Create an instance with Confidential Computing

This document describes how to create a Vertex AI Workbench instance with Confidential Computing enabled.

Overview

Confidential Computing is the protection of data in-use with hardware-based Trusted Execution Environment (TEE). TEEs are secure and isolated environments that prevent unauthorized access or modification of applications and data while they are in use. This security standard is defined by the Confidential Computing Consortium.

When you create a Vertex AI Workbench instance with Confidential Computing enabled, your new Vertex AI Workbench instance is a Confidential VM instance. To learn more about Confidential VM instances, see the Confidential VM overview.

Before you begin

Sign in to your Google Cloud account. If you're new to Google Cloud, create an account to evaluate how our products perform in real-world scenarios. New customers also get $300 in free credits to run, test, and deploy workloads.

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Compute Engine and Notebooks APIs.

Enable the APIs

In the Google Cloud console, on the project selector page, select or create a Google Cloud project.

Go to project selector

Make sure that billing is enabled for your Google Cloud project.

Enable the Compute Engine and Notebooks APIs.

Enable the APIs

Required roles

To get the permissions that you need to create a Vertex AI Workbench instance, ask your administrator to grant you the Notebooks Runner (roles/notebooks.runner) IAM role on the project. For more information about granting roles, see Manage access to projects, folders, and organizations.

You might also be able to get the required permissions through custom roles or other predefined roles.

Create an instance

You can create an instance with Confidential Computing enabled by using the gcloud CLI or the REST API:

gcloud

To create a Vertex AI Workbench instance with Confidential Computing enabled, use the gcloud workbench instances create command and set --confidential-compute-type to SEV.

Before using any of the command data below, make the following replacements:

INSTANCE_NAME: the name of your Vertex AI Workbench instance; must start with a letter followed by up to 62 lowercase letters, numbers, or hyphens (-), and cannot end with a hyphen
PROJECT_ID: your project ID
LOCATION: the zone where you want your instance to be located
MACHINE_TYPE: the machine type of your instance's VM, for example: n2d-standard-2

Execute the following command:

Linux, macOS, or Cloud Shell

gcloud workbench instances create INSTANCE_NAME \
    --project=PROJECT_ID \
    --location=LOCATION \
    --machine-type=MACHINE_TYPE \
    --confidential-compute-type=SEV

Windows (PowerShell)

gcloud workbench instances create INSTANCE_NAME `
    --project=PROJECT_ID `
    --location=LOCATION `
    --machine-type=MACHINE_TYPE `
    --confidential-compute-type=SEV

Windows (cmd.exe)

gcloud workbench instances create INSTANCE_NAME ^
    --project=PROJECT_ID ^
    --location=LOCATION ^
    --machine-type=MACHINE_TYPE ^
    --confidential-compute-type=SEV

Vertex AI Workbench creates an instance and automatically starts it. When the instance is ready to use, Vertex AI Workbench activates an Open JupyterLab link in the Google Cloud console.

REST

To create a Vertex AI Workbench instance with Confidential Computing enabled, use the projects.locations.instances.create method and include a confidentialInstanceConfig in your GceSetup.

Before using any of the request data, make the following replacements:

PROJECT_ID: your project ID
LOCATION: the zone where you want your instance to be located
MACHINE_TYPE: the machine type of your instance's VM, for example: n2d-standard-2

HTTP method and URL:

POST https://notebooks.googleapis.com/v2/projects/PROJECT_ID/locations/LOCATION/instances

Request JSON body:

{
  "gce_setup": {
    "machine_type": "MACHINE_TYPE",
    "confidentialInstanceConfig": {
      "confidentialInstanceType": SEV
    }
  }
}

To send your request, choose one of these options:

curl

Note: The following command assumes that you have logged in to the gcloud CLI with your user account by running gcloud init or gcloud auth login , or by using Cloud Shell, which automatically logs you into the gcloud CLI . You can check the currently active account by running gcloud auth list.

Save the request body in a file named request.json, and execute the following command:

curl -X POST \
     -H "Authorization: Bearer $(gcloud auth print-access-token)" \
     -H "Content-Type: application/json; charset=utf-8" \
     -d @request.json \
     "https://notebooks.googleapis.com/v2/projects/PROJECT_ID/locations/LOCATION/instances"

PowerShell

Note: The following command assumes that you have logged in to the gcloud CLI with your user account by running gcloud init or gcloud auth login . You can check the currently active account by running gcloud auth list.

Save the request body in a file named request.json, and execute the following command:

$cred = gcloud auth print-access-token
$headers = @{ "Authorization" = "Bearer $cred" }

Invoke-WebRequest `
    -Method POST `
    -Headers $headers `
    -ContentType: "application/json; charset=utf-8" `
    -InFile request.json `
    -Uri "https://notebooks.googleapis.com/v2/projects/PROJECT_ID/locations/LOCATION/instances" | Select-Object -Expand Content

Vertex AI Workbench creates an instance and automatically starts it. When the instance is ready to use, Vertex AI Workbench activates an Open JupyterLab link in the Google Cloud console.

Confirm whether an instance has Confidential Computing enabled

To confirm whether a Vertex AI Workbench instance has Confidential Computing enabled, do the following:

In the Google Cloud console, go to the Instances page.

Go to Instances
In the Instance name column, click the name of the instance that you want to check.

The Instance details page opens.
Next to VM details, click View in Compute Engine.
On the Compute Engine details page, the value for Confidential VM service shows either Enabled or Disabled.

Limitations

When you create or use a Vertex AI Workbench instance with Confidential Computing enabled, the following limitations apply:

Only N2D machine types are supported. See N2D machine types.
Confidential Computing can't be enabled or turned off after you create the Vertex AI Workbench instance.

Billing

While this feature is in Preview, charges for using Vertex AI Workbench instances with Confidential Computing are the same as using instances without Confidential Computing. See Pricing.

What's next

To use a notebook to help you get started using Vertex AI and other Google Cloud services, see Vertex AI notebook tutorials.
To check on the health status of your Vertex AI Workbench instance, see Monitor health status.