Skip to main content

How to Deploy the Footprint Internal Scanner in GCP

Andrew Jonathan
  • Updated

 

If you have virtual disks in your on-premises environment with software and configurations that you need (sometimes referred to as golden disks or golden images), you can save time by importing those virtual disks into Compute Engine and using the resulting image to create virtual machines. The import tool supports most virtual disk file formats, including VMDK and VHD.

Import the VMDK disk to your GCP Storage

Importing virtual disks

You can import your virtual disks using either the Google Cloud Console, the Google Cloud CLI, or the Cloud Build API.

I. Create a Storage Location

  • Browse to GCP > Cloud Storage

  • Click Create Bucket and follow the wizard.

    • Name your bucker. This requires a globally unique name. e.g: example_name_footprint_is-1

    • Choose where to store your data. This is dependant on how many scanners you wish to deploy and how often. For this guide we may pick a single Region: us-east1(South Carolina)

    • Choose a default storage class for your data: Standard or Nearline (as you may not deploy scanners daily)

    • Choose how to access objects: You may restrict data from being accessed from the Internet. The virtual disk itself has no company confidential information so this is purely optional. For the purpose of this guide we will pick Uniform without enforcement of public access prevention on this bucket. If you do intend on storing other information on the same bucket, please restrict access accordingly.

    • Choose how to protect object data: None

    • Click Create

II. Click Upload Files. Pick the image of choice (e.g: IS-Full.vmdk).

Link to the source images may be found here (you need to unzip the file locally first):

VMDK Full Image: https://update.codacloud.net/is/vm/IS-Full.vmdk.zip

VHD Full Image: https://update.codacloud.net/is/vm/IS-Full.vhd.zip

 

III. Creating an Image (Template for all Internal Scanners)

Importing a bootable virtual disk

For bootable disks, you do not need to specify the operating system because the import tool automatically detects the operating system to determine which drivers and packages are required. However, if you need to override the detected operating system, you can specify the --os flag or -os parameter. For a list of supported values, see --os flag.

  1. In the Google Cloud Console, upload the virtual disk file to Cloud Storage (defined in the previous chapter II of this guide).

  2. Go to the Create an image page . Or Compute Engine > Storage > Images

    Go to the Create an image page

  3. Select or Create a project and pick a Name.

  4. Enable Compute Engine API

  5. Select Create an Image

  6. Specify a Name for your image.

  7. Under Source, select Virtual disk (VMDK, VHD,..). Make sure to Enable Cloud Build API

  8. For image import to work, Cloud Build service account must be granted compute.admin and iam.serviceAccountUser roles. Press the Grant button.

  9. Browse to or manually input the storage location for the Cloud Storage file (defined in the previous chapter II).

  10. Select the operating system that is available on the imported disk. You can also make the following changes:

    • You can choose to Install guest packages. Google recommends that you install the guest environment. For more information about the guest environment, see guest environment.

    • Pick the Ubuntu 20.04 Environment. It may also be auto-detected. We are using the BYOL licensing option.

  11. (Optional) Specify additional properties for your image. For example, you can organize this image as part of an image family.

  12. Click Create to import the image.

 

IV. Create the virtual machine

  1. Browse to GCP > Compute Engine > VM Instances

  2. Click Create Instance

  3. Give it a Name

  4. Pick Region and Zone

  5. Select a Machine family “General Purpose” and assign it to E2 Series (e-2-standard-2) or higher. Minimal hardware requirements are: 2 vCPU, 8 GB RAM, 80-100 GB disk.

  6. Make sure to select Boot Disk and click Change in order to add the previously created image and at least 80-100 GB of disk. The image should be found in Custom Images

    7. Make sure to open Firewall port tcp/8080 from your Management Subnet for the Initial Setup of the Internal Scanner.

V. Setup the Internal Scanner

Browse to the public IP of the droplet on port 8080 with protocol HTTP.

Ex: http://<public_ip_address>:8080

Once connected make sure to pick a name for the scanner, add the console URL/FQDN and TOKEN. You can find those in your Footprint Console in Agentless Scan Surface > Setup Scanners

The external IP (public_ip_address) is found in Network interfaces > External IP

Once everything is setup the Internal Scanner should appear as Active in your Agentless Scan Surface > Deployed Scanners.

You can now start scanning!

 

Related articles

Comments

0 comments

Please sign in to leave a comment.