Deploying CML 2.8 Personal Plus in Google Cloud Platform (GCP)

7 min readJan 7, 2025

Disclaimer, I’m not a cloud vendor infrastructure expert and only applied fundamental concepts, experience, and google search to figure out how to deploy CML to GCP.

Doc: Deploy CML locally:

The Idea is to set up the CML as a VM locally so that you could export / import it to the cloud as an image.

Unofficial AWS method (not working / compatible):

https://github.com/gdmoney/Cisco-CML-on-AWS

A little bit of background, I also wanted to include this section since I learned in this process that I could export the virtual machine then import them as an image in the cloud — then create an instance out of that image.

The idea is: Export the VM from VMware workstation (local) -> Turn it to an OVA file -> Deploy it as an AMI in AWS -> then create an EC2 instance out of that AMI. I used this YouTube video guide as a reference.

After a couple of hours of trying to make it work, it turns out that the kernel version of the CML (since CML is an Ubuntu 24.04.01 with kernel 6.8.0–41) is not compatible as an AMI in AWS. See AWS doc for reference. Ha! Wasted my time, but not really since I learned the process how to do it.

Scroll down to Supported OS section: Ubuntu24.04 kernel 6.8.0 isn’t supported yet as an AMI

I received this error message upon importing the OVA/VMDK file from S3 for it to become an AMI.

Also, I got billed since the free tier of S3 only offers 5 GB of storage. The OVA file is ~32 GB. Hahaha! (I thought that was going to be covered by free XD)

Lastly, I’ll include some of these relevant links below:

Learned how to SCP directly to AWS S3

Official Method for AWS: Cisco Blog

GitHub link from Cisco DevNet

Converting the .vmx file using OVF tool (then get the .vmdk file)

Locate your local VM files

know where your VM files are located. In VMware Workstation (free), you can see it in Player > Manage > Virtual Machine Settings

Options Tab > Working Directory

Download OVF tool from Broadcom/VMware website

OVF tool download site
Documentation on how to use OVF tool

locate where the OVF tool is downloaded, then go to that directory when running the CMD via cd. Or in some OS, you could righclick-“open terminal” once you’re in that directory.

from cmd:

> cd <directory of the downloaded ovf tool>
> ovftool <"Source Directory\name.vmx"> <"Destination Directory">

this will convert the .vmx file to multiple separate files.
get the .vmdk file since that’s the file that we need for GCP.

Running CML 2.8 Personal Plus on Google Cloud Platform (GCP)

first, I’ll reference this reddit post several years ago (Thanks buddy). The general steps are already stated here. I’ll just include the detailed steps and the solution to problems I encountered.

Upload the files from ovftool to Google Bucket Storage

we will need the .vmdk file, not entirely sure if the process will need the other files so I just included them in the bucket.

Create an Image from the .vmdk file in the Bucket (errors encountered)

This is where I encountered some of the errors that cost so much time. At first, I used this method to import the .vmdk file to an image.

gcloud compute machine-images import VM_NAME --source-uri=gs://BUCKET_NAME/ --os=ubuntu-2404

According to this documentation, import tab, ubuntu-2404 is supported to be imported as an image. However, I still received the error below. The shell somehow thinks that only up to ubuntu-2204 is supported to be imported, and not ubuntu-2404

ERROR: (gcloud.compute.machine-images.import) argument — os: Invalid choice: ‘ubuntu-2404’. Did you mean ‘ubuntu-2204’?

I also tried specifying the — zone into “asia-southeast1-a” or other zones thinking that the Ubuntu Machine version might not be supported in a region or so, but still got the error.
I tried this also using the .ova file, same error.
.ovf file, same error.
tried also the .vmdk file, same error.
tried not specifying the — os, GCP inspects it and will produce the same error due to the audit.
tried also to specify it as a “ — os=ubuntu-2204” but as audited, same error.
also tried gcloud components update, same error.
All of these are the same in my local shell (cmd) and the shell in the web browser (console)

Create an Image from the .vmdk file in the Bucket (Working)

Since the reddit post specifically said that we’re working on the .vmdk file, I thought I could read this article from google cloud.

At this section, this redirected to “Migrate Virtual Machine” tab of the Virtual Machine section of the GCP console. If not enabled, you’ll see a prompt to enable its API. Click Enable to proceed.

Link the existing project as Target Project, this will be referenced later when creating an image

Create the Image from the .vmdk file in the Bucket

Creating an Instance from the Image made

in the machine configuration, you’ll need to reference this nested virtualization document. Basically, not all machine types support nested virtualization. I selected N1 as the machine type and chose Intel Haswell or later as its CPU platform since it supports it.
Support for Nested virtualization is needed since we’re virtualizing the CML machine (which is the ubuntu-2404). And this ubuntu-2404 is also virtualizing the CML images to do my lab, hence, nested virtualization.
you could choose one of the presets or go for custom. Depending on the budget and use case.

Enabling Nested Virtualization on the Instance

Export or gather the properties information of the instance/vm.

GCP displays this via through yaml format. This is for us to see if nested virtualization property is already enabled, if not, we need to enable it.

From this documentation, I tried exporting the .yaml file using the — destination= option but I can’t seem to figure out how.

I tried using a local directory on my pc to export / save the .yaml file, I received a permission error similar to this.
I also tried using the gs://BUCKET_NAME for the bucket directory but it also failed.

My work around is to not just specify the — destination= option. That will display the Instance/VM properties in the shell/cmd, then I just copy pasted it to my notepad, then i saved it as a .yaml file. The command also seemed requiring the — zone option so specify the zone for the VM/Instance that we want the info from.

gcloud compute instances export VM_NAME --zone=ZONE_NAME

Edit the .yaml file to include the line specifying nested virtualization is enabled.

If you don’t see any nested virtualization property, just add the following lines. Make sure there are no spaces after.

advancedMachineFeatures:
  enableNestedVirtualization: true

Upload the .yaml file to the Instance/VM so it could update its properties

gcloud compute instances update-from-file VM_NAME --source="Directory\filename.yaml" --most-disruptive-allowed-action=RESTART --zone=ZONE_NAME

Tip: Make sure you turned on the Instance/VM when you gathered info about its properties (gcloud compute instances export).

I successfully displayed the info in shell even if the instance/vm is turned off.
However, when the its turned off, I encountered a “Could not fetch resource” error then a fingerprint mismatch error — when I tried the gcloud compute instances update-from-file command trying to enable nestedvirtualization.
I don’t know the exact reason but turning on the instance/vm > gather the properties via export command > add ‘enableNestedVirtualization: true’ in yaml > update the properties via update-from-file command worked.
Basically just turn on the VM on this process. :D

Allow the necessary ports in VPC to access CML Web Console (TCP 9090) and CML UI (HTTPS 443)

Edit the Firewall Rules (Allow TCP 9090 and HTTPS)

CML has 2 accounts and UI, Console (TCP 9090) is for editing its settings and UI (TCP 443) is for accessing your lab.

VPC Network > Firewall > VPC Firewall Rules > Create a Firewall Rule

then allow the necessary ports and IP addresses