Google Cloud Platform Newsletter

Check Archive for older issues

News

C4A, the first Google Axion Processor, now GA with Titanium SSD - Google has announced the general availability of C4A virtual machines with Titanium SSDs, designed for cloud workloads requiring real-time data processing with low-latency and high-throughput storage performance.

New year, new updates to AI Hypercomputer - Some of the key updates to AI Hypercomputer from the last quarter based on new infrastructure components and how they enable specific AI use cases.

GKE delivers breakthrough Horizontal Pod Autoscaler performance - Google Cloud introduces a rearchitected Horizontal Pod Autoscaler (HPA) for Google Kubernetes Engine (GKE), delivering significant improvements in scaling performance.

The EU’s DORA regulation has arrived. Google Cloud is ready to help - To accelerate DORA (Digital Operational Resilience Act) efforts, Google Cloud is introducing DORA Customer Guides on the Register of Information and Information and Communications Technology (ICT) Risk Management, new Google Cloud Third-Party Risk Management Resource Center and in addition, financial entities can request our DORA subcontractor list.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: Talk cyber in business terms to win allies - How to communicate cyber security to C-suite and boardrooms.

Backscatter: Automated Configuration Extraction - Backscatter is a tool developed by Mandiant FLARE team that automatically extracts malware configurations without dynamic execution, bypassing anti-analysis logic. It complements dynamic analysis, providing faster threat identification and high-confidence malware family attribution.

Are you doing Google Cloud Site Reliability Engineering (SRE) Wrong? Part 2— Core Concepts - Explanation of key SRE concepts.

GCP Billing CLI: Automate Cost Savings in GCP - GCP Billing CLI lets you automate enabling/disabling billing for idle projects, saving time and cutting unnecessary expenses!

App Development, Serverless, Databases, DevOps

Your Single-Page Applications Are Vulnerable: Here's How to Fix Them - Single-page applications (SPAs) are popular for their dynamic interfaces but can introduce security risks due to client-side rendering. Vulnerabilities include routing manipulation, hidden element exposure, and JavaScript debugging, allowing unauthorized access and data manipulation. To mitigate these risks, implement robust server-side access controls on supporting APIs, ensuring that unauthorized users cannot modify or view restricted data. Server-side rendering can also prevent unauthorized access by rendering pages on the server and sending only the finalized output to the user.

Trading in the Cloud: Lessons from Deutsche Börse Group’s cloud-native trading engine - Deutsche Börse Group and Google Cloud have partnered to develop a new cloud-native trading platform for digital assets. The platform is designed to be scalable, reliable, and secure, and it can handle a variety of asset types, including stocks, bonds, and cryptocurrencies, easy to use, with a simple API and SDK that make it easy for developers to build applications that interact with the platform.

Easy Structured Logging with Next.js in Google Cloud - In the Beginning, There Was No Logging.

AlloyDB Autoscaling is Easy - To set up AlloyDB Autoscaling, you can create monitoring alerts for high or low CPU utilization, which are then sent to a Pub/Sub topic. A Cloud Function subscribed to the topic can then scale up or down the instance as needed.

Adding Google reCAPTCHA to Ruby on Rails - This article explains how to set reCAPTHA in RoR web app.

Fixing Firestore’s Type Mismatch with Cloud Functions and Pub/Sub - Firestore's dynamic handling of data types can lead to type mismatches, causing issues in downstream systems. To address this, you can normalize data in Cloud Functions, handle type inconsistencies in subscribers, leverage the Firestore SDK, enforce consistent types in Firestore, or use custom serialization. Choose the approach that best suits your needs to ensure clean and consistent data handling.

How to launch Puppeteer in Google Cloud Functions - When it is necessary to monitor a website, running Puppeteer in a scheduled Cloud Function can be the best option.

Taming Legacy Java Dependencies with Pomify and Google Cloud Artifact Registry - Pomify is a CLI tool that helps developers clean up and migrate legacy Java dependencies. It scans JAR files, identifies their Maven coordinates, and generates pom.xml files. Pomify can also push unidentified JARs to a private Maven repository, such as Google Cloud's Artifact Registry. With Pomify, developers can easily organize and manage their legacy Java dependencies, reducing the risk of security vulnerabilities and improving the overall maintainability of their projects.

Big Data, Analytics, ML&AI

Get started with Google Cloud's built-in tokenization for sensitive data protection - Google Cloud offers built-in tokenization for sensitive data protection, allowing businesses to secure sensitive information like payment card numbers and government IDs before use or sharing.

Spring Cloud 3.x integrates BigQuery - Spring Cloud 3.x integrates BigQuery. Applications can submit, query, and analyze data through BigQueryTemplate and perform large-scale data processing using common components of the Spring Framework.

5 Critical Lessons to remember while Implementing DBT with BigQuery: A Practical Guide - This article shares five critical lessons learned while working with DBT and BigQuery, including the importance of data testing, optimizing incremental models, simplifying macros, prioritizing documentation, and maintaining strict version control.

Optimizing BigQuery Current Date - Learn how to deal with BigQuery Current Date.

How inference at the edge unlocks new AI use cases for retailers - Retailers can leverage existing assets like security cameras and point-of-sale systems to harness the power of AI without straining their budget. Inference at the edge, running AI-optimized applications on local devices, can transform retail assets into powerful tools for store analytics, faster transactions, staff enablement, loss prevention, and personalization.

Unlock multimodal search at scale: Combine text & image power with Vertex AI - Build a multimodal search engine using Google Cloud's Vertex AI platform. Combine the strengths of Vertex AI Search and vector search, using an ensemble method with weighted Rank-Biased Reciprocal Rank (RRF).

What is an agent, and does your data need one? - This blog introduces the idea of agents and explores the opportunities (and challenges) they bring to the world of data.

RAG Evaluation — A Step-by-Step Guide with DeepEval - Step-by-step guide on evaluating RAG pipelines using DeepEval, an open-source evaluation framework.

Slides, Videos, Audio

Kubernetes Podcast - #245 Device Management in Kubernetes, with John Belamaric.

Security Podcast - #206 Paying the Price: Ransomware's Rising Stakes in the Cloud.

Releases

Apigee Advanced API Security - On January 13, 2025 we released an updated version of Apigee's Shadow API Discovery. Shadow API Discovery latency improvements This release improves Shadow API Discovery and removes the latency impact on load balancers previously documented as part of Shadow API Discovery enablement.

Application Integration - Config variables pane (Preview) You can now view and edit all the config variables defined within your integration using the new Config Variables pane.

Cloud Architecture Center - Designing networks for migrating enterprise workloads: Updates to the documentation set to reflect feature releases over the past months. (New guide) Implement two-tower retrieval for large-scale candidate generation: Describes how to implement an end-to-end two-tower candidate generation workflow with Vertex AI.

Cloud Asset Inventory - The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning). The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs. The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

BigQuery - The BigQuery Data Transfer Service can now transfer data from the following data sources: MySQL, PostgreSQL. Transfers from these data sources are supported in Preview. In the navigation menu, you can now go to the Settings page to set default settings that are applied when you start a session in BigQuery Studio. The BigQuery migration assessment for Oracle now includes a total cost of ownership (TCO) calculator that provides an estimation of compute and storage costs for migrating your Oracle data warehouse to BigQuery. We have rearranged the navigation menu into new categories. In BigQuery ML, you can now forecast multiple time series at once by using the new TIME_SERIES_ID_COL option that is available in ARIMA_PLUS_XREG multivariate time series models. You can now use BigQuery Omni Virtual Private Cloud (VPC) allowlists to restrict access to AWS S3 buckets and Azure Blob Storage from specific BigQuery Omni VPCs.

Cloud Build - You can now use Cloud Build to push Go modules to Artifact Registry.

Chronicle - The individual parser documents have been put into one page with an easy-to-use search bar. The following rules have been removed from their associated rule packs in Curated Detections due to high alert volume across the Google SecOps customer base: Cloud Threats - CDIR SCC Enhanced Defense Evasion Alerts: SCC: Modify VPC Service Control with GCE Activity from the Restricted Resource SCC: Modify VPC Service Control with Activity from the Restricted Service Cloud Threats - CDIR SCC Enhanced Malware Alerts: SCC: Unexpected Child Shell Linux Threats - OS Privilege Escalation Tools: Sensitive File Discovery Last Login Users Whoami Commands Windows Threats - Initial Access: NetLogon AD System Event Risk Analytics for UEBA - Login to an Application Never Before Seen for a User Group: First Time User Login Activity to Application for Manager Peer Group Risk Analytics for UEBA - Login from Country Never Before Seen for a User Group: First Time User Login Activity from Country for Manager Peer Group.

Chronicle SOAR - Release 6.3.31 is currently in Preview. Release 6.3.30 is still in Preview.

Cloud Composer - Starting April 13, 2025, we are removing the default environment's service account setting. In April 2025, Cloud Composer 2 environments will always use the environment's service account for performing PyPI packages installations: The environment's service account will be used instead.

Compute Engine - Compute Engine is enabled for use with Cloud KMS Autokey. Generally available: Google Axion Processor-based C4A VMs with Titanium SSD are now generally available. The metadata server might display old physicalHost metadata if a VM experiences a host error.

Data Fusion - The SAP SuccessFactors plugin version 1.2.4 is available in Cloud Data Fusion version 6.8.0 and later.

Database Migration Service - Database Migration Service now supports Microsoft Azure sources for MySQL and PostgreSQL homogeneous migrations to Cloud SQL.

Dataproc Serverless - Dataproc Serverless for Spark: On March 10, 2025, the Dataproc Resource Manager API will be enabled as part of General Availability (GA) for Dataproc Serverless 3.0+ versions.

Deep Learning Containers - M127 release The following framework versions have reached their end of patch and support dates: Tensorflow versions 2.15 and earlier PyTorch versions 2.1 and earlier Base versions with CUDA 12.1 and earlier To view the end of patch and support dates, see Supported framework versions.

Deep Learning VM - M127 release Fixed an issue related to ownership of the home directory when using authorized ssh keys.

Cloud Deploy - You can now connect to your GKE cluster's DNS-based endpoint, simplifying networking configuration when talking to private clusters from Cloud Deploy.

Cloud Quotas - The following Google Cloud CLI commands are available in beta: gcloud beta quotas info, gcloud beta quotas preferences. For more information, see View quotas using the gcloud beta CLI.

Google Kubernetes Engine - With minor version 1.33, GKE nodes use containerd 2.0, which removes support for Docker Schema 1 images and the CRI v1alpha2 API. (2025-R02) Version updates GKE cluster versions have been updated.

Cloud Logging - You can now create analytics views, which let you transform your log data into a custom format.

Looker - Looker (Google Cloud core) only changes. You can now provision, configure, and manage non-production instances of the Standard, Enterprise, and Embed Looker Google Cloud Core editions for staging and testing. Looker (Google Cloud core) only changes. We're excited to announce a new series of quickstarts in the official Looker (Google Cloud core) documentation.

Memorystore for Redis Cluster - You can now create a Memorystore for Redis Cluster instance that uses customer-managed encryption keys (CMEK).

Resource Manager - You can use custom constraints with Organization Policy to provide more granular control over specific fields for some reCAPTCHA resources.

Cloud Run - You can now deploy multiple containers (sidecars) to a Cloud Run job. The principal (user or service account) creating a Cloud Run resource now needs explicit permission to access the container image(s).

Security Command Center - Security Command Center now displays the number of resources scanned for a specific security compliance standard. A new error code, AWS_ACTIVE_COLLECTOR_ACCOUNTS_NOT_FOUND, is available in the AWS connector in Security Command Center.

Sensitive Data Protection - The FRANCE_DRIVERS_LICENSE_NUMBER infoType detector is available in all regions. The TAIWAN_ID_NUMBER infoType detector is available in all regions.

Service Mesh - 1.24.x. 1.24.2-asm.1 is now available for in-cluster Cloud Service Mesh. 1.21.x. 1.21.5-asm.21 is now available for in-cluster Cloud Service Mesh. 1.22.x. 1.22.7-asm.4 is now available for in-cluster Cloud Service Mesh. 1.23.x. 1.23.4-asm.7 is now available for in-cluster Cloud Service Mesh.

SAP Solutions - Terraform support for deploying sole-tenant nodes for SAP HANA You can use Terraform to deploy the following systems with sole-tenant nodes: SAP HANA scale-up SAP HANA scale-up high availability SAP HANA multi-host scale-out without node anti-affinity SAP HANA scale-out high availability without node anti-affinity For more information, see Sole tenancy.

Cloud Spanner - Spanner now supports query statistics for previously executed partitioned data manipulation language (partitioned DML) statements.

Cloud SQL MySQL - You can now migrate data from Microsoft Azure to Cloud SQL. As of January 13, 2025, the legacy configuration for high availability (HA) is deprecated for all Cloud SQL for MySQL instances.

Cloud SQL Postgres - Cloud SQL for PostgreSQL version 17 adds support for the following extensions and plugins: Extensions and plugins ip4r oracle_fdw orafce pg_background pg_bigm pgfincore pg_hint_plan pg_partman pg_proctab pgrouting pg_similarity pgtap pgtt pg_wait_sampling PL/Proxy plv8 postgresql_anonymizer postgresql_hll prefix temporal_tables Cloud SQL for PostgreSQL version 17 doesn't support: rdkit pg_squeeze To use these extensions and plugins in your PostgreSQL 17 instance, update your instance to the POSTGRES_17_2.R20241011.00_11 maintenance version. You can now migrate data from Microsoft Azure to Cloud SQL.

Vertex AI Workbench - The M127 release of Vertex AI Workbench user-managed notebooks includes the following: Fixed an issue related to ownership of the home directory when using authorized ssh keys.

VMware Engine - VMware Engine ve1 nodes are now available in the following additional region: Paris, France (europe-west9-b).

Virtual Private Cloud - Private Service Connect endpoints for regional Google APIs can be configured with IPv6 addresses to support access from IPv6 clients. The network profile resource and an RDMA network profile are available in General Availability. If you're a service producer that makes a service available through VPC Network Peering, you can migrate your service to Private Service Connect without changing the IP address that consumers use to access the service. You can create an internal range with the usage type FOR_MIGRATION to migrate a CIDR range from one subnet to another. If you create a Private Service Connect backend to connect to a published service, and the producer has let you know which port the service is available on, you can include the producer port in the backend configuration. VPC Flow Logs can sample traffic that is sent through VLAN attachments for Cloud Interconnect and Cloud VPN tunnels.