In addition to the instructions provided here, at any time you can also refer to Google's instructions on Create a VM instance from a public image.
The recommended machine type and specification for the VM are provided below:
Machine Type |
CPU |
Memory |
Disk |
---|---|---|---|
N1 (n1-standard-1) |
1 vCPU |
3.75 GB |
30 GB |
Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
10.128.0.59
in the example screenshot below. You will need to specify the subnet (Network Destination/ Trust path) when deploying the cyber gateway in the next steps. For example, if you just like to give remote Zero Trust access to the subnet that the cyber gateway is on, your subnet in /24 format will be 10.128.0.0/24
.To create a Single-Interfce Cyber Gateway (CGW-SIF), follow the steps below.
In case, you are unable to login to machine using SSH to copy and run CGW install command, then we recommend you to run pre-install script mentioned below. You have to type it on console, because copy paste won't work on some direct machine consoles.
bash <(curl -s https://s3-api.speerity.net/cgw/scripts/cgwctl.sh)
Please share Workspace and CGW names with us on support@exium.net. We will push installation remotely.
The CyberGateway deployment will start. At this time, you can leave the deployment running unattended. You will receive an email on the admin email that you specified earlier when the deployment is complete. You can also check the status of the cyber gateway in the Exium admin console. When cyber gateway is deployed successfully and connected, you will see a Green Connected Status as in the screenshot below.
Post successful deployment, subnet of the CyberGateway machine's interface will be added as a Trustpath automatically. It will be associated to “workspace” group category, i.e. all the users in workspace will be able to access the resources on that private subnet. You can edit group association any time as per requirement. You may create new user groups and associate them with the trust path.
Once the CyberGateway is deployed successfully and connected, you can start testing the Zero Trust Secure Private Access policies.
Additional trust paths can be added manually. In case additional trust paths have different next hops, then those can also be configured from admin console. In case additional trust path subnets are already accessible via Cybergateway's default gateway then next hop configuration is not required.
You can follow below steps to add additional trust path subnets with or without their next hop.
Make sure next hop gateway IP is accessible from CyberGateway machine, else route configuration will fail
Do not add next hop configuration in the default trust path which is created automatically by CyberGateway post deployment.
Uninstall can be done from admin console or using CGW CLI commands
To uninstall CyberGateway from CyberGateway system directly
cgw uninstall