HCL SW Blogs
Select Page


Learn how to set up and configure HCL VersionVault Express on the Google Cloud Platform. You must have a valid credential on the Google Cloud Platform and you have an initial setup in place.

Getting started

To get started, you need a Google account connected to the Google Cloud Platform. Although you can use the Google Cloud Console with your browser to work with virtual machines, you might also consider downloading and installing the Cloud SDK to get command- line tools. If this is your first time using the Cloud SDK, be sure to run the “gcloud init” command before you do anything else. You need to know your Google zone and region, and create a Google Cloud Platform project.

Account and SDK

Google Cloud account

To use Google Cloud and HCL VersionVault Express, you’ll need a Google account connected to the Google Cloud Platform. The account needs permissions to:

  • log in, monitor
  • create/upload storage bucket
  • create/manipulate VM

You must verify your access to the dashboard and project. Try to log into the dashboard:


Then, if prompted, choose your country and decide if you want the update/email notification.

Installing the Google Cloud SDK

If you consider downloading and installing the Cloud SDK to get the command-line tools, here is a brief installation overview. The SDK contains different tools:

Name Purpose Description
gcloud Default gcloud tool commands Tool for interacting with Google Cloud
bq BigQuery command-line tool Tool for working with data in BigQuery
gsutil Cloud Storage command-line tool Tool for performing tasks related to Cloud Storage
core Cloud SDK core libraries Libraries used internally by the Cloud SDK tools

On RedHat you must:

  • Add the package repository
  • Install the package using yum

Follow https://cloud.google.com/sdk/docs/install to install the Google Cloud command-line/SDK for your platform.

To verify your installation or check for updates, use:

gcloud components list

And if updates are needed, use:

sudo yum update google-cloud-sdk

If this is your first time using the Cloud SDK, be sure to run the following command before you do anything else:

gcloud init

You must enter your account and confirm it by providing a response code to a link in your browser (depending on your IT setup). Then select the project you were assigned to (or select the one you created if you did it yourself). Then you must select the geographical region. To fix any problems with your parameters, use:

gcloud init

Or for updating only the region:

gcloud config set compute/region NAME

After configuration a summary is displayed:

Commands that require authentication will use xxxx.xxxx@xxx.com by default

Commands will reference project `PROJECT_ID` by default

Compute Engine commands will use region `REGION` by default

Compute Engine commands will use zone `REGION` by default

Some IT environments might require the user of service account to interact with Google Cloud. These accounts are provided in the form of a JSON file with the credential to use. Consult with your IT department for the correct setup of this account.

IT security and requirement

If your IT department is making it mandatory to have a specific setup and access, you might have to set some flags when creating a VM. They can be added/set at import time. This can also be done after importing the VM from the web interface or from the command-line. You might also have to use some specific FIREWALL, NETWORK or SUBNET settings or predefined values. Always consult with your IT for the correct options to use when creating a VM.

Creating a firewall

VersionVault Express uses up to four ports. You might choose to expose all of them or some of them, but you need at least one port exposed. To expose ports, you must create a firewall definition. You can have multiple definitions and apply multiple ones to a newly created VM.

The ports you might choose to expose are:

  • The VersionVault Express browser interface/REST APIs on port 443 by default
  • The VersionVault Express appliance setup console on port 8443
  • The server that the VersionVault client connects to on port 8080
  • The VersionVault-Review Board server on port 9443
  • the SSH interface to the virtual machine on port 22

To create a firewall, use the “gcloud compute firewall-rules create” command to name your firewall and expose your ports with the –allow option:

gcloud compute firewall-rules create FIREWALLNAME \

–allow tcp:8080,tcp:443,tcp:8443,tcp:22,tcp:9443

Tip! You need to expose the VersionVault Express appliance setup console to configure your source virtual machine, but you should disable ports 8443 and 22 when you put your machine image instances in production.

Creating a storage bucket

You need a cloud storage to store the OVA and additional files. You can use an existing storage bucket from the project or create a new one (“Cloud storage” in the left menu of the web interface or from the command-line with “gsutil”). The name must be unique because it is shared in the whole cloud namespace (example: my-own-bucket).

Here is a typical command line to create a new storage bucket (see the Google Cloud documentation for all practical options):


-b on gs://BUCKET_NAME


gsutil mb -p PROJECT_ID -c standard -l us-east4 \

-b on gs://vve-mybucket

Creating a new virtual machine from an OVA

VersionVault Express is delivered as a virtual machine in the form of an OVA file. You must first upload the OVA or use the provided one in the market place.

Uploading the OVA

Before you can use the OVA file in the Google Cloud Platform, it must be uploaded to Cloud Storage. Use the “gsutil”command to upload the OVA to your newly created bucket.

Tip! if you need to rename it, rename it BEFORE the upload.

gsutil cp <PATH_TO_OVA>/versionvault.ova gs://vve-mybucket

Importing as a new VM

Import the OVA file you just uploaded to a Google VM. You can use the Cloud SDK to do it (it works better than the web interface for large files). You must know what zone you are in and which Linux operating system is in use (for VersionVault Express, this is ubuntu2004). Be sure to check the latest VersionVault Express system requirements to get the recommended memory and CPU count. If you are required by your IT to “label” your virtual machine, you can preset them here too.

If your IT department did not set up a network and subnet for your project, make sure to create them before. The firewall that you created (or will re-use) will be added in the “tag” section.

The command should be like:

gcloud compute instances import VMNAME \

–zone=ZONE –os=ubuntu-2004 \

–custom-memory=8 –custom-cpu=8 –can-ip-forward \

–source-uri=”gs://vve-mybucket/versionvault.ova” \

–labels xxxx=xxxx,yyyy=yyyy \

— network NETWORK \

— subnet SUBNET \



gcloud compute instances import versionvault-demo \

–zone=us-east4-c –os=ubuntu-2004 \

–custom-memory=8 –custom-cpu=8 –can-ip-forward \

–source-uri=”gs://vve-mybucket/versionvault.ova” \

–labels environment=staging,owner=xxxx.xxxx@xxxx.com \

–network NETWORK \

–subnet SUBNET \


This starts the import of the OVA into a new VM. It can take from 40 minutes to a couple of hours. After the import, the VM is started and left running. Give it a few minutes before continuing so all the startup scripts, configuration, and processes complete.

To continue, you must shut it down first. This can be done from the web interface or command-line.

gcloud compute instances stop VMNAME –zone=ZONE

Configuring or updating the firewall

Remember that firewall you created? If you did not add it during the import or if you need to update it, it is time to apply it to your new VM instance. If you are using the Cloud SDK, a command like this will do it.

gcloud compute instances add-tags VMNAME –zone ZONE \


Creating a clean machine image (optional)

You can create a machine image so that you can quickly spin up minimally configured new instances. While not mandatory, this allows creating new instances in a few minutes instead of hours as you would save all the import phase.

Stop the VM using the Cloud SDK like this:

gcloud compute instances stop VMNAME –zone=ZONE


gcloud compute instances stop versionvault-demo \


To create a machine image using the Cloud SDK, you need the Cloud SDK beta component installed, if you followed this post, it is included in it already.

You can check that you have the gcloud SDK beta command in the following command output:

gcloud components list

Then, to create the new image, use a command like this:

gcloud beta compute machine-images create IMAGENAME \

–source-instance VMNAME \

–source-instance-zone ZONE

Example :

gcloud beta compute machine-images create vve-image \

–source-instance versionvault-demo \


It only takes a minute to create a machine image.

Creating and adding a virtual disk

The VersionVault Express virtual machine is designed such that your VOBs require their own disk. This can be done from the command-line or the web interface. Before attaching a disk, make sure that the VM is not running. If it is, shut it down first as follows:

gcloud compute instances stop VMNAME –zone=ZONE

Creating a new disk

Using a command like this with the Cloud SDK creates a disk. Be sure to size your disk appropriately. The SIZE is the disk size in GB.

gcloud compute disks create DISK_NAME –size=SIZE \

–type=pd-balanced –zone=ZONE


gcloud compute disks create versionvaultdiskdevlm –size=100 \

–type=pd-balanced –zone=us-east4-c

You do not need to format it, the detection and initialization at boot time takes care of it.

Attaching the disk

Attach your newly created disk to the VM:

gcloud compute instances attach-disk VMNAME –disk=DISKNAME \



gcloud compute instances attach-disk versionvault-demo \

–disk=versionvaultdiskdevlm –zone=us-east4-c

First start

You are now ready to start the VM. Start the new VM from the web interface or if you are using the Cloud SDK, a command like this will launch VersionVault Express and return the IP address of the new instance.

gcloud compute instances start VMNAME –zone=ZONE


gcloud compute instances start versionvault-demo \


When VersionVault Express launches for the first time, it performs two checks:

  • The first is to check that you have mounted a disk for your VOBs.
  • The second check is to see if the networking has been configured.

VersionVault Express suggests a default network configuration for you and then asks if you want to make any changes. If you are sitting in front of the VM, you can press any key to let VersionVault Express continue booting. However, if you are launching the VM for the first time in the Google Cloud, you might not see the prompt and, therefore, not press any keys. After 5 minutes, VersionVault Express times out and you get the default network configuration.

By now, the VersionVault Express VM should be running, but you cannot to log in. One reason for this is that you have not created any users yet. Also, most of the VersionVault Express processes probably have not started yet. The one process that you do need will have been started – the appliance setup console. The VersionVault Express system administrator uses the appliance setup console to configure VersionVault Express and to manage VersionVault Express users. The appliance setup console runs on port 8443 and provides a browser interface and a REST API. You must configure at least the bare minimum to proceed.

Local administrator

The first thing you must do is create your local system administrator user. The first user who tries to log in is granted local administrator rights.

Important! Do not forget or lose this account.

Either point your browser at https://your_ip:8443 and choose an username and a password, or use the REST API (which is described at https://your_ip:8443/setup/swagger-ui.html) to post to the createInitialAdminUser() API.


Google will have set your default host name for you, but you might consider changing it to something resolvable in DNS if you intend to use email notifications or webhooks (or you can use the IP as hostname, so all links works if the IP does not change)

Port, certificate and SSH keys

You must set a port or accept the default port, which is 443. The port must be open in the firewall. If you have SSL certificates or SSH keys, add them now.


You might need to enter your license information. If you do not, HCL assumes that this VersionVault Express instance is running a limited-time free trial.

LDAP server

VersionVault Express can either manage its own users (the default configuration) or bind to an external LDAP server.

If you choose to manage your own users, you might want to create at least one user now. This can be done using either the appliance setup console or the REST APIs. To use the setup console, enter the email address of the new user, and click the Add user button. If you configured an SMTP server, the user will receive an email inviting them to create an account. If not, toggle the Temporarily disable SMTP switch and then click the mail icon in the table of users. This launches your default mail client and allow you to send the invitation from there.

Validating configuration

Verify all entries (most of the section has some “check” or “validate” button), then save your configuration and launch VersionVault Express.

If you created a user, have them follow the link in the email they received to sign up and log in.

Final test

By this point, you should have a VersionVault Express instance running and at least one user who can log in. Test it by opening a browser and connecting to your port on your IP address (or hostname if you have DNS configured). There are no projects or VOBs yet.

Using VersionVault Express

Now you are ready to start using VersionVault Express. Log in and create your first project. If your system allows it, invite more users to join your project. If not, ask your system administrator to invite new users for you.

Creating a pre-configured machine image (optional)

If you create a new machine image now, you will be able to create new VM from this image with all the configuration done. This can be useful if you need to test or deploy identically configured VMs. You can follow the same step as earlier, just use a new name for the target image.

Creating a VM from an image instance (optional)

Each time you want to create a VersionVault Express instance you can quickly create a machine image instance. You might choose to give each project team their own instance, or perhaps allocate instances to different business units within your organization. To create a new instance from a machine image using the Cloud SDK, use a command like this. The IP address of the new instance will be returned.

gcloud beta compute instances create mynewinstance \

–zone my-zone \

–source-machine-image mymachineimage \

–tags vvfirewall


gcloud beta compute instances create versionvault-demo2  \

–zone us-east4-c  \

–source-machine-image vve-image \

–tags FIREWALL  \

–labels environment=staging

Notice that you can apply your own firewall here. It might be a good idea to create a firewall that only exposes the VersionVault Express browser interface/REST API port and the client port (meaning that it does not expose the appliance setup and SSH ports).Then review and apply the IT requirements as before (external IP, SSH, and so forth) on the newly created machine.

Comment wrap
Further Reading
Docker Container With VersionVault Dynamic View Client Access
Secure DevOps | January 10, 2023
Docker Container With VersionVault Dynamic View Client Access
This blog explains how to configure a Docker host installed with HCL VersionVault and Docker that provides Docker Container with Dynamic View Client Access.
HCL VersionVault Express on the Azure Cloud Platform
Secure DevOps | July 21, 2022
HCL VersionVault Express on the Azure Cloud Platform
Learn how to run HCL VersionVault Express in a public or private cloud on the Azure Cloud Platform - Get Started Today.
Filters result by