Ends in
00
hrs
00
mins
00
secs
SHOP NOW

💝 48-Hour Valentine's Sale Extension! Get 30% OFF Any Reviewer. Use coupon code: VDAYSALE2026 & 5% OFF Store Credits/Gift Cards
Back to Course

GCP PlayCloud Labs

0% Complete
0/0 Steps
  1. GCP PlayCloud Labs
  2. Guided Lab: How to Launch a GCP Compute Engine Linux Instance
  3. Guided Lab: Creating a VM Using Instance Templates
  4. Guided Lab: Creating and Managing Instance Groups in Compute Engine
  5. Guided Lab: Creating a Spot VM Instance
  6. Guided Lab: Configuring Shielded VM Options
  7. Guided Lab: Exploring Instance Metadata in Google Cloud
  8. Guided Lab: Vertically Scaling a VM Instance
  9. Guided Lab: Setting up a Web Server on a VM Instance
  10. Guided Lab: Using Startup Scripts in GCP VM Instances
  11. Guided Lab: Creating a Custom Image from a VM Instance with Web Server in Google Cloud
  12. Guided Lab: Creating VM Snapshots and Restoring a VM from a Snapshot
  13. Guided Lab: Setting Up and Managing a Database on a VM Instance
  14. Guided Lab: Installing WordPress on an Ubuntu VM Instance with LEMP Stack
  15. Guided Lab: Deploying a LAMP Stack on a Compute Engine VM
  16. Guided Lab: Reserving or Promoting a Static IP Address for a VM Instance
  17. Guided Lab: SSH Access to GCP VM Instance from Local Machine using SSH Key Pair
  18. Guided Lab: Guarding Your VM with Deletion Protection
  19. Guided Lab: Setting Up a Linux Bastion Host on GCP
  20. Guided Lab: Creating a Cloud Storage Bucket
  21. Guided Lab: Uploading, Organizing, and Managing Objects in Cloud Storage
  22. Guided Lab: Exploring Google Cloud Storage Classes
  23. Guided Lab: Hosting a Static Website in Google Cloud Storage Bucket
  24. Guided Lab: Protecting Data on Cloud Storage Bucket Against Accidental Delete and Overwrite Using Object Versioning
  25. Guided Lab: Using Cloud Storage Lifecycle Rules to Automate Object Management
  26. Guided Lab: Managing Cloud Storage Buckets via SSH Commands
  27. Guided Lab: Creating a Cloud SQL Instance
  28. Guided Lab: Running SQL Commands in Cloud SQL Studio
  29. Guided Lab: Creating and Restoring Cloud SQL Backups
  30. Guided Lab: Integrating Cloud SQL Database instance with a VM instance
  31. Guided Lab: Connecting Cloud SQL Database with MySQL Workbench (Local)
  32. Guided Lab: Guarding Your Cloud SQL Instances with Deletion Protection
  33. Guided Lab: Creating a Cloud NAT Gateway
  34. Guided Lab: Creating a Google Kubernetes Engine (GKE) Cluster
  35. Guided Lab: Connecting to a Kubernetes Engine Cluster
  36. Guided Lab: Deploying a Simple Web Application on GKE
  37. Guided Lab: Creating a Custom Virtual Private Cloud (VPC)
  38. Guided Lab: Establishing VPC Peering for Secure Cross‑Network Communication
  39. Guided Lab: Configuring Firewall Rules to Secure and Access a VM
  40. Guided Lab: Creating an Application Load Balancer
  41. Guided Lab: Creating a Network Load Balancer
GCP PlayCloud Labs Guided Lab: Configuring Shielded VM Options
In Progress
Lesson 6 of 41
In Progress

Guided Lab: Configuring Shielded VM Options

Jon-Bonso

Description

Shielded VMs in Google Cloud provide enhanced security features that help protect against rootkits and boot‑ or kernel-level malware. They use Secure Boot, a virtual Trusted Platform Module (vTPM), and Integrity Monitoring to ensure that your VM’s boot process has not been tampered with.

These features are especially valuable for workloads that require strong security guarantees, such as financial applications, healthcare systems, or regulated environments. By enabling Shielded VM options, you add an extra layer of defense to your Compute Engine instances without changing how you deploy or manage them.

In this guided lab, you will learn how to create a Shielded VM instance in Google Cloud and verify that its security features are active

Prerequisites

To ensure the successful completion of this lab, you must have prior experience in creating VM instances and be familiar with their essential components. If you feel that your knowledge in this area is insufficient, we highly recommend taking this lab to gain the necessary understanding:

Objectives

In this lab, you will:

  • Create a Shielded VM instance.
  • Verify that Secure Boot, vTPM, and Integrity Monitoring are enabled.
  • Test Secure Boot status via system logs.
  • Confirm the presence of the vTPM device inside the VM.

Subscribe to access GCP PlayCloud Labs

Lab Steps

Create a Shielded VM Instance

1. In the Cloud Console, navigate to Compute Engine → VM instances.

2. Click Create instance.

3. Enter the desired name.

4. Select a machine type (e.g., e2-small).

5. Expand the Security section:

  • Check Enable Secure Boot.
  • Check Enable vTPM.
  • Check Enable Integrity Monitoring.

6. Leave other configurations at their default values.

7. Click Create.

Verify Shielded VM Options

1. Once the VM is running, click on the instance name.

2. Scroll to the Security section.

3. Confirm that Secure Boot, vTPM, and Integrity Monitoring are shown as On.

Test Secure Boot

1. Connect to the VM via SSH.

2. Run:

sudo journalctl -k | grep -i secure

3. This confirms Secure Boot status in kernel logs.

Test vTPM Device

1. From the SSH session, run:

ls /dev/tpm*

2. You should see a TPM device (e.g., /dev/tpm0).

3. This confirms that the virtual Trusted Platform Module (vTPM) is available to the VM.

4. Applications can use this device for attestation and cryptographic operations.

Congratulations! You have successfully created a Shielded VM instance in Google Cloud. You enabled Secure Boot, vTPM, and Integrity Monitoring, connected via SSH, and verified that these protections are active. This workflow demonstrates how Shielded VMs provide a stronger security posture for sensitive workloads, ensuring that your VM’s boot process is protected against tampering and unauthorized changes.

Skip to content