Skip to content

Deploying the barac collector into the Google cloud platform

Deploying the barac collector into the Google cloud platform

You are here:
  • Main
  • Integration
  • Deploying the barac collector into the Google cloud platform
< All Topics
Table of Contents

Step 1: Create a barac-collector image on the GCP

Importing the Collector disk into a GCP bucket

  • Before uploading the Barac collector .vmdk disk we need to create a bucket. 
  • Click “Storage” as below:
A screenshot of a cell phone

Description generated with very high confidence
  • Then click “Create bucket”
A screenshot of a social media post

Description generated with very high confidence
  • When creating the bucket you will need to specify: 
    • The name of the Bucket 
    • The region 
    • The control Access
    • The storage class 
    • Optionally ( Encryption , Labels … ) 
A screenshot of a cell phone

Description generated with very high confidence
  • Once the Bucket is created, we move to import  the Collector disk into it.
A screenshot of a social media post

Description generated with very high confidence
  • There are many different methods to import the correct files into the bucket
  • First we can use the normal method:
    • Click “upload file” and select the .vmdk file
A screenshot of a cell phone

Description generated with very high confidence
  • The second method is using Transfer Job:
    • This method allows us to import files from Amazon S3 service to Google Cloud Storage.
    • Click “Create Transfer Job”
A screenshot of a cell phone

Description generated with very high confidence
  • To create the Transfer Job you must first configure the source of the transfer:
    • Make sure you select “Amazon S3 Bucket”.
    • Then you need to type the name of the S3 bucket.
    • Also you must enter the “Access key ID” and “Secret access key ” corresponding to the amazon account who own the bucket. 
    • Click “Continue”. 
A screenshot of a cell phone

Description generated with very high confidence
  • Secondly you must configure the destination of the transfer:
    • Browse the  bucket of the Google Cloud Platform which will receive the files
    • Click “Continue”.
A screenshot of a cell phone

Description generated with very high confidence
  • The process will take few minutes . Make sure the status is “completed” 
A screenshot of a cell phone

Description generated with very high confidence

Create a custom image of the collector for the Google Cloud Platform

  • Now the collector disk is available in the bucket. The next step is to Create a custom image of the collector for the Google Cloud Platform. For this task we  should follow the next steps: 
    • Click “create image”
A screenshot of a cell phone

Description generated with very high confidence
  • The source of the custom GCP image will be the VMDK file of the Barac collector 
    • Moreover we need to specify the OS of the image which is CentOS 7 for the Barac Collector. 
A screenshot of a cell phone

Description generated with very high confidence
  • The the VMDK file is available in the GCP bucket so use the “browse” button to find the folder of the bucket who contains the VMDK file 
A screenshot of a cell phone

Description generated with very high confidence
  • Select the File. Click “Select” then Click ” Create ” to start the process of creating a new custom image for GCP
A screenshot of a cell phone

Description generated with very high confidence
  • Below is an image of the new custom image being created
A screenshot of a social media post

Description generated with very high confidence
  • When the creation is successful you should be presented with this screen

Step 2: Share and implement Barac collector GCP Image

  • To lunch the Barac collector instance in the customer VPC the following steps should be taken:
    • On the Customer Side thecustomer will need to provide: 
      • The GCP Account Gmail 
      • The availability zone 
    • On Barac’s side:
      • In the Google Cloud Console, go to the Images page.
      • Select the image that you want to share with other users and click “show info panel”.
A screenshot of a cell phone

Description generated with very high confidence
  • On the right, in the Permissions panel, click Add members.
A screenshot of a cell phone

Description generated with very high confidence
  • Enter the email address of the identity you want to share the image with. Must be of the form user|group|serviceAccount:email or domain:domain. For example:
    • user:test-user@gmail.com
    • group:admins@example.com
    • serviceAccount:test123@example.domain.com
    • domain:example.domain.com
A screenshot of a cell phone

Description generated with very high confidence
  • In the Role list, point to Compute Engine and select Image User or Storage Admin, or select a custom role.
  • Save your changes.

Step 3: Creating an instance template

  • Instance templates are useful for auto scaling. By configuring the barac Collector image as an instance template it allows us to use it with instance groups later. This will be done by following the next steps:
    • Click “Create instance template” 
A screenshot of a social media post

Description generated with very high confidence
  • Click on the custom images tap to find the Barac Collector image. Make sure you select it, specify the size of the disk then click “Select” 
A screenshot of a cell phone

Description generated with very high confidence
  • Configure your instance template and click “Create” to finish the process
A screenshot of a cell phone

Description generated with very high confidence
  • Once the Instance template is created , it will be listed like the screenshot below  
A screenshot of a social media post

Description generated with very high confidence

Step 3: Creating an instance group

  • Moving now to create an instance group. Click on ” Create instance group” 
A screenshot of a cell phone

Description generated with very high confidence
  • To create an instance group, we have two methods the first is with using the Instance Template. 
    • Choose a name for the instance group
    • Specify the zone 
    • In the instance template section choose the name of the instance template that we already created
    • Configure the auto scale mode 
A screenshot of a cell phone

Description generated with very high confidence
  • Click “Create” when finished
A screenshot of a cell phone

Description generated with very high confidence
  • To Create an Instance Group without an instance template we need to choose the second option ” New unmanaged group ” as you can see in the description below:
    • Give a name of the instance group 
    • Choose the region  (this must be the same region with the instances that you will assign to the instance group.) 
    • Choose the VM instance to assign them to the instance group 
    • Click “Create”
A screenshot of a cell phone

Description generated with very high confidence
  • You can also assign new instances to an existing instance group by following these steps . First select the instance group that you want to assign the VM to and click “Edit Group” 
A screenshot of a social media post

Description generated with very high confidence

*The VM instance and the instance group must be in the same region*

A screenshot of a social media post

Description generated with very high confidence

Step 3: Create load balancing

  • To create the load balancing we need to do the next steps: 
    • From the Network Service Click on ” Load balancing ” 
A screenshot of a cell phone

Description generated with very high confidence
  • Click “Create load balancer
A screenshot of a cell phone

Description generated with very high confidence
  • Click “Start configuration”
A screenshot of a cell phone

Description generated with very high confidence
  • Configure the Load balancer as such:
A screenshot of a cell phone

Description generated with very high confidence
  • Select the backend configuration
A screenshot of a cell phone

Description generated with very high confidence
  • The Load balancing must be associated with a given instance group 
    • From  “Select existing instance groups” tab choose the instance group. 
    • Select the Health check ( create new one if needed ) 
A screenshot of a cell phone

Description generated with very high confidence
  • Add the “barac-collector” instance group
A screenshot of a cell phone

Description generated with very high confidence
  • Configure the frontend as such:
A screenshot of a cell phone

Description generated with very high confidence
  • When the load balancing configuration is done, click “Create”
A screenshot of a cell phone

Description generated with very high confidence
  • Once the load balancing is created go to the instance group space and make sure the instance group is used by the propriate load balancing. 
A screenshot of a cell phone

Description generated with very high confidence

Step 4: Create GCP packet monitoring policy

  • The Packet Mirroring policy is necessary to enable to mirroring feature. 
    • From the VPC network go to ” Packet mirroring” 
A screenshot of a cell phone

Description generated with very high confidence
  • Click “Create policy”
A screenshot of a cell phone

Description generated with very high confidence
  • Type the name  of the policy 
    • Click “Continue”
A screenshot of a cell phone

Description generated with very high confidence
  • Configure the VPC network as such and click “Continue”
A screenshot of a cell phone

Description generated with very high confidence
  • Select an instance to use as a mirror source
A screenshot of a cell phone

Description generated with very high confidence
  • If you hadn’t created the load balancing yet:
    • Click “Create new L4 internal load balancer” and follow the next steps:
A screenshot of a cell phone

Description generated with very high confidence
  • Configure the backend/frontend like so
A screenshot of a computer

Description generated with very high confidence
  • Click “Create” and you should be met with this screen
A screenshot of a cell phone

Description generated with very high confidence
  • The load balancing should be created and can be viewed here:
A screenshot of a social media post

Description generated with very high confidence
  • When selecting the collector destination select the load balancer you had created
A screenshot of a cell phone

Description generated with very high confidence
  • Specify what traffic to mirror and click “Submit” to complete the policy
A screenshot of a cell phone

Description generated with very high confidence
  • As you can see the packet mirroring policy is now configured and enabled. It’s already associated with the vm instance “barac” 
A screenshot of a cell phone

Description generated with very high confidence

Step 5: Verifying mirrored traffic

  • To verify that the packet mirroring feature is working properly you can use the VM barac which will generate https traffic by using Lynx command and connect to some web sites
  • You can also use the tcp dump command on the collector terminal and make sure that there is traffic mirrored from the barac vm to the Collector . 
  • And as you can see from the screenshot the  traffic mirroring feature is working properly
A screenshot of a cell phone

Description generated with high confidence

Conclusion 

After following the previous steps, the Barac-GCP integration should be complete Please note that these current steps are as of 27th March 2020 and are subject to change in accordance with any updates to Barac and the GCP.