U.S. Navy Technology with Google Cloud and STS Jumpstart Expansion Across DoD and Beyond
May 24, 2021The Cybersecurity Executive Order – What It Means and What You Can Do
May 24, 2021OS configuration management is an important way that administrators of large fleets of virtual machines (VMs) can automate and centralize the deployment, configuration, maintenance and reporting of software configurations of those VM instances. You can install security and monitoring agents to make sure all VM are secured and protected, bootstrap management tools or ensure OS compliance across your fleet.
In January, we introduced VM Manager, a suite of infrastructure management tools to simplify and automate the maintenance of large fleets of Compute Engine VMs, including OS patch, OS inventory, and OS configuration management. The first version of OS configuration management helps install and maintain agents and operating system (OS) software configurations at scale, and is currently used in production by hundreds of customers. Today, we are excited to introduce OS configuration management (Preview) with enhanced features and capabilities.
What’s new?
OS configuration management introduces a new UI (in addition to the API and gcloud command-line), providing an at-a-glance compliance view for your VM fleet and the ability to drill down and find the root cause for non-compliant VMs in seconds. The new UI provides a guided wizard-based experience to create and apply policy assignments to managing VM fleets at scale.
In the new version we have also improved reliability with independent zonal services—a user-controlled safe rollout process for deploying policies. If new policies are not working as expected, you can stop the process without impacting all VMs.
Finally, OS configuration management introduces multiple new functional capabilities: dry-run (compliance only) reporting mode; the ability to define, validate and enforce compliance for custom resources periodically; as well as options to exclude or include certain VMs, for example Google Kubernetes Engine (GKE) nodes, based on labels. For more information see OS configuration management overview.
VM Manager uses the OS Config agent to manage VMs. Today, the OS Config agent is pre-installed for all Compute Engine public OS images (Windows, Debian, CentOS, RHEL, Ubuntu, SLES, and Container-Optimized OS) and can be activated with one click across all your VM instances. Once VM Manager is enabled, it automatically activates agents for newly created VMs, making sure the whole fleet is under control.
For OS configuration management (Beta) users
All existing guest policies will continue to work without any changes. We’ll continue to support OS configuration management (beta release) at the same level as before.
A comparison document is available to help you to understand the differences between OS configuration management Preview and Beta to guide you on which version to use.
Get started today
General Availability of OS configuration management is planned for later this year. To learn more about all the new features of OS configuration management, see the OS configuration management documentation.
To learn more about VM Manager, visit the documentation, or watch our Google Cloud Next ‘20: OnAir session, Managing Large Compute Engine VM Fleets.