Google Cloud Platform Newsletter

Check Archive for older issues

News

Cloud Functions is now Cloud Run functions — event-driven programming in one unified serverless platform - Cloud Functions is now Cloud Run functions, a unified serverless platform that combines the event-driven programming model of Cloud Functions with the fine-grained control and scalability of Cloud Run.

Run your AI inference applications on Cloud Run with NVIDIA GPUs - Cloud Run now supports NVIDIA L4 GPUs, enabling developers to run real-time AI inference applications with lightweight open models like Google's Gemma or Meta's Llama. This allows for building custom chatbots, on-the-fly document summarization, and serving fine-tuned AI models.

Announcing the Jamba 1.5 Model Family from AI21 Labs on Vertex AI - The Jamba 1.5 Model Family from AI21 Labs is now available on Vertex AI Model Garden. They excel in handling key enterprise use cases such as summarizing and analyzing lengthy documents, powering RAG-based solutions, and a wide range of applications that demand both high-quality output and efficiency.

A guide to dual-region storage in Google Cloud Storage, now available in Frankfurt, London, Zurich and Belgium - Google Cloud Storage now offers dual-region storage in Frankfurt, London, Zurich, and Belgium. Dual-region storage replicates data across two geographically distinct regions within a single continent, providing increased data resilience, availability, and performance.

Introducing delayed destruction for Secret Manager, a new way to protect your secrets - Secret Manager now offers delayed destruction of secret versions, preventing immediate and irreversible deletion. This customizable delay provides a fallback option in case of unexpected incidents and ensures data protection from threats.

Introducing ScaNN in BigQuery vector search for large query batches - BigQuery's new TreeAH vector index, based on Google's ScaNN algorithm, offers significant latency and cost reductions for large query batches compared to the previous IVF index.

C4 VMs now GA: Unmatched performance and control for your enterprise workloads - The C4 machine series is now generally available on Google Cloud, offering unmatched performance and control for enterprise workloads. C4 VMs outperform comparable offerings from other cloud providers, delivering up to 20% better price-performance for general-purpose workloads and 45% better price-performance for CPU-based inference.

Distributed counting in Bigtable: why you need it, and how to get started - Bigtable, Google's NoSQL database, now offers powerful tools that simplify data aggregation and enhance analytics capabilities. By enabling calculations in the database at write-time, Bigtable saves time, reduces complexity, and provides instant access to critical insights. It offers aggregate types like SUM, MIN, MAX, and HyperLogLog (HLL) for approximate unique value counting.

Your infrastructure resources, your way, with new GKE custom compute class API - The new GKE custom compute class API provides fine-grained control over infrastructure choices, allowing users to prioritize and utilize a variety of compute and accelerator options based on their specific needs.

Reimagining security through the power of convergence at Google Cloud Security Summit 2024 - Google Cloud Security Summit 2024 focuses on reimagining cybersecurity through the power of convergence, simplifying security by reducing siloed products and infusing existing capabilities with AI and threat intelligence.

Google Cloud expands services in Saudi Arabia, delivering enhanced data sovereignty and AI capabilities - The new offerings include Sovereign Controls by CNTXT, a partnership with a local trusted partner, providing additional controls to meet stringent data sovereignty requirements.

---

Technology and expertise from a Google Cloud Premier Partner

As a trusted Google Cloud partner of over a decade, DoiT delivers cloud optimization technology and unrivaled cloud expertise to help customers take full advantage of the public cloud. From migration and infrastructure to usage insights and analysis, DoiT has the experience and tools to help companies optimize Google Cloud use to accelerate return. Learn More

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Testing your LLMs differently: Security updates from our latest Cyber Snapshot Report - Security teams should update their approach to assessing and adapting existing security methodologies for LLMs. LLMs' ability to accept non-structured prompts can expose security weaknesses and lead to exploitation, such as sensitive information disclosure. Incorporating probabilistic testing can help provide better evaluation and protection against prompt injection, excessive agency, and overreliance.

PEAKLIGHT: Decoding the Stealthy Memory-Only Malware - PEAKLIGHT is a new memory-only dropper that uses a complex, multi-stage infection process. It decrypts and executes a PowerShell-based downloader that delivers malware-as-a-service infostealers.

Beyond Shared Infrastructure: Exploring the World of Sole-Tenant Nodes in GCP - Sole-Tenant Nodes: Google Cloud’s Dedicated Compute Option.

Monitoring Google Cloud Armor Traffic: A Comprehensive Dashboard - We’ll be creating a Cloud Monitoring dashboard to better understand and monitor incoming traffic and attacks evaluated by Cloud Armor.

Windows Active Directory data collection with the new SecOps Collection Agent - The new SecOps Collection Agent, built on the OpenTelemetry Collector, revolutionizes log collection and management for Google Cloud SecOps. It enables seamless integration with a wide range of observability tools, empowering customers with exceptional capabilities.

Multi-tenancy using Config Controller - Anthos Config Management.

Tackling Latency Issues on Google Cloud Platform’s Cloud Interconnect - In this article, we provide practical troubleshooting steps to help you identify common latency issues when using Google Cloud Interconnect, a high-performance network service that enables private, low-latency connectivity between your on-premises data center and Google Cloud Platform.

App Development, Serverless, Databases, DevOps

Google Cloud database news roundup, August 2024 edition

Using Reusable Workflows in GitHub Actions - CI/CD is very popular term in the DevOps industry with many CI/CD tools available to use. GitHub Actions is a CI/CD tool that helps….

Workflow to Push a Simple Image to Google Artifact Registry - GitHub Actions.

Building and Configuring Integrations with Google Cloud’s Application Integration: A Deep Dive - Transforming Enterprise Workflows with Seamless Integration Solutions.

Supercharging Cloud Run with GPU Power: A New Era for AI Workloads - In this article, we will roll through the understanding of how the Nvidia GPU with Cloud Run be a game changer in the serverless world and….

Cloud Run GPU: Make your LLMs serverless - Cloud Run is a great serverless scale-to-0 service, but with limited use cases because of limited hardware. What about if GPUs are….

Audit logs on steroids with Cloud SQL for PostgreSQL and pgAudit - In this article, we explore how to enhance the logging capabilities of Cloud SQL for PostgreSQL by utilizing the pgAudit extension. pgAudit provides detailed session and object audit logging, complementing the default PostgreSQL server logs and Cloud SQL Data Access logs.

DoiT-Easily - Simplifying your Google Marketplace Vendor Development.

Big Data, Analytics, ML&AI

Maximize your LLM serving throughput for GPUs on GKE — a practical guide - This blog post contains recommendations that can help you maximize your serving throughput on NVIDIA GPUs on GKE. Combining these recommendations with the performance benchmarking tool will enable you to make data-driven decisions when setting up your inference stack on GKE.

Choosing between self-hosted GKE and managed Vertex AI to host AI models - A comparison of managed Vertex AI solutions with self-hosted options on Google Kubernetes Engine for deploying Large Language Model (LLM) and Gen AI applications on Google Cloud Platform.

At Box.Inc, Dataplex brings data governance and observability to its data platform - Box.Inc, a global leader in Cloud Content Management, adopted Google Cloud Dataplex to enhance data governance, discovery, and observability. Dataplex serves as a central data catalog, providing streamlined data discovery, comprehensive data observability, and strengthened security posture. By leveraging Dataplex, Box.Inc transformed its data platform into a secure, efficient, and scalable data ecosystem, empowering teams to unlock the full potential of data and drive continued growth and innovation.

Scalable alerting for Apache Airflow to improve data orchestration reliability and performance - This guide reviews the hierarchy of alerting on Cloud Composer and various alerting options available to Google Cloud engineers using Cloud Composer and Apache Airflow.

Google launched Recommendations Page for BigQuery - Get better Insights and Recommendations to tune Performance.

Dagster: A complete replacement for dbt Cloud automations - Dagster is a complete replacement for dbt Cloud automation. Combined with BigQuery, it offers cost-effective automation and enhanced features compared to dbt Cloud.

BigQuery's New JSON Functions: Struct vs. JSON - Choosing the Right Structure - An overview of using STRUCT vs JSON columns in BigQuery, considering their strengths and potential trade-offs.

BigQuery Continuous Query — a game changer for real time dashboards? - BigQuery Continuous Query is a new feature that allows users to create continuous incremental pipelines by continuously querying data from a source table and writing it to a destination table. It supports exporting data to Pub/Sub topics, Bigtable tables, and other BigQuery tables, as well as processing data using a Vertex AI model.

Semantic Kernel and Gemini - Semantic Kernel is an open-source development kit from Microsoft that lets you easily build AI agents and integrate the latest AI models into your applications. This blog post demonstrates how to use Semantic Kernel to build a chat application with Gemini.

Reranking - A Reranker is a language model that computes a relevance score using a document and a query.

Slides, Videos, Audio

Kubernetes Podcast - #234 LitmusChaos, with Karthik Satchitanand.

Security Podcast - #186 Cloud Security Tools: Trust the Cloud Provider or Go Third-Party? An Epic Debate, Anton vs Tim.

Releases

Backup and DR Service - Backup and DR Service hotfixes hf-11.0.12.3217, hf-11.0.12.3218, and hf-11.0.12.3219 automatically update backup/recovery appliances.

BigQuery - Python code completion is now available for all BigQuery projects. You can now perform anomaly detection with BigQuery ML multivariate time series (ARIMA_PLUS_XREG) models. You can now view your BigQuery insights and recommendations using the Recommendations page in the Google Cloud console.

Binary Authorization - Setting specific rules in Binary Authorization policies is generally available (GA) as of September 28, 2023.

Cloud Build - Cloud Build (1st gen) support for custom organization policies is now generally available.

Certificate Manager - You can now update the "labels" and "descriptions" of your certificate issuance configurations using the Google Cloud CLI or API. Regional Google-managed certificates are now generally available (GA). Support for managing certificates independently in each project with separate authorization is now generally available (GA).

Access Transparency - Access Transparency supports Filestore in the GA stage.

Cloud Composer - A new Cloud Composer release has started on August 22, 2024. (Cloud Composer 3) Fixed the dags backfill Airflow CLI command that was failing with a connection error. Fixed a bug where executing Airflow CLI commands produced output that was not human-readable. The apache-airflow-providers-google package was upgraded to version 10.21.1 in Cloud Composer 2 images with Airflow 2.7.3 and 2.9.1, and in all latest Cloud Composer 3 builds. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.9.1-build.5 composer-3-airflow-2.7.3-build.14. Cloud Composer 2.9.2 images are available: composer-2.9.2-airflow-2.9.1 (default) composer-2.9.2-airflow-2.7.3. Cloud Composer version 2.4.1 has reached its end of support period.

Compute Engine - Generally available: Hyperdisk Storage Pools with Advanced Performance provisioning help you to manage the performance needs of your Hyperdisk Balanced and Hyperdisk Throughput disks. Generally available: General purpose C4 VMs on the Intel Emerald Rapids CPU.

Contact Center AI Insights - You can now use Quality AI as a preview feature within the Insights console to evaluate contact center conversations and agent performance more efficiently.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.77 1.2.21 2.0.85 2.2.21. Dataproc Serverless for Spark: Subminor version 2.0.85 is the last release of runtime version 2.0, which will no longer be supported and will not receive new releases.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.114-debian10, 2.0.114-rocky8, 2.0.114-ubuntu18 2.1.62-debian11, 2.1.62-rocky8, 2.1.62-ubuntu20, 2.1.62-ubuntu20-arm 2.2.28-debian12, 2.2.28-rocky9, 2.2.28-ubuntu22. syslog is now available for Dataproc cluster nodes in Cloud Logging. syslog is now available for Dataproc cluster nodes in Cloud Logging.

Deep Learning Containers - M124 release Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 container images are now available.

Deep Learning VM - M124 release Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 VM images are now available.

Cloud Deploy - Cloud Deploy is now available in the following region: africa-south1 (Johannesburg).

Document AI - Date and Currency Normalization for custom extractor With this release, the model will deduce the region information from the document and use it to disambiguate the date and currency formats in the following ways: This release will enable the support of region based date and currency normalization of entities with datetime and currency data types in Custom Document Extractor (CDE) Generative AI based processor versions v1.1 and v1.2.

Cloud Functions - Cloud Functions has been renamed to Cloud Run functions.

Integration Connectors - You can configure a connector to collect logs for the following severity levels: Error Info Debug For more information, see View Integration Connectors logs.

Google Kubernetes Engine - GKE support for Hyperdisk ML as an attached persistent disk option is now generally available. (2024-R31) Version updates GKE cluster versions have been updated. 1.31 is now available in the Rapid channel Kubernetes 1.31 is now available in the Rapid channel. New features The following features are new in Kubernetes 1.31: Field selectors for custom resources is beta and enabled by default. Deprecated APIs in 1.31 The following Beta versions of graduated APIs were deprecated in 1.29 in favor of newer versions: flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration deprecated since 1.29, will no longer be served in 1.32 instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29 The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. Deprecated in-tree volume support The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated since 1.28 and are removed in 1.31. The C4 machine family is generally available in the following versions: Standard clusters in version 1.29.2-gke.1521000 and later. The following vulnerabilities were discovered in the Linux kernel that can lead to a privilege escalation on Container-Optimized OS and Ubuntu nodes: CVE-2024-39503 For more details, see the GCP-2024-047 security bulletin.

GKE new features - GKE support for Hyperdisk ML as an attached persistent disk option is now generally available. The C4 machine family is generally available in the following versions: Standard clusters in version 1.29.2-gke.1521000 and later.

Google Kubernetes Engine Rapid - (2024-R31) Version updates Note: Your clusters might not have these versions available. 1.31 is now available in the Rapid channel Kubernetes 1.31 is now available in the Rapid channel. New features The following features are new in Kubernetes 1.31: Field selectors for custom resources is beta and enabled by default. Deprecated APIs in 1.31 The following Beta versions of graduated APIs were deprecated in 1.29 in favor of newer versions: flowcontrol.apiserver.k8s.io/v1beta3 FlowSchema, PriorityLevelConfiguration deprecated since 1.29, will no longer be served in 1.32 instead, use flowcontrol.apiserver.k8s.io/v1, available since 1.29 The status.nodeInfo.kubeProxyVersion field in the Node API is deprecated and will not be populated starting in v1.33. Deprecated in-tree volume support The Ceph CephFS (kubernetes.io/cephfs) and RBD (kubernetes.io/rbd) volume plugins are deprecated since 1.28 and are removed in 1.31.

Memorystore for Redis Cluster - Added support for Node level monitoring metrics.

Migrate for Compute Engine - On April 30, 2024, the 4.x versions of Migrate for Compute Engine reached end of life, and the product was deprecated on Google Cloud.

Migrate to Virtual Machines - On April 30, 2024, the 4.x versions of Migrate for Compute Engine reached end of life, and the product was deprecated on Google Cloud.

Cloud Monitoring - Cloud Monitoring has ended support for the ingestion of AWS CloudWatch metrics by using AWS connector projects.

Cloud PubSub - BigQuery subscriptions with use table schema enabled now support type conversions for DATE, TIME, DATETIME, TIMESTAMP, NUMERIC, and BIGNUMERIC data types. Pub/Sub has increased the limit on schema definition size to 300 KB. Cloud Storage subscriptions now support using the schema of the Pub/Sub topic to which the subscription is attached when writing Avro files.

reCAPTCHA Enterprise - reCAPTCHA Enterprise Mobile SDK v18.6.0 is now available for Android.

Cloud Run - Cloud Run is now supported by Sovereign Controls by Partners. You can now configure GPU in your Cloud Run service (Preview). You can now deploy functions in Cloud Run (Preview). Cloud Run now provides security updates for services that are deployed from source when you specify the runtime base image (Preview).

Secret Manager - You can attach tags to secrets to conditionally grant or deny access to Secret Manager resources. Secret Manager add-on for Google Kubernetes Engine (GKE) is now generally available (GA).

Service Mesh - Managed Cloud Service Mesh. The onboarding path for Managed Cloud Service Mesh with asmcli is deprecated as of August 22, 2024, and support will end in February 2025. 1.20.x. 1.20.8-asm.6 is now available for in-cluster Cloud Service Mesh. 1.21.x. 1.21.5-asm.5 is now available for in-cluster Cloud Service Mesh. 1.22.x. 1.22.4-asm.0 is now available for in-cluster Cloud Service Mesh.

Sovereign Controls by Partners - The Sovereign Controls Foundation by CNTXT and Sovereign Controls Advanced by CNTXT partner offerings are now generally available.

Vertex AI Workbench - The M124 release of Vertex AI Workbench user-managed notebooks includes the following: Pytorch 2.3.0 with CUDA 12.1 and Python 3.10 user-managed notebooks instances are now available. The ability to create a Vertex AI Workbench instance based on a custom container is now generally available.

Cloud Vision API - New label detection model An improved model is now available for Label Detection.

VPC Service Controls - Preview stage support for the following integration: Contact Center AI Platform.

Virtual Private Cloud - VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels. The live migration feature for bring your own IP v1 has been removed.

AlloyDB - AlloyDB Omni now offers in-depth documentation that describes how to install and use AlloyDB Omni in virtual machine (VM) environments. The extension temporal_tables version 1.2.2 has been added to extensions supported by AlloyDB.

Anthos Config Management - Config Controller now uses the following versions of its included products: Config Connector v1.121.0, release notes Config Sync v1.18.3, release notes.

Apigee API Hub - On August 23, 2024, we updated the Preview release of Apigee API hub. You can now edit an uploaded API specification's metadata through the Cloud console. You can now choose in the Cloud console to restrict the upload of an API specification file that contains errors. When an Apigee API proxy is auto-registered, its deployment type is now labeled either Apigee X or Apigee hybrid. All API proxy endpoints auto-registered from Apigee will be prefixed with https:// by default. A validation check has been added to reject an API specification style guide upload if the style guide's extends property contains a URL. User interface and performance improvements were made. Provisioning improvements were made to address potential failures.

Apigee Integrated Portal - On August 22, 2024 we released a new version of the Apigee integrated portal. Bug ID Description 350546059 Fixed an issue when displaying OpenAPI Specs in the portal that caused the Example button to show even when no example was present.

Apigee X - Timeouts when deploying API proxies and shared flows The following endpoints may experience timeouts when used with a high volume of queries per second (QPS): organizations.environments.apis.revisions.deployments.deploy organizations.environments.apis.revisions.deployments.undeploy organizations.environments.sharedflows.revisions.deployments.deploy organizations.environments.sharedflows.revisions.deployments.undeploy To reduce the likelihood of timeouts, we recommend a target of three QPS when using these endpoints.

Apigee Hybrid - v1.13.0. hybrid v1.13.0 On August 23, 2024 we released an updated version of the Apigee hybrid software, v1.13.0. Storing additional secrets in an external secret store Starting in version v1.13, You can now store AX Hash Salt, Redis password, and Encryption keys in an external secret store like Hashicorp Vault. Apigee Operator now runs in the Apigee Kubernetes namespace Starting in version v1.13, apigee-operator runs in the same name space as the other Apigee hybrid components instead of the apigee-system namespace. Improved backup and restore Starting in version v1.13.0, Apigee hybrid introduces a new backup and restore system. Leader election enabled for apigee-watcher component Starting in version v1.13.0, leader election is enabled for the apigee-watcher component. Bug ID Description 352070616 Update Go language version. Bug ID Description N/A Security fixes for apigee-asm-istiod.

Application Integration - New canvas view In the integration editor layout, you can try the new canvas view to create integration flows.

Cloud Architecture Center - (New guide) Use generative AI for utilization management: A reference architecture for health insurance companies to automate prior authorization (PA) request processing and improve their utilization review (UR) processes.

Artifact Registry - The following Artifact Registry Cloud Audit Log method names have changed: Docker-EmptyTarBlob is renamed Docker-ServeBlob Docker-GetEmptyTags is renamed Docker-GetTags Docker-HeadEmptyTarBlob is renamed Docker-HeadBlob Kfp-UploadPackage-Redirect is renamed Kfp-UploadPackage Apt-ViewRemoteIndexFile is renamed to indicate the type of file requested: Apt-ViewIndexFile: when a repository metadata file is requested Apt-Contents: when the Contents index file for a specific repository component and architecture type is requested Apt-ViewArchIndexFile: when the Packages index file for a specific repository component and architecture type is requested Apt-ViewRemotePackageFile is renamed Apt-ViewPackageFile Yum-ViewUpstreamFile is renamed to indicate the type of file requested: Yum-ViewIndexKey: when the public key for signing Yum packages is requested Yum-ViewIndexFile: when one of a repository's index files is requested Yum-ViewPackageFile: when a Yum package file is requested For more information on Artifact Registry logs, see Audit Logging.

Assured Workloads Access Transparency - Access Transparency supports Filestore in the GA stage.