Use a shielded VM with Notebooks

This page describes how to use a shielded VM with Notebooks.

Shielded VM offers verifiable integrity of Compute Engine VM instances, so you can be confident your instances haven't been compromised by boot- or kernel-level malware or rootkits. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring.

See Shielded VM to learn more.

Requirements and limitations

To use Shielded VM with Notebooks, you must create a Deep Learning VM Images with a Debian 10 OS that is version M51 or higher.

Notebooks does not support shielded VM Notebooks instances with GPU accelerators.

Create a Notebooks instance using a shielded VM

Complete these steps to create a shielded VM that can be used with Notebooks.

  1. Select the image family that you want your instance to be based on. To list the available image families that are compatible with Notebooks and Shielded VM, use the following command in the gcloud command-line tool with your preferred terminal or in Cloud Shell.

    gcloud compute images list \
     --project deeplearning-platform-release \
     --no-standard-images | grep debian-10
    
  2. Use the following command to create the Compute Engine instance. Replace MY_IMAGE_FAMILY with the image family name that you want to use to create your VM. Replace MY_ZONE with the zone where you want your instance to be located.

    gcloud compute instances create nb-legacy2 \
     --image-project=deeplearning-platform-release \
     --image-family=MY_IMAGE_FAMILY \
     --metadata="proxy-mode=service_account" \
     --scopes=https://www.googleapis.com/auth/cloud-platform \
     --shielded-secure-boot \
     --zone=MY_ZONE
    
  3. Register your Compute Engine VM with the Notebooks API.

What's next