Shielded VM
- GCP offers ability to harden your vm instance with security controls which defend against root kits, bootkits and kernel-level malware.
- GCP uses a virtual Trusted Platform Module (vTPM) to provide a virtual root of trust to verify the identity of VM and ensure they are part of specific project or region
- vTPM generates and stores encryption keys at guest os level.
- While creating a vm instance in the security section we have options for shielded vm.
- For a running instance to change shielded vm settings we need to stop the vm instance and edit the settings
Disk Deletion Rule
- Under disk section we will find the deletion rule, this option allows us either delete or keep the boot disk when the vm instance is deleted
Sole Tenant Nodes
- Generally the vm allocation on hardware in zone of gcp will happen as shown below
- Sole tenancy was introduced to GCE in 2018 and is Physical compute enigne server designed for dedicated use
- Comparision
- Sole tenancy have cost implications and not all regions and zones support sole tenancy
GPUs and TPUs
- Along with standard vCPUs, GCE also offers Graphics Processing Units (GPUs). These are graphics-intensive workloads which are used for 3D rendering or virtual applications
- Note GPU’s can only be attache to predefined machine types or custom machine types in certain zones.
- Tensor Processing units (TPUs) are custom desined using Google’s experience in machine Learning (ML) and can be used to maximize performance and flexibility building TensorFlow compute clusters and other ML workloads.
- Navigate to Compute Engine and select TPU’s and then enable API
- Refer Here for understanding tpu architecture
Google cloud shell
- Google cloud shell is a browser based shell which helps in executing gcloud cli
- GCloud reference Refer Here
Exercise
- Lets write a gcloud cli to create a vm instance
- Gcloud compute instance create Refer Here
- For fetching the image details from cli Refer Here
