How to Create and Starting a VM Instance

This is explains how to create a virtual machine (VM) instance by using a boot disk image, a boot disk snapshot, or a container image. Some images support Shielded VM features, which offer security features such as UEFI-compliant firmware, Secure Boot, and vTPM-protected Measured Boot. On Shielded VMs, vTPM and integrity monitoring are enabled by default.

While creating your VM, you can create one or more disks for it. You can also add more disks to the VM after it’s created. Compute Engine automatically starts the VM instance after you create it.

While creating a VM, you can also add multiple network interfaces. To mitigate your VM’s exposure to threats on the internet, you can omit the external IP address when you add a network interface to the instance. In such cases, the VM is accessible only from other VMs in the same VPC network or a linked network unless you configure Cloud NAT.

For more specific or complicated VM creation, see the following resources:

If you are bringing an existing license, see Bringing your own license with sole-tenant nodes.

Before you begin

Create a VM instance from an image

This section explains how to create a VM from a public OS image or a custom image. A VM contains a bootloader, a boot file system, and an OS image.

View a list of public images available on Compute Engine

Before you create a VM by using a public image, review the list of public images that are available on Compute Engine.

For more information about the features available with each public image, see Feature support by operating system.ConsolegcloudAPI

  1. In the Google Cloud Console, go to the Images page.Go to Images

Create a VM instance from a public image

Google, open source communities, and third-party vendors provide and maintain public OS images. By default, all Google Cloud projects can create VMs from public OS images. However, if your Cloud project has a defined list of trusted images, you can use only the images on that list to create a VM.

If you create a Shielded VM image with a local SSD, you can’t shield data with integrity monitoring or the virtual platform trusted module (vTPM).Permissions required for this taskConsolegcloudAPIPython

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  6. Select a Machine configuration for your VM.
  7. In the Boot disk section, click Change, and then do the following:
    1. On the Public images tab, choose the following:
      • Operating system
      • OS version
      • Boot disk type
      • Boot disk size
    2. Optional: For advanced configuration options, click Show advanced configuration.
    3. To confirm your boot disk options, click Select.
    Note: Unless you explicitly choose a different boot disk, if the name of the new VM matches the name of an existing persistent disk, then the existing persistent disk automatically attaches to the new VM as the boot disk.
  8. In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS).
  9. Optional: If you chose an OS image that supports Shielded VM features, you can modify the Shielded VM settings. To modify shielded VM settings, expand the Security section in the Networking, disks, security, management, sole tenancy section and do the following, as required:
  10. To create and start the VM, click Create.

Create a VM from a custom image

A custom image belongs only to your project. To create a VM with a custom image, you must first create a custom image if you don’t already have one.Note: You must have access to the custom image to use it when you create a VM. By default, you have access to all custom images in your project. However, if your project has a defined list of trusted images, you can use only the images on that list to create a VM.Permissions required for this taskConsolegcloudAPI

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  6. Select a Machine configuration for your VM.
  7. In the Boot disk section, click Change, and then do the following:
    1. Select the Custom Images tab.
    2. To select the image project, click Select a project, and then do the following:
      1. Select the project that contains the image.
      2. Click Open.
    3. In the Image list, click the image that you want to import.
    4. Select the type and size of your boot disk.
    5. Optional: For advanced configuration options, click Show advanced configuration.
    6. To confirm your boot disk options, click Select.
  8. In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
  9. To create and start the VM, click Create.

Create a VM instance with additional non-boot disks

ConsolegcloudAPI

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  6. Select a Machine configuration for your VM.
  7. In the Boot disk section, click Change, and then do the following:
    1. In the Public images tab, choose the following:
      • Operating system
      • OS version
      • Boot disk type
      • Boot disk size
    2. Optional: For advanced configuration options, click Show advanced configuration.
    3. To confirm your boot disk options, click Select.
    Note: Unless you explicitly choose a different boot disk, if the name of the new VM matches the name of an existing persistent disk, then the existing persistent disk automatically attaches to the new VM as the boot disk.
  8. In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic. When you select one of these, Compute Engine adds a network tag to your VM, which associates the firewall rule with the VM. Then, Compute Engine creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS).
  9. To add non-boot disks to your VM, expand the Networking, disks, security, management, sole tenancy section, and then do the following:
    1. Expand the Disks section.
    2. Click Add new disk, and then do the following:
      1. Specify a disk NameTypeSource type, and Size.
      2. In the Attachment settings section, select disk’s attachment Mode and the Deletion rule. For more information about adding new disks, see Creating and attaching a disk.
      3. Click Save.
  10. To create and start the VM, click Create.

Format and mount the disks before using them.

Create a VM instance from a shared image

If another user has shared an image with you, you can use the image to create a VM.Permissions required for this taskConsolegcloudAPI

  1. In the Google Cloud Console, go to the Create an instance page.Go to Create an instance
  2. Specify a Name for your VM. For more information, see Resource naming convention.
  3. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  4. Select a Machine configuration for your VM.
  5. In the Boot disk section, click Change to configure your boot disk, and then do the following:
    1. Select the Custom Images tab.
    2. To select the image project, click Select a project, and then do the following:
      1. Select the project that contains the image.
      2. Click Open.
    3. In the Image list, click the image that you want to import.
    4. Select the type and size of your boot disk.
    5. To confirm your boot disk options, click Select.
  6. To permit HTTP or HTTPS traffic to the VM, in the Firewall section, select Allow HTTP traffic or Allow HTTPS traffic.The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
  7. To start and create a VM, click Create.

Create a VM instance from a snapshot

If you backed up a boot persistent disk with a snapshot, you can use that snapshot to create a VM.

To quickly create more than one VM with the same boot disk, create a custom image and, then create VMs from that image rather than from the snapshot.Important: If you create a VM from a disk snapshot based on a Shielded VM image, the original integrity policy baseline is lost and the first set of boot sequence measurements on the new VM is used as the new baseline. Because this new set of measurements is not verified, you must validate the boot integrity of the VM after you restore from a snapshot. You can do this by manually examining the boot log and verifying that the proper keys are loaded into the SecureBoot database, and that the expected kernel version is running. Also, secrets saved in the vTPM on the originating VM are not accessible on VMs restored from a snapshot of that VM.

Create a VM instance boot disk from a snapshot

You can restore a snapshot of a boot disk to a new boot disk when you create a VM.Permissions required for this taskConsolegcloudAPI

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  6. Select a Machine configuration for your VM.
  7. In the Boot disk section, click Change, and then do the following:
    1. Click the Snapshots tab.
    2. In the Snapshot list, click a snapshot.
    3. Specify the boot disk type and size.
    4. Optional: For advanced configuration options, click Show advanced configurations.
    5. To confirm your boot disk options, click Select.
  8. In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
  9. To create and start the VM, click Create.

Restore non-boot snapshots to a new VM instance

Non-boot snapshots are backups of secondary persistent disks that your VM uses only for data storage. You can restore non-boot snapshots to new disks whenever you create a VM. Alternatively, you can also restore non-boot snapshots to an existing VM.

To restore non-boot snapshots to a new VM, follow these additional steps when you create a VM.Permissions required for this taskConsolegcloudAPI

When restoring non-boot snapshots to a new VM from the console, first create a disk from each snapshot. Then, attach the new disks when you create the VM.

  1. Restore each non-boot snapshot to a new disk.
    1. In the Google Cloud Console, go to the Disks page.Go to Disks
    2. Click Create disk.
    3. Specify a Name for your disk. For more information, see Resource naming convention.
    4. Select the Region and Zone for this disk. The disk and VM must be in the same zone.
    5. Select a disk Type.
    6. Under Source type, select Snapshot.
    7. Under the new Source snapshot field, select a non-boot snapshot that you want to restore to the new disk.
    8. To create the disk, click Create.
    Repeat these steps to create a disk from each snapshot that you want to restore. When creating a VM, you can add up to 15 non-boot disks.
  2. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  3. Select your project and click Continue.
  4. Click Create instance.
    1. Specify a Name for your VM. For more information, see Resource naming convention.
    2. Select the Region and Zone for this VM. The disk and VM must be in the same zone.
    3. Select a Machine type for your VM.
    4. If you want to allow incoming external traffic, change the Firewall rules for the VM.
    5. To attach disks to the VM, expand the Networking, disks, security, management, sole tenancy section, and then do the following:
      1. Expand the Disks section.
      2. Click Attach existing disk.
        1. In the Disk list, select a disk to attach to this VM.
        2. In the Attachment Setting section, select disk’s attachment Mode and the Deletion rule. For more information about adding new disks, see Creating and attaching a disk.
      3. Click Save.
      Repeat these steps for each disk that you want to attach. When creating a VM, you can add up to 15 non-boot disks.
  5. To create and start the VM, click Create.

Create a VM instance from a container image

To deploy and launch a container on a Compute Engine VM, specify a container image name and optional configuration parameters when you create the VM. Compute Engine creates the VM by using the latest version of the Container-optimized OS public image, which has Docker installed. Then, Compute Engine launches the container when the VM starts. For more information, see Deploying containers on VMs.

To create a VM from a container image, you must use the Cloud Console or gcloud.Permissions required for this taskConsolegcloud

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. In the Container section, click Deploy container.
    1. Specify the Container image to use. For example:
      • To select an NGINX 1.12 container image from Cloud Launcher:gcr.io/cloud-marketplace/google/nginx1:1.12
      • To deploy an Apache container image from Docker Hub, always specify the full Docker image name:docker.io/httpd:2.4
    2. Optional: Click Advanced container options. For more information, see Configuring options to run your container.
  6. To create the VM, boot the VM, and launch the container, click Create.

Create a VM instance with access to other Google Cloud Services

If you plan to run an application on your VM that needs access to other Google Cloud services, create a service account before creating the VM, and then set up the VM to run as a service account. A service account is a special account whose credentials you can use in your application code to access other Google Cloud services.

For more information, see Service accounts.

Create a VM instance in a specific subnet

Permissions required for this task

By default, Google Cloud creates an auto mode VPC network called default for each project. To use a different network or a subnet that you manually created in an auto mode or custom mode VPC network, you must specify the subnet when you create the VM.

While creating a VM in a subnet, consider these rules:

Note: You must create the subnet that you want to use before you create the VM. For more information, see Adding a new subnet to an existing VPC network.ConsolegcloudAPI

  1. In the Google Cloud Console, go to the VM instances page.Go to VM instances
  2. Select your project and click Continue.
  3. Click Create instance.
  4. Specify a Name for your VM. For more information, see Resource naming convention.
  5. Optional: Change the Zone for this VM. Compute Engine randomizes the list of zones within each region to encourage use across multiple zones.
  6. In the Firewall section, to permit HTTP or HTTPS traffic to the VM, select Allow HTTP traffic or Allow HTTPS traffic.The Cloud Console adds a network tag to your VM and creates the corresponding ingress firewall rule that allows all incoming traffic on tcp:80 (HTTP) or tcp:443 (HTTPS). The network tag associates the firewall rule with the VM. For more information, see Firewall rules overview in the Virtual Private Cloud documentation.
  7. Expand the Networking, disks, security, management, sole tenancy section.
    1. Expand the Networking section.
    2. For Network interfaces, specify the network details:
      1. In the Network field, select the VPC network that contains the subnet you created.
      2. In the Subnet field, select the subnet for the VM to use.
      3. Click Done.
  8. To create and start the VM, click Create.

Troubleshooting

To find methods for resolving common VM creation errors, see Troubleshooting VM creation.

What’s next?

Try it for yourself 

If you’re new to Google Cloud, create an account to evaluate how Compute Engine performs in real-world scenarios. New customers also get $500 in free credits to run, test, and deploy workloads.

Related posts

Minimal Downtime Migrations to Cloud Spanner with HarbourBridge 2.0

by Cloud Ace Indonesia
2 years ago

Announcing PSP’s cryptographic hardware offload at scale is now open source

by Kartika Triyanti
3 years ago

Automatic data risk management for BigQuery using DLP

by Kartika Triyanti
2 years ago