This guide is only for V2 assemblers being deployed with a virtual machine in the Google Cloud Platform. The V1 assembler is no longer supported as of June 30, 2024.
Each assembler you created must be deployed via a virtual machine, and then you can add your technology as a security device in Workbench to complete the full integration. For more information about the Expel Assembler or how it works, see the About the Expel Assembler guide.
Prerequisites
- You must have completed all of the steps in Add a New Assembler for each assembler you wish to deploy.
Quick Start
Setup includes the following steps (click any step for detailed instructions):
- Download the Ignition File
- Configure and Spin Up the Virtual Machine
- Verify a “Connected” Status in Workbench
Step 1: Download the Ignition File
The ignition file enables the virtual machine to read a configuration file, and to provision the Fedora CoreOS system based on the contents of that file. You will use this file when you configure the virtual machine in GCP.
- Log in to Workbench.
- In the side menu, navigate to Organization Settings > Assemblers.
- Find the assembler you created, leave the file format as JSON, and select Download the CoreOS Ignition File. This action will download a JSON file that you will need in the next section. You may choose a different file format if you like, but the JSON format is recommended for this type of assembler.
- Repeat this process for any additional assemblers. Important: you must keep track of the files, and which came from which assembler, because each assembler has its own unique ignition file.
Step 2: Configure and Spin Up the Virtual Machine
Now that you have an ignition file, you can spin up the virtual machine and instruct it to use that file to format itself and connect securely to Expel’s platform. If you are using multiple virtual machines because you have multiple assemblers to deploy, make sure you use the correct ignition file for each one.
- Log in to the Google Cloud Console.
- Click the Create a VM link if it is available on the Welcome page, or navigate to Compute Engine and click Create Instance.
- Configure the name and region for your virtual machine.
- Name - enter a name for your VM
- Region - choose the region your physical infrastructure is located in
- Zone - choose the zone your physical infrastructure is located in; if you do not know which zone to choose, check with someone internally in your organization to be sure you choose the correct one.
- Configure your machine’s size. Remember that your VM must have, at minimum, 2 virtual CPUs, 8 GB RAM, and 20 GB disk space. You may choose any machine configuration you wish, as long as it meets these minimum requirements. A basic configuration that meets the minimum requirements is as follows:
- Under Machine Configuration, choose General purpose and select the series E2.
- Under Machine Type, choose Preset and then select Standard > e2-standard-2.
- Scroll down to Boot Disk and click Change, then increase the size to 20 GB.
- Change the VM’s operating system to Fedora CoreOS.
- Under Boot Disk, click Change.
- In the Operating System menu, select FedoraCoreOS.
- In the Version menu, select the latest FedoreCoreOS version that is compatible with your machine type. Google will alert you if you choose a version that is incompatible.
- Click the Select button to close the window.
- Select the VPC for the assembler.
- Expand the Advanced Options section.
- Go to Networking and look for the Network Interfaces section.
- Use the toggle to change the default to the VPC where the assembler will be deployed. The virtual cloud you choose should be the one that allows firewall access for Expel’s two outbound connections.
- Add your ignition file.
- Still in Advanced Options, look for the Management section.
- Scroll down to Metadata and click Add Item.
- Key - enter “user-data” as the key
- Value - paste the contents of your ignition file
- Click Create to spin up your virtual machine. Wait for the status to change to “Running” before moving on to the next section.
- Repeat this process for any additional virtual machines.
Step 3: Verify a “Connected” Status in Workbench
It can take 10 to 15 minutes for the assembler’s status to update in Workbench.
- Log in to Workbench.
- In the side menu, navigate to Organization Settings > Assemblers (or, refresh the page if you never logged out).
- Find your newly created assembler(s) and verify that the status has changed from “Not Yet Connected” to “Connected.”
- If the status has not updated yet, make sure you have waited at least 15 minutes, then refresh the page and check again.
Troubleshooting
If your assembler is still not showing as “Connected” after 15 minutes:
- Make sure your chosen VPC has the proper firewall configurations to allow our outbound ports, and that the VPC is selected correctly in GCP (Step 2).
- Make sure your chosen machine’s size meets the required minimums (2 virtual CPUs, 8 GB RAM, and 20 GB disk space), and that you did not forget to update the disk space size for the boot disk (Step 2).
If all firewall, VPC, and machine size settings are correct and you are still unable to connect the assembler, contact support for help.