Contents

General Prerequisites

As this description shows the basic setup of a Linux instance in the GCP cloud, it does not list specific prerequisites. However, depending on the use case, the following prerequisites should be considered:

• To set up a Linux instance in the GCP cloud, you need an GCP account.
• Secondly, prerequisites will be different depending on the planned use of the instance:
  • Option 1: the instance is to be used as a Charon emulator host system:
    • Refer to the hardware and software prerequisite sections of the User's Guide and/or Getting Started guide of your Charon product to determine the exact hardware and software prerequisites that must be fulfilled by the Linux instance. The image you use to launch your instance and the instance type you chose determine the software and hardware of your cloud instance.
    • A Charon product license is required to run emulated legacy systems. Contact your Stromasys representative or Stromasys VAR for details.
  • Option 2: the instance is to be used as a dedicated VE license server:
    • Refer to the VE License Server Guide for detailed prerequisites.
• Certain legacy operating systems that can run in the emulated systems provided by Charon emulator products require a license of the original vendor of the operating system. The user is responsible for any licensing obligations related to the legacy operating system and has to provide the appropriate licenses.

GCP Login and New Instance Launch

Logging in to GCP

To log in perform the following steps:

• Go to https://console.cloud.google.com. You will see the login screen.
• Enter your login credentials.
• Upon successful login, a Google cloud dashboard screen will be displayed similar to the example below:

Preparation

Select or Create Project

A project organizes all your Google Cloud resources. To organize all resources for a certain application purpose, you can group them in their own project. So before you start creating resources, select or create the appropriate project.

To select or create a project, select the project list from the top of the Google cloud console window, as shown below:

Either select the correct project or create a new one by clicking on the NEW PROJECT button.

Create VPCs and Subnets for Instance

Important rules for Google cloud instances with respect to network interfaces:

• Interfaces can only be added during instance creation.
• Each network interface configured in a single instance must be attached to a different VPC network.
• The additional VPC networks that the multiple interfaces will attach to must exist before an instance is created. See Using VPC Networks for instructions on creating additional VPC networks.
• You cannot delete a network interface without deleting the instance.
• IP forwarding can only be enabled when the instance is created.
• A VPC network has a default transmission unit (MTU) of 1460 bytes for Linux images and Windows Server images. During the creation of a VPC you can set the MTU to a different value (e.g., 1500). In your instance (especially, if it does not rely on DHCP), set the MTU to the same value as configured for the VPC to avoid the increased latency and packet overhead caused by fragmentation, or even connectivity problems. For an MTU size of 1460, client applications that communicate with GCP instances over UDP must have a maximum payload of 1432 bytes to avoid fragmentation.
  In particular, ensure that the MTU used on any Linux interface dedicated to the emulator is not smaller than the MTU used by the legacy guest system. Failing to do so will cause network problems. For more information refer to the section Interface MTU Considerations in this guide.

Therefore the required VPCs and subnets must exist before the instance is created.

To create additional VPCs (if required), perform the following steps.

Step 1: Open the VPC network section by clicking on the Navigation menu, then selecting VPC network, and clicking on VPC networks - as illustrated below.

This will open the VPC overview page with the already existing VPCs. If all required VPCs and subnets already exist, continue with creating the new VM instance. Otherwise, continue with step 2.

Step 2: If you need to create a new VPC, click on CREATE VPC NETWORK at the top of the VPC overview list.

This opens the VPC configuration window.

Step 3: Create VPC and subnets.

In the VPC configuration window, enter

• the VPC name,
• the subnet name, region and address, and
• optionally, an alternative MTU size (at the bottom of the window). The default MTU is 1460 bytes. If you want to dedicate an interface in this VPC to the emulator, this may cause problems as the default MTU size of the legacy guest systems is usually 1500 bytes. The interface dedicated to the emulator must not have an MTU smaller than the MTU used by the legacy guest system.

Click on Create at the bottom of the window to create the VPC.

The new VPC should appear in the VPC overview list. Selecting the VPC in the overview list will open the detail information window. Example:

Step 4: Create firewall rules for the VPC.

With the detail information open, click on Firewall. This will allow you to define the required firewall rules for the VPC.

An example of a small set of firewall rules that allow incoming SSH and ICMP is shown below:

Creating a New VM Instance

Step 1: Go to the VM instance overview page.

Open the Navigation menu, click on Compute Engine and then on VM Instances as illustrated below:

This will open the list of already existing VM instances.

Step 2: Click on CREATE INSTANCE at the top of the overview list.

This will open the VM creation window as shown below.

Step 3: Configure the basic information of your new VM instance.

In the main configuration window set the following information at a minimum:

• Name of the instance (permanent setting)
• Correct Machine family and Machine type to match the requirements of the Charon products installed on the instance.
• Boot disk type and size, and the image to use as the operating system (recommended minimum system disk size: 30GB). To change the image for, press the Change button and select the correct image. If installing a prepackaged marketplace Charon image, select the matching image. If you plan to install your Charon product using RPM packages, use a Linux version supported for your  product.

The following image illustrates the basic settings:

Additional points to note:

• The CPU platform and GPU section provides the option to define the vCPU to core ration. That is, you can modify the settings such that each CPU visible to the host operating system corresponds to one CPU core of the GCP instance.
• In the Identity and API access section by default a service account (Compute Engine default service account) and the Default access scope are assigned to the instance. If this instance is to be used as a VE license server, do not modify these settings unless you are confident that you can provide equivalent permissions in a custom configuration. The VE license server will not function correctly without these permissions.

Step 4: Add you SSH key for remote access to the cloud instance.

Open the advanced settings at the bottom of the VM creation window by clicking on Management, security, disks,... at the bottom of the page.

The advanced settings allow you to create and add disks and network interfaces during the creation of a VM.

Please note: network interfaces can only be added during the creation of a VM instance.

The advanced settings also allow you to add your public SSH key for accessing the VM once started. To do this,

• select the tab Security in the advanced settings section,
• paste your public key into the field provided (the username extracted from the key will be displayed).
• Please note: if your management system supports it, for RHEL 9.x, Rocky Linux 9.x, and Oracle Linux 9.x use SSH key types ECDSA or ED25519.This will allow connecting to these Charon host Linux systems using an SSH tunnel without the default crypto-policy settings on the Charon host having to be changed for less secure settings. This is, for example, important for the Charon-SSP Manager. See also: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/security_hardening/using-the-system-wide-cryptographic-policies_security-hardening.

You can collapse the section again by clicking on Less.

Step 5: Optionally, configure additional NICs and/or IP forwarding

To add an additional network interface, perform the following steps:

• Open the advanced settings at the bottom of the VM creation window by clicking on Management, security, disks,... at the bottom of the page.
• Select Networking from the advanced settings section.
• Click on Add network interface.
• Select the correct subnet.
• Set the information about internal and external IP address (static or ephemeral) as required.

After adding all the required information, click on Done.

To enable IP forwarding, perform the following steps:

• Open the advanced settings at the bottom of the VM creation window by clicking on Management, security, disks,... at the bottom of the page.
• Select Networking from the advanced settings section.
• Select the edit option for the default NIC.
• Enable IP forwarding
• Click on Done.

Please note: you have to set up a firewall manually when you add additional network interfaces. See /wiki/spaces/DocCHSSP44xGCPGS/pages/13722878062 and the GCP documentation for more detail.

Step 6: additional configuration for AutoVE setup.

If the instance is launched from a Charon AL marketplace image and is planned to use AutoVE licensing (instead of the public license servers), you must add the corresponding information to the instance configuration before the first launch of the instance:

The AutoVE license server information is entered as Custom Metadata. In the initial instance configuration window, go to the bottom where the NETWORKING, DISKS, SECURITY, MANAGEMENT... configuration section is located. Open it and select the Management section. Add the Custom Metadata as shown in the example below:

Valid User Data configuration options:

• primary_server <ip-address>[:<port>]
• backup_server  <ip-address>[:<port>]

where

• <ip-address> stands for the IP address of the primary and the backup server as applicable, and
• <port> stands for a non-default TCP port used to communicate with the license server (default: TCP/8083).

Please note: at least one license server must be configured at initial launch to enable AutoVE mode. Otherwise, the instance will bind to one of the public license servers operated by Stromasys.

Step 7: Create the VM.

Once you filled in all the required data, create the VM by pressing the Create button at the bottom of the page:

This will create the VM, start it and show it in the VM instances list.

Step 8: Verify the settings of the newly created cloud instance.

After successful creation, the new instance will be shown in the VM instances list:

By clicking on it, you will see the details of the cloud instance, as shown in the example below: