Operating system details

Automatic updates

By default, this operating system is configured to install security updates by using the RHEL yum-cron or dnf-automatic tool. The updates have the following behaviors:

• The yum-cron or dnf-automatic does not upgrade VMs between major versions of the operating system.
• For CentOS 7, CentOS 8, and CentOS Stream, the upgrade tool is configured to only apply updates marked by the vendor as security updates.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard CentOS images

The CentOS and CentOS Stream images that are provided by Compute Engine, have the following differences in configuration from standard CentOS images:

Package system and repository configuration

• Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Cloud SDK.
• Repositories are set to use the CentOS default mirror network.
  • For CentOS 8 and CentOS Stream 8, the PowerTools repository is enabled.
  • For CentOS 7, EPEL is enabled.
• Automatic updates are configured as follows:
  • For CentOS 7, automatic updates are enabled by using yum-cron.
  • For CentOS 8 and CentOS Stream 8, automatic updates are enabled by using dnf automatic.
  • For all versions, the update_cmd property is set to security .However, by default CentOS does not offer security tagged repositories.
  • IPv6 endpoints are disabled in the yum or dnf config files for all versions.

Network configuration

• IPv6 is enabled.
• The DHCP client is set to retry every 10 seconds instead of every 5 minutes. The client is also set to persistent mode instead of oneshot.
• The SSH server configuration is set up as follows:
  • Password authentication is disabled.
  • To prevent SSH disconnections, ServerAliveInterval and ClientAliveInterval are set to 7 minutes.
  • Root login is disabled.
• /etc/udev/rules.d/75-persistent-net-generator.rules is disabled.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
• By default, all traffic is allowed through the guest firewall because the VPC firewall rules overrides the guest firewall rules. The guest firewall rules remains enabled and can be configured through normal CentOS methods.
• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.
• The I/O scheduler is set to noop.

Additional configuration

• By default, images are 20 GB. This is the recommended minimum size.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine .

Support

This operating system is supported by an open source project or community.

• For issues related to the operating system, please follow the CentOS community support guidance.
• For questions specific to using this operating system on Google Cloud, post your questions to the gce-discussion forum.

Automatic updates

By default, this operating system is configured to install security updates by using Automatic updates. The updates have the following behaviors:

• These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Container-Optimized OS images

Network configuration

• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Support

This operating system has premium support available for purchase. For information about purchasing and using premium support, see the Google Cloud support page.

Automatic updates

By default, this operating system is configured to install security updates by using the Debian UnattendedUpgrades tool. The updates have the following behaviors:

• The UnattendedUpgrades tool does not upgrade VMs between major versions of the operating system.
• The UnattendedUpgrades tool is configured to only automatically apply updates obtained from the Debian security repository.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Debian images

The Debian image build configuration is available in an open source GitHub repository.

• For Debian 10+, the build tools come from the Debian Cloud team image project.
• For Debian 9, build tools come from the now deprecated bootstrap-vz project.

Debian images are always built with the latest Debian packages which reflect the most recent Debian point release.

The Debian images that are provided by Compute Engine, have the following differences in configuration from standard Debian images:

Package system and repository configuration

• Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Cloud SDK. The guest environment packages and the Cloud SDK packages are installed and enabled by default.
• The APT sources are set to use the Debian CDN.
• The Unattended-upgrades package is installed and configured to download and install Debian security updates daily. This can be configured or disabled by changing the values in /etc/apt/apt.conf.d/50unattended-upgrades and /etc/apt/apt.conf.d/02periodic.
• For Debian 10, the cloud-initramfs-growroot package is removed and replaced with the Google supported gce-disk-expand package.
• Debian 10+ includes the following:
  • The linux-image-cloud-amd64 kernel instead of the generic Debian kernel.
  • The haveged package to provide entropy.

Network configuration

• IPv6 is enabled.
• The SSH server configuration is set up as follows:
  • Password authentication is disabled.
  • Root login is disabled.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
• Debian 9 does not use predictive network interface naming. In the grub kernel command-line arguments, net.ifnames=0 is set. Therefore, network interfaces still use the traditional ethN naming, with the default interface always being eth0.
• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.
• The I/O scheduler is set to noop.
• To allow SCSI block multi-queue usage, scsi_mod.use_blk_mq is enabled.

Additional Configuration

• Images are 10 GB by default.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI. There is also an MBR boot block to support BIOS.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Support

This operating system is supported by an open source project or community.

• For issues related to the operating system, please follow the Debian community support guidance.
• For questions specific to using this operating system on Google Cloud, post your questions to the gce-discussion forum.

Automatic updates

By default, this operating system is configured to install security updates by using the FedoraCoreOS automatic update tool. The updates have the following behaviors:

• These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Fedora CoreOS images

Network configuration

• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Support

This operating system is supported by an open source project or community.

• For issues related to the operating system, please follow the Fedora CoreOS community support guidance.
• For questions specific to using this operating system on Google Cloud, post your questions to the gce-discussion forum.

Automatic updates

By default, this operating system is configured to install security updates by using the RHEL yum-cron tool. The updates have the following behaviors:

• These automatic updates from the operating system vendor do not upgrade instances between major versions of the operating system.
• For RHEL 7 and RHEL 8, the operating system is also configured to only apply updates marked by the vendor as security updates.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard RHEL images

The RHEL image build configuration is available in an open source GitHub repository.

RHEL images are always built with the latest RHEL packages, which reflect the most recent point release. Currently, you cannot pin a VM to a point release.

RHEL for SAP images are tagged to the specific point release they are built for as supported by Red Hat.

The RHEL images that are provided by Compute Engine, have the following differences in configuration from standard RHEL images:

Package and repository configuration

• Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Cloud SDK.
• For RHEL 7, EPEL is enabled.
• RHEL for SAP yum vars are set to peg the client to the supported RHEL for SAP point release.
• RHEL content comes from the Compute Engine Red Hat Update Infrastructure (RHUI) servers.
• The Google RHUI client package, which contains the configuration needed to access RHEL content, is installed.
• The Red Hat subscription-manager package is removed because it is not used for RHUI.
• Automatic updates are enabled as follows:
  • For RHEL 7, by using yum-cron .
  • For RHEL 8+, by using dnf automatic.
  • For all versions, the update_cmd property is set to security .
  • IPv6 endpoints are disabled in the yum or dnf config files.

Network Configuration

• IPv6 is enabled.
• The DHCP client is set to retry every 10 seconds instead of every 5 minutes. The client is also set to persistent mode instead of oneshot.
• The SSH server configuration is set up as follows:
  • Password authentication is disabled.
  • To prevent SSH disconnections, ServerAliveInterval and ClientAliveInterval are set to 7 minutes.
  • Root login is disabled.
• /etc/udev/rules.d/75-persistent-net-generator.rules is disabled.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
• By default, all traffic is allowed through the guest firewall because the VPC firewall rules overrides the guest firewall rules. The guest firewall rules remains enabled and can be configured through normal RHEL methods.
• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.
• The I/O scheduler is set to noop.

Additional configuration

• By default, images are 20 GB. This is the recommended minimum size.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Support

Google partners with RedHat to provide support for RHEL images.

For questions specific to using this operating system on Google Cloud, complete one of the following steps:

• If you have paid support with Google Cloud, file a support case through Google Cloud support.
• Post your questions to the gce-discussion forum.

Google Cloud will file issues to the operating system vendor on your behalf if the issue is with the operating system.

Automatic updates

By default, this operating system is configured to install security updates by using the dnf-automatic tool. The updates have the following behaviors:

• dnf-automatic does not upgrade VMs between major versions of the operating system.
• The upgrade tool is configured to only apply updates marked by the vendor as security updates.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Rocky Linux images

The Rocky Linux images that are provided by Compute Engine, have the following differences in configuration from standard Rocky Linux images:

Package system and repository configuration

• Google Cloud repositories are enabled to install packages for the Compute Engine guest environment and the Cloud SDK.
• Repositories are set to use the Rocky Linux default mirror network.
  • The PowerTools repository is enabled.
• Automatic updates are configured as follows:
  • Automatic updates are enabled by using dnf automatic.
  • For all versions, theupdate_cmd property is set to security.However, by default Rocky Linux does not offer security tagged repositories.
  • IPv6 endpoints are disabled in the dnf config file.

Network configuration

• IPv6 is enabled.
• The DHCP client is set to retry every 10 seconds instead of every 5 minutes. The client is also set to persistent mode instead of oneshot.
• The SSH server configuration is set up as follows:
  • Password authentication is disabled.
  • To prevent SSH disconnections, ServerAliveIntervaland ClientAliveInterval are set to 7 minutes.
  • Root login is disabled.
• /etc/udev/rules.d/75-persistent-net-generator.rules is disabled.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.
• By default, all traffic is allowed through the guest firewall because the VPC firewall rules overrides the guest firewall rules. The guest firewall rules remains enabled and can be configured through normal Rocky Linux methods.
• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.

Additional configuration

• By default, images are 20 GB.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine .

Support

This operating system is supported by an open source project or community.

• For issues related to the operating system, please follow the Rocky Linux community.
• For questions specific to using this operating system on Google Cloud, post your questions to the gce-discussion forum.

Automatic updates

By default, this operating system is configured to "Auto download and schedule the install" for Microsoft updates. To configure Windows Server automatic updates, see Configure Automatic Updates.

Notable differences from standard SQL Server images

• SQL Server images are similar to the standard Windows Server operating system images, but they include SQL Server preinstalled and have the same Notable differences as standard Windows Server images.
• Windows images provided by Google have a hardcoded MTU. For more information about network and interface MTU, see Maximum transmission unit.

Support

Google partners with Microsoft to provide support for SQL Server images. If you have questions about using SQL Server images and have a support plan with Google Cloud, contact Google Cloud support. Otherwise, use the gce-discussion forum. If your issue is with the SQL Server image, Google Cloud reports the issue to Microsoft on your behalf.

Automatic updates

This operating system is not configured to install updates by default. For more information about configuring automatic updates for SLES, see SUSE documentation.

Notable differences from standard SUSE images

Notable differences from standard SUSE images

SLES and SLES for SAP images are built and maintained by SUSE. SLES images are built with the latest SLES packages reflected in their release.

The SUSE images that are provided by Compute Engine, have the following differences in configuration from standard SUSE images:

Package system and repository configuration

• The guest environment for Compute Engine packages are installed from the packages that are supplied by SUSE.
• SLES instances register with a SUSE run SMT service for Compute Engine and are configured to use SUSE regional mirrors in Compute Engine.

Network configuration

• IPv6 is enabled.
• The SSH server configuration is set to disable password authentication.
• SLES does not use predictive network interface naming. In the grub kernel command-line arguments, net.ifnames=0 is set. Therefore, network interfaces use the traditional ethN naming, with the default interface always being eth0.
• VMs based on Google-provided Linux images get their interface MTU from the attached VPC MTU. VMs based on custom images or older Linux images may have their MTU's hardcoded. In these cases, you have to change the setting yourself if you want to connect the interface to a network with an MTU other than 1460. For more information about network and interface MTU, see Maximum transmission unit.

Additional configuration

• Images are 10 GB by default.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI. There is also an MBR boot block to support BIOS.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Support

Google partners with SUSE to provide support for SUSE images.

For questions specific to using this operating system on Google Cloud, complete one of the following steps:

• If you have paid support with Google Cloud, file a support case through Google Cloud support.
• Post your questions to the gce-discussion forum.

Google Cloud will file issues to the operating system vendor on your behalf if the issue is with the operating system.

Automatic updates

By default, this operating system is configured to install security updates by using the Ubuntu AutomaticSecurityUpdates tool. The updates have the following behaviors:

• The AutomaticSecurityUpdates tool does not upgrade VMs between major versions of the operating system.
• The AutomaticSecurityUpdates tool is configured to only automatically apply updates obtained from the Ubuntu security repository.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Ubuntu images

Ubuntu images are built and maintained by Canonical. Ubuntu images are always built with the latest Ubuntu packages which reflect the most recent Ubuntu point release.

The Ubuntu images that are provided by Compute Engine, have the following differences in configuration from standard Ubuntu images:

Package system and repository configuration

• The guest environment for Compute Engine packages are installed from the Ubuntu supplied packages.
• For Ubuntu 18.04+, the Cloud SDK is installed and maintained as a snap package.
• The APT sources are set to use the Ubuntu Compute Engine mirrors via cloud-init.
• The Unattended-upgrades package is installed and configured to download and install Debian security updates daily. This can be configured or disabled by changing the values in /etc/apt/apt.conf.d/50unattended-upgrades and /etc/apt/apt.conf.d/02periodic.
• The linux-image-gcp kernel is used instead of the generic Ubuntu kernel. The Google Cloud kernel reflects the latest rolling HWE kernel for Ubuntu LTS.

Network Configuration

• IPv6 is enabled.
• The SSH server configuration is set to disable password authentication.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.
• To allow SCSI block multi-queue usage, scsi_mod.use_blk_mq is enabled.

Additional configuration

• Images are 10 GB by default.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI. There is also an MBR boot block to support BIOS.
• Ubuntu uses cloud-init to do some boot time initialization. The cloud.cfg file is configured for Compute Engine and enables only the cloud-init modules that are used.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Support

This operating system is supported by an open source project or community.

• For issues related to the operating system, please follow the Ubuntu community support guidance.
• For questions specific to using this operating system on Google Cloud, post your questions to the gce-discussion forum.

This operating system also has premium support available for purchase from Ubuntu. For information about purchasing and using premium support, see the Ubuntu documentation.

Automatic updates

By default, this operating system is configured to install security updates by using the Ubuntu AutomaticSecurityUpdates tool. The updates have the following behaviors:

• The AutomaticSecurityUpdates tool does not upgrade VMs between major versions of the operating system.
• The AutomaticSecurityUpdates tool is configured to only automatically apply updates obtained from the Ubuntu security repository.
• Some updates require reboots to take effect. These reboots do not happen automatically.

Notable differences from standard Ubuntu images

Ubuntu Pro images are built and maintained by Canonical. Ubuntu Pro images are always built with the latest Ubuntu packages which reflect the most recent Ubuntu point release.

The Ubuntu Pro images that are provided by Compute Engine, have the following differences in configuration from standard Ubuntu images:

Package system and repository configuration

• The guest environment for Compute Engine packages are installed from the Ubuntu supplied packages.
• The Cloud SDK is installed and maintained as a snap package.
• The APT sources are set to use the Ubuntu Compute Engine mirrors via cloud-init.
• The Unattended-upgrades package is installed and configured to download and install Debian security updates daily. This can be configured or disabled by changing the values in /etc/apt/apt.conf.d/50unattended-upgrades and /etc/apt/apt.conf.d/02periodic.
• The linux-image-gcp kernel is used instead of the generic Ubuntu kernel. The Google Cloud kernel reflects the latest rolling HWE kernel for Ubuntu LTS.

Network Configuration

• IPv6 is enabled.
• The SSH server configuration is set to disable password authentication.
• To prevent MAC addresses from persisting, /etc/udev/rules.d/70-persistent-net.rules is removed.

Bootloader configuration

• To force faster boot times, the boot timeout in the grub configuration is set to 0.
• To allow SCSI block multi-queue usage, scsi_mod.use_blk_mq is enabled.

Additional configuration

• Images are 10 GB by default.
• The partition table is GPT, and there is an EFI partition to support booting on UEFI. There is also an MBR boot block to support BIOS.
• Ubuntu uses cloud-init to do some boot time initialization. The cloud.cfg file is configured for Compute Engine and enables only the cloud-init modules that are used.
• There are no local users configured with passwords.
• The NTP server is set to use the Compute Engine metadata server.
• The floppy module is disabled because there is no floppy disk controller on Compute Engine.

Support

This operating system has premium support available for purchase from Ubuntu. For information about purchasing and using premium support, see the Ubuntu documentation.

Automatic updates

The Windows client update settings determine how versions of Windows client use Windows Updates. To configure Windows automatic updates, see Configure Automatic Updates.

Notable differences from standard Windows client images

Network configuration

• Windows images provided by Google have a hardcoded MTU. For more information about network and interface MTU, see Maximum transmission unit.

Support

Although Google supports bringing your own licenses, but not the image, with Windows client, Google does not provide support for the Windows client image. For licensing support, which is included in your BYOL contract, please contact Microsoft Support. For questions about tools related to BYOL, please contact Google Cloud support.

Automatic updates

By default, this operating system is configured to "Auto download and schedule the install" for Microsoft updates. To configure Windows Server automatic updates, see Configure Automatic Updates.

Notable differences from standard Windows Server images

Windows Server images are built with the latest updates, but have the following differences in configuration from standard Windows Server images:

Account configuration

• The Administrator account is disabled.
• User passwords must be at least eight characters long.
• The LocalAccountTokenFilterPolicy property is enabled to grant access to administrative file shares.

Activation configuration

• Windows Server images cannot activate without a network connection to kms.windows.googlecloud.com, and stop functioning if they do not authenticate within 30 days. Make sure to allow access in your VPC network.
• A KMS client key is installed and the KMS client is set to activate by using the Compute Engine KMS servers.

Bootloader configuration

• BootStatusPolicy is set to IgnoreAllFailures.
• Emergency Management Services (EMS) redirection is enabled on the COM2 port. For more information, see bootcfg ems.

Network configuration

• The Compute Engine metadata server is added to the hosts file, which is typically in the %WinDir%\System32\drivers\etc directory.
• The Windows firewall is open to allow communication with the Compute Engine metadata server.
• TCP KeepAliveTime is set to 5 minutes.
• Web Proxy Auto Discovery (WPAD) is disabled.
• The NetKVM adapter is set to use DHCP.
• Remote Desktop (RDP) is enabled and the associated Windows firewall ports opened.
• WinRM over HTTPS is configured using a self signed certificate and the associated Windows firewall ports are open.
• Windows images provided by Google have a hardcoded MTU. For more information about network and interface MTU, see Maximum transmission unit.

Package system and Windows Update

• Windows Server images update automatically according to the default update schedule for Windows Server.
• To install packages for the guest environment, Google Cloud repositories are enabled.
• To manage Compute Engine component packages for Windows, GooGet is installed, which you can configure to update packages automatically.
• The Cloud SDK is installed with its own Python 2.7 environment. Cloud SDK works with project service accounts, instance scopes, and works in PowerShell and the standard command-line environment.
• To boot Windows on Compute Engine, Compute Engine drivers are installed.
• PowerShell v5 and v7 are installed.

Power configuration

• Power settings are changed to never turn off the monitor.

Storage configuration

• The partition table is GPT, and there is an EFI partition to support booting on UEFI.
• The paging file is set to a static size of 1 GB.
• The EnableQueryAccessAlignment property is enabled for the VioSCSI driver.

Time configuration

• The RealTimeIsUniversal registry key is set. The BIOS is a UTC clock, and is not set to the local time.
• The time zone is set to UTC (Coordinated Universal Time).
• NTP is set to sync to the Compute Engine metadata server.

Support

Google partners with Microsoft to provide support for Windows Server images. If you have questions about using Windows Server images and have a support plan with Google Cloud, contact Google Cloud support. Otherwise, use the gce-discussion forum. If your issue is with the Windows Server image, Google Cloud reports the issue to Microsoft on your behalf. For more information about the support policy for OS images, see Support policy for OS images.