GCE Flashcards
GCE Configuration: Confidential VM service
Service adds protection to your data in-use by keeping memory of this VM encrypted with keys that Google doesn’t have access to.
GCE Configuration: Boot Disk
Each instance requires a disk to boot from. Select an image or snapshot to create a new boot disk or attach an existing disk to the instance
Deletion Rules:
*Keep boot disk
*delete boot disk
Encryption
Google Managed Key - No configuration
Customer Managed CMEK: managed via Google Cloud Key Management Service
Customer-supplied encryption key CSEK manage outside of Google cloud
GCE Configuration: Identity and API access
Applications running on the VM use the service account to call Google Cloud APis.
Select the service account you want to use an the level of API access you want to allow.
Access Scopes
Default: read only access to storage and service management
write access to stackdriver logging and monitoring, read/write acces to service control
GCE Configuration: Firewall
By default all incoming traffic from outside a network is blocked. Select the type of network traffic you want to allow
GCE Configuration: Observability Ops Agent
The Ops Agent is the primary agent for collecting telemetry from your compute engine instances.
GCE Configuration: Networking
Network tags hostname
Ip Forwarding
forwarding allows the instance to help route packets
NIC
gVNIC
VirtIO
Network Bandwidth
Per VM Tier_1 networking performance offers higher egress bandwidth for VM to VM and VM to Public IP communication.
Maximum outbound network bandwidth: 2Gbps Vm to Public IP: 2 Gbps
GCE Configuration: Security
Shielded VM
Features include trusted UEFI firmware and come with options for secure Boot, vTPM, and integrity monitoring
GCE Configuration: Management
Deletion protection
When deletion protection is enabled, instance cannot be deleted
Reservations
Automation
You can choose to specify a startup script that will run when your instance boots up or restarts. Startup scripts can be used to install software and updates, and to ensure that services are running within the virtual machine
GCE Configuration: Data Encryption
**Google-managed **encryption key
Customer managed encryption CMEK
Available policies
standard for most workloads
Spot Ideal for fault-tolerant workloads
Set a time limit for the VM
A standard VM will run until the set max run duration.
A spot VM may be interrupted prior to the set time
GCE Configuration: Sole-tenancy
CPU Overcommit
Sole-tenant nodes with CPU overcommit provides dedicated access to a physical server with the ability to control the overcommit levels of each virtual machine scheduled onto the node