Before you order Gemini on Google Distributed Cloud connected API, you must meet the installation requirements described in this document. For additional information, see Getting Support.
Certified hardware
Before you order Gemini on GDC connected API, you must procure certified hardware matching the exact configuration described in this section. This configuration is for a single Google-certified machine.
Item | Dell SKU | Qty |
---|---|---|
PowerEdge XE9680, DSS RESTRICTED | 210-BHYV | 1 |
2.5 Chassis | 379-BDTF | 1 |
Trusted Platform Module 2.0 V5 | 461-AAIG | 1 |
XE9680 6U Chassis with 8 GPU 8 x 2.5 NVMe Only | 321-BIEK | 1 |
Intel Xeon Platinum 8592+ 1.9G, 64C/128T, 20GT/s, 320M Cache, Turbo, HT (350W) DDR5-5600 | 338-CPBP | 2 |
Additional Processor Selected | 379-BDCO | 1 |
Riser Config 2 | 330-BCHH | 1 |
Heatsink for 2 CPU Configuration | 412-BBCN | 1 |
Performance Optimized | 370-AAIP | 1 |
5600MT/s RDIMMs | 370-BBRX | 1 |
128GB RDIMM, 5600MT/s, Dual Rank x4, 32Gb BASE | 370-BCSR | 16 |
C30, No RAID for NVME chassis | 780-BCDO | 1 |
No Controller | 405-AACD | 1 |
15.36TB Enterprise NVMe Read Intensive Opal Drive U.2 Gen4 with carrier, FIPs,Kioxia CM7-R, DSS RESTRICTED | 345-BLPR | 8 |
Performance BIOS Settings | 384-BBBL | 1 |
UEFI BIOS Boot Mode with GPT Partition | 800-BBDM | 1 |
Very High Performance Fan x6 | 750-ADGJ | 1 |
3+3 FTR (GPU Power Brake Enabled), Hot-Plug PSU, 2800W MM HLAC (200-240Vac) Titanium, C22 Connector | 450-AMMN | 1 |
C20 to C21, PDU Style, 16 AMP, 8 Feet, Power Cord | 450-AGXK | 6 |
XE9680 System Motherboard, MX, MLK | 338-CPWL | 1 |
PowerEdge 2U LCD Bezel | 325-BGHR | 1 |
NVIDIA HGX H200 8-GPU SXM 141GB 700W GPUs Assembly | 490-BKHF | 1 |
Broadcom 5720 Dual Port 1GbE LOM | 540-BDKD | 1 |
Mellanox ConnectX-6 DX Dual Port 100GbE QSFP56 Network Adapter, Full Height | 540-BCXO | 2 |
BOSS-N1 controller card + with 2 FIPS M.2 960GB (RAID 1) Micron 7400 SEDs NVMe | 403-BCVH | 1 |
XE9680 BOSS Cable | 470-AFNO | 1 |
Broadcom 57414 Dual Port 10/25GbE SFP28, OCP NIC 3.0 | 540-BCOC | 1 |
No Operating System, No Utility Partition | 611-BBBG | 1 |
iDRAC9, Datacenter 16G | 528-CTID | 1 |
iDRAC Secure Enterprise Key Manager License 2.0 | 634-BZIL | 1 |
Secured Component Verification | 528-COYT | 1 |
iDRAC,Factory Generated Password | 379-BCSF | 1 |
iDRAC Service Module (ISM), NOT Installed | 379-BCQX | 1 |
iDRAC Group Manager, Disabled | 379-BCQY | 1 |
XE9680 Rack Rail Cable Management Arm | 770-BEPB | 1 |
XE9680 Sliding Ready Rail (B28) | 770-BEPC | 1 |
PowerEdge XE9680, Shipping | 340-DDBX | 1 |
PowerEdge XE9680 CE Marking, No CCC Marking | 389-EFKE | 1 |
XE9680 Shipping Material | 343-BBXC | 1 |
NOT NAC eligible 5A002.a | 340-DMRF | 1 |
Enterprise Program Management Support | 973-3700 | 1 |
Heavy device requires lift-assist cart for onsite service; otherwise, delays or extra fees may apply | 718-9227 | 1 |
Basic Next Business Day 36 Months | 709-BFTF | 1 |
RESTRICTED:ProSupport One Data Center and Next Business Day Onsite Service Vol Low Init, 36 Month(s) | 199-BTKT | 1 |
Keep Your Hard Drive For Enterprise, 36 Month(s) | 711-BCXN | 1 |
ProDeploy Plus PowerEdge XE Series 5U6U | 683-BDSB | 1 |
Size and weight
Each Google-certified machine is 6U in height and has the following dimensions:
- Height: 263.2 mm (10.36")
- Width: 482.0 mm (18.97")
- Depth: 1008.77 mm (39.71") including front bezel
Each Google-certified machine weights 113.3 kg (249.78 lbs).
Power and cooling
Each Google-certified machine has the following electrical specifications:
- Voltage: 100V to 240V AC, 50/60Hz
- Power: 11,000W maximum
Your facility must have adequate cooling to support one (1) Google-certified machine for each deployment of Gemini on GDC connected API.
Networking
This section describes the networking requirements for deploying Gemini on GDC connected API. In addition to the Gemini on GDC connected API Google-certified machine, you must supply your own local machine, such as a laptop, to use during turn-up only. This is the Turn-up machine in Figure 1.
Network connectivity
Figure 1 illustrates Gemini on GDC connected API networking.
You must meet the following network connectivity requirements to deploy Gemini on GDC connected API:
Prepare a Top-of-Rack (ToR) switch that supports Quad Small Form-factor Pluggable (QFSP) 100 gigabit optical connectivity.
Allocate a minimum of one QFSP 100 gigabit optical port on the ToR switch per Google-certified machine; however, Google recommends allocating two QFSP 100G optical ports per machine for high availability. Each of these ports requires QSFP-100G-SR4-S cabling.
If allocating two ports per machine, connect both ToR switch ports to the same Mellanox CX-6 network adapter on each machine.
An internet connection with a minimum bandwidth of 1 Gbps downstream and 100 Mbps upstream.
Make the following network connections for each Google-certified machine:
Connect one or both of the QFSP 100 gigabit ports on the Mellanox CX-6 network adapter on the machine to your ToR switch. These ports handle the high-speed traffic for the Gemini on GDC connected API and the Distributed Cloud connected software.
Connect the integrated Dell Remote Access Controller (iDRAC) port on the machine to a separate Layer 2 switch. This is required for machine management.
For turn-up only:
Assign an IP address to the iDRAC port that is not part of the target Distributed Cloud connected zone CIDR block.
Establish network connectivity between the iDRAC and the turn-up machine as shown in Figure 1.
Network configuration
Configure your local network as follows to deploy Gemini on GDC connected API:
- Allocate a dedicated untagged VLAN configured with a Maximum Transmission Unit (MTU) size of 1500 bytes.
- Allocate a private /26 IPv4 CIDR address block for workload connectivity.
- Configure northbound connectivity for the VLAN using BGP peering; advertise the assigned /26 CIDR block to the upstream network.
- Provision the VLAN with a default route to the upstream network and the internet.
- A Dynamic Host Configuration Protocol (DHCP) server that can assign IPv4 addresses to the Google-certified machines for bootstrapping. The addresses in this DHCP block must be the last /29 section of the workload connectivity IPv4 CIDR address block.
ToR switch configuration
Configure your ToR switch as follows:
- Enable DHCPv4 and DNS support on the port(s) allocated to Gemini on GDC connected API machines.
- Configure a private /26 IPv4 CIDR block on the dedicated, untagged VLAN with an MTU of 1500 bytes.
- Allocate the first IPv4 address in the CIDR block as the network gateway.
- Ensure the rest of the IPv4 addresses in the CIDR block are free; Gemini on GDC connected API allocates them automatically for system functions, services, and local model endpoints.
DHCP server configuration
Configure the DHCP server for Gemini on GDC connected API machines as follows:
- The DHCP server must be reachable from all ToR switch ports connected to Gemini on GDC connected API machines.
- Reserve the last /29 segment of the /26 IPv4 CIDR block you've allocated to Gemini on GDC connected API machines for DHCP assignments and configure the DHCP server to use this /29 segment as a DHCP address pool.
Firewall configuration
Configure your local firewall to allow Gemini on GDC connected API traffic as follows:
Name | Source IP address | Destination anycast IP address | Protocol | Port |
---|---|---|---|---|
Bootstrap | GDCc Zone CIDR (/26) | 192.178.76.0/23 |
TCP | 80 |
GDC connected management (TCP), attestation service, recitation check service, model downloads | GDCc Zone CIDR (/26) | 216.239.{32,34,36,38}.223 , 192.178.76.0/23 |
TCP | 443 |
GDC connected management (gRPC, HTTPS) | GDCc Zone CIDR (/26) | 192.178.76.0/23 |
TCP | 444 |
GDC connected management (QUIC) | GDCc Zone CIDR (/26) | 192.178.18.0/23 |
UDP | 443 |
Domain Name Service (DNS) | GDCc Zone CIDR (/26) | Google DNS: 8.8.8.8 , 8.8.4.4 |
TCP, UDP | 53 |
Network Time Protocol (NTP) | GDCc Zone CIDR (/26) | Google NTP: 216.239.35.{0,4,8,12} |
UDP | 123 |
Intel TDX remote attestation | GDCc Zone CIDR (/26) | 4.255.75.174 |
TCP | 443 |
Intel TDX remote attestation API key
To enable attestation of the confidential virtual machines that serve your Gemini on GDC connected API endpoints, you must obtain an Intel TDX remote attestation API key and provide it to Google. To obtain the API key, complete the steps in this section.
Go to the Intel® Provisioning Certification Service for ECDSA Attestation page.
In the Get PCK Certificates section, click Subscribe.
Follow the displayed instructions to create an account and establish an Intel® SGX Provisioning Certification Service subscription.
In the Your subscriptions section of your account, find and note down the primary API key for your Intel® SGX Provisioning Certification Service subscription.
Information to provide to Google
Provide the following information to Google:
Contact information for a person responsible for procuring and deploying the Google-certified machines.
The /26 IPv4 CIDR block you've allocated for your Google-certified machines.
The primary and secondary API keys for your Intel® SGX Provisioning Certification Service subscription.
The service tags for your Gemini on GDC connected API machines. For instructions, see Locating the Express Service Code and Service Tag.
The Physical Security IDentifiers (PSIDs) of non-boot disk drives in the Google-certified machines.
The project ID of the Google Cloud project that hosts your Distributed Cloud connected zone for Gemini on GDC connected API.
Validate the certified hardware
Before scheduling a visit from a Google technician, you must validate your certified hardware as follows:
Obtain the hardware validation Docker image from your Google representative.
Install or live-boot Ubuntu Linux on the certified machine. This installation is used for pre-flight tasks only; Google replaces it with the Gemini on GDC connected API software once pre-flight is complete.
Install the following packages:
Load the hardware validator Docker image:
docker load -i gdc_hw_validator.tar
Specify the Distributed Cloud connected zone CIDR block:
export IP_CIDR="ZONE_CIDR"
Replace
ZONE_CIDR
with the zone's CIDR block.Run the hardware validation script on the certified machine as
root
:docker run --rm -t --privileged -v "$(pwd)":/output -v /sys/fs/cgroup:/sys/fs/cgroup:rw \ --cgroupns=host --network=host -v /lib/modules:/lib/modules:ro -v /dev:/dev \ -e IP_CIDR="$IP_CIDR" gdc_hw_validator
Provide the JSON file generated by the script to your Google representative.
Enable the required APIs
You must enable the following APIs on your target Google Cloud project:
aiplatform.googleapis.com
anthos.googleapis.com
anthosaudit.googleapis.com
anthosgke.googleapis.com
cloudresourcemanager.googleapis.com
connectgateway.googleapis.com
compute.googleapis.com
container.googleapis.com
edgecontainer.googleapis.com
gdchardwaremanagement.googleapis.com
gkeconnect.googleapis.com
gkehub.googleapis.com
gkeonprem.googleapis.com
iam.googleapis.com
iamcredentials.googleapis.com
kubernetesmetadata.googleapis.com
logging.googleapis.com
monitoring.googleapis.com
multiclustermetering.googleapis.com
opsconfigmonitoring.googleapis.com
oslogin.googleapis.com
serviceusage.googleapis.com
stackdriver.googleapis.com
storage.googleapis.com
sts.googleapis.com
For information about enabling APIs, see Enabling services.
Set up a billing account
You must set up a billing account for your target Google Cloud project as described in Create a new self-serve Cloud Billing account.
What's next
To bring your Gemini on GDC connected API deployment online, do the following:
Receive and install the Gemini on GDC connected API certified hardware in your target location.
Configure your Gemini on GDC connected API environment as described earlier in this document.
Validate the certified hardware as described earlier in this document.
Coordinate with your Google representative to schedule a visit from a Google technician.
Complete the Google technician visit to install and configure the Gemini on GDC connected API software.
Complete the steps in Create and manage endpoints.