Scribd
Upload
32 views139 pages

05 Virtual Machines

This document provides an overview of virtual machines (VMs) on Google Cloud Platform (GCP). It discusses the different types of GCP services that can act as VMs, with Compute Engine being the most common IaaS offering. The document outlines key components of Compute Engine VMs, including machine types, disks, networking, and images. It notes that images define the boot loader, OS, and any additional software for a VM. Upcoming sections will provide deeper discussions on images and other VM options.

Uploaded by

satriowahyu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
32 views139 pages

05 Virtual Machines

This document provides an overview of virtual machines (VMs) on Google Cloud Platform (GCP). It discusses the different types of GCP services that can act as VMs, with Compute Engine being the most common IaaS offering. The document outlines key components of Compute Engine VMs, including machine types, disks, networking, and images. It notes that images define the boot loader, OS, and any additional software for a VM. Upcoming sections will provide deeper discussions on images and other VM options.

Uploaded by

satriowahyu
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 139

PIERIAN CLOUD

Google Cloud Associate Cloud Engineer

Virtual Machines
Google Cloud Associate Cloud Engineer

● One of the most common use cases of the cloud is


using virtual machines.
● We’ve covered some aspects of virtual machines, but
this section will take a much deeper look at the
various aspects of virtual machines on Google Cloud.
Google Cloud Associate Cloud Engineer

● Section Overview:
○ Compute Engine Overview
○ VM Options:
■ Image
■ Disk
■ Compute
○ VM Lifecycle
○ Compute Pricing Considerations
○ Common VM Actions
Google Cloud Associate Cloud Engineer

Let’s get started!


Google Cloud Associate Cloud Engineer

Compute Engine
Overview
Google Cloud Associate Cloud Engineer

● While you will most commonly start off with


Compute Engine as your VM on Google Cloud, we
should note there are a variety of services and
technologies that act as VMs on GCP.
● Let’s briefly go over their differences and use cases.
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

Language Service Scaling Use


Support Type Type Case

Compute Server General


Any IaaS
Engine Autoscaling Workloads

Kubernetes
IaaS Container
Engine Any Cluster
PaaS Workloads

App Engine Python, Node.js, Autoscaling Web Apps


(Standard and Go, Java, PHP, PaaS Managed
Flexible) Ruby, .NET Servers Mobile Backends

Cloud Python, Node.js, Microservices Event


Serverless
Functions Go Architecture Actions
Google Cloud Associate Cloud Engineer

● Compute Engine provides predefined instances for


general computing, compute optimized, and memory
optimized.
● You can also define your own custom VM for your
own special use cases.
Google Cloud Associate Cloud Engineer

● Compute Engine is GCP’s core IaaS (Infrastructure as


a Service) offering.
● You define your machine type:
○ vCPUs
○ RAM
○ Disk
○ Networking
○ OS (Image)
Google Cloud Associate Cloud Engineer

● Let’s briefly go through some of these key


components of a Compute Engine.
● Later on we’ll do deeper dives into some of the
components, like Disk and Image.
Google Cloud Associate Cloud Engineer

● Compute
○ Each virtual CPU (vCPU) is implemented as a
single hardware multithread on one of the available
CPU processors.
○ Different generations of Compute Engine will have
different Intel CPU chips available (and different
costs).
Google Cloud Associate Cloud Engineer

● Compute
○ For applications that work better on GPUs,
Compute Engine also has a variety of NVIDIA
GPU options available for use.
○ TPU (Tensor Processing Units) for specialized
deep learning tasks are also available.
Google Cloud Associate Cloud Engineer

● Compute
○ You can also specify the RAM (Random Access
Memory) available to the VM instance.
○ Very high memory VMs are available (e.g. 3.75
TB RAM) but be aware of their price!
Google Cloud Associate Cloud Engineer

● Throughput Bandwidths
○ Network scales to 2 Gb per second (Gbps) per
vCPU.
○ Max of 32 Gbps with 16 vCPU or 100 Gbps with
V100, T4, and A100 GPUs.
Google Cloud Associate Cloud Engineer

● Disk Options
○ Standard
■ Spinning hard disk drive
○ SSD
■ Solid State Drives
○ Local SSD
■ Gone once instance is stopped or terminated.
Google Cloud Associate Cloud Engineer

● Networking
○ Default, Auto, Custom Networks
○ Firewall Rules
○ Load Balancing
○ Subnetwork Connections
Google Cloud Associate Cloud Engineer

● Review:
○ We discussed the VM options on Google Cloud
and went over some key components when
creating a new Compute Engine instance.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll have a deeper discussion on Images for your
VM instance.
Google Cloud Associate Cloud Engineer

Image Options
Google Cloud Associate Cloud Engineer

● An image for a VM instance includes a boot loader,


operating system, file system structure, and any
additional software or customizations you want to
add.
Google Cloud Associate Cloud Engineer

● When you create a new


VM Instance, you can
specify an image for the
VM.
Google Cloud Associate Cloud Engineer

● There are two main types of images:


○ Public Image
○ Custom Image
Google Cloud Associate Cloud Engineer

● Public Image:
○ Linux
■ CentOS, CoreOS, Debian, Ubuntu, and more.
○ Windows
■ Windows Server
■ SQL Server Pre-Installed on Windows
Google Cloud Associate Cloud Engineer

● Public Image:
○ Google, 3rd Party, and Premium Images are
available as well.
○ For example, a “Deep Learning on Linux” OS can
be provided with common machine learning
libraries installed and optimized for Intel.
Google Cloud Associate Cloud Engineer

● Public Image:
○ Be aware that certain premium images may have
an increased pricing structure and charge per
minute.
○ Review your VM pricing forecast after selecting
the Image and remember to explore the
marketplace.
Google Cloud Associate Cloud Engineer

● Custom Image:
○ You can create a custom image by pre-installing
software for your VM instance.
Google Cloud Associate Cloud Engineer

● Custom Image:
○ You can also import images from your own
premises, workstations, or even other cloud
providers.
○ GCP also offers a variety of Image management
features.
Google Cloud Associate Cloud Engineer

● A machine image is a Compute Engine resource that


stores all the configuration, metadata, permissions,
and data from multiple disks of a virtual machine
(VM) instance.
● You can use a machine image in many system
maintenance, backup and recovery, and instance
cloning scenarios.
Google Cloud Associate Cloud Engineer
Persistent disk
Scenarios Machine image Custom image Instance template
snapshot

Single disk backup Yes Yes Yes No

Multiple disk
Yes No No No
backup

Differential backup Yes Yes No No

Instance cloning Yes No Yes Yes

Base image for


No No Yes No
replication
Google Cloud Associate Cloud Engineer

● Review:
○ We explored the variety of options available for
Images when creating a VM instance and the
ability to create backups with a machine image.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll dive deeper into disk options when creating
a VM instance.
Google Cloud Associate Cloud Engineer

Disk Options
Google Cloud Associate Cloud Engineer

● After deciding on an Image, you have an operating


system in place.
● However, this OS and corresponding image need to
be on a disk to be booted from which is actually
separate from the VM.
● Let’s explore our disk options…
Google Cloud Associate Cloud Engineer

● Boot Disk
○ Every VM comes with a single root persistent disk
■ Bootable
● Can be attached to a VM and VM can boot
from it.
■ Durable
● Can “survive” a VM termination.
Google Cloud Associate Cloud Engineer

● Boot Disk
○ For durability beyond the VM termination, disable
the option:
■ “Delete boot disk when instance is deleted”
Google Cloud Associate Cloud Engineer

● Persistent Disk
○ Attached to the VM through the network interface
allowing for snapshots which are “in the moment”
incremental backups.
○ Users can choose between HDD or SSD for better
performance (with costs).
Google Cloud Associate Cloud Engineer

● Persistent Disk
○ Disks can be resized even if already attached to a
VM and running.
○ Can be attached to multiple VMs in a “read only”
mode.
Google Cloud Associate Cloud Engineer

● Persistent Disk
○ GCP encrypts all data at rest by default.
○ GCP also manages the encryption key for you, but
does give you the option to have customer
managed or customer supplied keys as well.
Google Cloud Associate Cloud Engineer

● Persistent Disk
○ There are several options for disks available.
○ More info:
■ cloud.google.com/compute/docs/disks
Google Cloud Associate Cloud Engineer

Zonal Regional Zonal Regional


Zonal Regional Zonal Cloud Storage
standard standard balanced balanced Local SSDs
SSD PD SSD PD extreme PD buckets
PD PD PD PD

Efficient and Efficient and Cost-effective Cost-effective Fast and Fast and Highest High Affordable
reliable block reliable block and reliable block and reliable block reliable block reliable block performance performance object storage
storage storage with storage storage with storage storage with persistent block local block
synchronous synchronous synchronous storage option storage
replication replication across replication
across two two zones in a across two
zones in a region zones in a
region region
Google Cloud Associate Cloud Engineer

Zonal Regional Zonal Regional


Zonal Regional Zonal Cloud Storage
standard standard balanced balanced Local SSDs
SSD PD SSD PD extreme PD buckets
PD PD PD PD

Efficient and Efficient and Cost-effective Cost-effective Fast and Fast and Highest High Affordable
reliable block reliable block and reliable block and reliable block reliable block reliable block performance performance object storage
storage storage with storage storage with storage storage with persistent block local block
synchronous synchronous synchronous storage option storage
replication replication across replication
across two two zones in a across two
zones in a region zones in a
region region
Google Cloud Associate Cloud Engineer

● Local SSD
○ Physically attached to the VM
■ Lower Latency
■ Higher Throughput (at higher cost)
■ VM Specific
■ Data does not survive a stop or termination
Google Cloud Associate Cloud Engineer

● RAM Disk
○ You can use tmpfs command to use RAM disks.
○ You can allocate some of this memory to create a
RAM disk with exceptionally low latency and high
throughput.
○ RAM disks work well when your application
expects a file system structure and cannot simply
store its data in memory.
Google Cloud Associate Cloud Engineer

● RAM Disk
○ RAM disks alone do not provide any storage
redundancy or flexibility, so it is best to use RAM
disks in combination with other instance storage
options.
Google Cloud Associate Cloud Engineer

● RAM Disk
○ RAM disks share instance memory with your
applications. If your instances do not have
enough memory to contain RAM disks and your
applications, create instances with high-memory
machine types or upgrade your existing instances
to add more memory.
Google Cloud Associate Cloud Engineer

PD - HDD PD - SSD Local SSD RAM Disk

High IO per Low Latency but


General and bulk Volatile I/O per
Use Case second and low with no persistent
file storage second
latency data

Bootable Yes Yes Yes N/A

Snapshots Yes Yes No No

Data Redundancy Yes Yes No No

Encryption Yes Yes Yes N/A


Google Cloud Associate Cloud Engineer

● Keep in mind that in the end, just like virtual


networks and virtual machines, a persistent disk is a
cloud feature that is virtually connected to your VM
through software.
○ Except in the case of a Local SSD
Google Cloud Associate Cloud Engineer

● This means we can easily resize the cloud persistent


disks, have automatic encryption, and use built-in
snapshot services.
● All of these features are not possible or very difficult
to achieve with classic physical computer hardware
disks.
Google Cloud Associate Cloud Engineer

● Review:
○ We have lots of options for disks for our VMs and
many advantages come from the persistent cloud
aspects of the disks.
Google Cloud Associate Cloud Engineer

● Up Next:
○ Let’s explore the options available for compute on
an instance.
Google Cloud Associate Cloud Engineer

Compute Options
Google Cloud Associate Cloud Engineer

● We’ve mentioned there are different machine types,


let’s take a look at the different options we have
available.
Google Cloud Associate Cloud Engineer

● Machine Families
○ A curated set of processor and hardware
configurations optimized for specific workloads.
When you create a VM instance, you choose a
predefined or custom machine type from your
preferred machine family.
Google Cloud Associate Cloud Engineer

● Series
○ Machine families are further classified by series
and generation. For example, the N1 series within
the general-purpose machine family is the older
version of the N2 series. Generally, generations of
a machine series use a higher number to describe
the newer generation.
Google Cloud Associate Cloud Engineer

● Machine Type
○ Every machine series has predefined machine
types that provide a set of resources for your VM.
If a predefined machine type does not meet your
needs, you can also create a custom machine type.
Google Cloud Associate Cloud Engineer

● Machine Family Options:


○ General Purpose
○ Compute Optimized
○ Memory Optimized
○ Accelerator Optimized
Google Cloud Associate Cloud Engineer

● Machine Family Options:


○ General Purpose
■ Best price-performance ratio for a variety of
workloads.
Google Cloud Associate Cloud Engineer

● Machine Family Options:


○ Compute-optimized
■ Highest performance per core on Compute
Engine and optimized for compute-intensive
workloads.
Google Cloud Associate Cloud Engineer

● Machine Family Options:


○ Memory-optimized
■ Ideal for memory-intensive workloads, offering
more memory per core than other machine
families, with up to 12 TB of memory.
Google Cloud Associate Cloud Engineer

● Machine Family Options:


○ Accelerator-optimized
■ Ideal for massively parallelized Compute
Unified Device Architecture (CUDA) compute
workloads, such as machine learning (ML) and
high performance computing (HPC).
Google Cloud Associate Cloud Engineer

● Information on the details regarding machine families,


series, and types can be found here:
○ cloud.google.com/compute/docs/ machine-types
Google Cloud Associate Cloud Engineer

● Custom Compute Options:


○ Specify Cores and Memory to fit your use case.
Google Cloud Associate Cloud Engineer

● Custom Compute Options:


○ Keep in mind not every Region or Zone contains
all possible hardware.
○ You may need to switch zones if looking for a
particular GPU for example.
Google Cloud Associate Cloud Engineer

● Review:
○ We learned about the compute options available
when creating a VM instance.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll create a new VM instance and explore the
topics we discussed on the Google Cloud Console.
Google Cloud Associate Cloud Engineer

VM Lifecycle
Google Cloud Associate Cloud Engineer

● When creating a new VM instance, the creator has full


root privileges on that instance.
● Accessing an instance is slightly different depending
on the base OS Image.
Google Cloud Associate Cloud Engineer

● Linux OS:
○ SSH from GCP Console or Cloudshell
○ Can also generate key pairs
○ Information:
■ cloud.google.com/compute/docs/
instances/connecting-to-instance
Google Cloud Associate Cloud Engineer

● Windows OS:
○ RDP (Remote Desktop Protocol)
○ Powershell Terminal and setting Windows
Password
○ Information:
■ cloud.google.com/compute/docs/
instances/connecting-to-windows
Google Cloud Associate Cloud Engineer

● Now that we understand how to access our VM


instance, let’s explore the VM lifecycle!
Google Cloud Associate Cloud Engineer

Provisioning

vCPU + Memory

Root Disk
Persistent Disk

Added Disks
Google Cloud Associate Cloud Engineer

Provisioning Staging

vCPU + Memory IP Addresses

Root Disk
System Image
Persistent Disk

Added Disks Boot Process


Google Cloud Associate Cloud Engineer

Provisioning Staging Running

vCPU + Memory IP Addresses Startup Script

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Change/Modify


Google Cloud Associate Cloud Engineer

Provisioning Staging Running


Modifying VM

vCPU + Memory IP Addresses Startup Script Moving VM to


another Zone

Snapshot of
Persistent Disk
Root Disk Access with
System Image
Persistent Disk SSH/RDP
Export System
Image

Added Disks Boot Process Change/Modify set or get


metadata
Google Cloud Associate Cloud Engineer

Provisioning Staging Running

vCPU + Memory IP Addresses Startup Script

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer

Provisioning Staging Running Stopping

Shutdown
vCPU + Memory IP Addresses Startup Script
Script

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer

Provisioning Staging Running Stopping Terminated

Shutdown Availability
vCPU + Memory IP Addresses Startup Script
Script Policy

Delete

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer
RESTART

Provisioning Staging Running Stopping Terminated

Shutdown Availability
vCPU + Memory IP Addresses Startup Script
Script Policy

Delete

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer

Provisioning Staging Running Stopping Terminated

Shutdown Availability
vCPU + Memory IP Addresses Startup Script
Script Policy

Delete

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer
RESET

Provisioning Staging Running Stopping Terminated

Shutdown Availability
vCPU + Memory IP Addresses Startup Script
Script Policy

Delete

Root Disk Access with


System Image
Persistent Disk SSH/RDP

Added Disks Boot Process Modifying VM


Google Cloud Associate Cloud Engineer

● Review:
○ We learned about the typical VM lifecycle
including provisioning, staging, running, stopping,
and terminating an instance.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll explore considerations on compute pricing.
Google Cloud Associate Cloud Engineer

Compute Pricing
Google Cloud Associate Cloud Engineer

● Let’s discuss the pricing of using the compute engine


as well as some useful discounts
Google Cloud Associate Cloud Engineer

● GCP offers per-second billing for compute usage


(minimum of 1 minute):
○ vCPUs, GPUs, and GB of Memory
● Each vCPU and each GB of memory is billed
separately.
Google Cloud Associate Cloud Engineer

● Machine Type Recommendations:


○ Compute Engine provides machine type
recommendations to help you optimize the
resource utilization of your virtual machine (VM)
instances.
Google Cloud Associate Cloud Engineer

● Machine Type Recommendations:


○ These recommendations are generated
automatically based on system metrics gathered by
the Cloud Monitoring service over the previous 8
days.
Google Cloud Associate Cloud Engineer

● Machine Type Recommendations:


○ Use these recommendations to resize your
instance's machine type to more efficiently use the
instance's resources.
○ This feature is also known as rightsizing
recommendations.
Google Cloud Associate Cloud Engineer

● Discount Types:
○ Sustained Use
○ Committed Use
○ Preemptible VM Instances
● Discount types can not be combined.
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts


○ Automatic discounts for running specific Compute
Engine resources a significant portion of the
billing month.
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts


○ For example, when you run one of these resources
for more than 25% of a month, Compute Engine
automatically gives you a discount for every
incremental minute you use for that instance.
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts


○ These discounts can be significant:
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts


○ GCP is able to calculate the sustained usage at a
resource level.
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts

Week 1 Week 2 (-10%) Week 3 (-20%) Week 4 (-


30%)
Google Cloud Associate Cloud Engineer

● Sustained Use Discounts

Week 1 Week 2 (-10%) Week 3 (-20%) Week 4 (-


30%)

Week 1 Week 2 (-10%)


Google Cloud Associate Cloud Engineer

● Sustained Use Discounts


○ cloud.google.com/compute/docs/ sustained-use-
discounts
Google Cloud Associate Cloud Engineer

● Committed Use Discounts


○ Compute Engine lets you purchase and renew
committed use discounts in return for deeply
discounted prices for VM usage.
○ These discounts are referred to as resource-based
committed use discounts.
Google Cloud Associate Cloud Engineer

● Committed Use Discounts


○ Information on signing up for committed use
discounts:
■ cloud.google.com/compute/docs/
instances/signing-up-committed-use-
discounts
Google Cloud Associate Cloud Engineer

● Preemptible Instances
○ Preemptible VM instances are available at much
lower price—a 60-91% discount—compared to the
price of standard VMs. However, Compute Engine
might stop (preempt) these instances if it needs to
reclaim the compute capacity for allocation to
other VMs.
Google Cloud Associate Cloud Engineer

● Preemptible Instances
○ Preemptible instances use excess Compute Engine
capacity, so their availability varies with usage.
○ If your apps are fault-tolerant and can withstand
possible instance preemptions this can reduce your
Compute Engine costs significantly.
Google Cloud Associate Cloud Engineer

● Preemptible Instances
○ No charge if terminated in first minute
○ 24 hours maximum
○ Only 30 second termination warning
■ Not guaranteed to warn
○ No live migrate
○ No auto restart
Google Cloud Associate Cloud Engineer

● Preemptible Instances
○ Preemptible instances information and pricing:
■ cloud.google.com/compute/docs/
instances/preemptible
Google Cloud Associate Cloud Engineer

● For full information on compute pricing make sure to


check out the docs:
○ cloud.google.com/compute/all-pricing
Google Cloud Associate Cloud Engineer

● Review:
○ We covered the pricing mechanics of compute
engine and discussed discounts.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll discuss some more specialized compute
options.
Google Cloud Associate Cloud Engineer

Special Compute
Options
Google Cloud Associate Cloud Engineer

● There are sometimes situations where compliance or


security necessitates that your VM has physical
isolation from other workloads.
● In these cases you can use sole tenant nodes to have
access to a physical Compute Engine server that is
dedicated to hosting only your project's VMs.
Google Cloud Associate Cloud Engineer

Multi-Tenant Nodes Sole Tenant Nodes

VM VM VM VM VM VM

Hypervisor Hypervisor

Hardware Hardware
Google Cloud Associate Cloud Engineer

● Sole Tenant Nodes:


○ VMs running on sole-tenant nodes can use the
same Compute Engine features as other VMs,
including transparent scheduling and block
storage, but with an added layer of hardware
isolation.
Google Cloud Associate Cloud Engineer

● Sole Tenant Nodes:


○ Within a sole-tenant node, you can provision
multiple VMs on machine types of various sizes,
which lets you efficiently use the underlying
resources of the dedicated host hardware.
Google Cloud Associate Cloud Engineer

● Sole Tenant Nodes:


○ Since you aren't sharing the host hardware with
other projects, you can meet security or
compliance requirements with workloads that
require physical isolation from other workloads or
VMs.
Google Cloud Associate Cloud Engineer

● Sole Tenant Nodes:


○ More information at:
■ https://cloud.google.com/compute/
docs/nodes/sole-tenant-nodes
Google Cloud Associate Cloud Engineer

● When security is a very high priority issue (beyond


normal GCP security and encryption practices), you
can use GCP Shielded VMs.
Google Cloud Associate Cloud Engineer

● Shielded VMs:
○ Shielded VMs are virtual machines (VMs) on
Google Cloud hardened by a set of security
controls that help defend against rootkits and
bootkits.
Google Cloud Associate Cloud Engineer

● Shielded VMs:
○ Using Shielded VMs helps protect enterprise
workloads from threats like remote attacks,
privilege escalation, and malicious insiders.
Google Cloud Associate Cloud Engineer

● Shielded VMs:
○ Shielded VMs leverage advanced platform security
capabilities such as secure and measured boot, a
virtual trusted platform module (vTPM), UEFI
firmware, and integrity monitoring.
Google Cloud Associate Cloud Engineer

● Shielded VMs:
○ In summary, Shielded VM offers verifiable
integrity of your compute engine instances using:
■ Secure Boot
■ Virtual Trusted Platform Module
■ Integrity Monitoring
Google Cloud Associate Cloud Engineer

● Shielded VMs:
○ More information at:
■ cloud.google.com/compute/
shielded-vm/docs/shielded-vm
Google Cloud Associate Cloud Engineer

● Review:
○ We learned about special VM options including
Sole-Tenant Nodes and Shielded VMs.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll explore some common actions performed
with VMs
Google Cloud Associate Cloud Engineer

VM Actions
Google Cloud Associate Cloud Engineer

● Let’s quickly explore the specifics around some


common VM actions:
○ Working with Metadata
○ Moving a VM Zone or Region
○ Creating a Snapshot
○ Resizing Persistent Disk
Google Cloud Associate Cloud Engineer

● Instance Metadata:
○ Every virtual machine (VM) instance stores its
metadata on a metadata server. Your VM
automatically has access to the metadata server
API without any additional authorization.
Metadata is stored as key:value pairs.
Google Cloud Associate Cloud Engineer

● Instance Metadata:
○ There is a default set of metadata keys that are
available for VMs running on Compute Engine.
○ To query metadata:
■ cloud.google.com/compute/docs/
metadata/querying-metadata
Google Cloud Associate Cloud Engineer

● Instance Metadata:
○ For example, a VM’s external IP Address is part of
its metadata.
○ You can write a script that uses that piece of
metadata to set up a separate database.
○ Default key:value pairs are the same across all
VMs, making scripts robust.
Google Cloud Associate Cloud Engineer

● Moving a VM Zone (within same region)


○ Very simple and automated process:
■ gcloud compute instances move
○ However, references from other services
connecting to that VM may need to be updating to
reflect the zone change.
Google Cloud Associate Cloud Engineer

● Moving a VM Region
○ Snapshot persistent disks from source.
○ Create new persistent disks in new region (restored from
the snapshots).
○ Create new VM in new region.
○ Attach new persistent disks and assign static IP Address.
○ Update references to VM and delete original snapshot,
disk, and VM.
Google Cloud Associate Cloud Engineer

● Creating a Snapshot
○ Backup data that is critical to cloud storage.
○ Transfer data between zones.
○ Transfer data from one disk type to another disk
type (e.g. PD HDD to PD SSD).
Google Cloud Associate Cloud Engineer

● Creating a Snapshot
○ Not available for Local SSD.
○ Creates incremental backups to Cloud Storage.
○ Snapshots can be restored to new persistent disks.
■ VM Metadata and tags are not saved.
Google Cloud Associate Cloud Engineer

● Resizing a Persistent Disk


○ Often to improve IO performance of an instance
you may find yourself increasing the disk size of a
VM.
○ Note, you can easily add persistent disk without
shutting down your VM, but you can not shrink the
persistent disk.
Google Cloud Associate Cloud Engineer

● Review:
○ We covered some common tasks performed with
VMs.
Google Cloud Associate Cloud Engineer

● Up Next:
○ We’ll go through a comprehensive demo that
combines many of the ideas discussed so far!

You might also like