GCP Gateways

The following guide explains how to install a StrongDM gateway on a Google Cloud Platform (GCP) Compute Engine instance.

Prerequisites #

You must create a Compute Engine instance, also known as a virtual machine (VM), in GCP first. We recommend an e2-medium (2 vCPU, 4 GB RAM) with any Linux distribution. Most gateways need a public IP address. Modify the firewall for this instance to allow your users to reach this server. Typically, this will be public access to port 5000; however, you may choose any non-privileged port or limit ingress to a private subnet, depending on your network configuration.

Steps #

1. Navigate to the StrongDM Admin UI. Go to Network > Gateways. Click Add gateway.

2. Define the advertised host for the server (for example, sdm-gw0.yourcompany.com or 111.222.333.444). It must be an IP or hostname accessible to your StrongDM clients. Enter the port you left open for the gateway to interact with StrongDM clients (by default, 5000).

3. Click Create gateway. This generates a token which is only shown to you one time. You need this token in the installation process. Carefully copy the token and save it somewhere for later use.

4. Log in to the instance you created to host your gateway.

5. Download the StrongDM binary:

   curl -J -O -L https://app.strongdm.com/releases/cli/linux
   

6. Unzip it (if this is a new server, you may need to install a package to unzip archives, such as with sudo apt-get install unzip on Ubuntu distributions):

   unzip sdmcli_VERSION_NUMBER_linux_amd64.zip
   

7. Install the gateway:

   sudo ./sdm install --relay
   

   When you are prompted for the token you created earlier, paste it in and hit enter. Note that the token does not display in the terminal for security purposes, similar to the masking of a password.

   The installer must be run by a user that exists in the /etc/passwd file. Any users remotely authenticated, such as with LDAP or an SSO service, may fail to complete the installation.

8. Log in to the StrongDM Admin UI.

9. Go to Network > Gateways. The gateway you created should appear online, with a heartbeat. If it does not appear online, perform a hard refresh of your browser. If it is still not online in a few minutes, verify that the StrongDM daemon is running with the ps aux|grep sdm command on the server. Look for a line that includes sdm relay.