Deploy a GCP server with a cloud account

This topic explains how to deploy an Ubuntu or Debian Google Cloud Platform (GCP) server with systemd using user data and a linked GCP project. You may need to modify this process to fit your specific needs

Creating a cloud server with user data means that the Advanced Server Access server agent is simultaneously installed when you create a server with a cloud provider. Using user data to install software on a new cloud server can be done through any cloud provider. Installing the Advanced Server Access Agent on a cloud server doesn't have to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.

Prerequisites

Google Cloud Platform

Requirement

Description

Google Cloud Platform account A Google Cloud Platform account is needed to access the GCP console, where you create virtual machines for your team.

Advanced Server Access

Requirement

Description

Advanced Server Access team The top-level object that represents an Okta org within Advanced Server Access.
Advanced Server Access project The authorization-scope of your team, organizing your users, groups, and servers.

Create a GCP project

  1. Navigate to the Google Cloud Platform console and sign in to your account.
  2. From the Select a project menu, click New Project.
  3. Create a new name for your project and use the Location field to set its parent organization or folder .
  4. Click Create when you've finished creating your project.
  5. From the dashboard of your new project, copy the Project ID number from the Project Info section and store it in a safe location.

    Note: To locate the project dashboard, use the Select a project field at the top of the console.

Enroll your GCP project in Advanced Server Access

  1. From the Google Cloud Platform console, use the Select a Project dropdown to see a list of your projects.
  2. Locate the ID of your Google Cloud Platform project in the ID column, and save it in a secure location.
  3. Navigate to the Advanced Server Access dashboard and select Projects.
  4. Click the project that you want to link a cloud account to.
  5. Switch to the Enrollment tab.
  6. Click Add Cloud Account.
  7. Select Google Cloud Platform (GCP) as your cloud provider.
  8. Enter your Google Cloud Platform project ID into the Account ID field.
  9. Click Submit to finish enrolling your Google Cloud Platform project.

Create a virtual machine with user data

  1. From the GCP console, select Compute Engine and then VM instances.
  2. If prompted, select your new project from the Select a project dropdown.
  3. Click Create.
  4. Enter a name for your new server and set its region and zone. These values determine where your server is located.
  5. Click Management, security, disks, networking, sole tenancy to expand it.
  6. Enter the following into the Startup Script field:

    #!/bin/bash sudo mkdir -p /var/lib/sftd export DEBIAN_FRONTEND=noninteractive echo "Add a basic sftd configuration" sudo mkdir -p /etc/sft/ sftcfg=$(cat <<EOF --- # CanonicalName: Specifies the name clients should use/see when connecting to this host. CanonicalName: "ubuntu-target" EOF ) echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml echo "Retrieve information about new packages" sudo apt-get update sudo apt-get install -y curl echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file" echo "deb http://pkg.scaleft.com/deb/ linux main" | sudo tee -a /etc/apt/sources.list echo "Trust the repository signing key" curl -C - https://dist.scaleft.com/pki/scaleft_deb_key.asc | sudo apt-key add - echo "Retrieve information about new packages" sudo apt-get update echo "Install sftd" sudo apt-get install scaleft-server-tools

  7. Click Create.

Next steps

Verify server enrollment