Configuring CM on Google Cloud Platform (GCP)

To configure the CipherTrust Manager on Google Cloud Platform (GCP):

1. Setup the Google Cloud SDK

2. Initialize The Google Cloud Project and Select Region

3. Access and Install the CipherTrust Manager Image

Setup the Google Cloud SDK

To setup the Google Cloud SDK, refer to the Google Documentation.

Initialize The Google Cloud SDK and Select Region

Refer the following Google documentation:

• To initialize the Google Cloud SDK

• To Select Region

Access and Install the CipherTrust Manager Image

Upon successful completion of the purchase order, you will receive an email from Thales. Select Accept this invitation to get access privileges to the Google image

Ensure that you have appropriate permissions to access the disk image. You can view the image(s) using the following gsutil command:

gsutil ls gs://kylo-images

Output:

gs://kylo-images/k170v-2369-20181008172807.tar.gz
gs://kylo-images/k170v-2411-20181031022613.tar.gz

You can also check the version mapping vs packages names using the following command:

gsutil cat gs://kylo-images/readme.txt

Output:

This folder contains k170v images for import into Google Cloud Platform.
This images can be imported into an account with the following command:
gcloud compute images create <image name> --source-uri <source uri>
Example: gcloud compute images create <image name> --source-uri gs://kylo-images/k170v-4281-
20200227163646.tar.gz
1.6.0: gs://kylo-images/k170v-2689-20190305130140.tar.gz
1.7.0: gs://kylo-images/k170v-3137-20190604023249.tar.gz
1.8.0: gs://kylo-images/k170v-3506-20190927033321.tar.gz
1.9.1: gs://kylo-images/k170v-4281-20200227163646.tar.gz
1.10.0: gs://kylo-images/k170v-4610-20200619081338.tar.gz
2.0.0: gs://kylo-images/k170v-4933-20200909123423.tar.gz
2.1.0: gs://kylo-images/k170v-5170-20201118110327.tar.gz

To create an image, run the following gcloud command:

gcloud compute images create <image name> --source-uri <source uri>

Example:

C:\Users\username\AppData\Local\Google\Cloud SDK>gcloud compute images create k170v-1-9-1 --source-uri
gs://kylo-images/k170v-4281-20200227163646.tar.gz

or (for CipherTrust Manager image here)

C:\Users\username\AppData\Local\Google\Cloud SDK>gcloud compute images create CPHERTRUST-MANAGER
--source-uri gs://kylo-images/k170v-5170-20201118110327.tar.gz

Generate the CipherTrust Manager Image

To generate the CipherTrust Manager image:

1. In the GCP UI, go to Compute Engine > Images.

2. Under IMAGES menu, select the CipherTrust (k170v) image.

   Note

   Version number associated with the image may change.

3. Under CREATE INSTANCE menu, select New VM Instance and setup the machine configuration.

   Thales recommends the following minimum system requirements:

   • Boot Disk: 1 volume, minimum size: 30 GB for evaluation and 135 GB for production

   • Memory: 16 GB

   • vCPUs: 2

   • NICs: 1

4. Create an SSH Key via PuTTyGen Key Generator. SSH Key allows access to CipherTrust (K170v) CLI via SSH.

5. Save the SSH Key, Private, and Public key in a secure location.

6. Copy the output from the Public Key generated via PuTTyGen Key Generator, and paste it under SSH Keys in GCP.

7. Click Create.

Your CipherTrust Manager (k170v image) is now generated in the designated region.

For clustering, please follow all the above steps to generate a second instance. Further, to create a cluster and add both the instances (nodes) into it, refer to the CipherTrust Manager Documentation.

After configuring CipherTrust Manager on GCP, you need to enable vSAN encryption. For more details, refer to Enabling vSAN Encryption.