Stay organized with collections
Save and categorize content based on your preferences.
Use a shielded virtual machine with user-managed notebooks
So you can be confident that your instances have not been compromised by
boot- or kernel-level malware or rootkits,
Shielded VM offers verifiable integrity of Compute Engine VM
instances.
Shielded VM's verifiable integrity is achieved through the
use of Secure Boot,
virtual trusted platform module
(vTPM)-enabled Measured
Boot, and integrity
monitoring.
To use Shielded VM with user-managed notebooks,
you must create
a Deep Learning VM Images with a Debian 10 OS that
is version
M51
or higher.
While using Vertex AI Workbench, you can't use
shielded VM user-managed notebooks instances
that use GPU accelerators.
Create a user-managed notebooks instance using a shielded VM
To create a shielded VM that you can use with
user-managed notebooks, complete the following steps:
Select the image family that you want your instance to be based
on. Use the following Google Cloud CLI command to
list the available image families that are compatible
with user-managed notebooks
and Shielded VM. You can run the command in
Cloud Shell
or any environment where the Google Cloud CLI
is installed.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-25 UTC."],[],[],null,["# Use a shielded virtual machine with Vertex AI Workbench user-managed notebooks\n\nUse a shielded virtual machine with user-managed notebooks\n==========================================================\n\n\n| Vertex AI Workbench user-managed notebooks is\n| [deprecated](/vertex-ai/docs/deprecations). On\n| April 14, 2025, support for\n| user-managed notebooks will end and the ability to create user-managed notebooks instances\n| will be removed. Existing instances will continue to function\n| but patches, updates, and upgrades won't be available. To continue using\n| Vertex AI Workbench, we recommend that you\n| [migrate\n| your user-managed notebooks instances to Vertex AI Workbench instances](/vertex-ai/docs/workbench/user-managed/migrate-to-instances).\n\n\u003cbr /\u003e\n\nSo you can be confident that your instances have not been compromised by\nboot- or kernel-level malware or rootkits,\nShielded VM offers verifiable integrity of Compute Engine VM\ninstances.\nShielded VM's verifiable integrity is achieved through the\nuse of [Secure Boot](/compute/shielded-vm/docs/shielded-vm#secure-boot),\n[virtual trusted platform module\n(vTPM)](/compute/shielded-vm/docs/shielded-vm#vtpm)-enabled [Measured\nBoot](/compute/shielded-vm/docs/shielded-vm#measured-boot), and [integrity\nmonitoring](/compute/shielded-vm/docs/shielded-vm#integrity-monitoring).\n\nFor more information, see\n[Shielded VM](/security/shielded-cloud/shielded-vm).\n\nRequirements and limitations\n----------------------------\n\nTo use Shielded VM with user-managed notebooks,\nyou must create\na Deep Learning VM Images with a Debian 10 OS that\nis [version\nM51](/deep-learning-vm/docs/release-notes#July_13_2020)\nor higher.\n\nWhile using Vertex AI Workbench, you can't use\nshielded VM user-managed notebooks instances\nthat use GPU accelerators.\n\nCreate a user-managed notebooks instance using a shielded VM\n------------------------------------------------------------\n\nTo create a shielded VM that you can use with\nuser-managed notebooks, complete the following steps:\n\n1. [Select the image family](/vertex-ai/docs/workbench/user-managed/images) that you want your instance to be based\n on. Use the following [Google Cloud CLI](/sdk/gcloud) command to\n list the available image families that are compatible\n with user-managed notebooks\n and Shielded VM. You can run the command in\n [Cloud Shell](https://console.cloud.google.com?cloudshell=true)\n or any environment where the [Google Cloud CLI](/sdk/docs)\n is installed.\n\n ```bash\n gcloud compute images list \\\n --project deeplearning-platform-release \\\n --no-standard-images | grep debian-10\n ```\n2. Use the following command to create the Compute Engine instance.\n\n ```bash\n gcloud compute instances create nb-legacy2 \\\n --image-project=deeplearning-platform-release \\\n --image-family=MY_IMAGE_FAMILY \\\n --metadata=\"proxy-mode=service_account\" \\\n --scopes=https://www.googleapis.com/auth/cloud-platform \\\n --shielded-secure-boot \\\n --zone=MY_ZONE\n ```\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eMY_IMAGE_FAMILY\u003c/var\u003e: the image family name that you want to use to create your VM\n - \u003cvar translate=\"no\"\u003eMY_ZONE\u003c/var\u003e: the zone where you want your instance to be located\n3. [Register your Compute Engine VM with the\n Notebooks API](/vertex-ai/docs/workbench/user-managed/registering-legacy-notebooks#register).\n\nWhat's next\n-----------\n\n- Learn more about [user-managed notebooks image\n families](/vertex-ai/docs/workbench/user-managed/images).\n\n- Learn more about [modifying Shielded VM\n options](/compute/shielded-vm/docs/modifying-shielded-vm)."]]
