Installing DSG on GCP
This section describes the process for launching a Data Security Gateway (DSG) instance on Google Cloud Platform (GCP).
GCP is a set of cloud computing services provided by Google, and offers services, such as compute, storage, and networking.
Prerequisites
This section describes the prerequisites for launching the DSG on GCP. It also includes the information for the audience and the network prerequisites for the DSG.
Ensure that the following prerequisites are met before launching the DSG on GCP:
Ensure that an ESA v10.1.x is installed.
For more information about installing the ESA v10.1.x, refer to the sections Installing Appliance On-Premise and Installing Appliances on Cloud Platforms.
Ensure that Policy Management (PIM) has been initialized on the ESA. The initialization of PIM ensures that cryptographic keys for protecting data and the policy repository have been created.
For more information about initializing the PIM, refer to section Initializing the Policy Management.Ensure that the FIPS mode is disabled on the ESA.
Ensure that Analytics component is initialized on the ESA. The initialization of Analytics component is required for displaying the Audit Store information on Audit Store Dashboards.
For more information about initializing Analytics, refer Initializing Analytics on the ESA.A GCP account is available with the following information:
- Login URL for the GCP account
- Authentication credentials for the GCP account
Audience
This section contains information for stakeholders who are interested in deploying a DSG instance on GCP.
It is recommended that you understand and use the Google Cloud Platform before proceeding further.
For more information about the Google Cloud Platform, refer to the https://cloud.google.com/docs.
Hardware Requirements
This section describes the hardware and software requirements for the DSG.
As the DSG is hosted and run on GCP, the hardware requirements are dependent on the configurations provided by Google.
The following list describes the minimum required configuration for launching the DSG image on the GCP:
- CPU: 4 Cores
- RAM: 16 GB
- Disk Size: 64 GB
- Network Interfaces: 2
The hardware configuration required might vary based on the actual usage or amount of data and logs expected.
Network Requirements
his section explains the network requirements for the DSG on GCP.
It is recommended that the DSG on GCP must be installed in the GCP Virtual Private Cloud (VPC) networking environment.
For more information about the GCP Virtual Private Cloud, refer to the documentation at: https://cloud.google.com/vpc/docs
Ensure that two Network Interface Cards (NICs) are added during the DSG instance creation on GCP.
For more information about the network interface requirements, refer to the section Network Planning.
The Data Security Gateway must be configured with the following two network interfaces:
- Management Interface - This interface is used for communication between the ESA and the DSG, and accessing the DSG Web UI.
- Service Interface - This interface is used for handling the network traffic traversing through the DSG.
Installing the DSG on GCP
This section provides information for the steps required to launch and install the Data Security Gateway (DSG) instance from an image provided by Protegrity.
Ensure that the installation order provided in the table is followed.
| Order of installation | Description | Affected Appliance | Reference |
|---|---|---|---|
| 1 | Create and launch the DSG instance. | DSG | Creating a VM Instance from an Image |
| 2 | Finalize the DSG Installation. | DSG | Finalize the DSG Installation |
| 3 | Configure the Default Gateway for the Management NIC using the DSG CLI Manager. | DSG | Configuring Default Gateway for Management NIC (ethMNG) using the DSG CLI Manager |
| 4 | Configure the Default Gateway for the Service NIC using the DSG CLI Manager. | DSG | Configuring Default Gateway for Service NIC (ethSRV0) using the DSG CLI Manager |
| 5 | Create a Trusted Appliance Cluster (TAC) on the DSG | DSG | Create a TAC on DSG |
| 6 | Update the host details of ESA on DSG. If the DNS and name server is properply configured then this step is optional. | DSG | Updating the host details |
| 7 | Create a Trusted Appliance Cluster (TAC) on the ESA | ESA | Create a TAC on ESA |
| 8 | Update the host details of DSG on ESA. If the DNS and name server is properply configured then this step is optional. | ESA | Updating the host details |
| 9 | Note the FQDN or the IP address of the ESA node. | ESA | Ascertaining the host address in the ESA server certificate |
| 10 | Set ESA communication between the DSGs and ESA. | DSG | Set communication |
| 11 | Note the FQDN or the IP address of the DSG node. | DSG | Ascertaining the host address in the DSG server certificate |
| 12 | Apply the DSG v3.3.0.0 patch (ESA_PAP-ALL-64_x86-64_10.0.1.xxxx-DSGUP.pty) on the ESA v10.0.x. Before applying a patch on the ESA, it is recommended to take a full OS backup from the ESA Web UI. For more information about taking a full OS backup from the ESA Web UI, refer Backing up the Appliance OS. | ESA | Installing the DSG patch on ESA |
| 13 | Optional: Add the other DSG nodes to the existing Trusted Appliance Cluster from the Cluster tab. | DSG | Adding a DSG node |
| 14 | Optional: Add the other ESA nodes to the existing Trusted Appliance Cluster from the TAC screen. | ESA | Adding a ESA node |
| 15 | Perform the post-installation steps. | ESA | Post Installation Steps |
| 16 | Enable Scheduled Tasks on Insight | ESA | Enabling Scheduled Tasks on Insight |
| 17 | Configure the DSG to forward the logs to Insight on the ESA. | DSG | Forwarding Logs to Insight |
Feedback
Was this page helpful?