This page describes the process to set up and configure your Google Cloud project to work with Mainframe Assessment Tool.
Before you begin
In the Google Cloud console, on the project selector page, select or create a Google Cloud project.
Make sure that billing is enabled for your Google Cloud project. For more information, see Verify the billing status of your projects.
Create a dedicated service account to access Mainframe Assessment Tool. For more information, see Create service accounts.
For large assessments, make sure that you have sufficient quota in the region where you plan to create the Mainframe Assessment Tool instance. Larger quotas can be allocated by purchasing a Provisioned Throughput
Enable APIs
Enable the Compute Engine API.
Enable the Vertex AI API.
Configure firewall rules
To enable secure access to the Mainframe Assessment Tool instance through IAP, create the following firewall rules:
Create a firewall rule to allow ingress traffic on TCP port
4000by using IAP for TCP forwarding:gcloud compute firewall-rules create allow-ingress-from-iap \ --direction=INGRESS \ --action=allow \ --rules=tcp:4000\ --source-ranges=35.235.240.0/20Create a firewall rule to deny all other ingress traffic to your Mainframe Assessment Tool instance:
gcloud compute firewall-rules create deny-all-other-ingress \ --direction=ingress \ --action=deny \ --rules=all \ --source-ranges=0.0.0.0/0 \ --network=your-network-name \ --priority=65535
Assign IAM roles and permissions
To ensure that the dedicated service account that you created has the necessary permissions to give the Mainframe Assessment Tool components the required access to the Vertex AI API and other services, ask your administrator to grant the dedicated service account that you created the following IAM roles:
-
Vertex AI User (
roles/aiplatform.user) -
Cloud Logging:
Cloud Logging Writer (
roles/logging.logWriter)
What's next
- Learn how to Set up and access Mainframe Assessment Tool.