An N2D machine type with AMD EPYC Milan CPU platform
AMD SEV Confidential Computing technology
Be created after January 15, 2024
All other Confidential VM types don't support live migration, and must set their
onHostMaintenance
policy
to TERMINATE
when being created. This means the VM stops during
host maintenance events.
Host maintenance events for Confidential VM instances that don't support live migration
During host maintenance events, Confidential VM instances that don't support live migration and have default host maintenance policy settings are stopped. They are restarted after the maintenance is complete.
The following table details the default values for host maintenance policy settings on a Confidential VM instance.
Host maintenance policy | Confidential VM default values | Description |
---|---|---|
onHostMaintenance |
TERMINATE |
This property must be set to |
automaticRestart |
true |
When set to true , your Confidential VM instance restarts
after the maintenance is complete. |
hostErrorTimeoutSeconds |
330 |
The number of seconds between 90 and 330
before the host attempts to restart an unresponsive VM. |
With planning, you can minimize the impact of host maintenance events on your Confidential VM instances.
Minimize the impact of host maintenance events
To minimize the impact of host maintenance events, you can simulate one to make sure you're prepared, and optionally provision your Confidential VM instances on a sole-tenancy node.
Simulate a host maintenance event
To test how your applications behave when a Confidential VM instance is restarted, you can simulate a host maintenance event.
Provision your VMs on sole-tenancy nodes
If it fits your needs, you can provision your Confidential VM instances on a sole-tenant node. This lets you determine a 4-hour window in which Google can perform maintenance on your VMs. It also lets you perform a manual live migration, which moves your VM to a different node or node group you control.
What's next
Learn about designing resilient systems.