Launching a Virtual Network Sensor instance on Google Cloud

Procedure

1. Sign in to Google Cloud.
2. In a separate tab, access the Trend Vision One console and go to Network Security → Network Inventory → Virtual Network Sensor.
3. Click Deploy Virtual Network Sensor.
   The Virtual Network Sensor Deployment panel appears.
4. Select Google Cloud for the platform.
5. Set the Admin password and confirm the password.
   The password must contain the following:

   • 12 to 32 characters
   • Both uppercase and lowercase characters
   • At least one number (0-9)
   • At least one special character: ~!`@#$%^&*()/_+=[]{}-\|<>',.?:;" or space

   Note This step is used to set the default admin password to access the Virtual Network Sensor command line interface after deployment.

6. Click Generate Metadata Token.
   The metadata token contains important information for the Virtual Network Sensor including the configured admin password and information that allows the Virtual Network Sensor to connect and on-board with Network Inventory automatically.
7. Click the copy icon () to copy the metadata token.

   Important Trend Vision One does not save your password information or the metadata token. Once you close the deployment panel, the information is discarded and cannot be retrieved. If you lose the password or metadata token, you must generate a new one.

8. Click Go to Google Cloud Marketplace.
   The Google Cloud Marketplace opens in a new tab with the Trend Vision One™ XDR for Networks page displayed.

   If the tab does not open, access the Google Cloud Marketplace from your Google Cloud account and search for Trend Vision One™ XDR for Networks.
9. Click Launch.
   The deployment screen appears with the Terraform tab open.
10. Specify a unique Deployment name.
11. Select the Deployment Service Account.
    1. Choose whether you want to use an existing account or create a new account to deploy the Virtual Network Sensor.

       Important The deployment service account must have the following roles: roles/config.agent roles/compute.admin roles/iam.serviceAccountUser

       If you select Existing account, a list of available Service Accounts which have the required roles appears. Select the Service Account you want to use.
    2. Select Zonal or Regional.
    3. Select the Service Account Location.

       Important The selected location for the Service Account must be the same as the selected Zone in the Machine Type settings.

12. Configure the Machine Type.
    The follow steps detail the configuration Trend Micro recommends. If you wish to use an alternative setup, review the system requirements to ensure adequate system performance.
    1. Select General purpose.
    2. For Series, select N2.
    3. Select the Machine type.
       The Virtual Network Sensor has been tested with the following recommended instance types. For more information, see Virtual Network Sensor system requirements.

       Virtual Network Sensor Sizing Table for Google Cloud

       Throughput (Mbps)	Machine Type	Virtual Disk (GB)
       100	n2-standard-2	50
       500	n2-standard-4	50
       1000	n2-standard-8	50
       2000	n2-standard-8	100
       5000	n2-standard-16	150
       10000	n2-standard-32	200

    4. Select the Zone to deploy the machine.
       This must be the same location you selected for the Service Account.
13. Configure the Boot Disk.
    1. Select the Disk Size according to the sizing table in the previous step.
    2. For Disk Type, select SSD Persistent Disk.
14. Configure the Networking settings.

    Important The Virtual Network Sensor data port and management port must be on separate VPCs. Assigning the ports to the same VPC causes deployment to fail. Additionally, the subnets must have different IP ranges and CIDR address.

    1. Click the first Network interfaces field to edit settings for the data port.
    2. For Network, select the VPC you want to assign to the Virtual Network Sensor data port.
    3. Select the Subnetwork.
    4. Click Done.
    5. Click the second Network interfaces field to edit settings for the management port.
    6. For Network, select the VPC you want to assign to the Virtual Network Sensor management port.
    7. Select the Subnetwork.
    8. For External IP, choose whether you want the management port to have an external facing IP address.

       Important The Virtual Network Sensor uses the management port to connect to Trend Vision One. If you choose not to use an external IP address, you must set up Network Services/Cloud NAT to allow the management port to connect to the internet.

    9. Click Done.
15. Paste the metadata token you copied into the Metadata field.
16. Click Deploy.
    The Virtual Network Sensor begins the deployment process. Deployment may take a few minutes. After deployment successfully finishes, the Virtual Network Sensor automatically connects and registers to Trend Vision One. You can verify the connection by going to Network Security → Network Inventory → Virtual Network Sensor

    After deployment successfully finishes, you must set up traffic mirroring in your Google Cloud environment. You can use your own mirroring solution, or, to follow the steps recommended by Trend Micro, see Configuring traffic mirroring on Google Cloud.