Product · Workstation
Cloud workstations
A VM-backed dev environment per engineer. Persistent home disk that survives image bumps, suspend at 6 hours idle, resume in about 10 seconds. The image ships with every tool your agent needs to start working.
What's in the box
The workstation image is pre-baked from us-central1-docker.pkg.dev/remoco-cloud/remoco/workstation:v0-3. Updating the image rolls across the fleet on next suspend-resume; no per-user re-install.
| Category | Baked-in |
|---|---|
| Runtime | bun · node · python3 · docker · docker-compose |
| Agent | Claude Code · Codex · gh · gcloud · doppler |
| Networking | cloudflared · portless · openssh · curl · jq |
| Editor bridge | tmux · ssh-agent · rsync |
| Remoco tools | remoco CLI · debugger · injector · overlay |
Lifecycle
Create
Signup creates a workstation instance in your tenant under the cluster remoco, config wiley-xl. First boot pulls the image, mounts a fresh 100GB persistent disk at /home/user, runs /etc/workstation-startup.d/ hooks, and registers your user with cloudflared.
$ remoco user add luke luke@doss.com # creates workstation · grants IAM · prints SSH command
Wake + use
The happy path is gcloud workstations ssh <user> from your Mac, or the agent does it for you. Resume is ~10s. Every dev server runs inside tmux so it survives idle-suspend transparently.
$ remoco dev # launches services in tmux $ remoco worktree hero-redesign # new branch, new stack, new URL $ remoco expose main.web.wiley --access=private
Suspend
After 6 hours with no client connection the VM is suspended. CPU billing stops immediately; persistent disk billing continues at ~$0.12/GB-month. Running dev servers die on suspend — that's why the CLI wraps them in tmux and knows how to resurrect them on wake.
To hold the workstation open longer (e.g., for an overnight background task) bump the idle timeout:
$ gcloud workstations configs update wiley-xl --idle-timeout=172800
Destroy
Deleting the workstation releases the persistent disk according to the reclaim policy (default DELETE). Bump the policy to RETAIN if you need the home disk archived.
Runtime classes
Workstations are sized by class, changeable anytime — your home disk persists across the swap. Pay per hour actively running.
| Class | vCPU | RAM | $/hr active | Best for |
|---|---|---|---|---|
| small | 4 | 16 GB | $0.18 | Web + small API |
| standard | 8 | 32 GB | $0.34 | Fullstack dev |
| large | 16 | 64 GB | $0.62 | Monorepos, parallel worktrees |
| highmem | 8 | 64 GB | $0.58 | Docker, ES, Clickhouse |
| gpu-l4 | 8 | 32 GB | $1.04 | Inference, model eval |
| gpu-a100 | 12 | 85 GB | $3.90 | Training, fine-tunes |
Security model
- Per-user service account with least-privilege IAM
- Workstation VM uses confidential compute (shielded secure boot, vTPM, integrity monitoring)
- SSH via IAP tunnel; no public IPs
- All traffic egresses via cloudflared tunnel — no open ports on the VM
- Secrets resolve at runtime via Doppler or Secret Manager; never baked into the image