Skylight Integration in GCP

This article explains how Skylight is intregrated in Google Cloud Platform​ (GCP).

Cloud Challenges

More Complexity. More Users. Less Visibility.

No access to the network layer

There is no network layer access! How can I capture the network traffic?

GCP: Basic Concepts to Know

Skylight in the Cloud: General Principles and Architectures

Cloud visibility using Google packet mirroring

The picture above shows the simplest configuration where the mirrored subnet and the collector subnet are in the same VPC. See GCP packet mirroring for details on how to configure GCP for packet mirroring.

Skylight sensor: capture deployed within collector-subnet

• Receives monitored network traffic
• Computes Per Packet Intel
• Sends Per Packet Intel to Skylight analytics through HTTPS (TCP port 443)

Technical Requirements

Skylight sensor: capture

• Version 21.02.10-r1 release and above

Network Flows Requirements

Main Deployment Steps

▶ To Deploy

1. Deploy Skylight sensor: capture(s).

2. Link deployed Skylight sensor: capture(s) to your Skylight analytics tenant.

Deploying a Skylight Sensor Capture in GCP

Note that the Skylight sensor capture image is not available on GCP marketplace.

The whole process requires the following steps.

▶ To deploy a Skylight sensor capture in GCP

1. Create a storage bucket.

• Go to the Storage menu of your GCP account and click CREATE BUCKET.
  

• Give it a name and click Create.
  

• You can leave all options by default and simply click CREATE.
  

2. Convert .qcow2 file in raw format.

• In the CLI on your local machine, convert the .qcow2 file provided by Accedian to raw format.
• For this, you can use the qemu-img tool :

qemu-ing convert -f qcow2 -0 raw Skylight-PVX-sensor-20.11.4.qcow2 disk.raw

3. Convert raw format in tar.gz

• From your local CLI again, convert the raw file into .tar.gz.
• At this stage, you can provide any name you like so as to easily recognize the file once it is uploaded to GCP:

tar -Sczf skylight-sensor.tar.gz disk.raw

4. Upload the file to the storage bucket.

• Now that your file is ready, you can upload it to GCP by using the UPLOAD FILES menu in the GCP storage bucket menu.
  

• The upload process may take awhile.
  

• If the upload is successful, you should see the following uploaded file:
  

5. Create an image based on the uploaded file.

• You can now create an image based on the uploaded file.

• Go to the Compute Engine menu and select CREATE IMAGE.
  

• Give it a name and select the Cloud Storage file option under Source menu.

• Select the storage bucket and the upload file. Once the file is selected, click CREATE to finalize the process.
  

• Do not be surprised if you do not see anything on the screen (no “ongoing process” or any message).

• You have to wait a few seconds or minutes to see the newly created image appear on the screen (simply refresh).

6. Deploy a Skylight sensor: capture from the created image.

• Go to the Compute engine menu and click on Create an instance.

• The only specific point here is to change the boot disk provided by default, and select your image in the custom images menu.
  

• Once your instance is created, you should see it in your running instances list:
  

Linking a Skylight sensor: capture to a Skylight analytics tenant

▶ To Link a Skylight sensor: capture to a Skylight analytics Tenant

1. Select deployment model.

• Type deploy show to check the actual deployment model.
  

• Type deploy disable PVX to disable the PVX deployment model.
  

• Type deploy enable Analytics to activate the appropriate deployment model.
  

2. Link the Skylight sensor to your Skylight analytics own tenant.

• Type register skylight to initiate the process.
• When being prompted, provide the following information:
• Tenant Host: URL of your Skylight analytics tenant
• Username: your admin username
• Password: password linked to your username

• You can check the presence of your sensor under Data Connections menu in Skylight analytics.