configure anti-evasion settings
        • Performance tips for intrusion prevention
      • Configure Firewall
        • About Firewall
        • Set up the Deep Security firewall
        • Create a firewall rule
        • Allow trusted traffic to bypass the firewall
        • Firewall rule actions and priorities
        • Firewall settings
        • Firewall settings with Oracle RAC
        • Define stateful firewall configurations
        • Scan for open ports
        • Container Firewall rules
      • Configure Device Control
      • Configure Integrity Monitoring
        • About Integrity Monitoring
        • Set up Integrity Monitoring
        • Create an Integrity Monitoring rule
        • Integrity Monitoring rules language
          • About the Integrity Monitoring rules language
          • DirectorySet
          • FileSet
          • GroupSet
          • InstalledSoftwareSet
          • PortSet
          • ProcessSet
          • RegistryKeySet
          • RegistryValueSet
          • ServiceSet
          • UserSet
          • WQLSet
        • Virtual Appliance Scan Caching
      • Configure Log Inspection
        • About Log Inspection
        • Set up Log Inspection
        • Define a Log Inspection rule for use in policies
      • Configure Application Control
        • About Application Control
        • Set up Application Control
        • Verify that Application Control is enabled
        • Monitor Application Control events
        • View and change Application Control rulesets
        • Application Control Trust Entities
        • Reset Application Control after too much software change
        • Use the API to create shared and global rulesets
    • Configure events and alerts
      • About Deep Security event logging
      • Log and event storage best practices
      • Anti-Malware scan failures and cancellations
      • Apply tags to identify and group events
      • Reduce the number of logged events
      • Rank events to quantify their importance
      • Forward events to a Syslog or SIEM server
        • Forward Deep Security events to a Syslog or SIEM server
        • Syslog message formats
        • Configure Red Hat Enterprise Linux to receive event logs
      • Access events with Amazon SNS
        • Set up Amazon SNS
        • SNS configuration in JSON format
        • Events in JSON format
      • Forward system events to a remote computer via SNMP
      • Configure alerts
      • Configure SMTP settings for email notifications
      • Generate reports about alerts and other activity
      • About attack reports
      • Lists of events and alerts
        • Predefined alerts
        • Agent events
        • System events
        • Application Control events
        • Anti-malware events
        • Device Control events
        • Firewall events
        • Intrusion prevention events
        • Integrity monitoring events
        • Log inspection events
        • Web reputation events
      • Troubleshoot common events, alerts, and errors
        • Why am I seeing firewall events when the firewall module is off?
        • Troubleshoot event ID 771 "Contact by Unrecognized Client"
        • Troubleshoot "Smart Protection Server disconnected" errors
        • Error: Activation Failed
        • Error: Agent version not supported
        • Error: Anti-Malware Engine Offline
        • Error: Device Control Engine Offline
        • Error: AWS Marketplace billing usage data has not been successfully submitted in over 48 hours
        • Error: Check Status Failed
        • Error: Installation of Feature 'dpi' failed: Not available: Filter
        • Error: Integrity Monitoring Engine Offline and other errors occur after activating a virtual machine
        • Error: Interface out of sync
        • Error: Intrusion Prevention Rule Compilation Failed
        • Error: Log Inspection Rules Require Log Files
        • Error: Module installation failed (Linux)
        • Error: There are one or more application type conflicts on this computer
        • Error: Unable to connect to the cloud account
        • Error: Unable to resolve instance hostname
        • Alert: Integrity Monitoring information collection has been delayed
        • Alert: Manager Time Out of Sync
        • Alert: The memory warning threshold of Manager Node has been exceeded
        • Event: Max TCP connections
        • Warning: Anti-Malware Engine has only Basic Functions
        • Warning: Census, Good File Reputation, and Predictive Machine Learning Service Disconnected
        • Warning: Insufficient disk space
        • Warning: Reconnaissance Detected
    • Configure proxies
      • Configure proxies
      • Proxy settings
    • Configure relays
      • How relays work
      • Deploy additional relays
      • Remove relay functionality from an agent
    • Manage agents (protected computers)
      • Computer and agent statuses
      • Configure agent version control
      • Configure teamed NICs
      • Agent-manager communication
      • Configure agents that have no internet access
      • Activate and protect agents using agent-initiated activation and communication
      • Automatically upgrade agents on activation
      • Using Deep Security with iptables
      • Enable Managed Detection and Response
      • Enable or disable agent self-protection
      • Are offline agents still protected by Deep Security?
      • Automate offline computer removal with inactive agent cleanup
      • Agent settings
      • User mode solution
      • Deep Security notifier
    • Manage users
      • Add and manage users
      • Define roles for users
      • Add users who can only receive reports
      • Create an API key for a user
      • Unlock a locked out user name
      • Implement SAML single sign-on (SSO)
        • About SAML single sign-on (SSO)
        • Configure SAML single sign-on
        • Configure SAML single sign-on with Microsoft Entra ID
    • Manage the database
      • General database maintenance
      • Maintain PostgreSQL
      • Maintain Microsoft SQL Server Express
      • Migrate Microsoft SQL Server Express to Enterprise
      • Migrate to a larger RDS database instance
      • Back up and restore your database
    • Manage your billing account
      • Check your billing and usage
      • Change your billing method
    • Navigate and customize Deep Security Manager
      • Customize the dashboard
      • Group computers dynamically with smart folders
      • Customize advanced system settings
    • Harden Deep Security
      • About Deep Security hardening
      • Protect Deep Security Manager with an agent
      • Protect Deep Security Agent
      • Replace the Deep Security Manager TLS certificate
      • Update the load balancer's certificate
      • Encrypt communication between the Deep Security Manager and the database
      • Change the Deep Security Manager database password
      • Configure HTTP security headers
      • Upgrade the Deep Security cryptographic algorithm
      • Enforce user password rules
      • Set up multi-factor authentication
      • Manage trusted certificates
      • SSL implementation and credential provisioning
      • If I have disabled the connection to the Smart Protection Network, is any other information sent to Trend Micro?
    • Upgrade Deep Security
      • About upgrades
      • Apply security updates
      • Disable emails for New Pattern Update alerts
      • Use a web server to distribute software updates
      • Upgrade Deep Security Manager
      • Upgrade Deep Security Relay
      • Upgrade Deep Security Agent
      • Upgrade Deep Security Manager AMI
      • Upgrade Deep Security Manager VM for Azure Marketplace
      • Upgrade Deep Security Virtual Appliance
        • Check if new appliance software is available
        • Before upgrading the appliance
        • Upgrade the appliance
      • Upgrade the database
      • Error: The installer could not establish a secure connection to the database server
      • Upgrade the NSX license for more Deep Security features
      • Migrate an agentless solution from NSX-V to NSX-T
    • Uninstall Deep Security
      • Uninstall Deep Security
      • Uninstall Deep Security from your NSX environment
    • Configure Deep Security Manager memory usage
    • Restart the Deep Security Manager
    • Check your license information
    • Upgrade Deep Security to Trend Vision One Endpoint Security - Server & Workload Protection
      • Upgrade to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate policies to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate common objects to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate cloud accounts to Trend Vision One Endpoint Security - Server & Workload Protection
      • Migrate agents to Trend Vision One Endpoint Security - Server & Workload Protection
    • Migrate Deep Security to Trend Cloud One - Endpoint & Workload Security
      • Migrate to Trend Cloud One - Endpoint & Workload Security
      • Migrate policies to Trend Cloud One - Endpoint & Workload Security
      • Migrate common objects to Trend Cloud One - Endpoint & Workload Security
      • Migrate cloud accounts to Trend Cloud One - Endpoint & Workload Security
      • Migrate agents to Trend Cloud One - Endpoint & Workload Security
  • DevOps, automation, and APIs
    • About DevOps, automation, and APIs
    • Trend Micro Hybrid Cloud Security Command Line Interface (THUS)
    • Command-line basics
    • Use the Deep Security API to automate tasks
    • Schedule Deep Security to perform tasks
    • Automatically perform tasks when a computer is added or changed (event-based tasks)
    • AWS Auto Scaling and Deep Security
    • Azure virtual machine scale sets and Deep Security
    • GCP auto scaling and Deep Security
    • Use deployment scripts to add and protect computers
    • URL format for download of the agent
    • Automatically assign policies using cloud provider tags/labels
  • Trust and compliance
    • About compliance
    • Agent package integrity check
    • Deep Security Trust Center
    • Meet PCI DSS requirements with Deep Security
    • Common Criteria configuration
    • GDPR
    • FIPS 140 support
    • Set up AWS Config Rules
    • Bypass vulnerability management scan traffic in Deep Security
    • Use TLS 1.2 with Deep Security
    • Enable TLS 1.2 strong cipher suites
    • Legal disclosures
      • Privacy and personal data collection disclosure
      • Deep Security Product Usage Data Collection
      • Legal disclaimer
  • Integrations
    • Integrate with AWS Control Tower
    • Integrate with AWS PrivateLink
    • Integrate with AWS Systems Manager Distributor
    • Integrate with Apex Central
    • Integrate with SAP NetWeaver
    • Integrate with Trend Vision One
      • Integrate with Trend Vision One (XDR)
      • Integrate with Trend Vision One Service Gateway
  • FAQs
    • Why does my Windows machine lose network connectivity when I turn on protection?
    • How do I get news about Deep Security?
    • How does agent protection work for Solaris zones?
    • How do I protect AWS GovCloud (US) instances?
    • How do I protect Azure Government instances?
    • How does Deep Security Agent use the Amazon Instance Metadata Service?
    • How can I minimize heartbeat alerts for offline environments in an AWS Elastic Beanstalk environment?
    • Why can't I add my Azure server using the Azure cloud connector?
    • Why can't I view all of the VMs in an Azure subscription in Deep Security?
    • Deep Security coverage of Log4j vulnerability
  • Troubleshooting
    • AWS Marketplace CloudFormation Template
    • Offline agent
    • High CPU usage
    • Diagnose problems with agent deployment (Windows)
    • "Anti-Malware Driver Offline" status with VMware
    • Anti-Malware Windows platform update failed
    • Performance issues on an agentless virtual machine
    • Security update connectivity
    • SQL Server domain authentication problems
    • Prevent MTU-related agent communication issues across Amazon Virtual Private Clouds (VPC)
    • Issues adding your AWS account to Deep Security
    • Create a diagnostic package
    • Increase verbose diagnostic package process memory
    • Removal of older software versions
    • Troubleshoot SELinux alerts
    • Troubleshoot Azure code signing
    • Network Engine Status (Windows OS)
  • PDFs
    • Deep Security Administration Guide
    • Deep Security Best Practice Guide
Close