GCP

You can create a Confidential VM instance as part of creating a new Compute Engine virtual machine.

Before you begin

Before creating a Confidential VM instance, you need to set up your environment as follows:

1. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers get $300 in free credits to run, test, and deploy workloads.

2. In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

   Note: If you don't plan to keep the resources that you create in this procedure, create a project instead of selecting an existing project. After you finish these steps, you can delete the project, removing all resources associated with the project.

   Go to project selector

3. Make sure that billing is enabled for your Google Cloud project.

4. Enable the Compute Engine API.

   Enable the API

5. Optional: To use the gcloud CLI examples in this guide:

   • Install or update to the latest version of the gcloud CLI.

   • Set a default region and zone for your client that supports Confidential VM.

6. Optional: To use the API examples in this guide, set up authentication for your requests. Learn more about OAuth 2.0.

Create an instance

To create an SEV Confidential VM with the Google Cloud console, complete the following steps.

Note: To create an SEV-SNP (Preview) Confidential VM instance, use the gcloud CLI or REST API.

1. In the Google Cloud console, go to the VM instances page.

   Go to VM instances

2. Click Create instance.

3. In the Confidential VM service section, click Enable.

4. In the Enable Confidential Computing dialog, review the list of settings that are updated when you enable the service. They can include the following fields, if they were set to incompatible values.

   • Series and Machine type. For more information, see Machine types, CPUs, and zones.

   • Region and zone. For more information, see Machine types, CPUs, and zones.

   • Boot disk image. For more information, see Operating systems.

   • On-host maintenance. For more information, see Set host maintenance policy of a VM.

   • Network interface card. For more information, see Using Google Virtual NIC.

5. Click Enable.

6. In the Machine configuration section, expand Advanced configurations.

7. For the CPU platform, choose AMD Milan or later.

8. Verify that you are satisfied with these settings, and then click Create.

After you click Create, the VM instances page opens. On this page you can view the status and details for your new instance. When an Available icon appears in the Status column for your Confidential VM instance, it's ready to use.

Enable higher network bandwidth for C2D machine types

The three largest C2D Compute Engine VM shapes (32, 56, and 112) support high-bandwidth networking. When you select a Tier 1 network bandwidth configuration, the data transfer out bandwidth increases from the default 32 Gbps to 50 or 100 Gbps. To achieve the higher Tier 1 bandwidth speeds, the instance must be running the gVNIC virtual network driver. Learn more about configuring a VM with higher bandwidth.