This page describes how to use a shielded VM with Notebooks.
Shielded VM offers verifiable integrity of Compute Engine VM instances, so you can be confident your instances haven't been compromised by boot- or kernel-level malware or rootkits. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring.
See Shielded VM to learn more.
Requirements and limitations
To use Shielded VM with Notebooks, you must create a Deep Learning VM Images with a Debian 10 OS that is version M51 or higher.
Notebooks does not support shielded VM Notebooks instances with GPU accelerators.
Create a Notebooks instance using a shielded VM
Complete these steps to create a shielded VM that can be used with Notebooks.
Select the image family that you want your instance to be based on. To list the available image families that are compatible with Notebooks and Shielded VM, use the following command in the
gcloudcommand-line tool with your preferred terminal or in Cloud Shell.
gcloud compute images list \ --project deeplearning-platform-release \ --no-standard-images | grep debian-10
Use the following command to create the Compute Engine instance. Replace MY_IMAGE_FAMILY with the image family name that you want to use to create your VM. Replace MY_ZONE with the zone where you want your instance to be located.
gcloud compute instances create nb-legacy2 \ --image-project=deeplearning-platform-release \ --image-family=MY_IMAGE_FAMILY \ --metadata="proxy-mode=service_account" \ --scopes=https://www.googleapis.com/auth/cloud-platform \ --shielded-secure-boot \ --zone=MY_ZONE
Learn more about Notebooks image families to help you choose the one you want.
Learn more about modifying Shielded VM options.