Google Cloud¶
Deploy the Sophos Remote Testing Appliance (RTA) as a virtual machine in your
own Google Cloud project. We publish the appliance as a custom Compute Engine
image in our project (srt-rta-images) and grant your Google account or project
IAM access to launch VMs from it directly — no image copy or download
required.
How delivery works on Google Cloud¶
You receive two things from your engagement lead:
| Item | What it is |
|---|---|
| Image name | The name of the custom Compute Engine image in project srt-rta-images, e.g. rta-generic-20250601. |
| Google identity to share with | Your Google account email, a Google Group, or your GCP project's service account — whichever you provide us so we can grant access. |
Once we grant access, you launch a VM directly from our image. There is nothing to copy or upload. The image is generic — it has no engagement identity baked in, so on first boot the appliance comes up in activation mode and its console shows an Appliance Registration screen with a one-time activation code. Read the code from the serial console (you must enable the display device — see below) and give it to your Sophos engagement lead to activate the appliance. Once activated, it provisions itself, brings up the outbound VPN tunnel, and the console switches to the live status dashboard.
Get these two things right¶
Enable the display device — it is off by default
GCP does not enable the virtual display device on new VMs unless you
explicitly request it. Without it the RTA console is inaccessible. Check
the Enable display device checkbox (Console) or pass
--enable-display-device (CLI) every time you create an RTA instance.
The image project is outside your organization
srt-rta-images is a Sophos-owned project, not part of your GCP
organization. The Console's source project picker defaults to your
organization only — you must switch the organization filter to
"No organization" or "All" before searching for srt-rta-images.
The CLI flag --image-project=srt-rta-images works without any extra steps.
Requirements¶
| Resource | Minimum | Recommended |
|---|---|---|
| Machine type | 2 vCPU / 4 GB (e2-standard-2) |
e2-standard-4 (4 vCPU / 16 GB) |
| Boot disk | 40 GB | 40 GB |
| Networking | Outbound internet; no public IP / no inbound rules required | VPC subnet with VPN reach to engagement targets |
| Display device | Required (enable explicitly) | Required |
Choose a deployment method¶
-
Point-and-click: create a VM instance in the Compute Engine console, selecting our shared image as the boot disk source.
-
One
gcloud compute instances createcommand. The fastest path — no console navigation, no org-picker workaround needed.