If you have virtual disks in your on-premises environment with software and configurations that you need (sometimes referred to as golden disks or golden images), you can save time by importing those virtual disks into Compute Engine and using the resulting image to create virtual machines. The import tool supports most virtual disk file formats, including VMDK and VHD.
Import the VMDK disk to your GCP Storage
Importing virtual disks
I. Create a Storage Location
Browse to GCP > Cloud Storage
Click Create Bucket and follow the wizard.
Name your bucker. This requires a globally unique name. e.g: example_name_footprint_is-1
Choose where to store your data. This is dependant on how many scanners you wish to deploy and how often. For this guide we may pick a single Region: us-east1(South Carolina)
Choose a default storage class for your data: Standard or Nearline (as you may not deploy scanners daily)
Choose how to access objects: You may restrict data from being accessed from the Internet. The virtual disk itself has no company confidential information so this is purely optional. For the purpose of this guide we will pick Uniform without enforcement of public access prevention on this bucket. If you do intend on storing other information on the same bucket, please restrict access accordingly.
Choose how to protect object data: None
II. Click Upload Files. Pick the image of choice (e.g: IS-Full.vmdk).
Link to the source images may be found here (you need to unzip the file locally first):
VMDK Full Image: https://update.codacloud.net/is/vm/IS-Full.vmdk.zip
VMDK Base Image: https://update.codacloud.net/is/vm/IS-Light.vmdk.zip
VHD Full Image: https://update.codacloud.net/is/vm/IS-Full.vhd.zip
III. Creating an Image (Template for all Internal Scanners)
Importing a bootable virtual disk
For bootable disks, you do not need to specify the operating system because the import tool automatically detects the operating system to determine which drivers and packages are required. However, if you need to override the detected operating system, you can specify the
--os flag or
-os parameter. For a list of supported values, see --os flag.
In the Google Cloud Console, upload the virtual disk file to Cloud Storage (defined in the previous chapter II of this guide).
Go to the Create an image page . Or Compute Engine > Storage > Images
Select or Create a project and pick a Name.
Enable Compute Engine API
Select Create an Image
Specify a Name for your image.
Under Source, select Virtual disk (VMDK, VHD,..). Make sure to Enable Cloud Build API
For image import to work, Cloud Build service account must be granted compute.admin and iam.serviceAccountUser roles. Press the Grant button.
Browse to or manually input the storage location for the Cloud Storage file (defined in the previous chapter II).
Select the operating system that is available on the imported disk. You can also make the following changes:
You can choose to Install guest packages. Google recommends that you install the guest environment. For more information about the guest environment, see guest environment.
Pick the Ubuntu 20.04 Environment. It may also be auto-detected. We are using the BYOL licensing option.
(Optional) Specify additional properties for your image. For example, you can organize this image as part of an image family.
Click Create to import the image.
IV. Create the virtual machine
Browse to GCP > Compute Engine > VM Instances
Click Create Instance
Give it a Name
Pick Region and Zone
Select a Machine family “General Purpose” and assign it to E2 Series (e-2-standard-2) or higher. Minimal hardware requirements are: 2 vCPU, 8 GB RAM, 80-100 GB disk.
Make sure to select Boot Disk and click Change in order to add the previously created image and at least 80-100 GB of disk. The image should be found in Custom Images
7. Make sure to open Firewall port tcp/8080 from your Management Subnet for the Initial Setup of the Internal Scanner.
V. Setup the Internal Scanner
Browse to the public IP of the droplet on port 8080 with protocol HTTP.
Once connected make sure to pick a name for the scanner, add the console URL/FQDN and TOKEN. You can find those in your Footprint Console in Agentless Scan Surface > Setup Scanners
The external IP (public_ip_address) is found in Network interfaces > External IP
Once everything is setup the Internal Scanner should appear as Active in your Agentless Scan Surface > Deployed Scanners.
You can now start scanning!