[Google Compute Engine] Changes to Windows authentication, new Windows images

191 views
Skip to first unread message

Google Compute Engine Team

unread,
Jun 3, 2015, 5:10:27 PM6/3/15
to gce-an...@googlegroups.com

Greetings Google Cloud Platform users,


Today we released new windows-server-2008-r2-dc-v20150511 and windows-server-2012-r2-dc-v20150511 images that include bug fixes and following improvements:

  • GCE sysprep startup scripts now log to serial console

  • Fixed GCE agent flakiness with static network IPs

  • New authentication scheme [see below]


In this release, we are introducing a new more secure authentication scheme for Windows users and how Windows admin credentials are shared between Cloud Platform tools (Cloud SDK and Developer Console) and Windows instances. Windows admin passwords are generated on instances and are encrypted with user public keys before sending them back to users. Only the user with a matching private key can retrieve the password. You can learn more details about the new Windows authentication scheme here.


The latest version of Cloud SDK includes a new gcloud compute reset-windows-password command that makes the new authentication scheme really easy to use with Cloud SDK. We added a new “Reset Password” button to the  Developers console to help you retrieve Windows password without leaving the browser window. You can also use the latest gcloud with old pre-v20150511 Windows instances and images to pass Windows credentials using instance metadata but in order to do this, you’d need to specify additional command line flags.


Old windows-server-2008-r2-dc-v20150331 and windows-server-2012-r2-dc-v20150331 images are now deprecated and will be deleted on August 8th 2015. We strongly recommend to our Windows customers creating new Windows instances from the new images only.


Please note: you can update your old instances to use new Windows authentication scheme following these guidelines. And if you programmatically create and/or access Windows instances, you can follow these steps to integrate your code with the new authentication scheme.  


As always, please send us any feedback via the normal channels. Customers with paid support can access support through the Google for Work Support Center.


Thank you for your support,


-- Alex Gaysinsky, on behalf of the Google Cloud Platform
Reply all
Reply to author
Forward
0 new messages