Prepare for discovery and assessment

This document describes how to complete the initial setup that is required for running a discovery and assessment using Mainframe Assessment Tool.

Before you begin

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

Go to project selector
Make sure that billing is enabled for your Google Cloud project.
Enable the Compute Engine API.

Enable Compute Engine API
Enable the Vertex AI API.

Enable Vertex AI API
Ensure that no incoming connections to the project are allowed by default using firewall rules.

The Mainframe Assessment Tool appliance is accessed through an Identity-Aware Proxy tunnel only.
Recommended: ensure that you have a minimum quota value for the following Vertex AI API services:
- The Generate content requests per minute per project per base model per minute per region per base_model service with the following dimensions:
  - base_model: gemini-pro.
  - region: select a region where you want to create the Mainframe Assessment Tool VM. All zones in all the Generative AI on Vertex AI regions are supported.
  - quota: 600 QPM
- The Generate content requests per minute per project per base model per minute per region per base_model service with the following dimensions:
  - base_model: gemini-1.5-pro.
  - region: select a region where you want to create the Mainframe Assessment Tool VM. All zones in all the Generative AI on Vertex AI regions are supported.
  - quota: 120 QPM
- The Online prediction requests per base model per minute per region per base_model service with the following dimensions:
  - base_model: textembedding-gecko.
  - region: select a region where you want to create the Mainframe Assessment Tool VM. All zones in all the Generative AI on Vertex AI regions are supported.
  - quota: 1500 QPM
If you don't have sufficient quota, then request a quota increase.
Create a dedicated service account.

If not already done, then create a new firewall rule to allow ingress on port 4000 using IAP tunnel:

gcloud compute firewall-rules create allow-ingress-from-iap \
  --direction=INGRESS \
  --action=allow \
  --rules=tcp:4000\
  --source-ranges=35.235.240.0/20

Assign IAM roles and permissions

This section describes the Identity and Access Management roles that you might want to assign to your project members and the permissions required to perform various actions.

To ensure that the dedicated service account that you created has the necessary permissions to give the Mainframe Assessment Tool components the required access to the Vertex AI API, ask your administrator to grant the dedicated service account that you created the Vertex AI User (roles/aiplatform.user) IAM role.

What's next

Learn how to create a Mainframe Assessment Tool VM.