Deploy the Private Access Connector on Google Cloud Platform

Procedure

1. In the TrendAI Vision One™ console, go to Zero Trust Secure Access → Secure Access Configuration → Private Access Configuration.
2. For customers that need to create a new connector group, click Add Private Access Connector Group.
   1. Provide a unique name and description for the group.
   2. Click Save.
3. Locate your Connector group name in the list and click the New connector () icon.
   The Private Access Connector Virtual Appliance panel appears.
4. Select Google Cloud Platform from the Platform list.
5. Copy the Registration token for later use.

   Important The Registration token is only valid for 7 days. If the token expires, you must start again.

6. Sign in to the Google Cloud Platform as a super administrator.
7. Open the gcloud CLI and run the following command to create a Private Access Connector VM using the public image.
   gcloud compute instances create <instanceName> --image-family ztna-connector --image-project ztna-connector --network <networkName>

   • <instanceName>: Name of the VM to be created
   • <networkName>: Name of the network where the VM runs after it is created

   Note The --image-family flag automatically selects the latest available connector image. To use a specific image version, replace --image-family ztna-connector with --image <imageName> (for example., --image ztna-connector-3-0-1234).

8. Wait until the process is completed.
   The creation takes about one minute. After the VM is created, you can search for VM instances on the GCP and find the new VM.
9. Register the Private Access Connector virtual appliance to TrendAI Vision One™.
   1. Open the gcloud CLI, and run the following ssh command to log on to the Private Access Connector virtual appliance with the default credentials.
      gcloud compute ssh admin@<instance_name_of_the_Connector_VM>

      This command automatically creates a key pair, uploads the public key file to the VM, saves the private key file to your local machine, and uses the private key file for authentication. You do not need to specify the private key file in the command.
   2. Run the following command and then press the Enter key to set your password for the enable command:
      passwd

      The admin user and privileged mode share the same password.
   3. Type enable and then press the Enter key to enter privileged mode. Provide the updated password when asked.
      The command prompt changes from > to #.
   4. (Optional) Run the following command to change the time zone of the Private Access Connector:
      configure timezone <timezone>

      The default time zone is America/Los_Angeles.
   5. Check whether the Private Access Connector can connect to the NTP server 0.pool.ntp.org.
      The Private Access Connector requires connectivity to an NTP server to synchronize its clock. By default, TrendAI Vision One™ uses the public NTP server 0.pool.ntp.org. You can also configure the Private Access Connector to connect to another public NTP server or a local NTP server within your organization.

      Run the following command to configure the NTP server: configure ntp server <address>

      Note To use public NTP servers, make sure that your firewall configuration allows outbound UDP traffic on port 123.

   6. Run the following command to register the Private Access Connector virtual appliance to TrendAI Vision One™:
      register <registration_token>

      You can obtain the token from the same screen you downloaded the virtual appliance on TrendAI Vision One™.
10. Use the CLI to configure other settings, if required.
    For more information on available commands, see Private Access Connector CLI commands.

    After successful deployment, the Private Access Connector virtual appliance appears under the corresponding connector group on the Private Access Connectors tab.