Deploy using Google Compute Engines
The deployment options vary depending on what are the number of instances where MetaDefender Storage Security will be installed.
Options:
- Single Instance deployment of MetaDefender Core and MetaDefender Storage Security
- Multi-Instances with Autoscaling for MetaDefender Core and MetaDefender Storage Security.
OPSWAT provides a terraform project as example to deploy MetaDefender Storage Security and MetaDefender Core in different instances using Google services.
MetaDefender Storage Security running on Compute Engine only supports multiple instances if the third-party tools are externalized from the Storage Security instance. Google Cloud provides managed services for PostgreSQL and Redis Cache, but not for RabbitMQ. If RabbitMQ is deployed externally on a separate Compute Engine instance, then a multi-instance deployment is supported.
Prerequisites and Requirements
Google knowledge: This guide assumes familiarity with Google Services
Google project: needs permission to create Google Services listed in Architecture Examples in CSPs for Google
Tools installation: Terraform
Single Instance Deployment
For a single deployment of MetaDefender Core in Google you can use this example to test this deployment type, besides the MetaDefender VM instance, additional resources are being generated and set up.
Deploy using Terraform
OPSWAT provides a terraform project to create the infrastructure needed to deploy the Architecture Examples in CSPs
- Locally clone the metadefender-csp repository and go to GCP/single-vm-deployment
git clone git@github.com:OPSWAT/metadefender-csp.gitcd GCP/single-compute-engine-deploymentModify terraform.tfvars with the desired options
- LICENSE__KEY_CORE_ required if wanted to have the MetaDefender Core instance activated automatically
- APIKEY_GENERATION=true to have the apikey generated by terraform
- There is one general section and one section for each product that is supported using this Terraform project
# General variablesRG_NAME = "metadefender" # Prefix to add to all the resourcesMD_REGION = "eastus" # Region for all the resourcesMD_VNET_CIDR = "192.168.0.0/16" # VPC CIDR where to create the MetaDefender productsPUBLIC_ENVIRONMENT = trueAPIKEY_GENERATION = trueIMPORT_RG = falseVM_PWD = "<SET_UP_VM_PWD>"# MetaDefender Core variablesDEPLOY_CORE = trueCORE_INSTANCE_TYPE = "Standard_D8s_v5" # Instance type for MetaDefender CoreLICENSE_KEY_CORE = ""OFFER_PRODUCT_CORE = "opswat-mdcore-linux" # Windows opswat-mdcore-windowsSKU_CORE = "opswat-mdcore-linux" # Windows opswat-mdcore-windows# MetaDefender Storage Security variablesDEPLOY_MDSS = true # true to deploy MetaDefender Storage Security together with CoreMDSS_INSTANCE_TYPE = "Standard_D8s_v5" # Instance type for MetaDefender Storage SecurityOFFER_PRODUCT_MDSS = "opswat-mdss-ubuntu"SKU_MDSS = "opswatmdssubuntu"DEPLOY_MDSS_COSMOSDB = false- Run terraform init and apply. Check the resource to be created, after that enter "y"
terraform initterraform applyDeploy using Google Cloud Console
Before starting with the installation, Storage Security needs that MetaDefender Core is installed, if you haven´t already installed it please follow this page
For having MetaDefender Storage Security in a Single Compute Engine VM as showed in Single Azure VM Architecture it is needed to follow the next steps
1. Create Resource Group
- Go to you Azure account and create a new resource group (we will refer to it as "metadefender-rg")
2. Create Azure VM
- Inside the resource group click on create resource and search for "OPSWAT MetaDefender Core Linux"
- Input the vm name and select the size based on General System Requirements
- Under Administrator Account section select the desired way to access to the VM. For this guideline we will generate a public key to access to it
3. Storage Configuration
Storage step can be skipped.
In general there's no need for additional storage by MetaDefender. However, there are 2 situations where additional local storage might be required:
- MetaDefender will process large files or a high volume of files which submitted in MetaDefender's queue will need over 10GB files storage
- MetaDefender is configured to store files in the Quarantine section which will eventually fill the entire root volume.
In case quarantining the files in the MetaDefender instance or analyzing high volumes of files is a requirement, please consider adding an additional Azure Managed Disk
- Premium SSD is recommended for having the best performance
4. Network Configuration
- Change public IP to None in case you do not want to access from internet.
- Select the Virtual network and Subnet in case you already have them created, if not leave it to create them
- Create Security Group adding rules for 8008 and SSH
- Under Load Balancing section as it is a single vm it is not really needed but it can be used to set up a health check using the /readyz endpoint
5. Review & Create the VM
- Under Management, Monitoring, Advanced and Tags there are not any configuration different from the default ones that are needed to be selected. So customize it as it is needed for each use case.
- After creating it will show you a window to download the private key to access to the VM in case that option was selected for accessing
