Install on Google Cloud Platform
For supported software information, click here.
This article describes how to install, or instantiate, a Versa branch device on Google Cloud Platform. To perform the installation, you request AMI access to your Google cloud account from Versa Networks. Then, under Private images in Google cloud, you create a cloud management system (CMS) connector on the Versa Director node. The Director node then does the following:
- Orchestrate deployment of the Versa Operating SystemTM (VOSTM) device.
- Apply and instantiate the post-staging configuration to the device to set it to be an SD-WAN gateway. An SD-WAN gateway is the part of an SD-WAN branch that performs routing, firewall, and security functions in an SD-WAN overlay network.
- Instantiate the device to set it to be a virtual customer premises equipment (vCPE) device. A Versa Networks vCPE device is a standalone vCPE device that performs Layer 3 through Layer 7 network functions.
When you request AMI access, ensure that you make the request from the account on which you are provisioning the Versa branch device. Because of Versa Networks security policies, you cannot share the AMI image of one Google cloud account with another account.
Releases 22.1.1 and later support cloud workload protection.
Before You Begin
The CMS connector between the Google cloud virtual machine (VM) and the Director node is associated with an organization. Ensure that you have created the necessary organizations. For more information, see Configure Basic Features.
Add a CMS Connector
- Log in to the Director node.
- In Director view, select the Administration tab in the top menu bar.
- Select Connectors > CMS in the left menu bar. The main pane displays a table of CMS connectors.
- Select the CMS tab in the horizontal menu bar.
- Click the
Add icon. In the Add CMS Connector popup window, enter information for the following fields.
Field Description CMS Name (Required) Enter the name of the CMS connector. The name is a text string. Organization (Required) Select the organization in which to create the CMS connector. Cloud Workload Protection (For Releases 22.1.1 and later.) Click to enable cloud workload protection (CWP) for the CMS connector. Cloud workload protection secures workloads that move across different cloud environments and allows cloud-based applications to work properly without security risks. When you enable cloud workload protection, the Director node fetches tags and IP addresses associated with cloud resources. These tags and IP addresses display only when you configure dynamic address groups. For more information, see Configure Address Group Objects. CMS Flavor Select GCP as the type of cloud device for the connector. (Other options are AWS, Azure, and Versa.) Secret Account Key (Required) Enter the secret key for this connector that was generated by Google Cloud Platform. - Click OK.
Verify a CMS Connector
To verify that a CMS connector is working:
- Log in to Versa Director.
- In Director view, select the Administration tab in the top menu bar.
- Select Connectors > CMS in the left menu bar. The main pane displays a table of CMS connectors.
- Select the CMS tab in the horizontal menu bar.
- Select the CMS connector you want to verify, and then click
Validate Connector in the horizontal menu bar. This command triggers an API call to the CMS connector to verify its Google Cloud Platform user rights. If the validation is successful, the message "Valid credentials" displays.
Associate a CMS Connector with an Organization
After you add a CMS connector, you associate it with an organization that is already configured on the Director node. You can do this in one of two ways.
Method 1
- Log in to Versa Director.
- In Director view, select the Administration tab in the top menu bar.
- In the left navigation bar, select Organizations. The main pane displays a table of organizations.
- In the main pane, select the name of the organization with which you want to associate the connector. The Edit Organization popup window displays.
- Select the CMS Connectors tab.
- In the Available pane, select the name of the Google Cloud Platform connector.
- Click the add icon to add the connector to the Selected pane.
- Click OK.
Method 2
- Log in to Versa Director.
- In Director View, select the Workflows tab in the top menu bar.
- Select Infrastructure > Organizations in the horizontal menu bar. The main pane displays a table of organizations.
- Select the organization with which you want to associate the connector. The Create Organization popup window displays.
- Select the CMS Connector tab.
- In the Available pane, click the Google Cloud Platform connector to add it to the Selected pane.
- Click Deploy.
After you have created a CMS connector and associated it with an organization, configure the branch device on Google Cloud Platform to be a vCPE or an SD-WAN gateway. For more information, see Configure a Public Cloud Device To Be a Virtual CPE Router or an SD-WAN Gateway.
Configure a Cloud Profile in a Device Workflow
To configure the Google Cloud Platform profile device workflow:
- Log in to Versa Director.
- In Director View, select the Workflows tab in the top menu bar.
- Click the Organization menu icon, select an organization, and then select a device name in the main pane.
- In the device workflow configuration window, select Step 1, Basic, and then enter information for the following fields.
Field Description Name (Required) Enter a name for the VOS device. The name is a text string. Global Device ID (Required) Displays the device ID, which is automatically assigned by the Director node. Organization (Required) Select the name of the organization to which the VOS device belongs. Deployment Type Select the deployment type as CPE-Public Cloud, to deploy the device as a gateway to the public cloud. Serial Number (Required) Displays the generated serial number. If serial number is nor displayed, click Generate Serial Number. Device Group (Required) Select the Google Cloud Platform device group to which the VOS device belongs. - Click Next.
- In Step 2, Cloud Profile, enter information for the following fields.
Field Description Connector (Required) Select the connector to use to establish communication between Google Cloud Platform and the Director node.
Note that after deploying the cloud VOS branch/hub-controller with the CMS connector, you must remove the public IP address of eth0 from the GCP portal. The Director node will manage the VOS branch/hub-controller using the SD-WAN overlay IP address, and will not use the eth0 public IP address. Additionally, you must change the default passwords for all cloud-hosted VOS nodes, for admin and versa accounts.Region (Required) Select the geographic region in which to deploy the VOS device. Instance Type (Required) Select the Google cloud VM instance type. The VOS software supports standard, high-memory, and high-CPU machine series of N1, N2, and N2D types ranging from 2 through 96 vCPUs.
Image (Required) Select the VOS image to use to launch the VOS device. Zone (Required) Select the Google Cloud Platform availability zone. Network/Subnet Mapping (Group of Fields) Configure the subnet mapping for the VOS device. - Subnet
Select the subnetwork that you created for the device. - Public IP Required
Click to provide a public IP address for the network interface. - Click Next.
Supported Software Information
Releases 22.1.1 and later support all content described in this article.