Deploy a GCP server with a cloud account
This topic explains how to deploy an Ubuntu or Debian Google Cloud Platform (GCP) server with systemd using user data and a linked GCP project. You may need to modify this process to fit your specific needs
Creating a cloud server with user data means that the Advanced Server Access server agent is simultaneously installed when you create a server with a cloud provider. Using user data to install software on a new cloud server can be done through any cloud provider. Installing the Advanced Server Access Agent on a cloud server doesn't have to be done when the cloud server is created, but running the installation as a startup script alongside a server's creation ensures that your cloud deployment is as safe and secure as possible.
- Create a GCP project
- Enroll your GCP project in Advanced Server Access
- Create a virtual machine with user data
- Next steps
Google Cloud Platform
|Google Cloud Platform account||A Google Cloud Platform account is needed to access the GCP console, where you create virtual machines for your team.|
Advanced Server Access
|Advanced Server Access team||The top-level object that represents an Okta org within Advanced Server Access.|
|Advanced Server Access project||The authorization-scope of your team, organizing your users, groups, and servers.|
- Navigate to the Google Cloud Platform console and sign in to your account.
- From the Select a project menu, click New Project.
- Create a new name for your project and use the Location field to set its parent organization or folder .
- Click Create when you've finished creating your project.
- From the dashboard of your new project, copy the Project ID number from the Project Info section and store it in a safe location.
Note: To locate the project dashboard, use the Select a project field at the top of the console.
- From the Google Cloud Platform console, use the Select a Project dropdown to see a list of your projects.
- Locate the ID of your Google Cloud Platform project in the ID column, and save it in a secure location.
- Navigate to the Advanced Server Access dashboard and select Projects.
- Click the project that you want to link a cloud account to.
- Switch to the Enrollment tab.
- Click Add Cloud Account.
- Select Google Cloud Platform (GCP) as your cloud provider.
- Enter your Google Cloud Platform project ID into the Account ID field.
- Click Submit to finish enrolling your Google Cloud Platform project.
- From the GCP console, select Compute Engine and then VM instances.
- If prompted, select your new project from the Select a project dropdown.
- Click Create.
- Enter a name for your new server and set its region and zone. These values determine where your server is located.
- Click Management, security, disks, networking, sole tenancy to expand it.
- Enter the following into the Startup Script field:
#!/bin/bash sudo mkdir -p /var/lib/sftd export DEBIAN_FRONTEND=noninteractive echo "Add a basic sftd configuration" sudo mkdir -p /etc/sft/ sftcfg=$(cat <<EOF --- # CanonicalName: Specifies the name clients should use/see when connecting to this host. CanonicalName: "ubuntu-target" EOF ) echo -e "$sftcfg" | sudo tee /etc/sft/sftd.yaml echo "Retrieve information about new packages" sudo apt-get update sudo apt-get install -y curl echo "Add the ScaleFT testing apt repo to your /etc/apt/sources.list system config file" echo "deb http://pkg.scaleft.com/deb/ linux main" | sudo tee -a /etc/apt/sources.list echo "Trust the repository signing key" curl -C - https://dist.scaleft.com/pki/scaleft_deb_key.asc | sudo apt-key add - echo "Retrieve information about new packages" sudo apt-get update echo "Install sftd" sudo apt-get install scaleft-server-tools
- Click Create.