Guides
ProductDeveloperPartnerPersonal
Guides

Deploy VAs in Google Cloud Platform

👍

An Umbrella site requires two Virtual Appliances (VAs). It is critical that these VAs are not cloned or copied in any way. Each VA must be set up and configured manually.

Table of Contents

Prerequisites

  • Full Admin user role. For more information, see Manage Accounts.
  • For information about the requirements for deploying Umbrella VAs, see Prerequisites.
  • If you are using the VA on Google Cloud Platform (GCP) as a DNS server for your on-premise endpoints, then DNS traffic from these endpoints should not traverse through a Network Address Translation (NAT) device en route to the VA. The VA should receive DNS packets with the source IP as the internal IP of the endpoints. A Google Cloud Interconnect or dedicated MPLS or site-to-site VPN connection from your on-premise environment to GCP meets this requirement.
  • A Linux system with the qemu-utils package installed, on which you can run qemu-img and tar commands.
  • Only VAs running version 2.6 or above can be deployed in GCP.

(Optional) Configure Authentication for the Virtual Appliances

Procedure

  1. Prepare the Virtual Appliance Instance Template on GCP. This is a one time task.
  2. Launch the virtual appliance on GCP. Perform this task for each VA after you have performed the one-time task of preparing the VA image.

Prepare the Virtual Appliance Instance Template on GCP

Download the software package for the Umbrella Virtual Appliance.

When you download the software package for the VA and if you did not configure API key credentials for your AD Connectors and VAs, Umbrella displays a warning message. We recommend that you configure API keys for your AD Connectors and Umbrella VAs. For more information, see Configure Authentication for Virtual Appliances.

Note: This is a one-time task to create an Instance Template that can be used to launch multiple VAs in GCP.

a. Navigate to Deployments > Configuration > Sites and Active Directory and click Download.

1093

b. Click Download for VA for Hyper-V.

574

Umbrella generates and downloads a .tar file unique to your deployment.  
This .tar file includes:   

  • .zip file containing the virtual hard disks that need to be deployed on Google Cloud Platform
  • Signature file   
  • Cisco public certificate to validate the signature   
  • README file   

c. Extract the contents of the tar file using the command tar –xvf . 
To verify the integrity of the downloaded file, validate the signature by following the instructions provided in the readme file. When successful, you see a message saying “Verified OK".

d. Extract the .zip file. The .zip file contains two folders—Virtual Hard Disks and Virtual Machines—and a config file.

640

e. Use the qemu-img convert commands to convert each of the VHD files to RAW format and resize them to a multiple of 1 GB.

qemu-img convert -f vpc -O raw forwarder-va.vhd forwarder-va.raw
qemu-img resize forwarder-va.raw -f raw 7G
qemu-img convert -f raw -O raw dynamic.vhd dynamic.raw
qemu-img resize dynamic.raw -f raw 1G

f. Tar each raw file.
Note: GCP requires that each file be renamed as disk.raw before you tar it. GCP also requires tar to use the oldgnu format.

mv forwarder-va.raw disk.raw
tar --format=oldgnu -Sczf forwarder-va.tar.gz disk.raw
mv disk.raw forwarder-va.raw
mv dynamic.raw disk.raw
tar --format=oldgnu -Sczf dynamic.tar.gz disk.raw
mv disk.raw dynamic.raw

g. Create a bucket in GCP Storage Engine or use an existing bucket and then upload both the forwarder-va.tar.gz and dynamic.tar.gz files to this bucket.

623

h. Create two images in Google Compute Engine: one with source as the forwarder-va.tar.gz file and the other with source as the dynamic.tar.gz file.
Each image is created with roughly the same size as its respective .tar.gz file (7 GB or 1 GB).

625 623

i. Create an Instance Template in the Google Compute Engine using the forwarder image as the boot image and the dynamic image attached as a data disk.
Choose a machine type with at least 1 vCPU and 1 GB memory.
To select the ‘forwarder’ image as the boot disk, choose Change on the boot disk, and then choose the forwarder image from the Custom Images category.
Note: Do not click Create.

622

j. Click Disks, Add new disk to attach the dynamic disk to the instance template.
You must create a new disk with the source as the ‘dynamic’ image you created earlier. Failure to do so results in your VA not registering with Umbrella.
Note: Google Cloud does not allow you to create a disk of size less than 10 GB from the dynamic image.

575

k. After you add the new disk created from the dynamic image, you can click Create to create the VA Instance template.

l. Once the VA Instance template is created, use this image to launch multiple VAs. For more information, see Step 2. Launch the Virtual Appliance on Google Cloud Platform.

Launch the Virtual Appliance on Google Cloud Platform

Note: Before performing this task, you must complete the one-time task of preparing the VA instance template.

a. Create VA instances based on the template.
The VA automatically pulls a DHCP IP and register to Umbrella with this IP address.
Note: Specifying a public IP address for the VA is a security risk and is not a supported configuration.

629

b. In Umbrella, navigate to Deployments > Configuration > Sites and Active Directory.
You should see the VA listed here with the dynamic IP address as its name. You can now configure the VA. For information about configuring VAs, see Configure Virtual Appliances.


Deploy VAs in Amazon Web Services < Deploy VAs in Google Cloud Platform > Deploy VAs in KVM