A user-managed notebooks instance is a Deep Learning virtual machine instance with the latest machine learning and data science libraries preinstalled. You can optionally include Nvidia GPUs for hardware acceleration.
Before you begin
Follow the steps in Before you begin to create a Google Cloud project and enable the Notebooks API.
Create a user-managed notebooks instance with default propertiesTo create a user-managed notebooks instance with default properties, complete the following steps. To specify properties for your instance, see Create a user-managed notebooks instance with specific properties or go to notebook.new to go directly to the Create a user-managed notebook instance creation dialog.
In the Google Cloud console, go to the User-managed notebooks page.
Select an instance type, and then choose whether to include a GPU.
If you choose to include a GPU, you must select the option to Install NVIDIA GPU driver automatically for me. You can adjust the number of GPUs later if you need to. For information about adjusting the number of GPUs, see Manage hardware accelerators for a notebook.
Vertex AI Workbench automatically starts the instance. When the instance is ready to use, Vertex AI Workbench activates an Open JupyterLab link.
Create a user-managed notebooks instance with specific properties
To create a user-managed notebooks instance with properties other than those provided by the default instance types, specify your preferred properties when you create an instance. You can specify your preferred properties by using either the Google Cloud console, notebook.new (https://notebook.new), or the Google Cloud CLI:
In the Google Cloud console, go to the User-managed notebooks page.
ClickNew notebook, and then select Customize instance.
The Create a user-managed notebook page opens.
For information about completing the Create a user-managed notebook dialog, see Set instance properties.
By default, the Google Cloud CLI creates a user-managed notebooks instance with an external IP address. To create an instance without an external IP address, you must specify a subnet that has Private Google Access enabled. For more information, see networking configuration options.
gcloud notebooks instances create INSTANCE_NAME --vm-image-project=deeplearning-platform-release --vm-image-family=VM_IMAGE_FAMILY --machine-type=MACHINE_TYPE --location=LOCATION
Replace the following:
Access your instance from the Cloud console.
For information about all commands for creating an instance from the command line, see the gcloud CLI documentation.
Set instance properties
On the Create a user-managed notebook page, provide the following information for your new instance:
- Notebook name: Provide a name for your new instance.
- Region and Zone: Select a region and zone for the new instance. For best network performance, select the region that is geographically closest to you. See the available user-managed notebooks locations.
- Operating system: Select the operating system that you want to use.
- Environment: Select the environment that you want to use.
- Script: Optional: Click Browse to select a script to run after
the instance is created. This script runs only once after the notebook
instance is created. The path must be a URL or Cloud Storage path,
- Custom metadata: Optional: Provide custom metadata keys for the instance.
- Machine type: Select the number of CPUs and amount of RAM for your new instance. Vertex AI Workbench provides monthly cost estimates for each machine type that you select.
GPUs: Select the GPU type and Number of GPUs for your new instance. For information about the different GPUs, see GPUs on Compute Engine.
Select the checkbox to Install NVIDIA GPU driver automatically for me.
You can modify the GPU type and number of GPUs for your instance after it is created. For more information, see Manage hardware accelerators for a notebook.
Shielded VM: Optional: Select the checkboxes to turn on Secure Boot, turn on vTPM, and turn on Integrity monitoring.
Disks: Optional: To change the default boot or data disk settings, expand the Disk(s) section. Select the Boot disk type, Boot disk size in GB, Data disk type, and Data disk size in GB that you want. For more information about disk types, see Storage options.
Encryption: To change the encryption setting from Google-managed encryption key to Customer-managed encryption key (CMEK), see Customer-managed encryption keys.
Networking: To change network settings, such as to select a Virtual Private Cloud, disable proxy access, or disable the external IP address, complete the following steps:
Expand the Networking section.
Select either Networks in this project or Networks shared with me.
In the Network field, select the network that you want. You can select a VPC network, as long as the network has Private Google Access enabled or can access the internet. For more information, see network configuration options.
In the Subnetwork field, select the subnetwork that you want.
To disable the external IP address, set the External IP field to None.
To disable proxy access, clear the checkbox next to Allow proxy access when it's available.
Permission: To grant access to all users who have access to a specific Compute Engine service account or to a specific user, expand the Permission section and complete the following steps:
- Set the Access to JupyterLab field to Service account or Single user only. For Single user only, in the User email field, type the email address you want to use. For more information about service accounts, see Types of service accounts.
- In the Identity and API access section, select or clear the Use Compute Engine default service account checkbox, and specify a service account.
Security: Select or clear the following checkboxes:
- Enable root access to the instance
- Enable nbconvert
- Enable file downloading from JupyterLab UI
- Select the Enable environment auto-upgrade checkbox.
- Choose whether to upgrade your notebook Weekly or Monthly.
- In the Weekday field, choose a day of the week.
- In the Hour field, choose an hour of the day.
In System health and reporting, select or clear the following checkboxes:
- Enable system health report
- Report custom metrics to Cloud Monitoring
- Install Cloud Monitoring agent
Vertex AI Workbench creates a user-managed notebooks instance based on your specified properties and automatically starts the instance. When the instance is ready to use, Vertex AI Workbench activates an Open JupyterLab link.
Determine who has access to the JupyterLab instance
Unless you granted access to a specific service account or a single user on the Create a user-managed notebook page Permissions, anyone who has Editor permissions to your Google Cloud project can access the notebook.
If you granted access to a specific service account, anyone who has access to that service account can access the JupyterLab instance. Anyone who doesn't have access to the specified service account cannot access the JupyterLab instance.
If you granted access to a single user, only that user can access the JupyterLab instance. If you are not that single user, even you yourself can't access the JupyterLab instance.
Open the notebookTo open a user-managed notebooks instance, complete the following steps:
In the Google Cloud console, next to your user-managed notebooks instance's name, click Open JupyterLab.
Your user-managed notebooks instance opens JupyterLab.
Your new user-managed notebooks instance automatically has the
notebook-instance network tags assigned.
These tags let you manage network access to and from your instance by referencing these tags in your VPC networking firewall rules. For more information about network tags, see Configuring network tags.
To view the network tags for your new user-managed notebooks instance, complete the following steps:
- In the Google Cloud console, on the navigation menu, point to Compute Engine and then click VM instances.
- Click the name of your new user-managed notebooks instance.
- In Networking, find Network tags.
Network configuration options
A user-managed notebooks instance must access service endpoints that are outside your VPC network.
You can provide this access in one of the following ways:
Assign an external IP address to the user-managed notebooks instance. This is done automatically when you create a new instance with default properties. Make sure your environment meets the requirements for accessing Google APIs and services.
If you use the
restricted.googleapis.com VIP to
provide access to the service endpoints,
add DNS entries for each of the required service
If you encounter a problem when you create a notebook, see Troubleshooting notebooks for help with common issues.
Install dependencies on your new user-managed notebooks instance.
Learn about monitoring the health status of your user-managed notebooks instance.