Your company has about 500 Compute Engine VMs running Debian and CentOS across several projects. A critical CVE must be fixed on every VM within two days. Security says patches must run in a single 4-hour maintenance window, you must avoid logging in to instances, and you must produce a success/failure report afterward. With the least operational effort, what should you do?
Create new instance templates using the latest OS images, migrate all workloads into new managed instance groups during the window, and delete the original VMs afterward.
Write a Cloud Function that uses OS Login over SSH to connect to every VM during the window, run the appropriate yum or apt commands, and export the output to Cloud Logging for later analysis.
Enable VM Manager by turning on the OS Config API in each project, verify the OS Config agent is installed on every VM, and schedule a patch deployment that targets the Debian and CentOS instances during the maintenance window.
Build custom patched images for Debian and CentOS, store them in Artifact Registry, and use Terraform to destroy and recreate each VM from the new images during the maintenance window.
VM Manager's patch management feature (part of OS Config) is designed exactly for fleet-wide patching and reporting. Enabling the OS Config API and ensuring the OS Config agent is present on each VM lets you schedule a patch deployment that targets specific operating systems and defines a maintenance window. The service executes the appropriate package-manager commands without interactive SSH access and automatically generates compliance reports showing success or failure for every instance. Replacing or rebuilding hundreds of VMs, scripting ad-hoc SSH commands, or redesigning the fleet around new images requires far more effort and does not provide centralized compliance reporting.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is VM Manager in GCP?
Open an interactive chat with Bash
What is the OS Config agent, and why is it important?
Open an interactive chat with Bash
How does patch deployment work in VM Manager?
Open an interactive chat with Bash
What is the OS Config API used for?
Open an interactive chat with Bash
How does the OS Config agent work on VMs?
Open an interactive chat with Bash
What is a compliance report in VM Manager?
Open an interactive chat with Bash
GCP Associate Cloud Engineer
Planning and implementing a cloud solution
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99 $11.99
$11.99/mo
Billed monthly, Cancel any time.
$19.99 after promotion ends
3 Month Pass
$44.99 $26.99
$8.99/mo
One time purchase of $26.99, Does not auto-renew.
$44.99 after promotion ends
Save $18!
MOST POPULAR
Annual Pass
$119.99 $71.99
$5.99/mo
One time purchase of $71.99, Does not auto-renew.
$119.99 after promotion ends
Save $48!
BEST DEAL
Lifetime Pass
$189.99 $113.99
One time purchase, Good for life.
Save $76!
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .