Google Cloud Platform Newsletter

Check Archive for older issues

News

Meta’s Llama 3.1 is now available on Google Cloud - Meta's Llama 3.1, including a 405B model, is now available on Vertex AI Model Garden. Access the 405B model via Model-as-a-Service in preview or use the 8B and 70B models for self-service fine-tuning.

Mistral AI's Codestral launches as a service, first on Vertex AI - Google Cloud and Mistral AI have partnered to introduce Codestral, an open-weight generative AI model designed for code generation tasks, as a fully-managed service on Vertex AI. Mistral AI's latest large language models, Mistral Large 2 and Mistral Nemo, are also now available on Vertex AI Model Garden. These models excel in coding, mathematics, and multilingual capabilities, making them ideal for a range of downstream tasks.

Hex-LLM: High-efficiency large language model serving on TPUs in Vertex AI Model Garden - Hex-LLM, a high-efficiency large language model (LLM) serving framework designed for Google's Cloud TPU hardware, is now available in Vertex AI Model Garden. Hex-LLM combines state-of-the-art LLM serving technologies with in-house optimizations tailored for XLA/TPU, delivering competitive performance with high throughput and low latency.

Get paid to migrate to a modern data platform with BigQuery and Dataproc incentives - Google Cloud introduces a Data Platform Migration incentives program to simplify and reduce the cost of migrating data warehouses and data lakes from on-premises and other clouds to Google Cloud. The program offers Google Cloud credits, implementation credits, and cloud egress credits to offset migration costs.

Announcing VPC Service Controls with private IPs to extend data exfiltration protection - Google Cloud’s VPC Service Controls (VPC-SC) helps organizations mitigate the risk of data exfiltration from their Google Cloud managed services. With the new support for private IP addresses, VPC-SC now allows traffic from specific internal networks to access protected resources, providing more granular access controls and expanding perimeters into private address space.

Introducing Partner Companion: An AI-powered advisor for enhanced customer engagement - Partner Companion, an AI-powered advisor, leverages Vertex AI's generative AI technology to provide Google Cloud Services Partners with instant, personalized access to the knowledge they need to excel. It offers instant expertise, personalized upskilling, real-time support, and intelligent planning to help partners deliver high-quality Google Cloud solutions to their customers. Partner Companion is designed for technical delivery and GCP practice development roles and is available now for over 88K Partner users enrolled in the Delivery Readiness Portal.

Datastream’s SQL Server source is generally available - Datastream, a serverless change data capture (CDC) and replication service, now supports SQL Server as a source for replicating data to BigQuery, Cloud Storage, and other Google Cloud destinations. Key enhancements include change tables CDC, stream recovery, gcloud API and Terraform support, and server-side SSL/TLS encryption.

Introducing Spanner dual-region configurations that help maintain high availability and data residency - Spanner dual-region configurations are now available in Australia, Germany, India, and Japan. These configurations help maintain high availability and data residency by replicating data to two regions within the same country. In the event of a zone outage, Spanner still maintains a quorum of at least two replicas in each region, ensuring database availability. If an entire region goes down, Spanner automatically fails over to single-region mode to maintain availability.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

APT45: North Korea’s Digital Military Machine - APT45 is a North Korean cyber operator that has been active since at least 2009. The group has carried out espionage campaigns, financially-motivated operations, and is suspected of developing ransomware. APT45 has targeted government agencies, defense industries, the financial sector, critical infrastructure, and healthcare and pharmaceutical companies. The group uses a mix of publicly available tools, modified malware, and custom malware families.

Whose Voice Is It Anyway? AI-Powered Voice Spoofing for Next-Gen Vishing Attacks - AI-powered voice cloning can now mimic human speech with uncanny precision, making phishing schemes more realistic. Attackers can use AI-powered voice cloning in various phases of the attack lifecycle, including initial access, lateral movement, and privilege escalation.

LiveX AI reduces customer support costs by up to 85% with AI agents trained and served on GKE and NVIDIA AI - LiveX AI, a cutting-edge generative AI company, has achieved remarkable success by leveraging Google Kubernetes Engine (GKE) and NVIDIA AI platform. Their custom AI agents deliver real-time, immersive customer experiences, reducing customer support costs by up to 85% and improving first-response times from hours to seconds.

How to Implement IP Access Control for GCP Web Console - Enhance security by restricting GCP Web Console access to trusted IPs with IP ACL.

Cloud Cost Cutting Myths Busted: How We Unlocked Huge Savings With Minimal Effort on GCP - By focusing on simple, high-impact actions such as eliminating unnecessary logs, optimizing cloud storage, migrating legacy data, right-sizing Cloud Run resources, and resizing Compute Engine instances, the team at Adauris made over $30,000 in annual savings.

App Development, Serverless, Databases, DevOps

At UC Berkeley, Filestore supercharges one of largest JupyterHub deployments in U.S. higher ed - UC Berkeley migrated its large-scale JupyterHub deployment to Google Cloud's Filestore, a managed NFS storage service. Filestore's reliable, scalable, and performant storage capabilities addressed the challenges of managing file storage for diverse users and computationally intensive tasks.

Search engines made simple: A low-code approach with GKE and Vertex AI Agent Builder - This blog post provides a detailed guide on constructing a low-code search engine by leveraging the combined capabilities of GKE, Cloud Scheduler, BigQuery, and vector search. The resulting search engine efficiently searches through RSS feeds and delivers relevant results, making it a valuable tool for users seeking specific information from various sources.

Enhance Your Django REST API with Google Cloud Logging - In this tutorial, you'll learn how to integrate Google Cloud Logging with your Django REST API project.

CloudRun Sidecars with Terraform - Build the sidecar pattern in CloudRun with Terraform.

CloudSQL IAM Auth in CloudRun with CloudSQL Auth Proxy SideCar - Run a secure connection to your Cloud SQL database from your Cloud Run service with minimal setup.

Distributed AI: global and geo-partitioned RAG architecture with Google Cloud Spanner for geo-location aware similarity search - Creating and querying a geo-partitioned global database for embedding-based similarity search.

Hosting a Hugo-Generated Blog on Google Cloud Storage - Hosting a blog on Google Cloud using a Cloud Storage using Hugo is fast, simple, and portable.

Real time Data Analytics solution with Spanner Change Streams - Real-time analytics is crucial for businesses to make informed decisions. Cloud Spanner, a globally distributed database, offers strong consistency, ACID transactions, and horizontal scalability. Change streams in Spanner enable real-time data capture and streaming to analytics platforms like Google BigQuery. This blog discusses how to set up a change stream in Spanner, stream changes to BigQuery, and visualize the data using Looker Studio.

Cloud Run Idle Instance Conundrum - This article addresses options to keep Cloud Run instances "alive" background or long-lived connections.

Big Data, Analytics, ML&AI

Understanding Airflow DAG and task concurrency on Google Cloud Composer - Airflow DAG and task concurrency are crucial for optimizing Cloud Composer performance. This guide provides comprehensive insights into concurrency settings across four levels: Composer environment, Airflow installation, DAG, and task. By understanding these settings, you can ensure efficient resource utilization, scalability, and fault tolerance in your data pipelines.

Leverage enterprise data with Denodo and Vertex AI for generative AI applications - Denodo and Vertex AI combine to unlock enterprise data for generative AI applications. Denodo's data virtualization creates a unified view of data from disparate sources, while Vertex AI's embeddings, foundation models, and vector search capabilities help build generative AI applications that can intelligently retrieve, synthesize, and process relevant information.

Shiseido: building a data analysis platform using BigQuery for 80% cost savings - Shiseido, a leading beauty brand, built a data analysis platform using Google Cloud's BigQuery to achieve faster processing, reduced costs, and streamlined operations. By consolidating disparate servers and optimizing data processing, they achieved an 80% cost reduction and a 90% reduction in processing time.

Serverless Data Science with R on Google Cloud - Non-Spark R Workloads.

The Chronicles of Llama: The new Llama 3.1 405b on Vertex AI! - This notebook shows how to get started with the new Llama 3.1 405b on Vertex AI.

Running Google’s Gemma2 LLM locally with LangchainJS & Ollama - This article explores running Google’s powerful Gemma2 LLM locally using JavaScript, LangchainJS & Ollama.

Run Google’s Gemma 2 model on a single GPU with Ollama: A Step-by-Step Tutorial - Have you ever wished you could run powerful Large Language Models like those from Google on a single GPU?

Portable Training Data Generation for Supervised Fine-tuning: A Reverse RAG approach! - This blog introduces an automated approach to fine-tune large language models (LLMs) using a "Reverse RAG" method. The key idea is to generate question-and-answer pairs from raw information using an arbiter model, and then use these pairs as training data for fine-tuning. This approach can significantly streamline the fine-tuning process and improve the performance of LLMs on specific tasks.

Package and deploy your machine learning models to Google Cloud with Cog - Cog is an open-source tool that lets you package machine learning models in a standard, production-ready container.

Sentiment Chef Agent with Google Cloud and MongoDB Atlas - Sentiment Chef Agent is a smart restaurant agent that goes beyond simple review analysis. It uses MongoDB Atlas Triggers to capture new restaurant reviews and send them to Google Cloud Functions. These functions leverage the power of Gemini, a cutting-edge large language model (LLM), to analyze sentiment (positive, neutral, negative) and generate concise summaries of the text.

Dive deeper into your documents with Search Tuning using Google Cloud Vertex AI Agent Builder - … and avoid hour long feedback loops by using our data checker script setting you up for Search Tuning success!

Analyzing video, audio and PDF files with Gemini and LangChain4j - Gemini, a multimodal language model, can now process audio, video, and PDF files in addition to text. With LangChain4j, developers can use Gemini to generate transcriptions, summaries, and chapters for audio and video files, as well as answer questions about PDF documents.

Slides, Videos, Audio

Kubernetes Podcast - #231 Dapr, with Mauricio Salatino.

Security Podcast - #182 ITDR: The Missing Piece in Your Security Puzzle or Yet Another Tool to Buy?

Releases

AlloyDB - Support for public IP addresses with AlloyDB instances and creating organization policies with custom constraints is now generally available (GA).

Anthos Config Management - 1.18.3. Improved error handling in the oci-sync container by adding exponential backoff. Upgraded bundled Kustomize version from v5.3.0 to v5.4.2 to pick up vulnerability fixes. Fixed a regression introduced in 1.17.0 that caused Config Sync to crash when connecting to certain Kubernetes clusters. Fixed a regression in 1.17.3 causing SSH authentication failures with GitHub.

Google Distributed Cloud Bare Metal - 1.29. Release 1.29.300-gke.185 Google Distributed Cloud for bare metal 1.29.300-gke.185 is now available for download. Functionality changes: Updated registry mirror support to allow you to specify a port for host addresses. Fixes: The following container image security vulnerabilities have been fixed in 1.29.300-gke.185: High-severity container vulnerabilities: CVE-2022-48655 Medium-severity container vulnerabilities: CVE-2024-26900 CVE-2024-28122 CVE-2024-35255 CVE-2024-36902 Low-severity container vulnerabilities: CVE-2021-4440. Known issues: For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section. 1.16. Release 1.16.11 Google Distributed Cloud for bare metal 1.16.11 is now available for download. Fixes: The following container image security vulnerabilities have been fixed in 1.16.11: High-severity container vulnerabilities: CVE-2020-22218 Medium-severity container vulnerabilities: CVE-2024-35255. Known issues: For information about the latest known issues, see Google Distributed Cloud for bare metal known issues in the Troubleshooting section.

GDCV for VMware - Google Distributed Cloud for VMware 1.29.300-gke.184 is now available for download. The following vulnerabilities are fixed In 1.29.300-gke.184: Medium-severity container vulnerabilities: CVE-2024-28122 CVE-2024-33599 CVE-2024-33600 CVE-2024-33601 CVE-2024-33602 Low-severity container vulnerabilities: CVE-2023-6597 CVE-2023-24329 CVE-2023-40217 CVE-2023-41105 CVE-2024-0450.

Apigee Monetization - On July 26, 2024, we released an updated version of Apigee Monetization. Monetization functionality, including rate plan creation and managing rate plans for API Products, is now available in the Apigee UI in Cloud Console. Monetization now supports data residency.

Apigee Advanced API Security - On July 26, 2024, we released an updated version of Advanced API Security. Advanced API Security now supports data residency. On July 25, 2024, we released an updated version of Advanced API Security. This release includes an update to Advanced API Operations Anomaly Detection functionality: the Anomaly Detection functionality is now available in the Apigee UI in Cloud Console and is renamed to "Operations Anomalies." For information, see the Operations Anomalies overview for information on the functionality in Apigee UI in Cloud Console. Operations Anomalies supports data residency.

Application Integration - The Solace trigger is now available in preview.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs. The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

BigQuery - You can now use table explorer to examine table data and create data exploration queries. IAM deny policies now support additional permissions, including bigquery.tables.getData which can deny permission to read tables. Starting September 17, 2024, the bigquery.datasets.update permission check when creating or updating authorized datasets will be removed. You can now configure SAP Datasphere connections with network attachments to help secure connections. Manifest files are now supported for Amazon S3 and Azure Blob Storage. The CHANGES change history function is now in preview. You can use data manipulation language (DML) to modify rows that have been recently written to a BigQuery table by the Storage Write API. The BigQuery continuous queries feature is now in preview. You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs.

Bigtable - The Preview of automated backup has been expanded to let you enable and disable automated backup in the Google Cloud console.

Billing - Track credits for your spend-based milestone credit programs (contract pricing) If you have a custom pricing contract, you might be enrolled in spend-based milestone credit programs, where you earn promotional credits for spending specific amounts on Google Cloud.

Chronicle - Google SecOps has updated the list of supported default parsers. The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated.

Chronicle Security Operations - Creating a new playbook using prompts is now supported by Gemini. Google SecOps has updated the list of supported default parsers. The Google Security Operations alert metadata fields for UDM idm.is_significant and idm.is_alert have been deprecated. The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025.

Chronicle SOAR - Release 6.3.13 is currently in Preview. Create a Playbook with Gemini You can now use Gemini to create Playbooks. Scheduled reports failing due to Microsoft email server authentication token request throttling (ID #00277914). The Incident Manager in Google Security Operations will be fully decommissioned on July 22, 2025. Release 6.3.11 is now in General Availability. Release 6.3.12 is currently in Preview. Logs of newly created jobs are not accessible (ID #51865082). Trying to export case reports results in an error (ID #52316269). Saved filters in Cases screen disappear (ID #50834432). Integration update might fail in an environment with an extremely high number of playbooks (ID #51785856).

Cloud Composer - (Cloud Composer 3 only) We are currently experiencing an issue with the Airflow upgrade operations for Cloud Composer 3 environments.

Compute Engine - Persistent Disk Asynchronous Replication can now replicate up to 12.5 GB per minute per disk of compressed changed blocks, which is an increase from the previous maximum of 2 GB per minute.

Data Catalog - Column-level data lineage for BigQuery is available in Preview for allowlisted users.

Database Migration Service - Gemini conversion assistant for conversion workspaces is now available in Preview.

Dataplex - Column-level data lineage for BigQuery is available in Preview for allowlisted users. Dataplex Explore is deprecated.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.113-debian10, 2.0.113-rocky8, 2.0.113-ubuntu18 2.1.61-debian11, 2.1.61-rocky8, 2.1.61-ubuntu20, 2.1.61-ubuntu20-arm 2.2.27-debian12, 2.2.27-rocky9, 2.2.27-ubuntu22. Enabled user sync by default for clusters using Ranger. Replaced Spark external packages with connector folder on Dataproc 2.2 clusters. Fixed a bug that caused intermittent delays and failures in clusters with 3 HDFS. Hyperdisks for Dataproc clusters are now created with default throughput and IOPS. Added support for N4 and C4 machine types for Dataproc image versions 2.1 and above. When a Cluster, Job, AutoscalingPolicy, or WorkflowTemplate API resource does not exist and the requestor does not have access to the project, a 403 error code is now issued instead of a 404 error code.

Datastream - Datastream support for SQL Server as a source is now generally available (GA).

Dialogflow - The status of the Dialogflow Speech-to-Text model migrations has changed: The Dialogflow speech model migration initially announced in December 2023 and later postponed to the new dates has been placed on hold until further notice (no ETA).

Integration Connectors - The Solace connector is now available in preview.

Google Kubernetes Engine - With GKE patch version 1.30.1-gke.115600 and later, if you don't specify the gpu-driver-version flag when creating new GPU node pools, then GKE automatically installs the default GPU driver version that corresponds to the GKE version. In GKE version 1.30.2-gke.1100 and later, the _CMDLINE field is removed from kubelet log entries to reduce spamming logs. In GKE versions starting from 1.29.4-gke.1542000 and earlier than 1.29.7-gke.1008000, while Anthos Service Mesh is enabled, Pods that utilize Google Cloud Storage FUSE CSI driver volumes might encounter scheduling issues, with this error message: Pod "your-pod-name" is invalid: [spec.volumes[x].name: Duplicate value: "gke-gcsfuse-tmp", spec.initContainers[x].name: Duplicate value: "gke-gcsfuse-sidecar"] This issue has been resolved in GKE version 1.29.7-gke.1008000. (2024-R26) Version updates GKE cluster versions have been updated.

Migrate to Virtual Machines - Generally available: Migrate to Virtual Machines lets you import a machine image from a virtual appliance.

Migration Center - The discovery client 6.3.1 is available with new features and bug fixes. Added support for automated upgrades from previous versions. Added information on machines CPU count per virtual machine in the discovery client detailed offline reports in HTML format. Fixed an issue that caused guest collection failures from source servers running Windows with .NET Framework lower than 4.5. Fixed an issue that caused false positive indications of VMware guest connection test. Fixed an issue that prevented the last collection timestamp from being shown on the Servers page of the discovery client. Fixed an issue that caused some dropdown fields in the Servers page to get unexpectedly pre-populated by previously selected values. Fixed an issue that caused Windows collection to sometimes consume high CPU and memory when IIS is installed on the machine. Improved CPU utilization collection accuracy.

Cloud Monitoring - Starting October 22, 2024, Monitoring Query Language (MQL) will no longer be a recommended query language for Cloud Monitoring, and we will begin to turn off certain usability features.

Cloud NAT - Hybrid NAT supports Cloud Interconnect in Preview.

NetApp - Flex service level now supports CMEK (in Preview).

Cloud PubSub - If you retain unacknowledged messages in a subscription for more than 24 hours, you incur additional charges.

reCAPTCHA Enterprise - reCAPTCHA Mobile SDK v18.6.0-beta02 is now available for Android.

Service Mesh - 1.22.x. 1.22.3-asm.1 is now available for in-cluster Cloud Service Mesh.

Cloud SQL MySQL - IAM group authentication is now generally available (GA) for Cloud SQL for MySQL. You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability.

Cloud SQL Postgres - IAM group authentication is now generally available (GA) for Cloud SQL for PostgreSQL. Migrate to AlloyDB insight recommendations are available in Preview. You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability.

Cloud SQL SQL Server - You can now upgrade the network architecture of a Cloud SQL instance that isn't enabled with high-availability.

Cloud Storage - You can now use tags to set a default soft delete retention duration on newly created buckets in your organization.

Cloud Translation - The translation LLM has been enhanced with the following changes: In addition to plain text, you can send HTML as input for text translations. Adaptive translations with reference sentence pairs support a larger context window, on par with zero-shot translations.

Vertex AI Workbench - The M123 release of Vertex AI Workbench managed notebooks includes the following: Fixed a bug that caused conflicting permissions with the Jupyter user and google-sudoers.

VMware Engine - VMware Engine ve2 nodes are available in the following additional zones: Sydney, Australia, APAC (australia-southeast1-b) Ashburn, Virginia, North America (us-east4-b). New VMware Engine ve2 node types are available in the australia-southeast1, us-central1, and us-east4 regions: HCI node types ve2-standard-96 ve2-mega-96 ve2-mega-128 Storage only node types ve2-standard-so ve2-mega-so See VMware Engine node types for more information on node types.

Virtual Private Cloud - The following producer load balancers now support all Private Service Connect monitoring metrics: Regional internal Application Load Balancer Regional internal proxy Network Load Balancer. Predefined dashboards for monitoring Private Service Connect connections have been enhanced: The dashboard for monitoring published services now includes more metrics.