This page describes how to verify and insert the YubiKeys into Google Distributed Cloud (GDC) air-gapped appliance.
Before you begin
Verify Yubikeys are present
Each GDC air-gapped appliance is shipped with Yubikeys in the original packaging. If the Yubikeys arrive opened (or in damaged packaging), open a support case immediately.
Insert the YubiKeys
You must open each YubiKey and insert them into one of the three servers. Ensure that the YubiKeys are correctly inserted with the gold side facing up, in the same server before boot. If the YubiKeys are not inserted on boot, the OS won't boot and the console shows an error.
After the key is inserted, it is paired with that server and cannot be moved to a different server. The keys can't be used interchangeably.
The Yubikey only needs to be inserted during the boot process. If you remove the Yubikey after the boot process, it doesn't affect the operation of the appliance. If you remove the Yubikey, it must be reinserted in the same node before the next boot.
For more information on the Yubikey model, see https://www.yubico.com/product/yubikey-5-nano-fips/.
What's next
Connect the laptop to the switch