Google Cloud Platform Newsletter

Check Archive for older issues

News

BigQuery ML is now compatible with open-source gen AI models - BigQuery Machine Learning now supports any open-source large language model (LLM) from the Vertex AI Model Garden, including models from Hugging Face and custom-tuned models.

Introducing A4X VMs powered by NVIDIA GB200 — now in preview - Google Cloud introduces A4X VMs powered by NVIDIA GB200 GPUs, offering exceptional performance for reasoning models and large language models with long context windows. These VMs feature 72 NVIDIA Blackwell GPUs and 36 Arm-based NVIDIA Grace CPUs, delivering 4X the training performance of A3 VMs.

How to reduce costs with Managed Service for Apache Kafka: CUDs, compression and more - Save money on Google Cloud Managed Service for Apache Kafka with committed use discounts (CUDs) and other cost-saving features. CUDs let you save up to 40% on compute costs by committing to using resources in advance.

Introducing Cloud DNS public IP health checks, for more resilient multicloud deployments - Cloud DNS routing policies with public IP health checking is now generally available. It provides automated, health-aware traffic management for resilient multicloud deployments.

Announcing quantum-safe digital signatures in Cloud KMS - Google Cloud Key Management Service (Cloud KMS) now offers quantum-safe digital signatures, allowing customers to cryptographically sign data and validate signatures using NIST-standardized quantum-safe cryptography. This helps ensure that newly-generated digital signatures are resistant to attacks by future adversaries with access to cryptographically-relevant quantum computers.

Discover Google Cloud careers and credentials in our new Career Dreamer - Google Cloud's Career Dreamer is an AI-powered career exploration tool that helps users identify their skills and interests, and explore potential career paths in the cloud. It provides personalized career recommendations based on job market data and user input, and suggests relevant certifications and training resources from Google Cloud Skills Boost and Google Career Certificates.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger - Russia-aligned threat actors are actively targeting Signal Messenger accounts used by individuals of interest to Russia's intelligence services. These threat actors use various tactics, including phishing campaigns that abuse Signal's "linked devices" feature, modified Signal group invites, and custom-developed Signal phishing kits.

Cloud CISO Perspectives: New AI, cybercrime reports underscore need for security best practices - Stephanie Kiel, head of cloud security policy, discusses the misuse of AI and cybercrime, emphasizing the need for organizations to prioritize security best practices. The newsletter also highlights two new research reports on adversarial misuse of Gemini and AI capabilities, as well as recommendations for policymakers on confronting financially-motivated cybercrime.

Pull Request testing on Kubernetes: working with GitHub Actions and GKE

Hardening your Google Kubernetes Engine deployment — Part 1 - Secure deployment of Google Kubernetes Engine (GKE) clusters is crucial. This article outlines my approach to security hardening.

Hardening your Google Kubernetes Engine deployment — Part 2 - Now that you have a GKE cluster provisioned, let’s discuss how to enhance its internal security posture.

App Development, Serverless, Databases, DevOps

8 steps to ensuring a smooth Spanner go-live - This blog post provides a checklist of 8 steps to ensure a smooth Spanner go-live, including designing for Spanner's distributed architecture, choosing the right deployments, implementing backup and disaster recovery, staying secure, deploying logging, monitoring, and observability, optimizing your configuration with the client library, cutting costs without compromising performance, and planning your migration.

Batch processing at Scale: How PostgreSQL outperformed BigQuery for us - The strategic decision to migrate from BigQuery to PostgreSQL when doing regular updates on a small amount of rows in the table.

Mastering Google Cloud Logging: The Essential Guide for Developers - This guide provides a comprehensive overview of Google Cloud Logging, covering both basic and advanced concepts, to help developers effectively manage and utilize logs for their cloud applications.

Ensuring Stability and Graceful Scaling for ProxySQL on GKE - A serie of five articles about “CloudSQL with ProxySQL — Building a Robust and Scalable Cloud SQL Architecture” focusing on building a robust and scalable Cloud SQL architecture.

How to Load Environment Variables from Secret Manager During Build Time in Cloud Build - Learn how to load environment variables from Google Secret Manager during build time in Cloud Build.

Using ABAP Daemons to Pull Subscriptions from Google PubSub - This blog post explores how to use ABAP Daemons to continuously pull subscriptions from Google PubSub.

Big Data, Analytics, ML&AI

Unlock Inference-as-a-Service with Cloud Run and Vertex AI - Inference-as-a-Service allows enterprises to interface with machine learning models with low operational overhead. Cloud Run, Google Cloud's serverless container platform, is well-suited for driving LLM-powered applications, enabling cost-effective and scalable inference. Additionally, Retrieval-Augmented Generation (RAG) can be used to tailor LLM responses to specific domains or datasets, enhancing the accuracy and relevance of generated content.

Optimizing image generation pipelines on Google Cloud: A practical guide - This guide provides practical strategies to optimize image generation pipelines on Google Cloud. You can achieve significant performance gains and cost reductions without compromising image quality by optimizing hardware utilization, fine-tuning inference code, and streamlining the inference pipeline.

An SRE’s guide to optimizing ML systems with MLOps pipelines - This article discusses how to apply Site Reliability Engineering (SRE) principles to optimize machine learning (ML) systems and pipelines. It covers various aspects such as training ML models, ensuring data freshness, optimizing serving efficiency, achieving cost efficiency, and implementing automation for scale.

End-to-end Implementation of an ETL Pipeline from an API with dbt & BigQuery - Building a Weather Data ETL Pipeline with OpenWeatherMap API and dbt.

How to use gen AI for better data schema handling, data quality, and data generation - Gemini in BigQuery helps with data engineering tasks by automating schema mapping and transformation, improving data quality by identifying subtle inconsistencies, and generating synthetic and structured data from diverse sources. It uses large language models (LLMs) to perform tasks such as data schema handling, data quality automation, and generation of synthetic and structured data.

4 Methods for Google Generative AI Engineers to Improve the Results of a Document RAG Solution and Get More Relevant Responses from a Large Language Model - Enhance context retrieval and generate more accurate answers from your Google Generative AI applications.

Building AI-Powered Chatbots with Gemini, LangChain, and RAG on Google Vertex AI - This article provides a guide to build a chatbot that is using Gemini, LangChain, RAG, Flask, and a database, connecting a knowledge base with vector embeddings for fast retrieval and semantic search.

Unlock free access to Gemini 2.0 from SAP applications - This blog post demonstrates how SAP ABAP developers can invoke the Gemini 2.0 Flash model directly from their SAP ABAP environment.

Slides, Videos, Audio

Security Podcast - #211 Decoding the Underground: Google's Dual-Lens Threat Intelligence Magic.

Releases

AlloyDB - You can use an API to import data to AlloyDB for PostgreSQL clusters. You can perform an in-place major version upgrade of your AlloyDB cluster to PostgreSQL version 16 from PostgreSQL version 14 or 15.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.30.600-gke.68 is now available for download. The following issues are fixed in 1.30.600-gke.68: Fixed an issue that caused Runtime: out of memory errors after running gkeadm to create or upgrade clusters. The 1.30.600-gke.68 release includes many vulnerability fixes.

App Hub - App Hub supports regional and global infrastructure resources with global applications in (GA).

Application Integration - Enhancements to Execution Logs Application Integration Execution Logs now provides the following enhancements: View detailed task execution information: The dedicated Task Execution pane displays comprehensive execution details, including start and end times, status, type, and variable payload information , enabling improved debugging.

Artifact Registry - Artifact Registry might give a 400 error on pushes or pulls for Workforce Identity Federation users.

Cloud Asset Inventory - The following resource types are now publicly available through the analyze policy APIs (AnalyzeIamPolicy and AnalyzeIamPolicyLongrunning).

BigQuery - Subscriber email logging lets you log the principal identifiers of users who execute jobs and queries against linked datasets.

CDN - External HTTP(S) Load Balancing and Cloud CDN support early data for TLS 1.3, also known as 0-RTT or zero round trip.

Chronicle - Data tables are multicolumn data constructs that let you input your own data into Google SecOps. Enhanced Cloud Threat Detections by adding three new rules to the AWS - GuardDuty rule set.

Chronicle Security Operations - New Custom fields for case management Added support for custom fields that analysts can fill out when working with cases or alerts, such as report time or false positives. Data tables Data tables are multicolumn data constructs that let you input your own data into Google SecOps. Enhanced Cloud Threat Detections by adding three new rules to the AWS - GuardDuty rule set.

Chronicle SOAR - Release 6.3.36 is currently in Preview. New Custom fields for case management Added support for custom fields that analysts can fill out when working with cases or alerts, such as report time or false positives. Release 6.3.35 is now in General Availability.

Cloud Composer - Starting April 14, 2025, the Deployment Manager API won't be automatically enabled when you enable Cloud Composer API because this API isn't used by the Cloud Composer service.

Contact Center AI Platform - Version 3.31 is released All release notes published on this date are part of version 3.31. Transfer restrictions for teams Transfer restrictions, which let you control the source and destination of transfers, is now available for teams. Additional options for maximum transfer limits for chats You can now specify whether you want virtual agents, human agents, or both to be included in transfer counts. Agents can configure spelling and grammar check in the chat adapter You can let agents turn spelling and grammar check on and off in the chat adapter. Get user configuration data using the Apps API You can now use the Apps API to get user configuration data. Pass data parameters to a virtual agent mid-session You can pass data parameters to a virtual agent while a session is in progress. Interaction history retrieval is extended to 90 days There are two new settings for specifying how many days of interaction history to retrieve: 60 days and 90 days. Blended inbound and outbound calling You can automatically transition agents between handling outbound campaign calls and inbound calls, based on call volumes and conditions that you configure. Restrict outbound calling to emergency or special services You can restrict outbound calling to emergency or special services by agent and location. Automatic redirect with percent allocation You can configure automatic redirection so that specified percentages of sessions are redirected to the redirection groups that you specify. Custom agent status lists You can create lists of custom statuses and assign them to queues or teams. Availability preferences You can create availability preferences filters and apply them to users and teams. Fixed an issue where attempting to cancel a call transfer failed. Fixed an issue where the SIP URI format was not accepted in the user interface. Fixed an issue where chat shortcuts were not entered into message input fields when selected from the chat shortcut list. Fixed an issue where character limits were causing errors when email templates were being created. Fixed an issue where chats that were escalated from a virtual agent were assigned the wrong priority and never connected with an agent. Fixed an issue where agents couldn't see waiting chat contacts when their statuses were set to Unavailable. Fixed an issue where the Dismiss button in the agent adapter didn't meet accessibility requirements for contrast. Fixed an issue with Co-browse taking too long to start. Fixed an issue where the summary box in the chat adapter was not sized correctly when using a CRM. Fixed an issue for custom CRM users where the CRM record was not appearing when a session started. Fixed an issue where changing deflection settings for agent extensions in the call adapter failed. Fixed an issue where agents could not set their statuses to Busy after calls. For workforce management, fixed an issue where an error was returned when searching for an employee in the Assign Shift pane.

Dataplex - Dataplex Attribute Store is deprecated and will be discontinued on February 18, 2026.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.0.132-debian10, 2.0.132-rocky8, 2.0.132-ubuntu18 2.1.80-debian11, 2.1.80-rocky8, 2.1.80-ubuntu20, 2.1.80-ubuntu20-arm 2.2.46-debian12, 2.2.46-rocky9, 2.2.46-ubuntu22.

Dialogflow - Conversational Agents (CX), ES & Agent Assist: Starting February 24, 2025, a limit of 5 phone numbers per project will be enforced.

Google Distributed Cloud Edge - Distributed Cloud connected 1.8.0. This is a minor release of Google Distributed Cloud connected (version 1.8.0). The following new functionality has been introduced in this release of Google Distributed Cloud connected: Refreshed GDC connected rack hardware. The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected: Configure CMEK on existing clusters and node pools. The following functionality has been deprecated in this release of Google Distributed Cloud connected: Legacy GDC connected rack hardware. The following issues have been resolved in this release of Google Distributed Cloud connected: Virtual machine management no longer fails after a node has been powered down for an extended time. This release of Google Distributed Cloud connected contains the following known issues: Virtual machines using file-based Symcloud Storage volumes can experience a CDI import error. The following Google Distributed Cloud connected components have been updated: GKE on Bare Metal has been updated from version 1.28.700-gke.154 to version 1.29.800-gke.111. Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected: OS layer security mitigations: (for a complete list of fixed issues, go to release page).

Cloud Networking Products - Health checks for external endpoints in Cloud DNS routing policies are now available in GA.

Cloud Endpoints - Version 1.0.17 of the endpoints-management-java Java library is available. Bug ID Description 387351751 Fixed Checkstyle violations in the ServiceConfigSupplierTest the of source code.

Cloud Functions - Support for deploying v2 functions in Cloud Run is now in general availability (GA).

Gemini - IntelliJ Gemini Code Assist now shows disconnected network status in the Gemini status bar instead of an error. Code customization for Gemini Code Assist Enterprise now supports repositories hosted on the following: GitHub Enterprise Cloud GitHub Enterprise GitLab GitLab Enterprise Bitbucket Cloud Bitbucket Data Center.

Integration Connectors - The following connectors are now generally available (GA): Airtable Oracle Eloqua Sage Intacct SAP HANA XS Advanced.

KMS - Cloud KMS now supports the following post-quantum computing (PQC) algorithms for digital signatures in Public Preview: PQ_SIGN_ML_DSA_65: Module-lattice-based digital signature algorithm PQ_SIGN_SLH_DSA_SHA2_128S: Stateless hash-based digital signature algorithm To Retrieve a public key for a PQC key, you must use the gcloud CLI or the Cloud KMS REST API.

Google Kubernetes Engine - In GKE version 1.33 and later, if you omit the whenUnsatisfiable field in a new GKE compute class specification, the default value is DoNotScaleUp. GKE Managed NVIDIA Data Center GPU Manager (DCGM) Metrics Package is now generally available for both GKE Standard and Autopilot clusters running version 1.32.0-gke.1764000 and later. New GKE 1.27 patch versions starting with version 1.27.16-gke.2440000 are built with COS 109, because COS 105 is near the end of support. GKE automatically adds the following resource labels to node pools: goog-gke-accelerator-type: The accelerator type used in the node pool. Starting on July 1, 2025, new organizations will no longer be able to create GKE clusters with Identity Service for GKE. (2025-R07) Version updates GKE cluster versions have been updated.

GKE new features - GKE Managed NVIDIA Data Center GPU Manager (DCGM) Metrics Package is now generally available for both GKE Standard and Autopilot clusters running version 1.32.0-gke.1764000 and later. GKE automatically adds the following resource labels to node pools: goog-gke-accelerator-type: The accelerator type used in the node pool.

Load Balancing - Cleartext HTTP/2 over TCP, also known as H2C, lets you use HTTP/2 without TLS. Internal and external passthrough Network Load Balancers now support connection draining for UDP and other non-TCP protocol traffic. TLS 1.3 early data is now supported on the target HTTPS proxy of global external Application Load Balancers and classic Application Load Balancers.

Cloud Logging - You can now use custom constraints with Organization Policy to provide more granular control over your Cloud Logging resources.

Memorystore for Redis Cluster - Memorystore for Redis Cluster supports storing and querying vector data.

Cloud Monitoring - When you add an Observability Analytics widget to a custom Cloud Monitoring dashboard, you can now select other log views and analytics views to query in the Views & Schema section.

Resource Manager - Custom organization policies are now generally available for Cloud Healthcare API. Custom organization policies are now generally available for Essential Contacts.

Cloud Run - Support for deploying functions in Cloud Run is now in general availability (GA). Support for configuring automatic base image updates for Cloud Run source deployed services and functions is now in general availability (GA). You can now scale your Cloud Run service manually, in place of the built-in Cloud Run autoscaling feature.

Service Mesh - Managed Anthos Service Mesh. Managed Cloud Service Mesh 1.20 is rolling out to the rapid channel.

Cloud Spanner - The Java and Go clients for Spanner now implement multiplexed sessions.

Cloud SQL - You can now create a final backup of your data before you delete a Cloud SQL instance.

VPC Service Controls - Preview stage support for the following integration: Google Agentspace Enterprise. General availability support for the following integration: Google Agentspace - NotebookLM Enterprise.

Virtual Private Cloud - Private Service Connect service connectivity automation supports IPv6 connectivity to eligible managed services.

Workflows - Workflows is available in the following additional region: europe-north2 (Stockholm, Sweden).