Windows on Compute Engine


You can run your Windows applications on Compute Engine and take advantage of many benefits available to virtual machine instances such as reliable storage options, the speed of the Google network, and Autoscaling.

Compute Engine provides several tools to help bring your Windows applications and services to the cloud:

To get started, try the Windows quickstart, create a Windows Server instance, or create an instance with SQL Server preinstalled.

Windows quickstart

If you are new to Compute Engine, follow the Windows quickstart to learn how to create Windows virtual machine instances using the Cloud Console. Create an instance with a Windows Server operating system, use Windows PowerShell to install Internet Information Services (IIS), and host a simple web page.

Windows quickstart

Windows Server

Windows Server is a server operating system from Microsoft. You can create instances with Windows Server images to run applications that are specific to Windows. Compute Engine offers several versions of Windows Server.

Optionally, Compute Engine offers SQL Server images if you need VM instances that have Windows Server with SQL Server preinstalled.

Pricing for Windows Server images

When you create a Windows Server instance, you pay by the second for the use of the Windows Server license. The cost for the license depends on the number of vCPUs in the machine type of the instance.

Windows Server images are premium resources that incur additional fees. For more information about the price of Windows Server images, see Windows Server pricing.

Licensing for Windows Server and SQL Server images

Instances that run Windows Server images on Compute Engine can activate and renew their licenses only if they have a network connection to kms.windows.googlecloud.com. If your Windows Server instances are unable to access kms.windows.googlecloud.com, they stop functioning within 30 days.

Your VPC network must provide access to 35.190.247.13, the IP address used by kms.windows.googlecloud.com. The next hop for 35.190.247.13/32 must be the default internet gateway. You can configure your instances to access kms.windows.googlecloud.com using one of the following methods:

For more information about each of these methods, see Configuring Windows Server license activation.

You can bring your existing Windows Server licenses to Compute Engine by bringing your own license with sole-tenant nodes or bringing your existing Microsoft application licenses to your Windows Server instances to run specific applications. However, you must continue to manage those licenses yourself.

Windows client

Bring existing Windows client licenses to Compute Engine by bringing your own license with sole-tenant nodes and importing your image as a virtual disk. Similar to bringing your license with Windows Server, you must continue to manage license and compliance yourself. For more information about Windows client support, see Windows client.

SQL Server

Microsoft SQL Server is a database system that runs on Windows Server. You can use SQL Server on Compute Engine as part of the backend for your applications, as a flexible development and test environment, or in addition to your on-premises systems for backup and disaster recovery.

Compute Engine provides images with Microsoft SQL Server preinstalled on Windows Server. For these SQL Server images, Compute Engine manages the license for both Windows Server and SQL Server, and includes the cost in your monthly bill. Create instances with SQL Server and scale out to large multi-node configurations when you need them.

Compute Engine stores your data on durable persistent disks with automatic redundancy and automatic encryption at rest. Use these persistent disks to store your SQL Server data without having to worry about the durability or security of your data. For additional performance, create your instances with a local SSD as a cache that provides additional IOPS and performance for SQL Server queries.

You can create Compute Engine VM instances that run SQL Server in the following ways:

For a full list of the available images that include SQL Server preinstalled, see the Feature support by operating system.

Pricing for SQL Server images

When you create an instance that includes SQL Server, you pay by the second for the SQL Server license in addition to the Compute Engine instance resources and the Windows Server license. The cost of your SQL Server instances includes the following items:

For full details on the pricing for Windows Server images that include SQL Server preinstalled, see the SQL Server pricing page.

Machine type requirements for SQL Server images

SQL Server Standard

You can run SQL Server Standard on instances with any machine type, but shared-core machine types will not run optimally. Google recommends that you use instances with at least one vCPU to run SQL Server Standard.

SQL Server Enterprise

Instances that run SQL Server Enterprise must have at least 4 vCPUs. For optimal performance, Google recommends that you run SQL Server Enterprise on instances with larger memory capacities. Depending on your workload, you should use high-memory machine types with 8 vCPUs or more. These machine types maximize the ratio of memory to each vCPU that is available on Compute Engine, which is optimal for SQL Server Enterprise instances.

Additionally, you can use SQL Server Enterprise on Compute Engine to create SQL Server Availability Groups.

Licensing for images with SQL Server

If you need to run SQL Server on Compute Engine, create an instance with a Windows Server image that includes SQL Server preinstalled. These images handle licensing for both Windows Server and SQL Server and let you adopt a pay as you go model for your Windows Server and SQL Server licenses. The pay as you go model lets you pay for SQL Server only when you need it with per-second billing.

Alternatively, you can bring your existing Microsoft application licenses for SQL Server to your Windows Server instances on Compute Engine, but you must continue to manage those licenses yourself.

Default components

SQL Server images include several components by default. The default components depend on the edition of SQL Server that you selected.

SQL Server Enterprise, Standard, and Web editions:

  • SQL Server
    • Database Engine
    • Replication
    • Full text search
  • Analysis services
  • Reporting services
  • Data quality services
  • Integration services
  • Master data services
  • Tools
    • SQL Server Management Studio (2012 and 2014 only)
    • SQL Server Configuration Manager
    • Business Intelligence Development Studio
    • SQL Server Setup
    • Client Tools Connectivity
    • Client Tools SDK
    • SQL Client Connectivity SDK
    • Data-tier applications
    • Back up and Restore
    • Attach and Detach
  • SQL Server Books online

SQL Server Express edition:

  • SQL Server
    • Database Engine
    • Replication
    • Full text search
  • Reporting services

If you need to add or remove components, you can add features to your SQL Server installation. SQL Server images always include the setup executable at C:\sql_server_install\setup.exe.

Using BitLocker with Shielded VM images

You can enable BitLocker for Windows boot disks that are part of Shielded VM images. Shielded VM images offer security features such as UEFI-compliant firmware, Secure Boot, vTPM-protected Measured Boot, and integrity monitoring. vTPM and integrity monitoring are enabled by default, and Google recommends enabling Secure Boot if possible.

If you choose to enable BitLocker on a Windows boot disk that is part of a Shielded VM image, we strongly recommend saving the recovery key to a safe location, because if you don't have the recovery key, you can't recover the data.

Take the following into account before enabling BitLocker on a Windows boot disk that is part of a Shielded VM image:

  • On Shielded VM boot disks, BitLocker uses the vTPM to store the encryption keys, and the vTPM is permanently associated with the VM on which it was created. This means that you can restore a snapshot of a Shielded VM boot disk to another persistent disk, but you can't decrypt it because the vTPM containing the BitLocker keys isn't available. If you have a recovery key, you can recover data by following the instructions in the BitLocker recovery guide. If you don't have a recovery key, the data on the disk is unrecoverable.

  • On Shielded VM data disks, persistent disk data is encrypted by default. Enabling BitLocker on top of persistent disk encryption doesn't affect throughput, but it might increase vCPU utilization slightly. Enabling BitLocker on data disks that are attached to the VM doesn't pose the same recovery challenges as for boot disks. This is because the BitLocker encryption keys for data disks aren't stored on the vTPM. If you have lost the ability to unlock the disk normally and have the recovery key, you can attach the disk to another unencrypted VM and recover it from there. If you don't have a recovery key, the data on the disk is unrecoverable.

Compute Engine Windows drivers

The following Compute Engine drivers are maintained for Windows images:

Driver type Package name
Ethernet adapter google-compute-engine-driver-netkvm
SCSI disk google-compute-engine-driver-vioscsi
Display adapter google-compute-engine-driver-gga
Crash handler google-compute-engine-driver-pvpanic

Each driver is packaged using GooGet and published to Google Cloud repositories. All Google Cloud Windows images are preconfigured with the GooGet tool and Google Cloud repositories. If you need to install GooGet and set up repositories yourself, see Packaging and package distribution.

To install or upgrade a specific driver, run following command:

googet install DRIVER_PACKAGE_NAME

Periodically, as part of the Microsoft Lifecycle Policy, Microsoft might announce an end of support (EOS) date for a version of their operating system that you are using for VM instances on Compute Engine. On the EOS date for that version of the operating system:

  • Google can no longer access updates.
  • Google can no longer access security patches.
  • Google retires the operating system image, and the image is no longer available to create VM instances.

If you are running VM instances on Compute Engine based on one of these operating system images, keep in mind that beginning on the EOS date:

  • VMs based on images that are beyond their EOS date continue to operate, and billing continues for premium images.

  • Future Google Cloud functionality might not perform as expected if you use an image that is beyond its EOS date.

  • Google can no longer provide support, updates, or security patches. Microsoft might provide additional support through its Extended Support Updates program. It is your responsibility to install and test all updates provided by Microsoft.

  • Google might request that you upgrade the image to a supported version before Google agrees to investigate support-related issues with that image.

Using an unsupported and unpatched version might create material security risks. If you are running VM instances based on an operating system image with an announced EOS date, Google recommends that before the EOS date, you:

If you continue to use an image after the EOS date for that image, Google recommends that you not update the guest environment because Google doesn't test new versions of the image against the EOS version. When Google releases additional image families, those newly released image families might not support the EOS versions of the images, so we recommend that you continue to use the image family that you are currently using.

The following table shows Microsoft operating systems that are no longer supported, their EOS dates, where to find Microsoft's EOS announcements, and links to content about upgrading or migrating:

Operating system EOS date More information
Windows Server 2008 R2 January 14, 2020
Windows Server 2008 January 14, 2020
Windows Server 2003 R2 July 14, 2015
Windows Server 2003 July 14, 2015

What's next