Welcome to issue #408 July 22nd, 2024

News

Cloud Run GKE Autopilot Official Blog Serverless

Flexible committed-use discounts are now even more flexible - Google Cloud has expanded its Compute Flexible Committed-use Discounts (CUDs) to cover Cloud Run on-demand resources, most GKE Autopilot Pods, and premiums for Autopilot Performance and Accelerator compute classes. With this single unified CUD, customers can save up to 46% for a three-year commitment and 28% for one-year commitments across Compute Engine, GKE, and Cloud Run.

Cloud Bigtable Data Analytics Databases Infrastructure Official Blog

One database to rule them all with Bigtable hybrid transactional and analytical processing (HTAP) - Bigtable recently added distributed counters, request priorities, write flow control, and Data Boost features to make it easier to perform both OLAP and OLTP with a single database. These features can help you spread your batch jobs out over time with greater reliability and reduced operational management, use fewer resources, and avoid impacting your serving workload.

Cloud Spanner Databases Official Blog

New Spanner geo-partitioning improves performance and lowers costs - Spanner geo-partitioning improves performance and lowers costs by allowing you to partition your table data at the row-level, across the globe, to serve data closer to your users.

Data Analytics Dataplex Official Blog

Discover a brand new catalog experience in Dataplex, now generally available - Dataplex Catalog, Google Cloud's next-generation data asset inventory platform, provides a unified inventory for all your metadata, whether your resources are in Google Cloud or on-premises.

Google Kubernetes Engine Official Blog

Introducing GKE extended support: Stay on a GKE minor version for up to 24 months - Google Cloud introduces GKE extended support, allowing customers to stay on a specific GKE minor version for up to 24 months, providing an additional ~10 months of security patches after the standard 14 months of support.

Official Blog VMware Engine

VMware Cloud Foundation on Google Cloud VMware Engine: 20% lower price and up to 40% in migration incentives - Google Cloud VMware Engine (GCVE) now offers lower pricing and migration incentives. New GCVE node types provide cost-effective options for different workload requirements. Commercial incentives of up to 40% of GCVE first-year spend are available, along with no-fee proof of concepts and trials.

Cloud Storage Official Blog

Blazing-fast Cloud Storage uploads and downloads with client libraries - Cloud Storage client libraries now include a transfer manager to maximize throughput for data-intensive workloads like analytics and AI/ML. The transfer manager can run concurrent operations on multiple files at once and provides a "divide-and-conquer" strategy for large files.

Distributed Cloud Official Blog

Bringing cloud and AI capabilities to the tactical edge: Google Distributed Cloud air-gapped appliance is generally available - Google Distributed Cloud air-gapped appliance is now generally available. It brings Google’s cloud and AI capabilities to tactical edge environments, enabling real-time local data processing for AI use cases.

Official Blog Public Sector

Cyber Public Health: A new approach to cybersecurity - Cyber Public Health (CPH) is a new approach to cybersecurity that focuses on measuring and reporting the practices that have been proven to reduce cyber-risk. CPH can help us understand if our individual efforts organizations take to secure their systems are adding up to a greater overall cyber public health benefit.

Data Analytics Gemini Looker Official Blog

AI-powered slide generation and formula assistant come to Gemini in Looker - Gemini in Looker, a business intelligence tool, introduces two new features: automated Google Slides generation and an AI-powered formula assistant. With Google Slides generation, users can create presentations with insightful chart summaries from Looker Studio Pro in seconds.

GCP Certification Official Blog Security

Modern SecOps Masterclass: Now Available on Coursera - Google Cloud has launched a Modern SecOps (MSO) course, a six-week, platform-agnostic education program designed to equip security professionals with the latest skills and knowledge to modernize their security operations.

Networking Official Blog

Cross-Cloud Network: Design global distributed applications at scale - The Cross-Cloud Network is a private, customizable, and flexible networking solution that enables enterprises to connect, secure, and deliver applications across on-premises, Google Cloud, and third-party cloud environments.

Gemini Official Blog Threat Intelligence

Scaling Up Malware Analysis with Gemini 1.5 Flash - Google's Gemini 1.5 Flash model, designed for large-scale malware analysis, processes up to 1,000 requests per minute and 4 million tokens per minute. It analyzes decompiled binaries, providing accurate summary reports in human-readable language.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Gemini Official Blog Security Threat Intelligence

AI-Powered Learning: Your NIST NICE Prompt Library (Built with Google Gemini) - The NIST NICE framework provides a roadmap for cybersecurity education and workforce development. It maps roles to specific tasks, knowledge, and skills (TKSs) necessary for successful responsibilities. AI-powered prompts can help you navigate this roadmap and accelerate your mastery of the essential competencies outlined in the NICE framework.

Official Blog Security

Navigating the EU AI Act: Google Cloud's proactive approach - Google Cloud is committed to supporting customers in navigating the EU AI Act, a new legal framework for AI systems.

CISO Official Blog

Cloud CISO Perspectives: How to think about security budgets - In this newsletter, Google Cloud's VP of TI Security and CISO, Phil Venables, discusses the importance of security budgets and how CISOs can partner with their CIOs and CTOs to advocate for a properly-sized budget.

Security Threat Intelligence

Google Cloud Security Threat Horizons Report #10 Is Out!

Official Blog Threat Intelligence

APT41 Has Arisen From the DUST

Distributed Cloud Official Blog Public Sector

Defending sovereign workloads: Google Distributed Cloud's air-gapped approach to Zero Trust - Google Distributed Cloud (GDC) offers a comprehensive suite of solutions, including GDC air-gapped, a disconnected private cloud environment for managing classified data. GDC implements a robust Zero Trust architecture tailored for air-gapped environments, eliminating implicit trust by regularly authenticating users, devices, and workloads.

Machine Learning

Smart VPC Service Controls — Making it smarter - Integrating VPC SC with AI capabilities.

Billing DevOps Docker Terraform

Deploy Cost-Effective Spot Instances for Testing Environments in GCP with Terraform - This article discusses how to set up cost-effective spot instances for testing environments in Google Cloud Platform using Terraform.

VM Manager

Efficient Cloud Management: Exploring Google Cloud Platform’s VM Manager

App Development, Serverless, Databases, DevOps

Generative AI Official Blog Security

How to build user authentication into your gen AI app-accessing database - Generative AI agents can efficiently interact with data in databases to provide summaries, answer complex questions, and generate insightful content. However, concerns persist around safeguarding sensitive user data when integrating this technology. Rather than give the foundation model unbounded access, we can define specific tool functions that the agent uses to access database information securely and predictably.

Python

Streamlit & Google Cloud Storage: Your Easy File Upload Guide - A Python tutorial to upload files to Google Cloud using Streamlit.

Cloud Storage Python

Introducing gs-fastcopy - gs-factcopy is a Python library that optimizes file copying & compression for large files on Google Cloud Storage.

Cloud Run Cloud Storage

Working with Files in Cloud Run Jobs: Introducing GCS Fuse - Using functionality to mount Cloud Storage files through GCS Fuse as a local folder and use in the Cloud Run Jobs.

AlloyDB Databases GCP Experience Official Blog

Endear seamlessly integrates vast data sources with AlloyDB - Endear, an omnichannel CRM platform, migrated from Cloud SQL to AlloyDB for PostgreSQL to handle increasing demand and provide real-time insights to clients.

AlloyDB Databases GCP Experience Official Blog

SEEBURGER BIS on AlloyDB: A secure, scalable business-critical integration platform - SEEBURGER BIS Platform, a leading integration platform, has chosen AlloyDB for PostgreSQL as its cloud database of choice. AlloyDB's seamless PostgreSQL compatibility, enhanced scalability, reduced operational overhead, and deployment flexibility make it an ideal fit for SEEBURGER's needs.

Artifact Registry GitHub Python

Create, version, and manage your library using Poetry and Google Artifact Registry - Using Poetry with.

Big Data, Analytics, ML&AI

Kafka for BigQuery

Kafka for BigQuery: A Promising Tool with Room for Improvement - Explore the new Kafka for BigQuery tool on GCP. Learn its strengths, limitations, and potential improvements needed for better adoption and.

BigQuery Data Analytics Official Blog Partners

How BioCorteX uses BigQuery to help answer the question “Will this drug work?” - BioCorteX, a leading techbio company, uses Google Cloud's BigQuery to accelerate drug development by uncovering hidden interactions between bacteria, human physiology, diseases, and drugs. Their biology emulator, Carbon Mirror, built on the massive biology-based knowledge graph, Carbon Knowledge, stored in BigQuery, enables fast and accurate in-silico trials, reducing failure rates and increasing the chances of successful drug development.

Data Science Teradata Vertex AI

Announcing Teradata VantageCloud Lake on Google Cloud - This integration provides the trusted data foundation necessary for robust AI and analytics initiatives.

Generative AI Machine Learning Vertex AI Workflows

Orchestrate Generative AI Applications - with Cloud Workflows.

LLM Vertex AI

Control LLM output with response type and schema - Vertex AI introduces two new features, response_mime_type and response_schema, to control the output format of large language models (LLMs).

AI Generative AI Machine Learning

Quizaic — A Generative AI Case Study - Quizaic, a trivia quiz generator app powered by generative AI, showcases the potential and challenges of harnessing this technology.

Gemini LLM Machine Learning

Is a Zero Temperature Deterministic? - Learn more about a crucial LLM model parameter, and how to configure it on Gemini Pro with Vertex AI.

Billing Generative AI LLM

Control LLM costs with context caching - Context caching is a cost-saving technique for large language models (LLMs) with extensive context windows. The cached content can be used for subsequent prompts, and the number of input tokens cached are billed at a reduced rate.

Slides, Videos, Audio

Security Podcast - #181 Detection Engineering Deep Dive: From Career Paths to Scaling SOC Teams.

 

Releases

AlloyDB - Cross-region backup location is now generally available (GA).

Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.120.1, Config Sync v1.18.2.

GDCV for VMware - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26925 For more details, see the GCP-2024-045 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26921 CVE-2024-36972 For more details, see the GCP-2024-043 and GCP-2024-044 security bulletins. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26809 For more details, see the GCP-2024-042 security bulletin.

Apigee Integrated Portal - On July 16, 2024 we released a new version of the Apigee integrated portal. This release includes general improvements to performance and availability.

Apigee Advanced API Security - The preview release of generative AI summaries and recommendations for Advanced API Security Abuse Detection incidents has been temporarily disabled due to a known issue.

AppEngine Standard JAVA Second Generation - You can now configure an HTTP connector to improve CPU and memory utilization for your App Engine apps.

Application Integration - You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification.

Google Cloud Armor - Granular models for Cloud Armor Adaptive Protection are now Generally Available.

AutoML Tables - The shutdown date for AutoML Tables has changed from Mar 31, 2024 to July 24, 2024.

BigQuery - The following BigQuery migration assessment features are now generally available (GA): When you run a migration assessment, the migration assessment now automatically creates a BigQuery dataset to store the assessment results. While a migration assessment is running, you can view the assessment report with partial data. You can also view its progress and estimated completion time in the status icon tooltip. You can view more information and errors about a migration assessment in the assessment details page. You can now configure the default storage billing model for new datasets. When you run a migration assessment for Amazon Redshift, Teradata, or Snowflake, the service also creates a dataset containing only highly aggregated assessment results.

Chronicle - When you migrate an existing Google SecOps instance so that it is bound to a Google Cloud project, you can also use auto-generated commands to migrate your existing feature RBAC configuration to IAM permissions and roles. On December 31, 2024, the managed BigQuery data lake for export will not be accessible to Google SecOps customers except for customers in the Enterprise Plus Tier. The third-party API feed Symantec Event Export has been discontinued due to the deprecation of Symantec Event Export API.

Cloud Composer - Information about excluded Cloud Storage objects in the environment's bucket is no longer logged. A new Cloud Composer release has started on July 17, 2024. Airflow 2.9.1 is available in Cloud Composer images and builds. (Airflow 2.9.1) Task context logging is disabled, and it is not possible to enable it. (Airflow 2.9.1) Raw HTML code in DAG docs and DAG parameter descriptions is disabled by default. (Airflow 2.9.1) Audit log permissions are revoked from all roles except Admin. The apache-airflow-providers-google package was upgraded to version 10.21.0 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. When installing PyPI packages, if you want your builds to run with a custom service account, you can override the COMPOSER_AGENT_BUILD_SERVICE_ACCOUNT environment variable with the chosen service account. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.9.1-build.0 composer-3-airflow-2.7.3-build.9. Cloud Composer 2.8.6 images are available: composer-2.8.6-airflow-2.9.1 composer-2.8.6-airflow-2.7.3 (default) composer-2.8.6-airflow-2.6.3. Support dates for previous Cloud Composer 3 builds are available. Cloud Composer version 2.3.4 has reached its end of support period. It is no longer possible to create Cloud Composer 1 environments in Google Cloud console.

Compute Engine - Generally available: C3 bare metal machine types are available in the C3 machine series. Compute flexible committed use discounts (CUDs)—previously known as Compute Engine flexible CUDs—have been expanded to also cover your Cloud Billing account's spend across Google Kubernetes Engine (GKE) and Cloud Run. Generally available: You can limit the run time of VMs, which automatically stops or deletes a VM after a specific time or duration.

Contact Center AI Platform - Version 3.20 is released All release notes published on this date are part of version 3.20. Agent chat adapter redesign We have redesigned the agent chat adapter to streamline workflows, boost productivity, and improve the agent experience. Mobile SDK 2.8 is released Mobile SDK 2.8 includes the following update: added support for landscape mode.

Data Fusion - Cloud Data Fusion versions 6.9 and later store pipeline run records for 30 days by default. The Cloud Storage Copy/Move plugin version 0.23.2, which is bundled with Google Cloud Platform plugin, is available in Cloud Data Fusion versions 6.10.0 and later.

Dataform - As of Dataform Core 3.0.0., Dataform doesn't distribute a Docker image.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.70 1.2.14 2.0.78 2.2.14.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.112-debian10, 2.0.112-rocky8, 2.0.112-ubuntu18 2.1.60-debian11, 2.1.60-rocky8, 2.1.60-ubuntu20, 2.1.60-ubuntu20-arm 2.2.26-debian12, 2.2.26-rocky9, 2.2.26-ubuntu22.

Deep Learning Containers - M123 release Hugging Face Text Generation Inference 2.1 GPU container images are now available.

Deep Learning VM - M123 release TensorFlow 2.16 images are now available.

Cloud Data Loss Prevention - The ARMENIA_PASSPORT infoType detector is available in all regions.

Document AI - For custom extractor with generative AI, model pretrained-foundation-model-v1.1-2024-03-12 provides fine-tuning for US/EU in Public preview.

Integration Connectors - You can now share custom connectors between different Google Cloud projects by exporting and importing the connector specification.

Google Kubernetes Engine - The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26925 For more details, see the GCP-2024-045 security bulletin. (2024-R25) Version updates GKE cluster versions have been updated. GKE Autopilot now supports opportunistic bursting and lower Pod minimums upon cluster creation or upgrade to 1.30.2-gke.1394000 or later, resolving a previous issue with containerd. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26921 For more details, see the GCP-2024-043 security bulletin. Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details). The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-36972 For more details, see the GCP-2024-044 security bulletin. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-26809 For more details, see the GCP-2024-042 security bulletin.

GKE new features - Compute flexible committed use discounts (CUDs), previously known as Compute Engine Flexible CUDs, have been expanded to include several GKE Autopilot and Cloud Run SKUs (see the GKE CUD documentation for details).

Load Balancing - Regional external Application Load Balancers, cross-region internal Application Load Balancers, regional internal Application Load Balancers, regional internal proxy Network Load Balancers, cross-region internal proxy Network Load Balancers, and regional external proxy Network Load Balancers support IPv4 and IPv6 (dual-stack) backends.

Cloud Logging - The permissions required to use saved and recent queries have changed.

Cloud Run - You can now disable the default run.app URL for your Cloud Run services (Preview). Compute flexible committed use discounts are now available for Cloud Run services with CPU always allocated, and Cloud Run jobs.

Sensitive Data Protection - The ARMENIA_PASSPORT infoType detector is available in all regions.

SAP Solutions - New SAP certifications: C3 bare metal machine types SAP has certified the following Compute Engine bare metal machine types: c3-highmem-192-metal for use with SAP HANA OLAP and OLTP workloads. New SAP certification for operating systems For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system Red Hat Enterprise Linux (RHEL) for SAP 9.4.

Cloud Spanner - Spanner now includes the JSON_ARRAY() and JSON_OBJECT() functions for building JSON types in GoogleSQL. Spanner now supports the following PostgreSQL JSONB functions: jsonb_array_elements() spanner.bool_array() spanner.float32_array() spanner.float64_array() spanner.int64_array() spanner.string_array() For more information, see JSONB functions and Spanner specific JSONB functions. Spanner now supports the following GoogleSQL JSON functions: BOOL_ARRAY: Converts a JSON array of booleans to a SQL ARRAYvalue. Spanner now supports the GoogleSQL PDML_MAX_PARALLELISM statement-level hint. The following are now supported for the INSERT statement: INSERT OR UPDATE and INSERT OR IGNORE DML statement now supports the THEN RETURN clause in GoogleSQL. Spanner now supports geo-partitioning (in Preview).

Cloud SQL Postgres - You can now create custom organization policies for Cloud SQL instances. You can now use the following optional flags when you export and import files into Cloud SQL instances: --clean: if you export files, then this flag enables you to include the DROP object SQL statement that's required to drop (clean) database objects before you import them. Cloud SQL Studio is now generally available. You can now search for and manage your Cloud SQL resources by using Dataplex Catalog.

Cloud SQL SQL Server - You can now use Extended Events (XEvents) on your Cloud SQL for SQL Server instance to monitor, identify, and troubleshoot the performance of the databases on your instance. You can now create custom organization policies for Cloud SQL instances. Cloud SQL Studio is now generally available. You can now search for and manage your Cloud SQL resources by using Dataplex Catalog.

Vertex AI Workbench - The M123 release of Vertex AI Workbench user-managed notebooks includes the following: Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers. The M123 release of Vertex AI Workbench managed notebooks includes the following: Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers. v2. M123 release The M123 release of Vertex AI Workbench instances includes the following: Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

VMware Engine - VMware Engine ve2-standard-128 node type is generally available in us-central1 region.

VPC Service Controls - Preview stage support for the following integration: Commerce Org Governance API.

Virtual Private Cloud - Private Service Connect backends can be used to reach regional endpoints for supported Google APIs. The list of supported regional endpoints that can be accessed by Private Service Connect endpoints and backends is updated to include additional supported Google APIs and regions.

 

Latest Issues




Contact

Zdenko Hrček
Třebanická 183
Prague, Czech Republic
Phone: +420 777 283 075
Email: [email protected]