Go back

How to get Tails Linux on GCP(Google Cloud Platform)

This section describes how to launch and connect to Tails Linux in a Google Compute environment using the available Cloud Launcher offering.

  1. Open Tails Linux listing on GCP Marketplace
  2. Click Launch.

/img/gcp/tails-linux/marketplace.png

  • It will take you to the agreement page. On this page, you can change the project from the project selector on top navigator bar as shown in the below screenshot.

  • Accept the Terms and agreements by ticking the checkbox and clicking on the AGREE button. /img/common/gcp_agreement_page.png

  • It will show you the successfully agreed popup page. Click on Deploy. /img/common/gcp_agreement_accept_page.png

  • On deployment page, give a name to your deployment.

  • Tick the existing account radio button and select your existing service account from the "Select a service account" dropdown as shown below.
  • If you don't see the service account in "Select a service account" drop down, then please follow the below steps to add one. if you can see a service account in the dropdown, skip ahead to the next step to select the region for your deployment.
  • below steps are one time only and you need appropriate IAM permissions to execute these steps. If you encounter IAM permission errors, reach out to your organization's IAM admin to execute these steps :
    1. Note Project id : First note down the project-id of the project where you are deploying our solution . Project id can be found by clicking on the project dropdown and copying id from the poped up window.

    2. Activate cloud shell by clicking the shell icon at the top right corner.
    3. In the cloud shell, run below command to switch to the project where you are deploying this solution , replace PROJECT_ID with the actual project id copied in step a.
    4. gcloud config set project "PROJECT_ID"

    5. Then run below command to create new service account, replace highlighted bold text with suitable values.
    6. gcloud iam service-accounts create "your-service-account-name" --description="service account for your-google-cloud-login-emailid " --display-name="your-service-account-name"

    7. Then run below command to associate the newly created service account with your google cloud login id, replace highlighted bold text with values provided in above steps
    8. gcloud iam service-accounts add-iam-policy-binding your-service-account-name@projectid-copied-in-step-a.iam.gserviceaccount.com --member="user:your-google-cloud-login-emailid" --role="roles/iam.serviceAccountUser"

    9. Then run below 3 commands one after the other , replace highlighted bold text with your service account name provided in previous steps.
    10. gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:your-service-account-name@projectid-copied-in-step-a.iam.gserviceaccount.com --role=roles/config.agent

      gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:your-service-account-name@projectid-copied-in-step-a.am.gserviceaccount.com --role=roles/compute.admin

      gcloud projects add-iam-policy-binding PROJECT_ID --member=serviceAccount:your-service-account-name@projectid-copied-in-step-a.iam.gserviceaccount.com --role=roles/iam.serviceAccountUser

    11. Once the above steps are done, wait for 60 seconds then refresh the deployment page and you should see the newly created service account in "Select a service account". Continue with the next steps below.
  • Select a zone where you want to launch the VM(such as us-east1-)
  • Optionally change the number of cores and amount of memory. ( This defaults to 2 vCPUs and 7.5 GB ram. Please select machine from N1 series only as highlighted below)
  • Optionally change the boot disk type and size. (This defaults to ‘Standard Persistent Disk’ and 30 GB respectively)
  • Optionally change the network name and subnetwork names. Be sure that whichever network you specify has ports 22 (for ssh) and 3389 (for RDP) exposed.
  • Click Deploy when you are done.
  • Tails Linux will begin deploying.

/img/gcp/tails-linux/deployed.png

  1. A summary page displays when the compute engine is successfully deployed. Click on the Instance link to go to the instance page .

  2. On the instance page, click on the “SSH” button, select “Open in browser window”.

/img/gcp/puppet-support/ssh-option.png

  1. This will open SSH window in a browser.
  2. Run below command to set the password for “ubuntu” user
sudo passwd ubuntu

/img/gcp/jupyter-python-notebook/ssh-passwd.png

  1. Now the password for ubuntu user is set, you can connect to the VM’s desktop environment from any local windows machine using RDP or linux machine using Remmina.

  2. To connect using RDP via Windows machine, first note the external IP of the VM from VM details page as highlighted below

/img/gcp/jupyter-python-notebook/external-ip.png

  1. Then From your local windows machine, goto “start” menu, in the search box type and select “Remote desktop connection”

  2. In the “Remote Desktop connection” wizard, paste the external ip and click connect

/img/gcp/jupyter-python-notebook/rdp.png

  1. This will connect you to the VM’s desktop environment. Provide “ubuntu” as the userid and the password set in step 6 to authenticate. Click OK

/img/gcp/puppet-support/rdp-login.png

  1. Now you are connected to out of box Tails Linux environment via Windows machines.

/img/gcp/tails-linux/tails-linux-desktop.png

  1. To connect using RDP via Linux machine, first note the external IP of the VM from VM details page,then from your local Linux machine, goto menu, in the search box type and select “Remmina”.

Note: If you don’t have Remmina installed on your Linux machine, firstInstall Remmina as per your linux distribution.

/img/gcp/common/remmina-search.png 14. In the “Remmina Remote Desktop Client” wizard, select the RDP option from dropdown and paste the external ip and click enter.

/img/gcp/common/remmina-external-ip.png 15. This will connect you to the VM’s desktop environment. Provide “ubuntu” as the userid and the password set in step 6 to authenticate. Click OK

/img/gcp/common/remmina-rdp-login.png 16. Now you are connected to out of box Tails Linux environment via Linux machine.

/img/gcp/tails-linux/tails-linux-desktop.png

  1. Once you are connected to GUI, click on the tails-linux VM icon on the desktop, this will start the tails vm inside ubuntu vm. Wait for 4-5 minutes for tails startup. In case you encountered a blank screen on clicking the VM, please check the Troubleshooting Guide to fix the issue and the continue with below steps: /img/gcp/tails-linux/click-on-tails-linux.png

  2. Setting up root password :
    After 4-5 minutes, below welcome screen will come, click on the "+" sign in the bottom which will open additional settings menu. Select Administration Password and enter the password for admin user and click on Add button on top right.

/img/gcp/tails-linux/tails-welcome-screen.png

/img/gcp/tails-linux/select-admin-authentication.png

  1. Now the password for Admin user is set, click on Start Tails on top right.

/img/gcp/tails-linux/start-tails.png

  1. Setting screen resouliton:
    Once tails vm start, reset the screen resolution . For that, click on the arrow on the top right, click the setting icon, the setting page will come, search for “display” in the top right search box . Select display setting and change the resolution to “1280x768 (16:10)” option, click on Apply. It will ask you to keep the changes or revert it. Click keep the new settings. This will expand the window to fit the screen . You can change resolution to other settings as per your preference.

/img/gcp/tails-linux/settings-arrow.png

/img/gcp/tails-linux/display-resolution.png

  1. Connecting to tor:
    The tor connection wizard will be displayed by default. select Connect to Tor automatically option and press Connect to Tor button.

/img/gcp/tails-linux/connect-to-tor.png

Now you are connected to Tor Browser. Explore the internet freely and securely.

  1. Tails Application:
    You can use different applications from the application menu of Tails.Tails comes with lots of open-source tools and software to operate and communicate securely. You can use The Tor Browser with uBlock ad blocker built in, Thunderbird which is an email client that encrypts emails, KeePassXC which is a password manager and OnionShare to share files over Tor among others. /img/gcp/tails-linux/tails-applications.png

  2. The default tails vm will come with 4GB RAM. If you are experiencing latency or performance issue with VM, please follow How to increase VM performance guide.

Go back