Google Cloud User Deployment Guide

Introduction

This is a Getting Started guide supplementary to the reference documentation of Composable Agentic Platform (CAP), specifically to help Google Cloud customers with installation, setup, and production considerations when deploying CAP to Google Cloud Platform (GCP) from the available TomorrowX solutions listed on Google Marketplace. If you are new to CAP, an introduction to CAP can be found here. You can find the TomorrowX partner profile in the Google Cloud Partner directory. For first time users click the GET STARTED button on the CAP Product Details page.\

Installing the CAP Virtual Machine (VM)

Knowledge of Googe Cloud services

☑️ Google Cloud Compute Engine - required ☑️ Google Cloud Marketplace – required

Knowledge of Red Hat Enterprise Linux

At the time of writing, this guide has been created with an installation using a Red Hat Enterprise Linux (8.10) Google Cloud public image. Basic Linux commands are required to connect to your instance and perform operational tasks such as server updates, restarts, and SSH connection. Google Cloud's Red Hat Enterprise Linux FAQ page covers frequently asked questions around support, migration and licenses when running Red Hat Enterprise Linux (RHEL) on Google Compute Engine. Optional suggested reading: Installing on Red Hat Enterprise Linux

Installed Java (JDK) Version

To determine the installed JDK version, SSH connect to the VM instance and use the command java -version You may need to set JAVA_HOME Example:

# export JAVA_HOME=/usr/lib/jvm/jdk-19 && export PATH=$JAVA_HOME/bin:$PATH
# java -version
openjdk version "19" 2022-09-20
OpenJDK Runtime Environment (build 19+36-2238)
OpenJDK 64-Bit Server VM (build 19+36-2238, mixed mode, sharing)

Architectural Design

Simple Solution Design (Marketplace default)

The CAP installation is shipped as single VM instance combining the console and server components. This ensures all available architectural deployment options can be considered as and when solutions are created and released through the development lifecycle into production. The instance may need to connect to various on-premise, hybrid, or external integration points (e.g., databases, CSV data files for processing, or 3rd party API services). Refer to the section Architectural Scenarios for more details for architecting these scenarios.

In this guide we are referencing the initial installation components as made available from the launch directly from Google Cloud marketplace. Using this solution deployment you will be free to adapt the architectural scenario for scale and most appropriate business use case.

High Availability Solution Example

For a better security posture, we provide a sample high availability example for high availability deployed within private subnet behind a load balancer for failover and administration access whereby the CAP Console instance is physically separated to Runtime (n) number of CAP Agents to be auto-scaled relative to anticipated traffic load, and availability requirements.

For any advanced, or new scenarios not listed here, contact us directly for guidance as detailed on the Support tab of Google Cloud Marketplace product details listing.

Getting started

Select a resource

Either select an existing project resource in your GCP organisation, or create a new project for the CAP installation. From the dropdown organisation field in the top banner you are prompted to select an existing resource as follows.

Alternatively you can create a new project by selecting the NEW PROJECT option in the top right where you'll be prompted to define the project name, organisation, and location.

When the new project has been created, it will shortly show as an available resource to select in the banner dropdown select field. You can then proceed to click the get started button.

Agree to CAP terms

Before you deploy, you must check the agree ☑️ to the CAP details and terms to deploy the CAP product, and AGREE.

Now that you've agreed to the terms, you can continue to launch or deploy

Once terms have been agreed the Getting Started button is replaced, and you are now ready to launch and a deploy CAP VM.

Launch

Enable required APIs

When you press launch for a new project, you will be prompted to enable following APIs required to deploy CAP VM product from Marketplace. Click ENABLE, and be patient for a few minutes whilst these services are enabled.

Deploy

Create new deployment service account

After successfully enabling APIs you will be presented with the deploy page, for a new project you will be required to create a new service account to run the deploy processes for CAP. A new service account will be created with the following roles:

roles/config.agent
roles/compute.admin
roles/iam.serviceAccountUser

Complete the required fields including selecting the compute zone where the CAP VM will be deployed.

Machine Type & Boot Disk

Scroll further down the deploy page, and a General Purpose E2-Standard VM is pre-selected as default (2vCPU 8GB Memory). This selection is ideal for a first time deployment to run the CAP Console and Proxy Servers on this single VM. Boot Disk size of 20GB is configurable depending on how much data you are planning to store on this single VM.

Network Configuration

The default networking confguration will create firewall rules to accept the following traffic.

☑️ Allow TCP port 22 traffic from the Internet (for SSH connection) ☑️ Allow HTTP traffic from the Internet (port 80) ☑️ Allow HTTPS traffic from the Internet (port 443 - note SSL certificate is not installed)

If you are planning to use the built in proxy (BIP) browser proxy then a new firewall rule to allow TCP port 8080 traffic from the test client browser will additionally need to be created once the VM instance is running. This is to avoid security exposures for the default deploy configuration.

Once the configuration has been defined for your selections, go ahead and click DEPLOY at the bottom of the page.

Successful Deployment

Once deployed, select the DETAILS tab to access the Admin Url which you can access via a browser.

Usage Instructions

First time users can launch the console from the Admin Url as detailed on the Google Marketplace Solution Deployments Details page at https://{Instance IP/DNS}/console e.g. https://12.34.56.78/console

User ID: gcp-user
Password: [Instance ID]

To retrieve the password, select the Resources tab on the Solutions Deployment page, and click on the Compute Engine resource name of the VM instance that has been successfully deployed.

The Compute Engine VM Instances basic information page will open from this link, where you will be able to copy the Instance ID value which is used as the unique administrator password for first time login to the CAP console for User ID gcp-user.

Please refer to the product reference section - Essential things to do first in order to manage the default accounts and change passwords.

Connect to instance (SSH)

Connect via SSH to the new VM instance via the SSH dropdown options list on the Compute Engine VM Instances basic information page. Read more information about how to connect to Linux virtual machine (VM) instances: Connect to Linux VMs

Example gcloud command:

gcloud compute ssh --zone "europe-west3-a" "gcp-cap-vm" --project "cap-gcp-marketplace"

Customer Sensitive Data

When the instance has launched, the only sensitive data within the installation is the gcp-user password, that is initially set as the instance ID of the new VM Instance as detailed in Google Cloud Marketplace solution deployments details page. There is no customer sensitive data stored upon initial deployment.

Where PII or PHI sensitive data could be present you should always encrypt the relevant AWS datastore.

All 3rd party or external services that are utilised to store PII or PHI sensitive data should be encrypted.

Other Sensitive Data

After the VM instance successfully launches in Google Cloud Compute, CAP will auto-start as a running service callef tomorrowstart. When running, it will immediately invoke a token authenticated API GET request to retrieve the metadata instance-id as follows:

http://metadata.google.internal/computeMetadata/v1/instance/id

This is the only request made to the Instance Metadata Service, initiated from the VM instance itself, not externally.

The returned instance-id value is used as the unique password to then auto-create the gcp-user credentials, which provides admin console access only to the GCP customer launching the instance. The Google Cloud Marketplace usage instructions then guide the user to the Essential things to do first section, such as changing user password and setting user access roles post deployment.

Observability & Monitoring

Ops Agent

The Ops Agent is the primary agent for collecting telemetry data from your Compute Engine instances. Combining the collection of logs, metrics, and traces into a single process. Ops Agent is not installed as default as a Marketplace Solution Deployment, if required you will be prompted to install Ops Agent on the observability tab on the Compute Engine VM Instances basic information page to capture and monitor this data for the VM instance.

If you install the Ops Agent, then you might be charged for the metrics, logs, or traces that the agent sends to your Google Cloud project. For pricing information read more here

Troubleshooting & Maintenance

If the console login window does not load or does not log you in, you can check the log files by accessing the VM instance via SSH and navigating to the following location: opt/local/Tomorrow/server/logs - the logs will provide information about the issue preventing proper function.
If you can successfully log in to the Console, use the Servers window to check server health where your solutions are deployed to and run from.
Navigate to Administration -> Server Definitions area to correct Server definition and connectivity issues such as port definition, host name, and Server Encryption Key.

The tomorrowstart service restarts will also help restore the service application of both the console and server. You need to SSH connect to the instance to perform service restarts.

To stop the service use:service tomorrowstart stop To start the service use: service tomorrowstart start

It is good practice to routinely update the VM instance with available packages. For example, run the sudo yum update command as root user to install RHEL patches and updates .

Backup and Recovery

CAP contains its own internal data store for storing user data, preferences, and the created solutions. There is no fixed backup strategy in place as part of the Google Cloud Marketplace deployment.

Read more in the section Backup and Restore

Manual Backups

If you wish to take a manual backup of the CAP installation:

SSH connect to the VM instance
Stop the tomorrowstart service using the command:

# service tomorrowstart stop

Zip the entire contents of the TomorrowX Platform installation directory. Default installation path is opt/local/Tomorrow where Tomorrow is the installation directory
Copy the zip file to the backup target location of choice
Start the tomorrowstart service using the command:

# service tomorrowstart start

You can restore this folder to your new VM instance location, ensuring the tomorrowstart service is reinstalled to the new instance whilst respecting hardware configuration of the original installation from where the backup has been taken.

Google Cloud Customer Care

Basic Support is included for all Google Cloud customers.

Read more about Google Cloud Basic Support or get more information to Sign up for other Customer Care offerings.

PreviousAWS User Deployment Guide NextCreating a Stand-alone Built in Forwarding Proxy

Last updated 5 months ago