Live migration

A Confidential VM instance must have the following configuration to support live migration:
  • An N2D machine type with AMD EPYC Milan CPU platform

  • AMD SEV Confidential Computing technology

  • An operating system image that supports live migration

  • Be created after January 15, 2024

All other Confidential VM types don't support live migration, and must set their onHostMaintenance policy to TERMINATE when being created. This means the VM stops during host maintenance events.

Host maintenance events for Confidential VM instances that don't support live migration

During host maintenance events, Confidential VM instances that don't support live migration and have default host maintenance policy settings are stopped. They are restarted after the maintenance is complete.

The following table shows the default values for host maintenance policy settings on Confidential VM instances that don't support live migration.

Host maintenance policy Confidential VM default values Description
onHostMaintenance TERMINATE

This property must be set to TERMINATE for Confidential VM instances that don't support live migration. This means your Confidential VM instance stops and its status is set to TERMINATED during a maintenance event.

automaticRestart true When set to true, your Confidential VM instance restarts after the maintenance is complete.
hostErrorTimeoutSeconds 330 The number of seconds between 90 and 330 before the host attempts to restart an unresponsive VM.

With planning, you can minimize the impact of host maintenance events on your Confidential VM instances.

Minimize the impact of host maintenance events

To minimize the impact of host maintenance events on Confidential VM instances that don't support live migration, you can do the following things:

Monitor for maintenance event notices

To receive advance notice of host events, monitor the /computeMetadata/v1/instance/maintenance-event metadata value. To do so, request an event notice by running the following command on your Confidential VM instance:

curl http://metadata.google.internal/computeMetadata/v1/instance/maintenance-event -H "Metadata-Flavor: Google"

If the request to the metadata server returns NONE, then the VM isn't scheduled to stop. If the metadata server returns TERMINATE_ON_HOST_MAINTENANCE, then your VM is scheduled for stopping.

The following table shows the host maintenance event notification period for Confidential VM instances that don't support live migration, organized by Confidential Computing technology type. Use these periods to plan around host maintenance events accordingly.

Confidential Computing technology Machine type Notification period
AMD SEV C2D None
C3D 7 days
AMD SEV-SNP N2D 1 hour
Intel TDX c3-standard-* 7 days

Simulate a host maintenance event

To test how your workload behaves when a Confidential VM instance is restarted, you can simulate a host maintenance event. As you work through the simulated event, think about how you can change your workload to be resilient when a real event happens.

Change your workload

After simulating a host maintenance event, you can use the experience to modify your workload to respond to one. For example, you might make use of one of the following techniques:

Provision your Confidential VM instances on sole-tenancy nodes

If it fits your needs, you can provision your Confidential VM instances on a sole-tenant node. This lets you determine a 4-hour window in which Google can perform maintenance on your VMs. It also lets you perform a manual live migration, which moves your VM to a different node or node group you control.

See Sole-tenant node pricing.

What's next

Learn about designing resilient systems.