Google Compute Engine (GCE) is the core Infrastructure-as-a-Service (IaaS) offering on Google Cloud Platform (GCP). It provides virtual machines (VMs) that run on Google's global infrastructure. This chapter covers everything you need to know about GCE for the ACE exam: VM creation, machine families, pricing, storage options, networking, and lifecycle management. Expect 15-20% of exam questions to touch on GCE concepts, often in scenario-based questions about choosing the right machine type or troubleshooting a misconfigured VM.
Jump to a section
Google Compute Engine (GCE) is like leasing dedicated servers from a massive, fully automated datacenter. You don't own the hardware; you rent virtual machines (VMs) that behave exactly like physical servers. Each VM is a slice of a physical host, isolated by a hypervisor (KVM on Google's custom infrastructure). You choose the shape of your server: number of vCPUs (virtual cores), memory (GB), and local SSD or persistent disk storage. You can create a VM from a public image (like Ubuntu or Windows Server) or your own custom image. Once created, you have root access via SSH (Linux) or RDP (Windows). You can stop, start, reset, or delete the VM at any time. Billing is per second (minimum 1 minute) for the resources you use. You can also attach GPUs, use preemptible instances for cost savings, or create instance templates for autoscaling groups. GCE is the foundational compute service on Google Cloud, used for everything from a single web server to a Kubernetes cluster.
What is Google Compute Engine?
Google Compute Engine (GCE) is the IaaS component of Google Cloud that lets users create and run virtual machines on Google's infrastructure. GCE VMs run on Google's custom-designed servers using the KVM hypervisor, which provides strong isolation between instances. Each VM is a fully functional, standalone computer with its own operating system, disk, and network interfaces.
Why Use GCE?
GCE provides flexibility and control over your computing environment. Unlike App Engine (PaaS) or Cloud Functions (FaaS), GCE gives you full root access, allowing you to install any software, configure the OS, and manage security. It is ideal for workloads that require specific OS configurations, legacy applications, or lift-and-shift migrations from on-premises data centers.
Machine Families
GCE offers several machine families optimized for different workloads: - General-purpose (E2, N2, N2D, N1): Balanced CPU-to-memory ratios, suitable for web servers, small databases, and development environments. - Compute-optimized (C2, C2D): High CPU-to-memory ratio, ideal for batch processing, media transcoding, and high-performance computing. - Memory-optimized (M1, M2, M3): High memory-to-CPU ratio, for large in-memory databases (e.g., SAP HANA) and memory-intensive analytics. - GPU-accelerated (A2, G2): Attach NVIDIA GPUs for machine learning, scientific computing, and graphics rendering.
Each machine type has predefined vCPU and memory combinations. Custom machine types allow you to choose specific vCPU and memory values (subject to limits: e.g., 1 vCPU requires at least 3.75 GB memory on N1).
Instance Templates and Instance Groups
An instance template defines the VM configuration (machine type, boot image, disk, network tags, etc.) and is used to create managed or unmanaged instance groups. Managed instance groups (MIGs) provide autoscaling, rolling updates, and self-healing. Unmanaged instance groups are just collections of VMs without these features.
Pricing and Billing
GCE pricing is per second (minimum 1 minute) for compute time. There are three pricing models: - On-demand: Pay full price per second, no commitment. - Preemptible/Spot: Up to 60-91% discount, but instances can be terminated at any time (max 24 hours). Suitable for fault-tolerant batch jobs. - Committed Use Discounts (CUD): Commit to 1 or 3 years for 57% discount on vCPU and memory.
Disk and network egress are billed separately. Sustained use discounts automatically apply for instances running more than 25% of a month (up to 30% discount).
Storage Options
Each VM can have one or more disk volumes: - Persistent Disk (PD): Network-attached block storage, available as standard (HDD) or SSD. Can be resized online, snapshotted, and attached to multiple VMs in read-only mode. - Local SSD: Physically attached to the host server, very low latency but data is lost on stop/terminate. Up to 3 TB per VM. - Cloud Storage FUSE: Mount GCS buckets as file systems (not for persistent databases).
Boot disks can be public images (Debian, Ubuntu, CentOS, RHEL, Windows Server, etc.) or custom images. You can also use container-optimized OS for running Docker containers.
Networking
Each VM gets a primary internal IP address (private, from the VPC subnet) and optionally an external IP (ephemeral or static). VMs can be placed in a VPC network with firewall rules controlling traffic. You can create multiple network interfaces for multi-homing.
Host project vs. service project: VMs can be in a shared VPC.
Network tags: Used to apply firewall rules to specific instances.
DNS: Internal DNS resolves VM names to internal IPs.
Cloud NAT: Outbound internet access for VMs without external IPs.
Lifecycle of a VM
A VM goes through states: PROVISIONING, STAGING, RUNNING, STOPPING, STOPPED, SUSPENDING, SUSPENDED, TERMINATED. You can stop/start a VM (preserving persistent disks) or reset (reboot the OS). Suspending saves memory state to disk (RAM saved to a suspend file) for faster resume.
Security
IAM roles: Compute Admin, Instance Admin, etc.
Service accounts: VMs can act as a service account to access other GCP services.
OS Login: Manage SSH keys via IAM.
Shielded VMs: Secure boot, vTPM, integrity monitoring.
Confidential VMs: Encrypt data in use with AMD SEV.
Key Defaults and Limits
Default vCPU quota per region: 24 (can be increased).
Maximum persistent disk size: 64 TB.
Maximum local SSD per VM: 3 TB.
Maximum network throughput per VM: up to 100 Gbps (depending on machine type).
Preemptible VM max runtime: 24 hours.
Minimum VM billing: 1 minute.
Configuration and Verification Commands
Create a VM with gcloud:
gcloud compute instances create my-vm \
--zone=us-central1-a \
--machine-type=e2-medium \
--image-family=ubuntu-2204-lts \
--image-project=ubuntu-os-cloud \
--boot-disk-size=20GB \
--tags=http-serverList instances:
gcloud compute instances listSSH into a VM:
gcloud compute ssh my-vm --zone=us-central1-aStop and start:
gcloud compute instances stop my-vm --zone=us-central1-a
gcloud compute instances start my-vm --zone=us-central1-aCreate an instance template:
gcloud compute instance-templates create my-template \
--machine-type=e2-medium \
--image-family=ubuntu-2204-lts \
--image-project=ubuntu-os-cloudCreate a managed instance group:
gcloud compute instance-groups managed create my-mig \
--base-instance-name=my-instance \
--template=my-template \
--size=3 \
--zone=us-central1-aHow GCE Interacts with Other Services
Cloud Load Balancing: Distribute traffic across instance groups.
Cloud DNS: Map domain names to VM external IPs.
Cloud CDN: Cache content from VM backends.
Cloud SQL: Managed databases accessed from VMs via private IP.
Cloud Storage: Store and retrieve objects using gsutil or client libraries.
Cloud IAM: Control who can create, modify, or delete VMs.
Cloud Monitoring: Monitor VM metrics (CPU, disk, network).
Cloud Logging: View VM logs via Cloud Logging agent.
Common Pitfalls
Forgetting to attach a persistent disk when creating a VM from a custom image that doesn't have a boot disk.
Using preemptible VMs for stateful workloads (they can be terminated at any time).
Not setting up a firewall rule to allow HTTP/HTTPS traffic when creating a web server.
Exceeding vCPU quota in a region.
Using local SSD for persistent data (data lost on VM stop).
Exam Tips
Know the difference between standard, premium, and custom machine types.
Understand when to use preemptible vs. on-demand vs. committed use.
Remember that persistent disks can be resized without stopping the VM (only up, not down).
Be familiar with the gcloud compute instances create command flags.
Know that managed instance groups can perform autohealing (recreate unhealthy VMs based on health checks).
1. Choose Machine Type
Select a machine family and type based on workload requirements. For example, for a general-purpose web server, choose N1-standard-1 (1 vCPU, 3.75 GB memory). For a memory-intensive database, choose M1-megamem-96 (96 vCPU, 1.4 TB memory). You can also create custom machine types with specific vCPU and memory. The machine type determines the number of vCPUs, memory, and maximum persistent disk size. It also affects network throughput (e.g., N2 machine types have higher throughput than N1).
2. Choose Boot Disk Image
Select a public image (e.g., Ubuntu 22.04 LTS, Debian 11, Windows Server 2022) or a custom image from your project. The boot disk size defaults to 10 GB for Linux and 50 GB for Windows. You can also attach additional persistent disks for data. If using a container-optimized OS, the VM will run a Docker container as the main process.
3. Configure Networking
Specify the VPC network and subnet. The VM gets a primary internal IP from the subnet range. Optionally, assign an external IP (ephemeral or static). Add network tags (e.g., 'http-server') to apply firewall rules. You can also enable HTTP/HTTPs traffic via the '--tags' flag or via the GCP Console. For advanced networking, you can create multiple network interfaces or use Alias IP ranges.
4. Set Access and Security
Choose a service account for the VM (default is the Compute Engine default service account). Enable OS Login or SSH key management. For Windows VMs, set a password or use gcloud compute reset-windows-password. Shielded VM options can be enabled for secure boot and integrity monitoring. Confidential VM option encrypts memory in use.
5. Add Disks and Other Options
Attach additional persistent disks (SSD or HDD) or local SSDs. Configure disk encryption (CSEK or CMEK). Set instance metadata (e.g., startup script). Enable deletion protection to prevent accidental deletion. Configure availability policies (e.g., preemptibility, automatic restart, and host maintenance behavior). Choose the desired zone (e.g., us-central1-a) for the VM.
6. Launch and Verify
Click 'Create' or run the gcloud command. The VM transitions through PROVISIONING, STAGING, and RUNNING states. Use gcloud compute instances list to verify the VM is running. SSH into the VM using gcloud compute ssh. Check that the firewall rules allow inbound traffic. Monitor the VM in Cloud Console's VM Instances page. If using a startup script, verify it executed correctly by checking serial port output.
Enterprise Scenario 1: Lift-and-Shift Migration
A financial services company wants to migrate its on-premises application servers to Google Cloud. They have 50 Windows Server VMs running a legacy .NET application with SQL Server. They use GCE to create VMs with the same vCPU and memory configuration as their on-premises servers. They use Migrate for Compute Engine (formerly Velostrata) to replicate the disks and perform a cutover. In production, they use managed instance groups with autoscaling based on CPU utilization to handle variable load. Common issues: mismatched machine types causing performance degradation, and forgetting to open firewall ports for database connections. They also use Cloud VPN to connect back to on-premises Active Directory.
Enterprise Scenario 2: High-Performance Computing (HPC)
A research lab uses GCE to run batch simulations for drug discovery. They use preemptible VMs with C2 machine types for compute-intensive tasks. They create a custom image with their simulation software and store results in Cloud Storage. They use a managed instance group with autoscaling based on queue depth (via Cloud Tasks). To handle spot terminations, they checkpoint progress to persistent disk every 10 minutes. Scale: up to 10,000 vCPUs concurrently. Pitfalls: preemptible VMs can cause long tail latency if not checkpointing; also, vCPU quota limits require pre-approval.
Enterprise Scenario 3: Web Application Hosting
An e-commerce company runs a WordPress site on GCE. They use a single N2-standard-4 VM with a 100 GB SSD persistent disk. They attach a static external IP and use Cloud CDN to cache static assets. For the database, they use Cloud SQL instead of running MySQL on the VM. They configure a firewall rule to allow HTTP/HTTPS from 0.0.0.0/0 but restrict SSH to a bastion host. They use Cloud Monitoring to alert on high CPU. Common misconfigurations: not setting up a health check for the load balancer (if using one), and forgetting to enable deletion protection, leading to accidental VM deletion.
What ACE Tests on GCE (Objective 1.2)
The ACE exam tests your ability to create, configure, and manage Compute Engine resources. Key areas: - Instance creation with correct machine type, image, and zone. - Instance groups (managed vs. unmanaged) and autoscaling. - Pricing models (on-demand, preemptible, committed use) and when to use each. - Storage (persistent disk vs. local SSD, snapshots, images). - Networking (firewall rules, network tags, external IPs). - Lifecycle management (stop/start, reset, suspend).
Common Wrong Answers and Why
Choosing 'preemptible' for a stateful database workload. Preemptible VMs can be terminated at any time, so they are not suitable for stateful services. Candidates often think 'preemptible' means 'low cost' without understanding the risk.
Selecting 'local SSD' for persistent data. Local SSD data is lost on VM stop/terminate. Candidates confuse local SSD with persistent disk.
Using 'gcloud compute instances create' without specifying a zone. The command will fail unless a default zone is set. The exam expects you to know that zone is required.
Assuming 'automatic restart' is enabled by default. It is enabled by default, but some candidates think it's disabled.
Specific Numbers and Terms
Minimum VM billing: 1 minute.
Preemptible VM max runtime: 24 hours.
Default boot disk size: 10 GB Linux, 50 GB Windows.
Persistent disk max size: 64 TB.
Local SSD max per VM: 3 TB.
vCPU default quota: 24 per region.
Sustained use discount starts at 25% of a month.
Committed use discount: 1 or 3 years, up to 57%.
Edge Cases and Exceptions
Sole-tenant nodes: VMs that run on dedicated hardware for compliance or licensing.
Shielded VMs: Secure boot and integrity monitoring must be enabled at creation; cannot be added later.
Confidential VMs: Only available on N2D and C2D machine types.
GPU VMs: GPUs cannot be attached to preemptible VMs.
Instance metadata: Startup scripts can be passed via metadata key 'startup-script'.
How to Eliminate Wrong Answers
If a question mentions 'batch processing' or 'fault-tolerant', consider preemptible VMs.
If the question says 'persistent data', eliminate local SSD.
If the question requires a specific OS version, use a custom image or a specific public image family.
For autoscaling, always use managed instance groups.
For zero-downtime updates, use rolling update on managed instance groups.
GCE VMs run on KVM hypervisor with strong isolation.
Machine families: General-purpose (E2, N2), Compute-optimized (C2), Memory-optimized (M1, M2, M3), GPU (A2, G2).
Pricing models: On-demand, Preemptible (max 24h), Committed Use (1 or 3 years).
Minimum billing is 1 minute; per-second billing after that.
Persistent disks are network-attached and persist; local SSDs are ephemeral.
Managed instance groups provide autoscaling, autohealing, and rolling updates.
Default vCPU quota is 24 per region (can be increased).
Shielded VMs and Confidential VMs are security features for sensitive workloads.
Firewall rules are applied via network tags; default deny inbound, allow outbound.
gcloud compute instances create is the primary CLI command for VM creation.
These come up on the exam all the time. Here's how to tell them apart.
Persistent Disk (PD)
Network-attached block storage
Data persists after VM stop/terminate
Can be resized online (up only)
Snapshots available
Slower latency compared to local SSD
Local SSD
Physically attached to the host
Data lost on VM stop/terminate
Cannot be resized
No snapshots
Very low latency, high throughput
Mistake
Preemptible VMs can run indefinitely if you restart them before 24 hours.
Correct
Preemptible VMs have a maximum runtime of 24 hours regardless of restarts. After 24 hours, the instance is terminated and cannot be restarted immediately.
Mistake
Local SSD data persists after stopping the VM.
Correct
Local SSD data is ephemeral and is lost when the VM is stopped or terminated. Only persistent disks retain data across stops.
Mistake
You can change the machine type of a running VM without restarting.
Correct
You must stop the VM to change its machine type. After stopping, you can edit the machine type and start the VM again.
Mistake
All VMs automatically get a public DNS name.
Correct
Only VMs with external IPs get a public DNS name (in the format [instance-name].[zone].c.[project-id].internal). VMs without external IPs have only internal DNS.
Mistake
You can attach a persistent disk in read-write mode to multiple VMs simultaneously.
Correct
A persistent disk can be attached in read-write mode to only one VM at a time. For shared access, use read-only mode or a network file system like Cloud Filestore.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
A persistent disk is network-attached block storage that persists even after the VM is stopped or terminated. You can take snapshots and resize it online. Local SSD is physically attached to the host server, offering very low latency but data is lost when the VM is stopped or terminated. Local SSD cannot be resized or snapshotted. Use persistent disk for persistent data and local SSD for high-performance scratch space.
No, you must stop the VM first. After stopping, you can edit the machine type (e.g., from e2-medium to n1-standard-2) and then start the VM. The persistent disk and internal IP are preserved. The external IP may change if it was ephemeral.
A preemptible VM costs much less (60-91% discount) but can be terminated by Google at any time within 24 hours. Use it for batch jobs, fault-tolerant workloads, or stateless applications that can handle interruptions. Do not use for stateful services like databases or web servers.
You can pass a startup script via metadata. In the gcloud command, use --metadata=startup-script='your script'. In the console, add a metadata key 'startup-script' with the script value. The script runs as root on every boot. For Windows, use 'sysprep-specialize-script-cmd' or 'windows-startup-script-cmd'.
A managed instance group (MIG) uses an instance template to create identical VMs and provides autoscaling, autohealing, rolling updates, and canary deployments. An unmanaged instance group is just a collection of VMs that you manage individually, without those features. Use MIGs for production workloads that need scaling and self-healing.
Create a firewall rule that allows ingress traffic on port 80 (HTTP) or 443 (HTTPS) from 0.0.0.0/0. Apply the rule to the VPC network and target instances with a specific network tag (e.g., 'http-server'). When creating the VM, add the tag using --tags=http-server. Alternatively, use the GCP console's 'Allow HTTP traffic' checkbox.
Yes, you can create a VM with only an internal IP. To provide outbound internet access, use Cloud NAT. For inbound access, you would need a bastion host or Cloud VPN. This is common for database servers or backend services that don't need direct internet exposure.
You've just covered Google Compute Engine — now see how well it sticks with free ACE practice questions. Full explanations included, no account needed.
Done with this chapter?