Guest environment

Linux Windows

This document provides an overview of the guest environment, which containsscripts, daemons, and binaries that instances need to run onCompute Engine.

The guest environment communicates with the metadata server, which is aper-instance HTTP server that runs alongside every Compute Engineinstance. The metadata server provides the instance with essential configurationand operational data. For more information about the types of metadata that'sstored on the metadata server, seeVM metadata.

The guest environment is automatically installed on Compute Engine instancesthat are created by using most of the Google-provided public operating system(OS) images. Each OS image requires specific guest environment packages.These packages are built either by Google or the operating system distributor.For a full list of OS images that include the guest environment,seeOperating system details.

Guest environment components

The following section describes the packages and services that enable aninstance to communicate with Compute Engine.

The guest agent

The central component of the guest environment is the guest agent, which handlestasks like account management, OS Login integration, and network interfacemanagement. The guest agent is available for both Linux and Windows operatingsystems, with the following package names:

  • Linux:google-guest-agent
  • Windows:google-compute-engine-windows

For detailed information about the guest agent,including its features, architecture, and how to manage the agent, seeGuest agent.

Linux components

The base components of a Linux guest environment aredeb orrpmpackages. Compute Engine creates these packages with the appropriate configurations for thesupported distribution. To see the list of installed packages on your Linuxinstance, connect to the instance, and run the command provided for your OSversion in theInstalled packages by operating system versiontable.

The Linux guest environment includes the following key packages.

Package nameDescriptionKey interactionsLink to source code on GitHub
google-guest-agent

This package is the guest agent for the Linux environment.

The Linux guest agent contains the scripts that run on the guest OS to support Compute Engine features. For detailed information about the guest agent,including its features, architecture, and how to manage the agent, seeGuest agent.

guest-agent
google-compute-engine

Contains the scripts and files required for system initialization and configuration.

This package contains the following:

  • System init scripts forsystemd
  • System configurations, such asudev rules,sysctl rules,rsyslog configs, anddhcp configs, that are used for hostname setting
  • Bash scripts that run during instance boot
  • Agce-resolved.conf file, introduced in October 2024, that ensures that domain lookups for.local Cloud DNS domains route to the metadata server. Without this file, domain lookups route throughsystemd-resolved, which frequently fails.

    If your environment doesn't use.local domains, you can remove thegce-resolved.conf file if it conflicts with your existing configurations.

Works with the following packages to configure instances.
  • google-guest-agent
  • google-compute-engine-oslogin
guest-configs
google-compute-engine-osloginContains the necessary binaries, modules, and scripts to manage instance access using OS Login. OS Login lets you manage access to instances by using IAM roles. For more information about OS Login, seeOS Login.

This package contains the following:

  • Authorized Keys Command: a command that uses the public SSH keys to authenticate users at login.
  • Name Service Switch (NSS) Modules: a service that provides the OS Login user and group information to the system.
  • Pluggable Authentication Modules (PAM): a module that provides authorization (and authentication if two-factor support is enabled) support. This module lets the system use Google Cloud IAM permissions to control whether the system can log into an instance or perform operations as root (withsudo).
  • google_oslogin_nss_cache: a utility for updating the local user and group cache.
  • selinux: a package that contains SELinux policy definition files and a compiled policy package for configuring SELinux to support OS Login.
guest-oslogin
gce-disk-expandContains the components required for resizing a boot disk.Sends logs to the serial portgce-disk-expand
google-osconfig-agentContains the OS Config agent, which VM Manager uses to manage OS inventory, patches, and policies. For more information about the OS Config agent, seeVM Manager.

Reads data from and writes data to theVM metadata

By default, the OS Config agent doesn't collect or send any information until youenable the OS Config agent. After you enable the agent, the agent communicates with the OS Config API service. To review the operations completed by the agent, seeVM Manager audit logging.

guest-osconfig

Windows components

All Google-provided Windows OS images are preconfigured with theGooGet tool and Google Cloud repositories.GooGet installsand maintains the guest environment for Windows instances. If you needto installGooGet and set up repositories, seePackagingand package distribution in thecompute-image-windows GitHub repository. To seethe list of installed packages on your Windows instance, connect to the instance and rungooget installed.

The Windows guest environment includes the following key packages:

Package nameDescriptionKey interactionsLink to source code on GitHub
google-compute-engine-windows

This package is the guest agent for the Windows environment.

The Windows guest agent contains the scripts that run on the guest OS to support Compute Engine features. For detailed information about the guest agent,including its features, architecture, and how to manage the agent, seeGuest agent.

  • Reads data from and writes data to theVM metadata
  • Sends logs to the Windows Application Event Log, serial port, andCloud Logging
guest-agent
google-compute-engine-sysprepContains scripts forgeneralizing a Windows instance in preparation for creating an OS image. The package also includes theinstance_setup.ps1 script that runs on first boot to configure the new instance.
  • Reads data from and writes data to theVM metadata
  • Sends logs to the Windows Application Event Log and serial port
sysprep
google-compute-engine-metadata-scripts

Contains scripts and binaries that runsysprep-specialize,startup, andshutdown scripts.

  • Reads data from and writes data to theVM metadata
  • Reads data from Cloud Storage locations when thesysprep-specialize-script-url andwindows-startup-script-url are used
  • Sends logs to the Windows Application Event Log, serial port, andCloud Logging
google_metadata_script_runner
google-compute-engine-powershellContains a PowerShell module. This module provides common functions that PowerShell scripts in the other Windows guest environment scripts use.Sends logs to the Windows Application Event Log and the serial portPowerShell
google-compute-engine-auto-updater

Contains scripts that update the Compute Engine packages daily.

This package isn't installed by default. This approach lets you maintain the stability of your environment by controlling the update process. If your environment can tolerate updates without disruption, you can install this package to ensure your guest environment packages are updated automatically.

To install this package, use the following command:googet -noconfirm install google-compute-engine-auto-updater

  • Reads data fromVM metadata
  • Calls theGooGet agent to send logs to the Windows Application Event Log and console
auto_updater
google-compute-engine-diagnosticsContains a binary thatcollects diagnostic information from the instance and saves the information to a Cloud Storage bucket. The Windows guest agent executes the binary.Saves data to a Cloud Storage bucketdiagnostics
certgenContains a binary that creates a certificate on the instance.certgen
GooGetContains a binary that installs and maintains the guest environment for Windows instances.Reads data from the Google Cloud repositories located atpackages.cloud.google.comGooGet
google-compute-engine-vssInstalls the Compute Engine VSS agent and provider that takespersistent disk snapshots using Microsoft'sVolume Shadow Copy Service (VSS)Communicates with the Google Cloud snapshot servicevss
google-osconfig-agentContains the OS Config agent, which VM Manager uses to manage OS inventory, patches, and policies. For more information about the OS Config agent, seeVM Manager.

Reads data from and writes data to theVM metadata

By default the OS Config agent doesn't collect or send any information until youenable the OS Config agent. After you enable the agent, the agent communicates with the OS Config API service. To review the operations the agent completes, seeVM Manager audit logging.

guest-osconfig
Compute Engine Windows drivers

Contains several drivers to ensure proper functionality and performance of instances. TheGooGet package manager manages these drivers and publishes them to Google Cloud repositories.

The following Compute Engine drivers are maintained for Windows OS images:

Driver typeDriver package name
Ethernet adaptergoogle-compute-engine-driver-netkvm
SCSI diskgoogle-compute-engine-driver-vioscsi
Display adaptergoogle-compute-engine-driver-gga
Crash handlergoogle-compute-engine-driver-pvpanic
Virtio memory balloon drivergoogle-compute-engine-driver-balloon
Google virtual NICgoogle-compute-engine-driver-gvnic

To install or upgrade a specific driver, run the following command:

        googet installDRIVER_PACKAGE_NAME
compute-windows-drivers

What's next

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-15 UTC.