Views:
Read this page if you want to protect existing Google Cloud Platform (GCP) VM instances with Server & Workload Protection.
To protect your existing GCP VMs:
  1. Add a GCP service account to the Server & Workload Protection console. For instructions, see Add a Google Cloud Platform account.
  2. Configure agent-initiated activation (AIA). For instructions, see Activate and protect agents using agent-initiated activation and communication.
  3. Open ports so that Server & Workload Protection components can access your GCP VMs and the GCP API. For information on which ports to open, see Server & Workload Protection Port numbers. For instructions on how to open ports, see this GCP webpage.
  4. Deploy agents to your GCP VMs. You must use agent version 12 or later. To deploy agents, you have two options:
    Option
    Use if...
    Instructions
    Option 1:
    Use a deployment script to install, activate, and assign a policy to the agent
    You need to deploy many agents to your GCP VMs.
    See Use deployment scripts to add and protect computers for instructions.
    Option 2:
    Manually install and activate the agent
    You only need to deploy a few agents.
    1. Obtain the agent software, copy it to the GCPVM, and then install it. For details, see Get agent software.
    2. Activate the agent. You can do so on the agent or on the Server & Workload Protection console. For details, see Activate the agent.
  5. Verify that the agent was installed and activated properly:
    1. Log in to the Server & Workload Protection console.
    2. Click Computers at the top.
    3. On the navigation pane on the left, make sure your GCP VM appears under Computers your_GCP_service_account your_GCP_project.
    4. In the main pane, make sure your GCP VMs appear with a Status of Managed (Online) and a green dot next to them.
  6. Assign a policy if you installed and activated the agent manually. For instructions, see Assign a policy to a computer. Assigning the policy sends the necessary protection modules to the agent so that your computer is protected.
    Note
    Note
    Skip the policy assignment step if you ran a deployment script to install and activate the agent. The script already assigned a policy so no further action is required.
After assigning a policy, your GCP VM is now protected.