VM Extension Manager helps you manage extensions on your Compute Engine virtual machines (VMs) at scale. Extensions are optional plugins of the Compute Engine guest agent, which runs on your VMs to provide additional functionality. Cloud de Confiance by S3NS develops these extensions to help you monitor and manage your workloads running on Compute Engine VMs. For more information, see the supported extensions.
You can use VM Extension Manager to automate the lifecycle of these extensions across your entire fleet of VMs, without connecting to each VM. It installs and runs extensions on VMs only when a policy is applied to the VM, and removes the extensions when you delete the policy. After you install extensions, VM Extension Manager monitors their health status while they are running.
To manage extensions, VM Extension Manager communicates with the guest agent on each VM through a secure, standardized communication channel.
VM Extension Manager overview
You can use VM Extension Manager to create policies that declare which extensions you want to install on VMs. You can also choose VMs that match specific criteria—for example, VMs with specific labels. These extension policies apply to both existing VMs and any new VMs that match the criteria.
The following diagram illustrates how you can use VM Extension Manager to apply extension policies to VMs based on zones and labels:
As shown in the preceding diagram, you define extension policies within a project. Each policy
specifies extensions to install and a scope, such as VMs in a specific zone or
VMs with particular labels. In Zone A, Extension policy E1 targets VMs with the
env=prod label to install the SAP extension, and Extension policy E2 targets VMs
with test=load-test to install both the SAP extension and Ops Agent. In Zone
B, Extension policy E3 targets VMs with env=prod to install the Ops Agent,
and Extension policy E4 targets VMs with no labels to install Workload extension and Ops Agent. VM Extension Manager lets you add, update, or remove
these policies and view them at a project level to manage extensions across your
fleet of VMs.
The guest agent on each VM periodically communicates with Cloud de Confiance to check for applicable policies. If a VM is targeted by a policy, VM Extension Manager installs the specified extensions and keeps it up-to-date according to the policy. If no extensions are installed on a VM, the guest agent checks for policy updates every eight minutes; otherwise, it checks every minute.
Policy priority and conflict resolution
When multiple policies apply to the same VM, VM Extension Manager uses policy priority to resolve conflicts.
When two policies conflict for the same extension, the policy with the higher priority takes precedence. Priority values range from 0 to 65535, where a lower number signifies a higher priority. The default priority is 1000. If multiple policies have the same priority, the one updated most recently is applied to the VMs. Deleting a policy does not remove the extension if a lower-priority policy still applies to the VM.
VM Extension Manager functions
VM Extension Manager lets you do the following:
- Install extensions at scale: Use policies to install extensions across large fleets of VMs, instead of connecting to each machine individually.
Automate extension updates: Configure policies to keep extensions pinned to a specific version, or automatically updated to the latest version as it becomes available.
View extension status: See which extensions are installed on each VM without logging in to individual machines.
Supported extensions
VM Extension Manager supports installing and managing the following extensions:
| Extension | Description | Required APIs |
|---|---|---|
| Ops Agent | Installs the Ops Agent, which collects logs and metrics from your Compute Engine instances, so that you can view these telemetry on Google Cloud Observability dashboards. | Cloud Monitoring API Cloud Logging API |
| Extension for SAP | Installs Cloud de Confiance by S3NS's Agent for SAP, which is required for SAP systems running on Cloud de Confiance by S3NS. The agent collects SAP Host Agent metrics, Process Monitoring metrics, and Workload Manager evaluation metrics. | Workload Manager API |
| Extension for Compute Workload | Installs Agent for Compute Workloads, which you can configure to collect metrics from multiple workloads running on Compute Engine instances. | Workload Manager API |
Supported operating systems
VM Extension Manager supports installing extensions on any operating system that is supported by the specific extension. For details about supported operating systems for each extension, see the following:
- Ops Agent: Supported operating systems
- Extension for SAP: Supported operating systems
- Extension for Compute Workloads: Supported operating systems
Limitations
VM Extension Manager supports project-level rollout.
Quotas
Each Cloud de Confiance by S3NS project has a limit of 100 VM extension policies per zone. There is no limit on the number of VMs you can select per policy.
Pricing
There is no charge for using VM Extension Manager. However, you might incur charges from using the extensions installed by the policies. For more information, see the pricing pages for the specific extensions:
What's next
To learn more about managing extensions, see the following resources: