Mantenha tudo organizado com as coleções
Salve e categorize o conteúdo com base nas suas preferências.
Windows
O Compute Engine fornece imagens públicas com o Windows Server que podem ser usadas para criar instâncias. Para instruções sobre como criar uma
instância do Windows Server com o SQL Server pré-instalado, consulte
Como criar instâncias do SQL Server.
Para mais informações sobre as instâncias do Windows Server e os aplicativos do Windows que você pode executar no Compute Engine, consulte Windows no Compute Engine.
Preços
As imagens do Windows Server são premium, e usá-las resulta em
taxas adicionais.
Para criar uma instância com o Windows Server, especifique a família de imagens para a versão específica do Windows de que você precisa.
O Compute Engine oferece várias versões do Windows Server, a maioria delas disponível como imagens de VM protegida.
As imagens de VMs protegidas oferecem recursos de segurança como firmware compatível com UEFI, inicialização segura e inicialização medida e segura de vTPM. Para uma lista das
famílias de imagens disponíveis, consulte
imagens públicas.
Se você precisar de mais de duas sessões de computador remoto simultâneas, será necessário
comprar licenças de acesso ao cliente (CALs, na sigla em inglês) da sessão de área de trabalho remota (RDS, na sigla em inglês). Para mais
informações, consulte Licenciar a implantação do RDS com licenças de acesso para cliente
(CALs).
Trabalhar com o Microsoft Active Directory
Se você planeja usar o Microsoft Active Directory (AD) com a nova instância,
o nome dela não pode ter mais de 15 caracteres para atender às
restrições de comprimento máximo de nome
do sistema.
O AD usa os nomes do NetBIOS de máquinas, que são geradas como o nome da instância
truncado para 15 caracteres. Como resultado, você pode encontrar o seguinte erro
ao tentar fazer login como um usuário de domínio:
The Security Database on the Server does not have a Computer Account for this Workstation Trust Relationship.
Criar uma instância do Windows Server que usa um IP externo para ser ativada
Esta seção descreve como criar uma instância do Windows Server que tenha um endereço IP externo. É preciso configurar sua rede VPC para permitir acesso a kms.windows.googlecloud.com.
Console
Para criar uma VM básica do Windows:
No console do Google Cloud, acesse a página Criar uma instância.
Em Disco de inicialização, selecione Alterar e faça o seguinte:
Na guia Imagens públicas, escolha um sistema operacional Windows Server.
Para salvar a configuração do disco de inicialização, clique em Selecionar.
Opcionalmente, para alterar as configurações de VM protegida da VM, expanda a seção Rede, discos, segurança, gerenciamento, locatário único. Em seguida, faça o seguinte:
Expanda a seção Segurança.
Se você quiser desativar a inicialização segura, desmarque a caixa de seleção Ativar inicialização segura.
A inicialização segura ajuda a proteger as instâncias de VM contra malware e rootkits nos níveis de inicialização e kernel. Para mais informações, consulte Inicialização segura.
Se quiser desativar o módulo da plataforma virtual confiável (vTPM, na sigla em inglês), desmarque a caixa de seleção Ativar vTPM. O vTPM permite a Inicialização medida, que valida a integridade da VM antes e durante a inicialização. Para mais informações, consulte Módulo da plataforma virtual confiável (vTPM).
Se você quiser desativar o monitoramento de integridade, desmarque a caixa de seleção Ativar monitoramento de integridade. O monitoramento de integridade permite monitorar a integridade da inicialização das VMs protegidas usando o Cloud Monitoring.
Para mais informações, consulte Monitoramento de integridade.
Para criar a VM, clique em Criar.
gcloud
Use o
comando
compute images list para ver uma lista de imagens disponíveis
do Windows Server:
gcloud compute images list --project windows-cloud --no-standard-images
Para determinar se uma imagem é compatível com recursos de VM protegida, execute o seguinte comando e verifique se há UEFI_COMPATIBLE na saída:
[BOOT_DISK_SIZE] é o tamanho do disco de inicialização em GB.
Discos permanentes maiores têm
mais capacidade;
[BOOT_DISK_TYPE] é o tipo
de disco de inicialização da instância. Por exemplo, pd-ssd.
Se for escolhida uma imagem compatível com a VM protegida, é possível
alterar as configurações de VM protegida da instância usando uma das
sinalizações a seguir:
--no-shielded-secure-boot: desativar a Inicialização segura.
A inicialização segura ajuda a proteger as instâncias de VM contra malware e rootkits nos níveis de inicialização e kernel. Para mais informações, consulte
Inicialização segura.
--no-shielded-vtpm: desativar o módulo da plataforma virtual confiável
(vTPM, na sigla em inglês). O vTPM permite a Inicialização medida, que valida a integridade da VM antes e durante a inicialização. Para mais informações, consulte Módulo da plataforma virtual confiável (vTPM).
--no-shielded-integrity-monitoring: desativa o monitoramento de integridade.
O monitoramento de integridade permite monitorar a integridade da inicialização das instâncias de VM protegidas usando o Cloud Monitoring.
Para mais informações, consulte
Monitoramento de integridade.
O exemplo a seguir cria uma instância de VM protegida do Windows 2012 com a inicialização segura desativada:
Para criar uma instância com a API, inclua a
propriedade initializeParams
na solicitação de criação da instância e especifique uma imagem do Windows. Por exemplo, o corpo da solicitação pode ter a seguinte aparência:
[BOOT_DISK_SIZE] é o tamanho do disco de inicialização em GB.
Discos permanentes maiores têm
mais capacidade;
[BOOT_DISK_TYPE] é o tipo
do disco de inicialização da instância. Por exemplo, pd-ssd.
Se você tiver escolhido uma imagem compatível com a
VM protegida, será possível
alterar as configurações da VM protegida da instância usando os
itens do corpo da solicitação booleana a seguir:
enableSecureBoot: ativar ou desativar a Inicialização segura.
A inicialização segura ajuda a proteger as instâncias de VM contra malware e rootkits nos níveis de inicialização e kernel. Para mais informações, consulte
Inicialização segura.
enableVtpm: ativar ou desativar o módulo da plataforma virtual confiável
(vTPM, na sigla em inglês). O vTPM permite a Inicialização medida, que valida a integridade da VM antes e durante a inicialização. Para mais informações, consulte Módulo da plataforma virtual confiável (vTPM).
enableIntegrityMonitoring: ativar ou desativar o monitoramento
de integridade. O monitoramento de integridade permite monitorar e verificar a integridade da inicialização do ambiente de execução das instâncias de VM protegidas usando os relatórios do Cloud Monitoring. Para mais informações, consulte
Monitoramento de integridade.
Para mais informações sobre como criar uma instância, leia a documentação de instances.insert().
import com.google.cloud.compute.v1.AccessConfig;
import com.google.cloud.compute.v1.AttachedDisk;
import com.google.cloud.compute.v1.AttachedDiskInitializeParams;
import com.google.cloud.compute.v1.InsertInstanceRequest;
import com.google.cloud.compute.v1.Instance;
import com.google.cloud.compute.v1.InstancesClient;
import com.google.cloud.compute.v1.NetworkInterface;
import com.google.cloud.compute.v1.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
public class CreateWindowsServerInstanceExternalIp {
public static void main(String[] args)
throws IOException, ExecutionException, InterruptedException, TimeoutException {
// TODO(developer): Replace these variables before running the sample.
// projectId - ID or number of the project you want to use.
String projectId = "your-google-cloud-project-id";
// zone - Name of the zone you want to use, for example: us-west3-b
String zone = "europe-central2-b";
// instanceName - Name of the new machine.
String instanceName = "instance-name";
createWindowsServerInstanceExternalIp(projectId, zone, instanceName);
}
// Creates a new Windows Server instance that has an external IP address.
public static void createWindowsServerInstanceExternalIp(String projectId, String zone,
String instanceName)
throws IOException, ExecutionException, InterruptedException, TimeoutException {
// machineType - Machine type you want to create in following format:
// * "zones/{zone}/machineTypes/{type_name}". For example:
// * "zones/europe-west3-c/machineTypes/f1-micro"
// * You can find the list of available machine types using:
// * https://cloud.google.com/sdk/gcloud/reference/compute/machine-types/list
String machineType = "n1-standard-1";
// sourceImageFamily - Name of the public image family for Windows Server or SQL Server images.
// * https://cloud.google.com/compute/docs/images#os-compute-support
String sourceImageFamily = "windows-2012-r2";
// Instantiates a client.
try (InstancesClient instancesClient = InstancesClient.create()) {
AttachedDisk attachedDisk = AttachedDisk.newBuilder()
// Describe the size and source image of the boot disk to attach to the instance.
.setInitializeParams(AttachedDiskInitializeParams.newBuilder()
.setDiskSizeGb(64)
.setSourceImage(
String.format("projects/windows-cloud/global/images/family/%s",
sourceImageFamily))
.build())
.setAutoDelete(true)
.setBoot(true)
.setType(AttachedDisk.Type.PERSISTENT.toString())
.build();
Instance instance = Instance.newBuilder()
.setName(instanceName)
.setMachineType(String.format("zones/%s/machineTypes/%s", zone, machineType))
.addDisks(attachedDisk)
.addNetworkInterfaces(NetworkInterface.newBuilder()
.addAccessConfigs(AccessConfig.newBuilder()
.setType("ONE_TO_ONE_NAT")
.setName("External NAT")
.build())
// If you're going to use a custom VPC network, it must be configured
// to allow access to kms.windows.googlecloud.com.
// https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server.
.setName("global/networks/default")
.build())
// If you chose an image that supports Shielded VM, you can optionally change the
// instance's Shielded VM settings.
// .setShieldedInstanceConfig(ShieldedInstanceConfig.newBuilder()
// .setEnableSecureBoot(true)
// .setEnableVtpm(true)
// .setEnableIntegrityMonitoring(true)
// .build())
.build();
InsertInstanceRequest request = InsertInstanceRequest.newBuilder()
.setProject(projectId)
.setZone(zone)
.setInstanceResource(instance)
.build();
// Wait for the operation to complete.
Operation operation = instancesClient.insertAsync(request).get(5, TimeUnit.MINUTES);
if (operation.hasError()) {
System.out.printf("Error in creating instance %s", operation.getError());
return;
}
System.out.printf("Instance created %s", instanceName);
}
}
}
from __future__ import annotations
import re
import sys
from typing import Any
import warnings
from google.api_core.extended_operation import ExtendedOperation
from google.cloud import compute_v1
def get_image_from_family(project: str, family: str) -> compute_v1.Image:
"""
Retrieve the newest image that is part of a given family in a project.
Args:
project: project ID or project number of the Cloud project you want to get image from.
family: name of the image family you want to get image from.
Returns:
An Image object.
"""
image_client = compute_v1.ImagesClient()
# List of public operating system (OS) images: https://cloud.google.com/compute/docs/images/os-details
newest_image = image_client.get_from_family(project=project, family=family)
return newest_image
def disk_from_image(
disk_type: str,
disk_size_gb: int,
boot: bool,
source_image: str,
auto_delete: bool = True,
) -> compute_v1.AttachedDisk:
"""
Create an AttachedDisk object to be used in VM instance creation. Uses an image as the
source for the new disk.
Args:
disk_type: the type of disk you want to create. This value uses the following format:
"zones/{zone}/diskTypes/(pd-standard|pd-ssd|pd-balanced|pd-extreme)".
For example: "zones/us-west3-b/diskTypes/pd-ssd"
disk_size_gb: size of the new disk in gigabytes
boot: boolean flag indicating whether this disk should be used as a boot disk of an instance
source_image: source image to use when creating this disk. You must have read access to this disk. This can be one
of the publicly available images or an image from one of your projects.
This value uses the following format: "projects/{project_name}/global/images/{image_name}"
auto_delete: boolean flag indicating whether this disk should be deleted with the VM that uses it
Returns:
AttachedDisk object configured to be created using the specified image.
"""
boot_disk = compute_v1.AttachedDisk()
initialize_params = compute_v1.AttachedDiskInitializeParams()
initialize_params.source_image = source_image
initialize_params.disk_size_gb = disk_size_gb
initialize_params.disk_type = disk_type
boot_disk.initialize_params = initialize_params
# Remember to set auto_delete to True if you want the disk to be deleted when you delete
# your VM instance.
boot_disk.auto_delete = auto_delete
boot_disk.boot = boot
return boot_disk
def wait_for_extended_operation(
operation: ExtendedOperation, verbose_name: str = "operation", timeout: int = 300
) -> Any:
"""
Waits for the extended (long-running) operation to complete.
If the operation is successful, it will return its result.
If the operation ends with an error, an exception will be raised.
If there were any warnings during the execution of the operation
they will be printed to sys.stderr.
Args:
operation: a long-running operation you want to wait on.
verbose_name: (optional) a more verbose name of the operation,
used only during error and warning reporting.
timeout: how long (in seconds) to wait for operation to finish.
If None, wait indefinitely.
Returns:
Whatever the operation.result() returns.
Raises:
This method will raise the exception received from `operation.exception()`
or RuntimeError if there is no exception set, but there is an `error_code`
set for the `operation`.
In case of an operation taking longer than `timeout` seconds to complete,
a `concurrent.futures.TimeoutError` will be raised.
"""
result = operation.result(timeout=timeout)
if operation.error_code:
print(
f"Error during {verbose_name}: [Code: {operation.error_code}]: {operation.error_message}",
file=sys.stderr,
flush=True,
)
print(f"Operation ID: {operation.name}", file=sys.stderr, flush=True)
raise operation.exception() or RuntimeError(operation.error_message)
if operation.warnings:
print(f"Warnings during {verbose_name}:\n", file=sys.stderr, flush=True)
for warning in operation.warnings:
print(f" - {warning.code}: {warning.message}", file=sys.stderr, flush=True)
return result
def create_instance(
project_id: str,
zone: str,
instance_name: str,
disks: list[compute_v1.AttachedDisk],
machine_type: str = "n1-standard-1",
network_link: str = "global/networks/default",
subnetwork_link: str = None,
internal_ip: str = None,
external_access: bool = False,
external_ipv4: str = None,
accelerators: list[compute_v1.AcceleratorConfig] = None,
preemptible: bool = False,
spot: bool = False,
instance_termination_action: str = "STOP",
custom_hostname: str = None,
delete_protection: bool = False,
) -> compute_v1.Instance:
"""
Send an instance creation request to the Compute Engine API and wait for it to complete.
Args:
project_id: project ID or project number of the Cloud project you want to use.
zone: name of the zone to create the instance in. For example: "us-west3-b"
instance_name: name of the new virtual machine (VM) instance.
disks: a list of compute_v1.AttachedDisk objects describing the disks
you want to attach to your new instance.
machine_type: machine type of the VM being created. This value uses the
following format: "zones/{zone}/machineTypes/{type_name}".
For example: "zones/europe-west3-c/machineTypes/f1-micro"
network_link: name of the network you want the new instance to use.
For example: "global/networks/default" represents the network
named "default", which is created automatically for each project.
subnetwork_link: name of the subnetwork you want the new instance to use.
This value uses the following format:
"regions/{region}/subnetworks/{subnetwork_name}"
internal_ip: internal IP address you want to assign to the new instance.
By default, a free address from the pool of available internal IP addresses of
used subnet will be used.
external_access: boolean flag indicating if the instance should have an external IPv4
address assigned.
external_ipv4: external IPv4 address to be assigned to this instance. If you specify
an external IP address, it must live in the same region as the zone of the instance.
This setting requires `external_access` to be set to True to work.
accelerators: a list of AcceleratorConfig objects describing the accelerators that will
be attached to the new instance.
preemptible: boolean value indicating if the new instance should be preemptible
or not. Preemptible VMs have been deprecated and you should now use Spot VMs.
spot: boolean value indicating if the new instance should be a Spot VM or not.
instance_termination_action: What action should be taken once a Spot VM is terminated.
Possible values: "STOP", "DELETE"
custom_hostname: Custom hostname of the new VM instance.
Custom hostnames must conform to RFC 1035 requirements for valid hostnames.
delete_protection: boolean value indicating if the new virtual machine should be
protected against deletion or not.
Returns:
Instance object.
"""
instance_client = compute_v1.InstancesClient()
# Use the network interface provided in the network_link argument.
network_interface = compute_v1.NetworkInterface()
network_interface.name = network_link
if subnetwork_link:
network_interface.subnetwork = subnetwork_link
if internal_ip:
network_interface.network_i_p = internal_ip
if external_access:
access = compute_v1.AccessConfig()
access.type_ = compute_v1.AccessConfig.Type.ONE_TO_ONE_NAT.name
access.name = "External NAT"
access.network_tier = access.NetworkTier.PREMIUM.name
if external_ipv4:
access.nat_i_p = external_ipv4
network_interface.access_configs = [access]
# Collect information into the Instance object.
instance = compute_v1.Instance()
instance.network_interfaces = [network_interface]
instance.name = instance_name
instance.disks = disks
if re.match(r"^zones/[a-z\d\-]+/machineTypes/[a-z\d\-]+$", machine_type):
instance.machine_type = machine_type
else:
instance.machine_type = f"zones/{zone}/machineTypes/{machine_type}"
if accelerators:
instance.guest_accelerators = accelerators
if preemptible:
# Set the preemptible setting
warnings.warn(
"Preemptible VMs are being replaced by Spot VMs.", DeprecationWarning
)
instance.scheduling = compute_v1.Scheduling()
instance.scheduling.preemptible = True
if spot:
# Set the Spot VM setting
instance.scheduling = compute_v1.Scheduling()
instance.scheduling.provisioning_model = (
compute_v1.Scheduling.ProvisioningModel.SPOT.name
)
instance.scheduling.instance_termination_action = instance_termination_action
if custom_hostname is not None:
# Set the custom hostname for the instance
instance.hostname = custom_hostname
if delete_protection:
# Set the delete protection bit
instance.deletion_protection = True
# Prepare the request to insert an instance.
request = compute_v1.InsertInstanceRequest()
request.zone = zone
request.project = project_id
request.instance_resource = instance
# Wait for the create operation to complete.
print(f"Creating the {instance_name} instance in {zone}...")
operation = instance_client.insert(request=request)
wait_for_extended_operation(operation, "instance creation")
print(f"Instance {instance_name} created.")
return instance_client.get(project=project_id, zone=zone, instance=instance_name)
def create_windows_instance(
project_id: str,
zone: str,
instance_name: str,
machine_type: str,
source_image_family: str = "windows-2022",
network_link: str = "global/networks/default",
subnetwork_link: str | None = None,
) -> compute_v1.Instance:
"""
Creates a new Windows Server instance that has only an internal IP address.
Args:
project_id: project ID or project number of the Cloud project you want to use.
zone: name of the zone to create the instance in. For example: "us-west3-b"
instance_name: name of the new virtual machine (VM) instance.
machine_type: machine type you want to create in following format:
"zones/{zone}/machineTypes/{type_name}". For example:
"zones/europe-west3-c/machineTypes/f1-micro"
You can find the list of available machine types using:
https://cloud.google.com/sdk/gcloud/reference/compute/machine-types/list
source_image_family: name of the public image family for Windows Server or SQL Server images.
https://cloud.google.com/compute/docs/images#os-compute-support
network_link: name of the network you want the new instance to use.
For example: "global/networks/default" represents the network
named "default", which is created automatically for each project.
subnetwork_link: name of the subnetwork you want the new instance to use.
This value uses the following format:
"regions/{region}/subnetworks/{subnetwork_name}"
Returns:
Instance object.
"""
if subnetwork_link is None:
subnetwork_link = f"regions/{zone}/subnetworks/default"
base_image = get_image_from_family(
project="windows-cloud", family=source_image_family
)
disk_type = f"zones/{zone}/diskTypes/pd-standard"
disks = [disk_from_image(disk_type, 100, True, base_image.self_link, True)]
# You must verify or configure routes and firewall rules in your VPC network
# to allow access to kms.windows.googlecloud.com.
# More information about access to kms.windows.googlecloud.com: https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server
# Additionally, you must enable Private Google Access for subnets in your VPC network
# that contain Windows instances with only internal IP addresses.
# More information about Private Google Access: https://cloud.google.com/vpc/docs/configure-private-google-access#enabling
instance = create_instance(
project_id,
zone,
instance_name,
disks,
machine_type=machine_type,
network_link=network_link,
subnetwork_link=subnetwork_link,
external_access=True, # Set this to False to disable external IP for your instance
)
return instance
Criar uma instância do Windows Server que usa um endereço IP interno para ser ativada
Antes de criar uma instância do Windows Server que tenha apenas um endereço IP interno, é preciso verificar ou configurar rotas e regras de firewall na sua rede VPC para permitir acesso a kms.windows.googlecloud.com. Além disso, você precisa ativar o Acesso privado do Google para sub-redes em sua rede VPC que contenham instâncias do Windows apenas com endereços IP internos.
gcloud
Ao criar uma nova instância usando a linha de CLI gcloud, use a sinalização --no-address para garantir que não seja atribuído um endereço IP externo a ela:
import (
"context"
"fmt"
"io"
compute "cloud.google.com/go/compute/apiv1"
computepb "google.golang.org/genproto/googleapis/cloud/compute/v1"
"google.golang.org/protobuf/proto"
)
// createWndowsServerInstanceInternalIP creates a new Windows Server instance
// that has only an internal IP address.
func createWndowsServerInstanceInternalIP(
w io.Writer,
projectID, zone, instanceName, machineType, sourceImageFamily, networkLink, subnetworkLink string,
) error {
// projectID := "your_project_id"
// zone := "europe-central2-b"
// instanceName := "your_instance_name"
// machineType := "n1-standard-1"
// sourceImageFamily := "windows-2012-r2"
// networkLink := "global/networks/default"
// subnetworkLink := "regions/europe-central2/subnetworks/default"
ctx := context.Background()
instancesClient, err := compute.NewInstancesRESTClient(ctx)
if err != nil {
return fmt.Errorf("NewInstancesRESTClient: %w", err)
}
defer instancesClient.Close()
disk := &computepb.AttachedDisk{
// Describe the size and source image of the boot disk to attach to the instance.
InitializeParams: &computepb.AttachedDiskInitializeParams{
DiskSizeGb: proto.Int64(64),
SourceImage: proto.String(
fmt.Sprintf(
"projects/windows-cloud/global/images/family/%s",
sourceImageFamily,
),
),
},
AutoDelete: proto.Bool(true),
Boot: proto.Bool(true),
}
network := &computepb.NetworkInterface{
// You must verify or configure routes and firewall rules in your VPC network
// to allow access to kms.windows.googlecloud.com.
// More information about access to kms.windows.googlecloud.com:
// https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server
// Additionally, you must enable Private Google Access for subnets in your VPC network
// that contain Windows instances with only internal IP addresses.
// More information about Private Google Access:
// https://cloud.google.com/vpc/docs/configure-private-google-access#enabling
Name: proto.String(networkLink),
Subnetwork: proto.String(subnetworkLink),
}
inst := &computepb.Instance{
Name: proto.String(instanceName),
Disks: []*computepb.AttachedDisk{
disk,
},
MachineType: proto.String(fmt.Sprintf("zones/%s/machineTypes/%s", zone, machineType)),
NetworkInterfaces: []*computepb.NetworkInterface{
network,
},
// If you chose an image that supports Shielded VM,
// you can optionally change the instance's Shielded VM settings.
// ShieldedInstanceConfig: &computepb.ShieldedInstanceConfig{
// EnableSecureBoot: proto.Bool(true),
// EnableVtpm: proto.Bool(true),
// EnableIntegrityMonitoring: proto.Bool(true),
// },
}
req := &computepb.InsertInstanceRequest{
Project: projectID,
Zone: zone,
InstanceResource: inst,
}
op, err := instancesClient.Insert(ctx, req)
if err != nil {
return fmt.Errorf("unable to create instance: %w", err)
}
if err = op.Wait(ctx); err != nil {
return fmt.Errorf("unable to wait for the operation: %w", err)
}
fmt.Fprintf(w, "Instance created\n")
return nil
}
import com.google.cloud.compute.v1.AttachedDisk;
import com.google.cloud.compute.v1.AttachedDiskInitializeParams;
import com.google.cloud.compute.v1.InsertInstanceRequest;
import com.google.cloud.compute.v1.Instance;
import com.google.cloud.compute.v1.InstancesClient;
import com.google.cloud.compute.v1.NetworkInterface;
import com.google.cloud.compute.v1.Operation;
import java.io.IOException;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
public class CreateWindowsServerInstanceInternalIp {
public static void main(String[] args)
throws IOException, ExecutionException, InterruptedException, TimeoutException {
// TODO(developer): Replace these variables before running the sample.
// projectId - ID or number of the project you want to use.
String projectId = "your-google-cloud-project-id";
// zone - Name of the zone you want to use, for example: us-west3-b
String zone = "europe-central2-b";
// instanceName - Name of the new machine.
String instanceName = "instance-name";
// networkLink - Name of the network you want the new instance to use.
// * For example: "global/networks/default" represents the network
// * named "default", which is created automatically for each project.
String networkLink = "global/networks/default";
// subnetworkLink - Name of the subnetwork you want the new instance to use.
// * This value uses the following format:
// * "regions/{region}/subnetworks/{subnetwork_name}"
String subnetworkLink = "regions/europe-central2/subnetworks/default";
createWindowsServerInstanceInternalIp(projectId, zone, instanceName, networkLink,
subnetworkLink);
}
// Creates a new Windows Server instance that has only an internal IP address.
public static void createWindowsServerInstanceInternalIp(String projectId, String zone,
String instanceName, String networkLink, String subnetworkLink)
throws IOException, ExecutionException, InterruptedException, TimeoutException {
// machineType - Machine type you want to create in following format:
// * "zones/{zone}/machineTypes/{type_name}". For example:
// * "zones/europe-west3-c/machineTypes/f1-micro"
// * You can find the list of available machine types using:
// * https://cloud.google.com/sdk/gcloud/reference/compute/machine-types/list
String machineType = "n1-standard-1";
// sourceImageFamily - Name of the public image family for Windows Server or SQL Server images.
// * https://cloud.google.com/compute/docs/images#os-compute-support
String sourceImageFamily = "windows-2012-r2";
// Instantiates a client.
try (InstancesClient instancesClient = InstancesClient.create()) {
AttachedDisk attachedDisk = AttachedDisk.newBuilder()
// Describe the size and source image of the boot disk to attach to the instance.
.setInitializeParams(AttachedDiskInitializeParams.newBuilder()
.setDiskSizeGb(64)
.setSourceImage(
String.format("projects/windows-cloud/global/images/family/%s",
sourceImageFamily))
.build())
.setAutoDelete(true)
.setBoot(true)
.setType(AttachedDisk.Type.PERSISTENT.toString())
.build();
Instance instance = Instance.newBuilder()
.setName(instanceName)
.setMachineType(String.format("zones/%s/machineTypes/%s", zone, machineType))
.addDisks(attachedDisk)
.addNetworkInterfaces(NetworkInterface.newBuilder()
// You must verify or configure routes and firewall rules in your VPC network
// to allow access to kms.windows.googlecloud.com.
// More information about access to kms.windows.googlecloud.com: https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server
// Additionally, you must enable Private Google Access for subnets in your VPC network
// that contain Windows instances with only internal IP addresses.
// More information about Private Google Access: https://cloud.google.com/vpc/docs/configure-private-google-access#enabling
.setName(networkLink)
.setSubnetwork(subnetworkLink)
.build())
// If you chose an image that supports Shielded VM, you can optionally change the
// instance's Shielded VM settings.
// .setShieldedInstanceConfig(ShieldedInstanceConfig.newBuilder()
// .setEnableSecureBoot(true)
// .setEnableVtpm(true)
// .setEnableIntegrityMonitoring(true)
// .build())
.build();
InsertInstanceRequest request = InsertInstanceRequest.newBuilder()
.setProject(projectId)
.setZone(zone)
.setInstanceResource(instance)
.build();
// Wait for the operation to complete.
Operation operation = instancesClient.insertAsync(request).get(5, TimeUnit.MINUTES);
if (operation.hasError()) {
System.out.printf("Error in creating instance %s", operation.getError());
return;
}
System.out.printf("Instance created %s", instanceName);
}
}
}
/**
* TODO(developer): Uncomment and replace these variables before running the sample.
*/
// const projectId = 'YOUR_PROJECT_ID';
// const zone = 'europe-central2-b';
// const instanceName = 'YOUR_INSTANCE_NAME';
// const machineType = 'n1-standard-1';
// const sourceImageFamily = 'windows-2012-r2';
// const networkLink = 'global/networks/default';
// const subnetworkLink = 'regions/europe-central2/subnetworks/default';
const compute = require('@google-cloud/compute');
async function createWindowsServerInstanceInternalIP() {
const instancesClient = new compute.InstancesClient();
const [response] = await instancesClient.insert({
instanceResource: {
name: instanceName,
disks: [
{
// Describe the size and source image of the boot disk to attach to the instance.
initializeParams: {
diskSizeGb: '64',
sourceImage: `projects/windows-cloud/global/images/family/${sourceImageFamily}/`,
},
autoDelete: true,
boot: true,
type: 'PERSISTENT',
},
],
machineType: `zones/${zone}/machineTypes/${machineType}`,
networkInterfaces: [
{
// You must verify or configure routes and firewall rules in your VPC network
// to allow access to kms.windows.googlecloud.com.
// More information about access to kms.windows.googlecloud.com: https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server
// Additionally, you must enable Private Google Access for subnets in your VPC network
// that contain Windows instances with only internal IP addresses.
// More information about Private Google Access: https://cloud.google.com/vpc/docs/configure-private-google-access#enabling
name: networkLink,
subnetwork: subnetworkLink,
},
],
// If you chose an image that supports Shielded VM, you can optionally change the instance's Shielded VM settings.
// "shieldedInstanceConfig": {
// "enableSecureBoot": true,
// "enableVtpm": true,
// "enableIntegrityMonitoring": true
// },
},
project: projectId,
zone,
});
let operation = response.latestResponse;
const operationsClient = new compute.ZoneOperationsClient();
// Wait for the create operation to complete.
while (operation.status !== 'DONE') {
[operation] = await operationsClient.wait({
operation: operation.name,
project: projectId,
zone: operation.zone.split('/').pop(),
});
}
console.log('Instance created.');
}
createWindowsServerInstanceInternalIP();
from __future__ import annotations
import re
import sys
from typing import Any
import warnings
from google.api_core.extended_operation import ExtendedOperation
from google.cloud import compute_v1
def get_image_from_family(project: str, family: str) -> compute_v1.Image:
"""
Retrieve the newest image that is part of a given family in a project.
Args:
project: project ID or project number of the Cloud project you want to get image from.
family: name of the image family you want to get image from.
Returns:
An Image object.
"""
image_client = compute_v1.ImagesClient()
# List of public operating system (OS) images: https://cloud.google.com/compute/docs/images/os-details
newest_image = image_client.get_from_family(project=project, family=family)
return newest_image
def disk_from_image(
disk_type: str,
disk_size_gb: int,
boot: bool,
source_image: str,
auto_delete: bool = True,
) -> compute_v1.AttachedDisk:
"""
Create an AttachedDisk object to be used in VM instance creation. Uses an image as the
source for the new disk.
Args:
disk_type: the type of disk you want to create. This value uses the following format:
"zones/{zone}/diskTypes/(pd-standard|pd-ssd|pd-balanced|pd-extreme)".
For example: "zones/us-west3-b/diskTypes/pd-ssd"
disk_size_gb: size of the new disk in gigabytes
boot: boolean flag indicating whether this disk should be used as a boot disk of an instance
source_image: source image to use when creating this disk. You must have read access to this disk. This can be one
of the publicly available images or an image from one of your projects.
This value uses the following format: "projects/{project_name}/global/images/{image_name}"
auto_delete: boolean flag indicating whether this disk should be deleted with the VM that uses it
Returns:
AttachedDisk object configured to be created using the specified image.
"""
boot_disk = compute_v1.AttachedDisk()
initialize_params = compute_v1.AttachedDiskInitializeParams()
initialize_params.source_image = source_image
initialize_params.disk_size_gb = disk_size_gb
initialize_params.disk_type = disk_type
boot_disk.initialize_params = initialize_params
# Remember to set auto_delete to True if you want the disk to be deleted when you delete
# your VM instance.
boot_disk.auto_delete = auto_delete
boot_disk.boot = boot
return boot_disk
def wait_for_extended_operation(
operation: ExtendedOperation, verbose_name: str = "operation", timeout: int = 300
) -> Any:
"""
Waits for the extended (long-running) operation to complete.
If the operation is successful, it will return its result.
If the operation ends with an error, an exception will be raised.
If there were any warnings during the execution of the operation
they will be printed to sys.stderr.
Args:
operation: a long-running operation you want to wait on.
verbose_name: (optional) a more verbose name of the operation,
used only during error and warning reporting.
timeout: how long (in seconds) to wait for operation to finish.
If None, wait indefinitely.
Returns:
Whatever the operation.result() returns.
Raises:
This method will raise the exception received from `operation.exception()`
or RuntimeError if there is no exception set, but there is an `error_code`
set for the `operation`.
In case of an operation taking longer than `timeout` seconds to complete,
a `concurrent.futures.TimeoutError` will be raised.
"""
result = operation.result(timeout=timeout)
if operation.error_code:
print(
f"Error during {verbose_name}: [Code: {operation.error_code}]: {operation.error_message}",
file=sys.stderr,
flush=True,
)
print(f"Operation ID: {operation.name}", file=sys.stderr, flush=True)
raise operation.exception() or RuntimeError(operation.error_message)
if operation.warnings:
print(f"Warnings during {verbose_name}:\n", file=sys.stderr, flush=True)
for warning in operation.warnings:
print(f" - {warning.code}: {warning.message}", file=sys.stderr, flush=True)
return result
def create_instance(
project_id: str,
zone: str,
instance_name: str,
disks: list[compute_v1.AttachedDisk],
machine_type: str = "n1-standard-1",
network_link: str = "global/networks/default",
subnetwork_link: str = None,
internal_ip: str = None,
external_access: bool = False,
external_ipv4: str = None,
accelerators: list[compute_v1.AcceleratorConfig] = None,
preemptible: bool = False,
spot: bool = False,
instance_termination_action: str = "STOP",
custom_hostname: str = None,
delete_protection: bool = False,
) -> compute_v1.Instance:
"""
Send an instance creation request to the Compute Engine API and wait for it to complete.
Args:
project_id: project ID or project number of the Cloud project you want to use.
zone: name of the zone to create the instance in. For example: "us-west3-b"
instance_name: name of the new virtual machine (VM) instance.
disks: a list of compute_v1.AttachedDisk objects describing the disks
you want to attach to your new instance.
machine_type: machine type of the VM being created. This value uses the
following format: "zones/{zone}/machineTypes/{type_name}".
For example: "zones/europe-west3-c/machineTypes/f1-micro"
network_link: name of the network you want the new instance to use.
For example: "global/networks/default" represents the network
named "default", which is created automatically for each project.
subnetwork_link: name of the subnetwork you want the new instance to use.
This value uses the following format:
"regions/{region}/subnetworks/{subnetwork_name}"
internal_ip: internal IP address you want to assign to the new instance.
By default, a free address from the pool of available internal IP addresses of
used subnet will be used.
external_access: boolean flag indicating if the instance should have an external IPv4
address assigned.
external_ipv4: external IPv4 address to be assigned to this instance. If you specify
an external IP address, it must live in the same region as the zone of the instance.
This setting requires `external_access` to be set to True to work.
accelerators: a list of AcceleratorConfig objects describing the accelerators that will
be attached to the new instance.
preemptible: boolean value indicating if the new instance should be preemptible
or not. Preemptible VMs have been deprecated and you should now use Spot VMs.
spot: boolean value indicating if the new instance should be a Spot VM or not.
instance_termination_action: What action should be taken once a Spot VM is terminated.
Possible values: "STOP", "DELETE"
custom_hostname: Custom hostname of the new VM instance.
Custom hostnames must conform to RFC 1035 requirements for valid hostnames.
delete_protection: boolean value indicating if the new virtual machine should be
protected against deletion or not.
Returns:
Instance object.
"""
instance_client = compute_v1.InstancesClient()
# Use the network interface provided in the network_link argument.
network_interface = compute_v1.NetworkInterface()
network_interface.name = network_link
if subnetwork_link:
network_interface.subnetwork = subnetwork_link
if internal_ip:
network_interface.network_i_p = internal_ip
if external_access:
access = compute_v1.AccessConfig()
access.type_ = compute_v1.AccessConfig.Type.ONE_TO_ONE_NAT.name
access.name = "External NAT"
access.network_tier = access.NetworkTier.PREMIUM.name
if external_ipv4:
access.nat_i_p = external_ipv4
network_interface.access_configs = [access]
# Collect information into the Instance object.
instance = compute_v1.Instance()
instance.network_interfaces = [network_interface]
instance.name = instance_name
instance.disks = disks
if re.match(r"^zones/[a-z\d\-]+/machineTypes/[a-z\d\-]+$", machine_type):
instance.machine_type = machine_type
else:
instance.machine_type = f"zones/{zone}/machineTypes/{machine_type}"
if accelerators:
instance.guest_accelerators = accelerators
if preemptible:
# Set the preemptible setting
warnings.warn(
"Preemptible VMs are being replaced by Spot VMs.", DeprecationWarning
)
instance.scheduling = compute_v1.Scheduling()
instance.scheduling.preemptible = True
if spot:
# Set the Spot VM setting
instance.scheduling = compute_v1.Scheduling()
instance.scheduling.provisioning_model = (
compute_v1.Scheduling.ProvisioningModel.SPOT.name
)
instance.scheduling.instance_termination_action = instance_termination_action
if custom_hostname is not None:
# Set the custom hostname for the instance
instance.hostname = custom_hostname
if delete_protection:
# Set the delete protection bit
instance.deletion_protection = True
# Prepare the request to insert an instance.
request = compute_v1.InsertInstanceRequest()
request.zone = zone
request.project = project_id
request.instance_resource = instance
# Wait for the create operation to complete.
print(f"Creating the {instance_name} instance in {zone}...")
operation = instance_client.insert(request=request)
wait_for_extended_operation(operation, "instance creation")
print(f"Instance {instance_name} created.")
return instance_client.get(project=project_id, zone=zone, instance=instance_name)
def create_windows_instance(
project_id: str,
zone: str,
instance_name: str,
machine_type: str,
source_image_family: str = "windows-2022",
network_link: str = "global/networks/default",
subnetwork_link: str | None = None,
) -> compute_v1.Instance:
"""
Creates a new Windows Server instance that has only an internal IP address.
Args:
project_id: project ID or project number of the Cloud project you want to use.
zone: name of the zone to create the instance in. For example: "us-west3-b"
instance_name: name of the new virtual machine (VM) instance.
machine_type: machine type you want to create in following format:
"zones/{zone}/machineTypes/{type_name}". For example:
"zones/europe-west3-c/machineTypes/f1-micro"
You can find the list of available machine types using:
https://cloud.google.com/sdk/gcloud/reference/compute/machine-types/list
source_image_family: name of the public image family for Windows Server or SQL Server images.
https://cloud.google.com/compute/docs/images#os-compute-support
network_link: name of the network you want the new instance to use.
For example: "global/networks/default" represents the network
named "default", which is created automatically for each project.
subnetwork_link: name of the subnetwork you want the new instance to use.
This value uses the following format:
"regions/{region}/subnetworks/{subnetwork_name}"
Returns:
Instance object.
"""
if subnetwork_link is None:
subnetwork_link = f"regions/{zone}/subnetworks/default"
base_image = get_image_from_family(
project="windows-cloud", family=source_image_family
)
disk_type = f"zones/{zone}/diskTypes/pd-standard"
disks = [disk_from_image(disk_type, 100, True, base_image.self_link, True)]
# You must verify or configure routes and firewall rules in your VPC network
# to allow access to kms.windows.googlecloud.com.
# More information about access to kms.windows.googlecloud.com: https://cloud.google.com/compute/docs/instances/windows/creating-managing-windows-instances#kms-server
# Additionally, you must enable Private Google Access for subnets in your VPC network
# that contain Windows instances with only internal IP addresses.
# More information about Private Google Access: https://cloud.google.com/vpc/docs/configure-private-google-access#enabling
instance = create_instance(
project_id,
zone,
instance_name,
disks,
machine_type=machine_type,
network_link=network_link,
subnetwork_link=subnetwork_link,
external_access=True, # Set this to False to disable external IP for your instance
)
return instance
Como essa instância não tem um endereço IP externo, não é possível se conectar
diretamente a ela pela Internet. É possível se conectar a partir de outra rede conectada à sua rede VPC usando o
Cloud Interconnect ou o
Cloud VPN.
Outra possibilidade é se conectar a uma instância bastion por meio do RDP e se conectar à
instância que tem apenas um endereço IP interno.
Para ativação e renovação do Windows, sua rede VPC precisa atender aos requisitos a seguir de roteamento e regras de firewall.
Requisitos de roteamento
As instâncias do Windows precisam ser capazes de alcançar kms.windows.googlecloud.com (35.190.247.13) por meio de uma rota que tenha o gateway de Internet padrão como próximo salto. Não é possível ativar instâncias do Windows usando um gateway NAT baseado
na instância ou o Cloud NAT porque kms.windows.googlecloud.com rejeita
solicitações de ativação de endereços IP que não são confirmados como
instâncias do Compute Engine.
É possível usar a rota padrão em sua
rede VPC para rotear o tráfego diretamente para
kms.windows.googlecloud.com. Se você remover essa rota ou se planeja fazer isso no futuro, crie uma rota estática personalizada com o destino 35.190.247.13 e o próximo salto definido como gateway de Internet padrão:
Substitua [ROUTE_NAME] por um nome para esta rota e [NETWORK] pelo nome
da sua rede VPC.
A rota padrão ou uma rota estática personalizada, conforme descrito acima, permitirá que instâncias com endereços IP externos alcancem kms.windows.googlecloud.com. Se você tiver instâncias do Windows sem endereços IP externos ou usar o Cloud NAT, também será preciso ativar o Acesso privado do Google para que instâncias apenas com endereços IP internos possam enviar tráfego ao endereço IP externo para kms.windows.googlecloud.com. Esse endereço IP, 35.190.247.13, está incluído na lista de endereços IP para APIs e serviços do Google.
Requisitos de regra de firewall
A regra de firewall
de permissão de saída implícita permite que as instâncias façam solicitações e recebam respostas estabelecidas. A menos que você tenha criado regras de firewall personalizadas que negam a saída, suas instâncias do Windows podem se comunicar com kms.windows.googlecloud.com.
Se você personalizar as regras de firewall, uma boa prática é criar uma regra de permissão de saída de alta prioridade que permita explicitamente a comunicação com 35.190.247.13.
Dessa forma, ao modificar as regras do firewall, você não desativará acidentalmente a ativação do Windows.
Os seguintes exemplos de gcloud criam a regra de permissão de saída recomendada com a prioridade mais alta:
