This section describes how to onboard and deploy Reblaze via the Google Cloud Platform (GCP) Marketplace.
This guide will walk you through the process from the first access of the marketplace until Reblaze is successfully deployed and protecting your website. We offer our help at any step of the process at support@reblaze.com.
Before carrying out your first deployment, we suggest that you watch these videos to better understand the onboarding and deployment process.
The process for onboarding Reblaze in GCP includes the following steps:
At this point, your deployment and setup are complete. To see the IP address of the new load balancer: from your Google Cloud Platform Console, select Navigation menu > Network services > Load Balancing and then click the name of the load balancer to see its details.
Now test to check whether your website works correctly when routing traffic to the Reblaze deployment. Perform offline testing by modifying your hosts file to point your website to the load balancer. If you see that you are returned to your website, routing via Reblaze is working correctly.
The last remaining step is to route your traffic to the load balancer, which will send it to your Reblaze instance(s). Reblaze will scrub the traffic and forward it on to your servers. To setup this routing, set your DNS record to the IP address that is resolved from the load balancer DNS Name.
Initially, Reblaze is setup for report-only mode. Assuming that this option was not changed, then Reblaze is not yet filtering your traffic; it is merely reporting on what it would have filtered had it been set up in active mode. This gives you an opportunity to fine-tune Reblaze’s configuration before any of your traffic is actually affected. When you are comfortable with the reporting results, move the application to Active mode and publish the change, as described in Configure the Reblaze Platform.
As you might notice from looking through the interface, the Reblaze web security platform is both powerful and highly customizable, with the ability to be fine-tuned for your specific needs. However, it is beyond the scope of this document to describe this customization process. Furthermore, a full and correct customization is often rather daunting for new users.
For more information on using Reblaze, see the user manual at https://gb.docs.reblaze.com/.
We at Reblaze Technologies want you to have the best experience possible with the platform, so that you will enjoy the full benefits of comprehensive, intelligent, and effortless web security. Therefore, please feel free to contact support at support@reblaze.com, for further one- on-one assistance in setting up your deployment. We’re available 24 hours per day to assist you.
Below are the steps for deploying Reblaze on the Google Cloud Platform. Begin by signing up to GCP. Viewing the video below is recommended.
To sign up to Google Cloud Platform marketplace you will need a GCP account and a project already set up within your account.
Start by searching for "Redis" and then select Memorystore.
Enable this option when the screen below appears. The process takes several minutes to complete.
When Memorystore has been enabled, the following window appears. Select Marketplace.
This will bring you to the Marketplace where you will search for "Reblaze." There will be multiple results to your search. Select the option shown below.
Selecting the Reblaze option shown above will bring you to a window where you select Launch.
On the next window that appears, specify a deployment option. Select License ID and click the Get License link which appears.
2. This will open a new tab showing the Reblaze License Manager. Here, choose Sign Up and then enter the requested information.
Ensure your email and phone number are valid. They will be needed later on.
Note that your phone number must be entered using the international format: the "+" sign followed by the country code, area code and number (no spaces or hyphens; for example, a US number: +17891234567). The phone number must be able to receive text messages.
When you have finished, select Sign up.
3. In the next window of the Reblaze License Manager, specify a password and select Set password.
Now, sign into the Reblaze License Manager with the credentials you just created. This is where you will create your licenses for Reblaze.
Note that a separate license is needed for each Reblaze console. If you have multiple environments but wish to use only one Reblaze console, you will need just one license. But if you wish to have multiple consoles you will require multiple licenses.
For each license needed, select the Generate new license button (see below).
4. Now, select the License ID you want to use and copy it to the clipboard.
5. Return to the GCP console and enter that License ID.
6. Scroll further down in order to review the default values for the new deployment, then select Deploy. This will transfer you to a page displaying the progress of the deployment.
7. When deployment is complete, select LOG INTO THE ADMIN PANEL. You will be redirected to the Reblaze Login page.
8. Enter the Login credentials you defined earlier. The account details will be filled in automatically.
9. Select Complete Deployment.
Now, the remaining deployment steps and console creation will occur, which take a few minutes. When the steps have been completed, you will see a notification on the screen informing you that Reblaze is setting up more things in the background.
Once you have received notification on your screen that this process is complete, you will be brought to the Reset My Password page.
Enter your email address and click Reset My Password.
This will bring you to the Log In screen.
Do not fill in the fields on the Log In screen.
Wait for the email Reblaze will have sent you containing a link to the Reset Your Password screen.
Create a new password and click Reset My Password.
You will be redirected to the Reblaze console Log In screen. From here you may begin setting up your sites and web applications within Reblaze.
Continue to
Adding health checks to your GCP configuration ensures that GCP will maintain the appropriate number of instances for your application.
Related video: Reblaze via Google Cloud Marketplace: Routing Traffic. This video includes explanations for both Set Up GCP Health Checks (this topic) and Set Up GCP Load Balancer (the next topic).
Now that you have configured the Reblaze platform, you should set up GCP health checks and then load balancers.
For most use cases, you will need to set up two health checks and two load balancers, one for port 80 HTTP and one for port 443 HTTPS. The following steps assume that you will be setting up two health checks.
In your Google Cloud Platform Console, select Navigation menu > Compute Engine > Health checks.
Set up the port 443 HTTPS health check:
Click Create health check in the toolbar on the top of the page.
Enter a name for the health check. For example, use healthcheck-443 for port 443 (HTTPS).
For protocol, select HTTPS.
For Request path, you can use the same one that was used for the HTTP health check.
The remaining default values are usually reasonable and you can leave them as is, or you can change these values according to your requirements.
Click Create.
Continue to Set Up GCP Load Balancer.
Log into Reblaze to configure the Reblaze platform for your environment.
Once you have completed the deployment process, this section will guide you through the process to complete the site setup and link your web applications to Reblaze.
Log into Reblaze. Enter your email address and password, and click the envelope icon to receive a one-time password (OTP). The OTP will go to the telephone number you gave when you created your login account.
Enter the OTP and click Log In. Your Reblaze dashboard appears.
From the navigation panel, go to Settings > Planet Overview. This shows all the sites and web applications defined within Reblaze. Note: Since the initial setup of a site or application is prone to error, Reblaze lets you create a new application only by copying an existing application and then editing the results. A new Reblaze deployment includes a default application for this purpose.
Click Duplicate on the row of the default application.
Enter the name of the new site or application.
Click Duplicate. The new site/application is created and opened for editing. We will use the default Reblaze settings when appropriate.
A note on load balancing: Please note that the load balancing parameters shown here are separate from the load balancer that you will set up in Set Up a Load Balancer. The load balancing within Reblaze (which is defined here) is done to distribute scrubbed traffic across the servers within your network. The load balancing outside of Reblaze will dynamically create new instances of Reblaze as needed, in response to spikes of incoming traffic which has not yet been scrubbed. For more details about Reblaze settings, see Reblaze Deployment Terminology in the Reblaze user manual at https://gb.docs.reblaze.com/.
Under Host, enter the IP address for the upstream server. This is the server that Reblaze will sent the traffic after the traffic is scrubbed.
To add additional servers, click Add and enter the IP address for each one.
In the Domain Names box, enter the domain aliases for this site or application. Wild cards can be used.
(optional) To redirect all HTTP traffic to HTTPS, copy the return 301 https... command as described on the page into the HTTP Redirect Line box.
Click Save Changes.
You will be prompted to publish your changes to the cloud. Close the popup box and click Publish Changes. Important: After publishing, there will be a message at the bottom that the changes are being published to the cloud. Do not refresh or leave this page until the publishing process is finished.
By default, a new application is set to report only mode. In this mode, Reblaze does not filter any traffic. It only reports on traffic that would have been filtered if it were in active mode. This is useful if you want to test or fine-tune an application or new deployment. To move an application to active mode, click the REPORT button to toggle it to ACTIVE mode, and then publish the change.
The initial configuration of Reblaze is now complete. For the full set of configuration parameters, see the Reblaze user manual at https://gb.docs.reblaze.com/.
Continue to Set Up GCP Health Checks.
Upgrading BYOL - GCP
The Reblaze team will set up a new 2.x console for you. Once this is done, proceed to Step 2.
Go to the Marketplace and create a new Reblaze Deployment in version 2.x.
For the Deployment type, make sure to select “New region”.
For the Template resource zone, select the same region as the one in the previous installation. (Otherwise, the upgrade will not work.)
Scroll further down the page to the following:
For the Networking region, select the same region as the one in the previous installation. (Otherwise, the upgrade will not work.)
Auto-scaling settings - Minimum number of instances: At least as many instances as in the previous installation. In any case, it should never be less than 2 instances.
Redis settings: If you already have a Redis server installed (which is usually true for Reblaze installations of v2.14 and later), you do not need to create a new one, so you can uncheck the Redis deployment checkbox.
After choosing these settings, click the Deploy button at the bottom of the page.
Once your setup is complete, notify Reblaze support. Reblaze personnel will ensure the console is seeing the new instance group, and will connect the Redis server to it.
Within your GCP console, go to Instance groups and select your current (i.e., the older version) instance group.
Here’s an example where the current group is 6887:
Select it by clicking on its name. The following screen will appear:
Now click on Update VMs. You’ll see this:
Click on Add a Second Template. Add the new template you created. (In this example, the new template is 2354.) Now click on Update VMs.
Go to your Reblaze dashboard, and make sure that you see traffic in the new instances, and that your sites are working as expected.
In your GCP console, delete the template for the old version.
During initial deployment, an instance group for Reblaze was created. In this step, you will attach this group to HTTP and HTTPS load balancing services as a backend of the service.
Related video: Reblaze via Google Marketplace: Routing Traffic. This video includes explanations for Set UP GCP Health Checks (previous topic) and for Set Up GCP Load Balancers (this topic).
It is beyond the scope of this document to describe all the possible load balancer settings. More information about Google’s load balancing can be found at https://cloud.google.com/compute/docs/load-balancing/. If you have any questions, feel free to contact us at support@reblaze.com.
Once you set up the load balancers (LB), traffic will be routed through them to Reblaze. Using these load balancers allows GCP to create more instances as needed to handle the traffic.
For most most use cases, you will need to set up two load balancers, one for HTTP and one for HTTPS. The following steps assume that you will be setting up two load balancers. Therefore, the processes described here will be done twice, with some addition steps for HTTPS. The differences between the setup for the HTTP LB and the setup for the HTTPs LB will be noted.
First, set up a load balancer and choose the HTTP protocol for the backend service as follows:
When an HTTPS ( port 443 ) is required, create an additional load balancer and choose the HTTPS protocol. The steps for this are the same as creating an HTTP LB, with additional steps within the frontend configuration process.
After you have created the required load balancers, return to the main GCP section for the final steps needed to get Reblaze running on your website.
In your Google Cloud Platform Console, select Navigation menu > Network services > Load Balancing.
Click Create load balancer.
Click Start configuration for the appropriate type:
The HTTP(S) load balancer supports ports 80, 8080, and 443, (including HTTP and HTTPS) and is the appropriate type for most Reblaze customers.
If you need non-standard ports, then use the TCP load balancer instead.
You will now be asked whether this load balancer is for Internet facing or internal only. Select From Internet to my VMs and click Continue. The load balancer creation page appears.
Enter a name for the load balancer. We recommend that you include the protocol of this load balancer as part of the name (HTTP or HTTPS), for example, LB1-http or LB2-https.
Continue to the section below: Create the Backend Service.
Enter a name for the backend service. We recommend that you include the protocol of this load balancer as part of the name (HTTP or HTTPS), for example, BE1-http or BE2-https.
In the New backend fields:.
Select the Instance group that was created when you deployed Reblaze in GCP. The same instance group can be used for both HTTP and HTTPS.
In the Instance group has named ports popup, make sure to select the correct port for each protocol (80 or 443). 80 is the default value.
Click Use selected port name
Select the Port numbers. Make sure that the port number selected matched the protocol that this LB is for.
For Balancing mode, select Rate, and enter 1000000 for Maximum RPS. This ensures that all servers stay available during a traffic spike unless a health check indicates otherwise.
Click Done for New backend.
(optional) Enable Google Cloud CDN.
Select the Health check that you previously created for this protocol. Make sure to use the matching health check that was created for the load balancer you are now creating (HTTP or HTTPS).
Review the remaining values on the page to see that they are appropriate for your application environment.
Click Create for the backend service.
A default host and path rule has already been created. Additional rules are optional.
Enter a name for the frontend. We recommend that you include the protocol of this load balancer as part of the name (HTTP or HTTPS), for example, FE1-http or FE2-https.
For Protocol, select the protocol that was created for the load balancer you are now creating (HTTP or HTTPS). HTTP is the default value.
For most use cases, you will want to reserve a static IP address.
If this is the first load balancer you are creating (usually HTTP), for IP address do the following:
Select Create IP address.
In the Reserve a new static IP address dialog, enter a name. The name for this IP address should not have the protocol embedded within it, since it will be the same for all load balancers that you create.
Click Reserve. GCP will reserve an IP address and it will now appear in the IP address field in the frontend configuration panel. Tip: Make a note of the IP address provided by GCP. You will need it later at the end of the configuration process.
If this is an additional LB (usually HTTPS):
For IP address, select the IP address previously created for the first LB.
HTTPS only: If this load balancer is for HTTPS, you need to add or create a SSL certificate.
For Certificate, select Create a new certificate.
Enter a name for the certificate.
You can either use a certificate you already have, or create a new one:
To use an existing certificate:
Enter the certificate information.
Click Create for the certificate..
To create a Google-managed certificate:
Select Create Google-managed certificate.
Enter the domains to which this certificate will apply. Multiple domains can be entered.
Click Create for the certificate.
Click Done in the Frontend configuration panel.
Once you have completed all the required components for the load balancer, click Create in the Load balancer panel. The load balancer is then created. The IP address provided is the destination for your website traffic.
From the New load balancer panel on the current page, select Backend configuration > Create or select backend services & backend buckets > Backend services > Create a backend service.
Select either HTTP or HTTPS for Protocol and Named port, depending on which protocol you are creating the LB for.
From the Edit load balancer panel on the current page, select Host and path rules.
From the Edit load balancer panel on the current page, select Frontend configuration.
#
Step
Executed by
Comments
Estimated duration
1.
Console creation
Reblaze
Configuration will be migrated
1 day
2.
Create new deployment
Customer
Creating a new instance group
30 minutes
3.
Setup canary instance
Reblaze & Customer
Adding a new template
15 minutes
4.
Verify traffic monitoring
Reblaze & Customer
Verifying that there are no issues with site performance, and making changes to security profiles if necessary.
1 hour
5.
Rеmove old template
Customer
Replace all instances
15 minutes