Use a shielded virtual machine with user-managed notebooks

So you can be confident that your instances have not been compromised by boot- or kernel-level malware or rootkits, Shielded VM offers verifiable integrity of Compute Engine VM instances. Shielded VM's verifiable integrity is achieved through the use of Secure Boot, virtual trusted platform module (vTPM)-enabled Measured Boot, and integrity monitoring.

See Shielded VM to learn more.

Requirements and limitations

To use Shielded VM with user-managed notebooks, you must create a Deep Learning VM Images with a Debian 10 OS that is version M51 or higher.

Vertex AI Workbench does not support shielded VM user-managed notebooks instances with GPU accelerators.

Create a user-managed notebooks instance using a shielded VM

Complete these steps to create a shielded VM that you can use with user-managed notebooks.

  1. Select the image family that you want your instance to be based on. To list the available image families that are compatible with user-managed notebooks and Shielded VM, use the following command in the gcloud command-line tool with your preferred terminal or in Cloud Shell.

    gcloud compute images list \
        --project deeplearning-platform-release \
        --no-standard-images | grep debian-10
    
  2. Use the following command to create the Compute Engine instance. Replace MY_IMAGE_FAMILY with the image family name that you want to use to create your VM. Replace MY_ZONE with the zone where you want your instance to be located.

    gcloud compute instances create nb-legacy2 \
        --image-project=deeplearning-platform-release \
        --image-family=MY_IMAGE_FAMILY \
        --metadata="proxy-mode=service_account" \
        --scopes=https://www.googleapis.com/auth/cloud-platform \
        --shielded-secure-boot \
        --zone=MY_ZONE
    
  3. Register your Compute Engine VM with the Notebooks API.

What's next