Connect your Google Cloud Platform (GCP) applications with Zero Trust Secure Access Private Access and prevent unauthorized intrusions.
Private Access Connectors connect your internal applications with Zero Trust Secure Access Private Access, which allows you to control access to sensitive corporate resources. To ensure high availability (HA) and facilitate load-balancing on high traffic apps, install and group together at least 2 connectors in each environment. Before attempting to deploy the Private Access Connector, ensure that your environment meets the minimum system requirements.
The Private Access Connector Virtual Appliance panel appears.
Verify that the file name and extension are: TrendMicroVisionOne-PrivateAccessConnector.ova
The Registration token is only valid for 7 days. If the token expires, you must start again.
Skip this step if you have already set up the Cloud SDK.
The steps contained in these instructions were valid as of July 2022.
Skip this step if you have a bucket that meets the following requirements under the project.
The region of the bucket is the same as that to be used for deploying the Private Access Connector.
The available space of the bucket is greater than the size of the OVA file to be uploaded.
The bucket management screen appears.
Make sure that the region of the bucket is the same as that to be used for deploying the Private Access Connector.
The new bucket appears on the bucket management screen.
The Bucket details screen appears.
The uploaded OVA file appears in the bucket file list.
gcloud config list
(Optional) Run the following commands to change the project and region if necessary.
gcloud config set project <project_of_the_bucket>
gcloud config set compute/region <region_of_the_bucket>
gcloud compute images import <imageName> --source-file "gs://<bucketName>/<ovaFileName>" --network <networkName>
<imageName>: Name of the image in Cloud Compute after the OVA file is imported
<bucketName>: Name of the bucket that stores the OVA file
<ovaFileName>: Name of the OVA file to be imported
<networkName>: Name of the network in the current project to use for the image import
If there is no network available under the current project, you need to create one. For more information, see the Google Virtual Private Cloud (VPC) documentation.
The import may take about two hours. Do not close the gcloud CLI during the import.
When the import is completed, a "Finished making disk bootable" message appears. You can also search for Images on the GCP and find the image in the image list.
gcloud compute instances create <instanceName> --image-project <projectName> --image <imageName> --network <networkName>
<instanceName>: Name of the VM to be created
<projectName>: Name of the project under which the VM is to be created
<imageName>: Name of the image used to create the VM
<networkName>: Name of the network where the VM runs after it is created
The creation takes about one minute. After the VM is created, you can search for VM instances on the GCP and find the new VM.
gcloud compute ssh admin@<instance_name_of_the_Connector_VM>
This command automatically creates a key pair, uploads the public key file to the VM, saves the private key file to your local machine, and uses the private key file for authentication. You do not need to specify the private key file in the command.
The admin user and privileged mode share the same password.
The command prompt changes from > to #.
configure timezone <timezone>
The default time zone is America/Los_Angeles.
The Private Access Connector requires connectivity to an NTP server to synchronize its clock. By default, Trend Micro Vision One uses the public NTP server 0.pool.ntp.org. You can also configure the Private Access Connector to connect to another public NTP server or a local NTP server within your organization.
Run the following command to configure the NTP server: configure ntp server <address>
To use public NTP servers, make sure that your firewall configuration allows outbound UDP traffic on port 123.
You can obtain the token from the same screen you downloaded the virtual appliance on Trend Micro Vision One.
For more information on available commands, see Private Access Connector CLI Commands.
After successful deployment, the Private Access Connector virtual appliance appears under the corresponding connector group on the Private Access Connectors tab.