# Installing FileMage Gateway on the Google Cloud Platform

FileMage Gateway, a FTP and SFTP server backed by Google Cloud Storage, is available on Google Cloud Platform as a virtual machine (VM) image. This virtual machine image is fully functional upon launch and requires no additional configuration to use. However, you may need to make certain changes depending on your specific use case.

Note

When deploying a Linux image, SFTP is running on port 2222.

# Deploying the VM from the marketplace

To deploy FileMage Gateway on Google Cloud Platform, perform the following steps.

  1. Access the FileMage Gateway listing in Google Marketplace and click the Launch button.

gcp

  1. All Google Cloud Marketplace deployments now use Infrastructure Manager. The first time you use this service you will be prompted to enabled its API in your project.

gcp

  1. If this is the first time you deploy a product using Infrastructure Manager you will be required to create a service account with the neccesary permissions to do deploy the resources. If an suitable service account already exists you can reuse it.

gcp

  1. Enter or select appropriate values for Deployment Name, Zone and Machine Type.

gcp

  1. Enter an email address to be used for the initial administrator account. This account will be automatically created during the deployment process.

gcp

Initial login

After the deployment is complete you will be given a randomly generated one-time use password to complete your initial login.

  1. Select a Boot disk type and Boot disk size in GB. For most scenarios, you may leave the default minimum. File data is never written to disk.

gcp

  1. Add CIDR restrictions on relevant ports based on your use-case.
Description Ports
OS SSH 22
Web Portal 80, 443
SFTP 2222
FTP Command 21
FTP Passive 32768-60999

gcp

Note

To use SFTP in Linux on port 22 sshd must be reconfigured to use a different port.

Restrict Administrative Ports

It is strongly recommended that you restrict access to the web portal (80, 443) and SSH (22) to trusted IP ranges.

  1. Click Deploy. Wait a few minutes for the deployment to complete. Once deployment is complete click on Details. Under Outputs, note the generated Admin Password value. Click on the link for Admin Url to open the management portal. If the site cannot be reached the application may still be starting up.

gcp

  1. Accept the self-signed certificate to proceed, or see Encryption and Certificates for instructions on how to install a signed certificate.

gcp

  1. Enter your Administrator email and Administrator password and click Login.

gcp

  1. You must change the auto-generated password. Enter the Administrator password again and provide a new password, then click Confirm.

gcp

# Configuring Permissions

The deployed VM must be associated with a service account which has the following assigned permissions:

storage.objects.create
storage.objects.delete
storage.objects.get
storage.objects.list
storage.objects.update
storage.objects.create
storage.multipartUploads.abort
storage.multipartUploads.create
storage.multipartUploads.listParts

These permissions can be assigned using the role Storage Object Admin. By default, the VM will be associated with the Compute Engine default service account.

If you plan on using the workspace portal with a VM instance service account, you must also add the Service Account Token Creator role.

Note

To grant the instance write access to the Google Cloud Storage API the Storage Cloud API access scope must be set to Read Write.