Provision and launch Cloud Connectors and Virtual Edge Nodes with Google Cloud Platform (GCP)

This article describes how to provision and launch Cloud Connectors (formerly Virtual iNodes) and Virtual Edge Nodes (formerly Virtual Edge iNodes) on Google Cloud Platform (GCP).

Provisioning and launching Cloud Connectors with GCP

This section describes how to provision and launch a Cloud Connector with GCP.

Provision a Cloud Connector with GCP

To provision a Cloud Connector with GCP:

1. In the Secure Edge Portal left menu, select the plus icon (+) > Add Node.
2. Enter a name for the Cloud Connector.
3. Optionally, add any custom labels. (For more on labels, see Using labels.)
4. Select the Cloud Connector profile.
5. Download the security credentials required for launching the Cloud Connector by selecting the Google Cloud logo. You will only be able to download this file once. These credentials are crucial for secure deployment, so save the downloaded file in a secure location and don't share it.
   Important

   The security credentials file is only available for download once. It contains critical security information needed for the Cloud Connector. Ensure this file is stored securely and deleted after the Cloud Connector is successfully created.

   

6. Enter the address and then select Add Node.

Launch a Cloud Connector with GCP

1. Log in to the Google Cloud console using your GCP credentials.
2. Use the following link to download the image: https://storage.googleapis.com/nodeos-image-sharing/latest/nodeos_production_gce_image.bin.tar.gz
3. In the Google Cloud console, go to Cloud Storage > Buckets > Create a Bucket.
   
4. Go to the folder created in the previous step and select Upload to upload the image files. 
5. Use the following Cloud Shell command to create the image. You’ll need to provide an additional command parameter in the image creation command, as shown below:
   Shell

   gcloud compute images create <image-name>     --source-uri=gs:<location of the gz file>      --guest-os-features MULTI_IP_SUBNET

   
   Example:
   gcloud compute images create a3186-0-0-multi      --source-uri=gs://inodeimage/nodeos_production_gce_image.bin.tar.gz      --guest-os-features MULTI_IP_SUBNET
6. Once image creation is completed, go to Compute Engine and select VM instances.
   
7. In the VM instances page, select CREATE INSTANCE.
   
8. On the Create an instance page, select New VM instance and enter an instance name.
9. Under Machine configuration, in the Machine type field select e2-medium or higher. The minimum requirement is e2-medium.
   
10. Expand the OS and storage section, and under Operating system and storage, select Change.
    
11. Select the CUSTOM IMAGES tab, and in the Image dropdown field, select the image you created previously. Then click SELECT.
    
12. In the Firewall section, select both Allow HTTP traffic and Allow HTTPS traffic. And in the Network section, enable IP forwarding.
    
13. In the Management section, under Metadata, select ADD ITEM and enter the following data:
    • Key: user-data
    • Value: (Copy the full content of the security credentials file downloaded during provisioning and paste into this text box.)
      
14. Select Create.

15. When the Cloud Connector has successfully launched, you'll see its status as ALIVE in Secure Edge Portal.

Provisioning and launching Virtual Edge Nodes on GCP

This section describes how to provision and launch a Virtual Edge Node on GCP.

Provision a Virtual Edge Node on GCP

Before you start, make sure you have an SSH public key to use for access authentication of the Edge Node console. For details, see Managing SSH key authentication for a node.

Add a Virtual Edge Node

To add a new GCP Virtual Edge Node:

1. In the Secure Edge Portal left menu, select the plus icon (+) > Add Node.
2. Enter a name for the Virtual Edge Node.
3. Optionally, add any custom labels. (For more on labels, see Using labels.)
4. Select the Virtual Edge profile.
5. For SSH Key, select the name of the SSH public key for console access to the Virtual Edge Node.
6. Download the security credentials required for launching the Virtual Edge Node by selecting the Google Cloud logo. You will only be able to download this file once. These credentials are crucial for secure deployment, so save the downloaded file in a secure location and don't share it.
   Important

   The security credentials file is only available for download once. It contains critical security information needed for the Virtual Edge Node. Ensure this file is stored securely and deleted after the Virtual Edge Node is successfully created.

   

7. Enter the address and then select Add Node.

Configure the local network

Use the following steps to configure the local network, which is the network that the Virtual Edge Node will protect:

1. In the Secure Edge Portal, select the name of the new Virtual Edge Node to open the node details page.
   
2. Select the plus icon (+) to display the Add Network page.
3. Enter the network name and specify any custom labels (optional). (For more information, see Using Labels.)
   
4. The Network Addressing field is set to Static. Manually configure static IP addresses for the hosts in this network.
5. Specify the network's CIDR in the Network CIDR field.
6. Specify a range of IP addresses (at least one) for internal use, ensuring they are within the same subnet as the local network's CIDR.
   • You can configure a default gateway in your local network. If you don't specify a default gateway, the Start IP Address in the Internal IP Reserved Address Range is assumed to be the default gateway.
   • You may have the option of configuring Virtual LANs (VLANs).
   • Any traffic from the local network with a destination outside the local network (for example, traffic going to the internet or LAN) is sent to the default destination. You can set the Default Destination to one of the following:
     • None (default): Drops the traffic.
     • Specify IP Address: Sends the traffic to the IP address of a gateway in the local network that you specify.
     • WAN Network: Sends the traffic through the node's uplink.
7. Select Save.

Set up addressing for services

If you aren't planning to run services on this network, skip this step.

By default, the Virtual Edge Node dynamically assigns IP addresses to services on the network from the Internal Reserved IP Address Range you specified. If you’re using the default, make sure you’ve reserved enough IP addresses. You need at least one more than the number of services you plan to run.

To configure the services manually with static IP addresses:

1. Select the Services expansion panel and set Service Addressing to Static.
   
2. Select Save.

Create static routes for a Virtual Edge Node

Static routes allow you to:

• Direct traffic from services running on the Virtual Edge Node to reach specific routed network segments
• Enable hosts in the local network to reach specific networks in your LAN or the internet

To create static routes for a Virtual Edge Node:

1. In the Static Routes expansion panel, select Addto create a new static route. You can configure up to 64 static routes per network.
   Note

   If you set Default Destination to any value other than None, it will count as a static route.

   

2. In the Destination Network CIDR field, specify the CIDR of the destination network.
3. In the Via field, select where to send the traffic. You have two options:
   • Specify IP Address: Sends the traffic to the IP address of a gateway in the local network that you specify.
   • WAN Network: Sends the traffic through the node's uplink to an external network.
     
4. Select Save.

Launch Virtual Edge Nodes on GCP

To launch a Virtual Edge Node on GCP:

1. Log in to the Google Cloud console using your GCP credentials.
2. Use the following link to download the image:
   https://storage.googleapis.com/nodeos-image-sharing/latest/nodeos_production_gce_image.bin.tar.gz
3. In the Google Cloud console, go to Cloud Storage > Buckets > Create a Bucket.
   
4. Go to the folder created in the previous step and select Upload to upload the image files. 
5. Use the following Cloud Shell command to create the image. You’ll need to provide an additional command parameter in the image creation command, as shown below:
   ShellShell

   gcloud compute images create <image-name>     --source-uri=gs:<location of the gz file>      --guest-os-features MULTI_IP_SUBNET

   
   Example:
   gcloud compute images create a3186-0-0-multi      --source-uri=gs://inodeimage/nodeos_production_gce_image.bin.tar.gz      --guest-os-features MULTI_IP_SUBNET
6. Once image creation is completed, go to Compute Engine and select VM instances.
   
7. In the VM instances page, select CREATE INSTANCE.
   
8. On the Create an instance page, select New VM instance and enter an instance name.
9. Under Machine configuration, in the Machine type field select e2-medium or higher. The minimum requirement is e2-medium.
   
10. Expand the OS and storage section, and under Operating system and storage, select Change.
    
11. Select the CUSTOM IMAGES tab, and in the Image dropdown field, select the image you created previously. Then click SELECT.
    
12. In the Firewall section, select both Allow HTTP traffic and Allow HTTPS traffic. And in the Network section, enable IP forwarding.
    
    
13. Add two network interfaces with different subnets. The first interface subnet (subnet1) should be public. The second interface subnet (subnet2) can be private or public.
14. In the Management section, under Metadata, select ADD ITEM and enter the following data:
    • Key: user-data
    • Value: (Copy the full content of the security credentials file downloaded during provisioning and paste into this text box.)
      
15. Select Create.

When the instance has successfully launched, you'll see its status as ALIVE in Secure Edge Portal.