Configure your Google Cloud project for Mainframe Assessment Tool
Stay organized with collections Save and categorize content based on your preferences.

This page describes the process to set up and configure your Google Cloud project to work with Mainframe Assessment Tool.

Before you begin

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

Go to project selector
Make sure that billing is enabled for your Google Cloud project. For more information, see Verify the billing status of your projects.
Create a dedicated service account to access Mainframe Assessment Tool. For more information, see Create service accounts.

Make sure that you have sufficient quota in the region where you plan to create the Mainframe Assessment Tool VM. All zones in all the Generative AI on Vertex AI regions are supported. The required quotas per base model are listed in the following table:

Request Type	Base Model	Quota (QPM)
Generate content requests per minute per project per base model per minute per region per base model	`gemini-1.5-flash`	600
Generate content requests per minute per project per base model per minute per region per base model	`gemini-1.5-pro`	120
Online prediction requests per base model per minute per region per base model	`textembedding-gecko`	1500

To adjust quotas, use the Google Cloud console. For more information, see Request a quota adjustment.

Enable APIs

Enable the Compute Engine API.

Enable Compute Engine API
Enable the Vertex AI API.

Enable Vertex AI API

Configure firewall rules

To allow secure access to the Mainframe Assessment Tool VM through IAP, create the following firewall rules:

Create a firewall rule to allow ingress on TCP port 4000 using IAP for TCP forwarding:

gcloud compute firewall-rules create allow-ingress-from-iap \
  --direction=INGRESS \
  --action=allow \
  --rules=tcp:4000\
  --source-ranges=35.235.240.0/20

Create a firewall rule to deny all other ingress traffic to your Mainframe Assessment Tool VM:

 gcloud compute firewall-rules create deny-all-other-ingress \
  --direction=ingress \
  --action=deny \
  --rules=all \
  --source-ranges=0.0.0.0/0 \
  --network=your-network-name \
  --priority=65535

Assign IAM roles and permissions

To ensure that the dedicated service account that you created has the necessary permissions to give the Mainframe Assessment Tool components the required access to the Vertex AI API and other services, ask your administrator to grant the dedicated service account that you created the following IAM roles:

Vertex AI User (roles/aiplatform.user)
Cloud Logging: Cloud Logging Writer (roles/logging.logWriter)

What's next

Learn how to Set up and access Mainframe Assessment Tool.