This document provides information how to deploy PrivX to Google Cloud infrastructure.

Reference architecture components

1. PrivX instance is the host the PrivX service will be running on. A suitable starting point is an instance with 2 VCPU and 4 GB RAM running CentOS7. A minimum of 2 PrivX instances are required for high availability, scalability achieved through deploying additional PrivX instances.
2. PrivX VPC will contain the running PrivX instances.
3. GCloud Load Balancer distributes traffic for the PrivX instances for HTTP & HTTPS traffic. Session affinity: Cookie must be set.
4. GCloud SQL is used for persistence. A suitable starting point is a PostgreSQL database server with 2 VCPUs and 7.5 GB RAM and a 100 GB storage.
5. GCloud Memorystore is used for triggering internal content updates - 1 GB (minimum possible) size is sufficient
6. GCloud Filestore is used for audit trail storage - premium tier is recommended for read/write throughput, size depends on usage
7. GCloud API - if configured to do so, PrivX will index all computing resources from AWS and present them as connectable targets
8. PrivX Extender is deployed to a VPC and it establishes a secure websocket control connection back to PrivX. It routes traffic from PrivX to target hosts within the VPC.
9. Target VPC is a network containing target hosts which have no publicly accessible addresses
10. Publicly accessible target hosts can be accessed directly from the PrivX via SSH/RDP in case they have an address the PrivX instance can connect to.

Connections

A. Administrators, end users and API clients will always access PrivX via HTTPS:443. HTTP:80 is required for Windows CRL checks and redirects to HTTPS