Get startedGet started for free

Special compute configurations

1. Special compute configurations

As mentioned earlier, a preemptible VM is an instance that you can create and run at a much lower cost than normal instances. See whether you can make your application function completely on preemptible VMs, because a 60 to 91% discount is a significant investment in your application. Now, just to reiterate, these VMs might be preempted at any time, and there is no charge if that happens within the first minute. Also, preemptible VMs are only going to live for up to 24 hours, and you only get a 30-second notification before the machine is preempted. It's also worth noting that there are no live migrations nor automatic restarts in preemptible VMs, but something that we will highlight is that you can actually create monitoring and load balancers that can start up new preemptible VMs in case of a failure. In other words, there are external ways to keep restarting preemptible VMs if you need to. One major use case for preemptible VMs is running a batch processing job. If some of those instances terminate during processing, the job slows but does not completely stop. Therefore, preemptible instances complete your batch processing tasks without placing additional workload on your existing instances, and without requiring you to pay full price for additional normal instances. Spot VMs are the latest version of preemptible VMs. Spot VMs are virtual machine instances with the spot provisioning model. New and existing preemptible VMs continue to be supported, and preemptible VMs use the same pricing model as Spot VMs. However, Spot VMs provide new features that preemptible VMs do not support. For example, preemptible VMs can only run for up to 24 hours at a time, but Spot VMs do not have a maximum runtime. Like preemptible VMs, Compute Engine might preempt Spot VMs if it needs to reclaim those resources for other tasks. The probability that Compute Engine stops Spot VMs for a system event is generally low, but might vary from day-to-day and from zone-to-zone depending on current conditions. Spot VMs are finite Compute Engine resources, so they might not always be available. Like preemptible VMs, it's worth noting that Spot VMs cannot live-migrate to become standard VMs while they are running or be set to automatically restart when there is a maintenance event. There are many best practices which can help you get the most of using Spot VMs. For example, resources for Spot VMs come out of excess and backup Google Cloud capacity. Capacity for Spot VMs is often easier to get for smaller machine types, meaning machine types with less resources like vCPU and memory. If you have workloads that require physical isolation from other workloads or virtual machines in order to meet compliance requirements, you want to consider sole-tenant nodes. A sole-tenant node is a physical Compute Engine server that is dedicated to hosting VM instances only for your specific project. Use sole-tenant nodes to keep your instances physically separated from instances in other projects, or to group your instances together on the same host hardware. For example, if you have a payment processing workload that needs to be isolated to meet compliance requirements. The diagram on the left shows a normal host with multiple VM instances from multiple customers. A sole-tenant node as shown on the right also has multiple VM instances, but they all belong to the same project. You can also fill the node with multiple smaller VM instances of varying sizes, including custom machine types and instances with extended memory. Also, if you have existing operating system licenses, you can bring them to Compute Engine using sole-tenant nodes while minimizing the physical core usage with the in-place restart feature. For more information on sole tenancy and allowed node types, please refer to the sole-tenancy overview in the documentation. Another compute option is to create shielded VMs. Shielded VMs offer verifiable integrity to your VM instances, so you can be confident that your instances haven't been compromised by boot or kernel-level malware or rootkits. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module or vTPM-enabled Measured Boot, and integrity monitoring. Shielded VMS is the first offering in the Shielded Cloud Initiative. The Shielded Cloud Initiative is meant to provide an even more secure foundation for all of Google Cloud by providing verifiable integrity and offering features, like vTPM shielding or sealing, that help prevent data exfiltration. To use these shielded VM features, you need to select a shielded image. We'll learn about images in the next section. Confidential VMs are a breakthrough technology that allows you to encrypt data in use - while it's been processed. Google Cloud's approach to encrypt data in use is simple, easy-to-use deployment without making any code changes to their applications or having to compromise on performance. You can collaborate with anyone, all while preserving the confidentiality of your data. A Confidential Virtual Machine is a type of N2D Compute Engine VM instance running on hosts based on the second generation of AMD EPYC processors, code-named "Rome". Using AMD Secure Encrypted Virtualization, Confidential VM features built-in optimization of both performance and security for enterprise-class high memory workloads, as well as inline memory encryption that doesn't introduce significant performance penalty to those workloads. The AMD Rome processor family is specifically optimized for compute-heavy workloads, with high memory capacity, high throughput, and support for parallel workloads. In addition, AMD SEV provides for Confidential Computing support. With the confidential execution environments provided by Confidential VM and AMD SEV, Google Cloud keeps customers' sensitive code and other data encrypted in memory during processing. Google does not have access to the encryption keys. You can select the Confidential VM service when creating a new VM using the Google Cloud Console, the Compute Engine API, or the gcloud command-line tool.

2. Let's practice!

Create Your Free Account

or

By continuing, you accept our Terms of Use, our Privacy Policy and that your data is stored in the USA.