Cloud Workstations provides managed development environments on Google Cloud with built-in security and preconfigured yet customizable development environments. Access Cloud Workstations through a browser-based IDE, from multiple local code editors (such as VSCode or JetBrains IDEs such as IntelliJ IDEA Ultimate and PyCharm Professional), or through SSH. Instead of requiring your developers to install software and run setup scripts, you can create a workstation configuration specifying your environment in a reproducible way. Any updates to a workstation configuration automatically apply to workstations the next time they start.
Cloud Workstations uses the following resources to manage your environments:
Administrators create workstation clusters, which define a group of workstations in a particular region and the VPC network they're attached to. Workstation clusters aren't related to Google Kubernetes Engine (GKE) clusters.
In each workstation cluster, administrators create one or more workstation configurations that act as templates for workstations. The workstation configuration defines details such as the workstation virtual machine (VM) instance type, persistent storage, container image defining environment, which IDE or Code Editor to use, and more. Administrators can also use Identity and Access Management (IAM) rules to grant individual developers or teams access.
Developers can create workstations that define development environments providing a Cloud IDE, language tooling, libraries, and more. Workstations can be started or stopped on demand, and run on Compute Engine VMs in the user's project, with a persistent disk attached to store data between sessions.
Figure 1. Cloud Workstations Concepts
Persistent storage
Workstations run on ephemeral Compute Engine VMs that are deleted when the workstations are stopped, at which point all workstation runtime data is deleted with the VM. Administrators can optionally configure a persistent home directory on a workstation configuration, so all data saved to the home directory persists between sessions. This persistent storage is implemented as a persistent disk that is attached to the workstation VM when the session starts, and detached when the session ends.
Workstation DNS hostnames
Every workstation is given its own unique hostname. All workstations in a workstation cluster share a common, cluster-specific domain name, and the workstation cluster takes care of routing requests for this hostname to the running workstation. The workstation hostname can be used to connect to the workstation via your browser.
Configuration updates
Updates to a workstation configuration automatically apply to workstations when each workstation restarts after the configuration update. For example, increasing the VM size in a workstation configuration increases the VM size of associated workstations as each workstation restarts. Administrators can use idle timeout or total uptime timeout to help ensure that workstations synchronize with configuration updates within a bounded period of time.
Workstation lifecycle
Workstations run on ephemeral VMs, and can be started or stopped on demand to improve cost savings. Additionally, administrators can configure an idle timeout or total uptime timeout to help ensure that workstations shut down when they are no longer used for the day, which reduces costs. It also helps ensure that all workstations synchronize with the latest changes applied to their workstation configuration.
Workstation environment
The Cloud Workstations environment that developers interact with uses a container image that hosts the IDE and all associated tooling. Cloud Workstations provides a number of base images preconfigured with popular IDEs and language tooling. Additionally, users can customize their environments by creating and specifying custom container images that contain the tools necessary to meet their developer's needs. These container images can extend the Cloud Workstations base image or be new Linux container images created from scratch.
Software Delivery Shield
Cloud Workstations is part of the Software Delivery Shield solution. Software Delivery Shield is a fully-managed, end-to-end software supply chain security solution that helps you to improve the security posture of developer workflows and tools, software dependencies, CI/CD systems used to build and deploy your software, and runtime environments such as Google Kubernetes Engine and Cloud Run. To learn how you can use Cloud Workstations with other components of Software Delivery Shield to improve the security posture of your software supply chain, see Software Delivery Shield overview.