GCP

Home

Use Cases

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

API

Getting Started with the API

Twingate Labs ↗

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

Overview

A range of options are available for deploying Connectors on Google Cloud Platform depending on your particular environment and needs.

Compute Engine deployment

If you are deploying to a Compute Engine VM, you can follow the general Linux Connector deployment instructions for more details.

Two approaches will be outlined here:

Deploying Connectors as a systemd service on a supported Linux distribution such as Ubuntu 20.04.
Deploying Connectors via Docker on a container-optimized Compute Engine VM.

These approaches are documented below.

`systemd` service

Quickly deploy via the Admin Console

These steps can be partially automated by creating a new Connector from the Twingate Admin Console and using the “Google Cloud” deployment option. This method will configure a deployment script. Running the script will provision an e2-small VM with the Connector installed and pre-configured.

Step 1: Create a Connector in Twingate

Create a new Connector in the Twingate Admin Console and choose the “Linux” deployment option. You will add the generated script, which contains all the necessary configuration parameters, as a startup script when configuring the new VM on GCP.

Step 2: Deploy a new VM on GCP

Unless noted otherwise in the steps below, the default settings can be kept.

From the Cloud Console, select Compute Engine → VM Instances → Create Instance.
Select ”New VM instance“.
Set the following configuration options for the VM:
- Name: We recommend matching this to the Connector name to be able to identify it later on.
- Machine configuration, Machine family: We recommend the e2-small machine type.
- Boot disk: We recommend Ubuntu 20.04 LTS, but we support several Linux distributions.
Select “Management, security, disks, networking, sole tenancy” to expand the configuration section before continuing.
- Under Automation, paste the script generated during the Connector deployment flow for “Linux” in the Twingate Admin Console into Startup script.
Select the Networking tab, and select the existing Network interface to modify its settings:
- Network and Subnetwork: Choose the network and subnetwork where you’d like to deploy the Connector. The Connector must be able to reach any Resource that you configure from this network.
- External IP: Select “None” as no external IP address is required.
Finalize the deployment by clicking Create.

After the VM has booted, you will see the Connector connection status change to “connected” in the Connector detailed view in the Admin Console.

Docker container

Step 1: Create a Connector in Twingate

Create a new Connector in the Twingate Admin Console and choose the “Docker” deployment option. A deployment command will be generated, and you will use the configuration parameters in this commend to configure the container VM.

Step 2: Deploy a new VM on GCP

Unless noted otherwise in the steps below, the default settings can be kept.

From the Cloud Console, select Compute Engine → VM Instances → Create Instance.
Select ”New VM instance“.
Set the following configuration options for the VM:
- Name: We recommend matching this to the Connector name to be able to identify it later on.
- Machine configuration, Machine family: We recommend the e2-small machine type.
- Under Container check “Deploy a container image to this VM instance.”
- Container image: twingate/connector:1

Expand “Advanced container options”

Add the following Environment variables, replacing the values on the right with the values from the Docker deployment command you generated in Part 1.
(Optional) You may wish to enable real-time connection logs or set custom metadata by setting the appropriate environment variables.

For the environment variable values, ensure that you omit the enclosing quotes from the Connector deployment command.

Name	Value	notes
TWINGATE_NETWORK	< pasted from the Connector deployment command >	eg. `autoco`
TWINGATE_ACCESS_TOKEN	< pasted from the Connector deployment command >
TWINGATE_REFRESH_TOKEN	< pasted from the Connector deployment command >

Select “Management, security, disks, networking, sole tenancy” to expand the configuration section before continuing.
Select the Networking tab, and select the existing Network interface to modify its settings:
- Network and Subnetwork: Choose the network and subnetwork where you’d like to deploy the Connector. The Connector must be able to reach any Resource that you configure from this network.
- External IP: Select “None” as no external IP address is required.
Finalize the deployment by clicking Create.

After the VM has booted, you will see the Connector connection status change to “connected” in the Connector’s details view in the Admin Console.

Google Kubernetes Engine (GKE) deployment

Connectors can also be deployed on a GKE cluster using the official Twingate Helm chart. If you intend use Twingate for K8s, you may also want to look at our Kubernetes Best Practices Guide.

Deployment automation options

Deployment automation is available using the Twingate Terraform Provider or the Twingate API.

Please see our Connector Best Practices overview for general recommendations as well as hardware recommendations for GCP.

Access and refresh tokens, which are required for Connector deployment, are specific to an individual Connector and cannot be shared between multiple Connectors.

Last updated 2 months ago

Home

Use Cases

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

Architecture

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

API

Getting Started with the API

Twingate Labs ↗

managing twingate

Quick Start

Automated Deployment

Connectors

Understanding Connectors

Deploying Connectors

Best Practices

Updating Connectors

Advanced Connector Management

Resources

Remote Networks

Aliases

Team

Users

Groups

Identity Providers

Security Policies

Policy Guides

Two-Factor Authentication

Devices

Client Application

Managed Devices

Device Administration

Services

Headless Clients

CI/CD Configuration

Analytics

Audit Logs Report

Detailed Network Event Schema

Analyzing Network Traffic

User Activity Report

Syncing Data to AWS S3

Internet Security

DNS Filtering

DNS-over-HTTPS (DoH)

Administration

Admin Console Security

Subscription Management

Managed Service Providers

Cancel Your Subscription

additional resources

Help Center ↗

Changelog

FAQ

Twingate Trust Center

GDPR Compliance

HIPAA Compliance

PCI Compliance

SOC 2 Report

Responsible Disclosure Policy

VPN Replacement

Infrastructure Access

Device Controls

IP-based Access

Homelab & Personal Use Cases

Internet Security

Compliance

How Twingate Works

How DNS Works with Twingate

Twingate vs. VPNs

Twingate vs. Mesh VPNs

Peer-to-peer Communication

`systemd` service