Introduction and requirements
Overview of the GCP vSensor deployment and requirements, including required access, tooling, and Vectra-provided resources.
Introduction
This document outlines the steps to deploy a Vectra NDR virtual Sensor (vSensor) in a customer’s Google Cloud Platform (GCP) project. The vSensor is deployed using the gcloud command line tool with a template provided by Vectra. The template references a vSensor image that is shared by Vectra with the Compute Image User referenced by the project number.
GCP vSensors can be deployed in configurations that support from 1 to 10 Gbps of network throughput per Sensor. The input to the Sensor can be from GCP native technologies such as Network Security Integration (NSI) or VPC Packet Mirroring but also support any VXLAN-based 3rd party packet broker.
The GCP vSensor can be used in both Respond UX (RUX) and Quadrant UX (QUX) deployments. For more detail on Respond UX vs Quadrant UX please see analyst UX options (Respond vs Quadrant). One of the below guides should be the starting point for your overall Vectra deployment:
Either of the above guides cover the overall deployment and initial platform settings. Please see other guides in the deployment section for guidance for other appliances and products you may want to include in your overall deployment.
General Requirements
User with sufficient permissions in GCP who is available to deploy using the template.
User will need to be able to create a project or have access to a project they can use.
User will need to be able to create VPCs, subnets, firewall rules, VMs, and load balancers.
For traffic direction to the vSensor from GCP VPCs, the user will need to be able to configure NSI or VPC packet mirroring.
Additional details will be shared in the directing traffic to GCP vSensors part of this guide.
It is likely that you may need to coordinate resources between your security and network engineering teams.
Access to gcloud command line tool either via GCP SDK or cloud shell.
Vectra will provide the following information:
Access to Sensor image from Vectra (requires GCP project number).
This can be seen in the GCP console dashboard for your project.
This project number is different than the project ID that is needed to deploy the vSensor image later. The project number is needed so that the image can be shared by Vectra to your project for the deployment.
Access to the deployment template from Vectra.
Once Vectra has the project number and shares the image with your project, a welcome email will be sent that contains a link to the deployment template.
Overall Deployment Steps
Please step though the following pages in this guide to complete the following steps:
After ensuring the general requirements from above are satisfied, you can move on and:
Create or find the SSH key pair to use for the vSensor deployment.
Ensure that communications requirements are in place for Brain/vSensor communication.
Choose a size for the vSensor based on throughput requirements.
Collect additional information that will be required prior to the deployment of the vSensor image.
Generate/retrieve the Sensor Registration Token that will allow the vSensor to pair with your Brain appliance.
In this step you will be deploying the vSensor image in GCP using the gcloud command line tool / infra-manager.
Once deployed, the vSensor must be paired to your Vectra Brain appliance.
Once pairing is complete, you can begin directing traffic to the capture port of your vSensor.
Your Vectra Brain appliance (any type) can be configured to query GCP for host artifacts that will help Vectra's automated HostID to name the hosts observed by your GCP vSensors.
Last updated
Was this helpful?