# Installing FileMage Gateway on the Google Cloud Platform
FileMage Gateway, a FTP and SFTP server backed by Google Cloud Storage, is available on Google Cloud Platform as a virtual machine (VM) image. This virtual machine image is fully functional upon launch and requires no additional configuration to use. However, you may need to make certain changes depending on your specific use case.
When deploying a Linux image, SFTP is running on port 2222.
# Deploying the VM from the marketplace
To quickly set up FileMage Gateway on Google Cloud Platform, perform the following steps.
- Access the FileMage Gateway listing in Google Marketplace and click the Launch button.
- Enter or select appropriate values for Deployment Name, Zone and Machine Type.
- Enter a Administrator email address to be used for the initial administrator account.
After the deployment is complete you will be given a randomly generated one-time use password to complete your initial login.
- Select a Boot disk type and Boot disk size in GB. For most scenarios, you may leave the default minimum. File data is never written to disk. Significant disk space usage comes only from the audit log. On average, each 1 million audit events stored will consume 1gb of disk space.
- Add CIDR restrictions on relevant ports based on your use-case.
|Web Portal||80, 443|
To use SFTP in Linux on port 22
sshd must be reconfigured to use a different port.
Restrict Administrative Ports
It is strongly recommended that you restrict access to the web portal (80, 443) and SSH (22) to trusted IP ranges.
- Click Deploy. Wait a few minutes for the deployment to complete, then copy the auto-generated Administrator password and click on Visit the site. If the site cannot be reached the application may still be starting up. The one-time administrator password is also available on the VM instance details page in the Custom metadata section as admin-password.
If deployment manager reports 504 timeout error, the default service account used by the VM most likely doesn't have access to the deployment manager API. You can ignore this error as it only means that the VM was not able to report back to the deployment manager console that it successfully configured itself. The application is still usable and the deployment was successful.
- Accept the self-signed certificate to proceed, or see Encryption and Certificates for instructions on how to install a signed certificate.
- Enter your Administrator email and Administrator password and click Login.
- You must change the auto-generated password. Enter the Administrator password again and provide a new password, then click Confirm.
# Configuring Permissions
The deployed VM must be associated with a service account which has the following assigned permissions:
storage.objects.create storage.objects.delete storage.objects.get storage.objects.list storage.objects.update storage.objects.create storage.multipartUploads.abort storage.multipartUploads.create storage.multipartUploads.listParts
These permissions can be assigned using the roles
Storage Object Viewer and Storage Object Creator or the role
By default, the VM will be associated with the
Compute Engine default service account.
To grant the instance write access to the Google Cloud Storage API the Storage Cloud API access scope must be set to Read Write.