Google Cloud Platform Newsletter

Check Archive for older issues

News

Google Agentspace achieves FedRAMP High authorization - Google Agentspace, a powerful search technology and AI assistant, has achieved FedRAMP High authorization. It's available within Google Cloud's Assured Workloads, expanding the AI portfolio for public sector organizations.

Secure backups with end-to-end workflows for threat detection and remediation - Google Cloud Backup and Disaster Recovery (DR) service now offers deeper integration with Security Command Center Enterprise, providing new detections and end-to-end workflows to protect backup data.

Google Cloud at KubeCon Europe 2025 - Google Cloud will be at KubeCon + CloudNativeCon Europe 2025 in London from April 1-4. Visit booth S100 to discover the latest advancements in the cloud-native space, including interactive demos and lightning talks by Googlers, partners, and customers.

Securing the future of football: Google Cloud and Atlético de Madrid expand cybersecurity partnership - Atlético de Madrid and Google Cloud are expanding their cybersecurity partnership, with Google Cloud becoming the official cybersecurity partner for both the men's and women's teams.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Accelerating mainframe modernization with Google Cloud Dual Run and mLogica LIBER*M automation suite - Google Cloud and mLogica partner to accelerate and de-risk mainframe application modernization. mLogica's LIBER*M automated code refactoring suite, now available on Google Cloud Marketplace, combined with Google Cloud Dual Run for validation and de-risking, offers a validated modernization path.

Sequencing Cloud Migration to Reduce Cost: What to Migrate and When - Is your cloud migration costing more than you expected? Is your TCO not coming down? If so, this guide will give the secret sauce!

Mastering Complex Workloads with Kubernetes JobSet and GKE metrics - JobSet is a Kubernetes workload manager that simplifies the management of complex batch workloads. It allows users to define groups of related Jobs as "ReplicatedJobs" and manage them as a single unit. JobSet also provides automatic metrics on newer GKE clusters, making it easier to monitor and troubleshoot complex workloads. Some of the amazing features from JobSet are: Exclusive Job to topology placement, spec.coordinator, DNS for Pods, and Groups of Jobs of different templates.

How autoscaling took down my application..!! - A small oversight in autoscaling configuration caused an application outage. The root cause was uneven distribution of nodes across availability zones due to improper autoscaling settings. Adjusting the autoscaling configuration to ensure an even distribution of nodes resolved the issue.

Multi Instance GPUs (MIG) in GKE - Multi-Instance GPUs (MIG) in GKE allows users to partition a physical GPU into multiple smaller, isolated instances, optimizing GPU utilization for AI/ML workloads. With MIG, you can run multiple workloads in parallel on the same GPU, improve GPU utilization for small-to-medium ML tasks, and achieve workload isolation and better scheduling granularity.

How we used GCP’s Custom Compute Classes to optimize Infrastructure Efficiency - Glance Engineering used Google Kubernetes Engine's Custom Compute Classes to optimize infrastructure efficiency. They achieved higher utilization while maintaining system stability and availability, resulting in a 26% infrastructure cost saving. Custom Compute Classes enabled granular control over autoscaling and declarative infrastructure configuration, allowing for efficient resource utilization and cost savings.

App Development, Serverless, Databases, DevOps

Nuro drives autonomous innovation with AlloyDB for PostgreSQL - Nuro, a robotics company developing self-driving vehicle technology, needed a data platform to handle complex data processes and support continuous AI model improvement. By migrating to AlloyDB for PostgreSQL, Nuro gained scalability, high performance, and advanced query capabilities to power AI-driven insights across millions of data points while reducing operating costs.

Colossus under the hood: How we deliver SSD performance at HDD prices - Colossus, Google's foundational distributed storage system, optimizes data placement for performance. It combines the scalability of object storage with the familiar programming interface of file systems. Colossus uses SSD caching and SSD data placement to identify and store frequently accessed data on SSDs, while keeping the bulk of the data on HDDs.

Deploy your first LLM on GCP: Gemma with Cloud Run (Serverless & GPU-powered) - Deploy your own powerful language model (LLM) in the cloud using Google Cloud Run GPU. With Ollama and Cloud Run, you can easily run LLMs like Gemma without the need for a powerful local GPU. This serverless solution allows you to pay only when your model is in use, making it cost-effective for occasional or on-demand workloads.

Hosting Our Holy Handbook: A Journey in Serverless Simplicity - How we built a simple, secure, and serverless internal website on Google Cloud.

4 steps to supercharge Planet Scale, Global architectures on Google Cloud - This article describes how to enhance a globally load balanced architecture on Google Cloud by adding global content delivery, security at the API layer, and global persistence capabilities. It covers optimizing content delivery using Cloud CDN, enhancing security with Identity Aware Proxy (IAP), adding global persistence with Google Firestore, and automating deployment via Pulumi IaC.

A Deep Dive into AlloyDB Backup and Recovery - AlloyDB for PostgreSQL offers comprehensive backup and recovery tools to protect data and ensure business continuity. Understanding continuous, automated, and on-demand backups is crucial for tailoring a backup strategy that meets specific needs for recovery granularity, retention, and cost optimization.

Big Data, Analytics, ML&AI

Building a Marketing Data Warehouse on Google Cloud Platform - This blog post discusses building a marketing data warehouse on Google Cloud Platform to solve challenges in marketing measurement and activation. It highlights the importance of extracting data from various platforms, storing it in a central location, and using tools like BigQuery for analysis and transformation.

Build gen AI agents using Google Cloud databases - Gen AI Toolbox for Databases is an open-source service that simplifies the creation, deployment, and management of gen AI tools capable of querying databases with secure access, robust observability, scalability, and comprehensive manageability.

Migrate from Bigquery to multi-regional Memorystore using Dataproc - This article explains how to migrate data from BigQuery to Memorystore using a Dataproc pipeline.

BigQuery User Defined Aggregate Functions (UDAF) to handle large precision - BigQuery User Defined Aggregate Functions (UDAFs) allow users to overcome precision limitations by defining custom aggregate functions in SQL or JavaScript. These functions enable calculations and aggregations on data with precision and scale that exceed BigQuery's native support.

Your Open Source BigQuery Backup&Restore Buddy - An open-source service that makes BigQuery backups & restores simple, scalable, and accessible to everyone.

How we saved $3.5M in BigQuery costs on deleting inactive user data - 5 key BigQuery optimisations for reducing the costs associated with deleting the data of 150,000 inactive customers.

Formula E’s AI equation: New Driver Agent boosts next generation of racers - Google Cloud and Formula E have collaborated to create an AI-powered "Driver Agent" that analyzes extensive multimodal data generated during racing and provides actionable insights to drivers. The Driver Agent connects to a Formula E driving simulator and provides in-depth, immediate coaching through both text and audio, helping drivers improve their lap times, optimize braking and acceleration, generate more downforce, and avoid crashes.

Who are the Google Cloud Generative AI Field Solution Architects (FSAs)? - The Google Cloud Generative AI Field Solution Architects (FSAs) are a team of experts who help customers turn their AI ideas into real-world impact. They provide fast hands-on technical expertise to customers beginning their AI journey or stuck on difficult concepts and problems.

Anyscale powers AI compute for any workload using Google Compute Engine - Anyscale, a secure, scalable, cost-efficient, reliable, and optimized Unified AI Platform, powers AI compute for any workload using Google Compute Engine. It simplifies AI complexity, deployable in your environment or hosted by Anyscale, empowering teams to accelerate AI model training and deployment.

Speed up checkpoint loading time at scale using Orbax on JAX - Orbax, a toolkit for saving and loading checkpoints for machine learning models built using JAX, introduces optimized checkpoint loading to accelerate AI development. By employing single-replica broadcasting, Orbax reduces redundant data transfers and significantly speeds up checkpoint loading. This optimization eliminates the bottleneck caused by limited GCS bandwidth, resulting in faster training starts and improved productivity.

RAG with a PDF using LlamaIndex and SimpleVectorStore on Vertex AI - A sample on how to set up a PDF-based RAG pipeline with LlamaIndex and Vertex AI is presented. The process involves loading the PDF into documents, splitting the documents into chunks, creating vector embeddings, and querying the index with a Vertex AI model.

Production-ready ComfyUI on Google Cloud - This article describes how Slalom built a production-ready AI image generation application using ComfyUI and the CyberRealistic XL model on Google Cloud. They utilized GKE Autopilot, NVIDIA H100 GPUs, a custom queuing system, and GPU partitioning to create a highly scalable and efficient platform.

Evolving Cloud Operations Self-Service with AI Agents - How can you grow your Cloud Operations self-service capabilities with AI agents and capitalize on the potential of Generative AI?

Leveraging GCP Model Armor for Robust LLM and Agentic AI Security - Model Armor, a conceptual framework for securing AI models, addresses vulnerabilities in agentic AI systems, such as prompt injection, data poisoning, model extraction, and unintended consequences.

Various

The AI Revolution in EU Digital Government: From Belief to Bold Implementation - The report "The AI opportunity for eGovernment in the EU" finds that adopting generative AI can unlock a EUR 100 billion opportunity for EU public administrations through enhanced productivity and create significant value for EU citizens and businesses.

Meet the 15 AI startups selected for Google for Startups Cloud AI Accelerator - Google for Startups Cloud AI Accelerator has selected 15 AI startups to join its program. These startups are leveraging AI to address various real-world challenges, including immigration, healthcare, storytelling, finance, risk management, and more. The equity-free program offers 10 weeks of mentorship, technical support, and access to Google AI tools.

Google Public Sector takes center stage at Next ‘25 - Sessions you can't miss - Google Cloud Next '25 is taking place in Las Vegas from April 9-11, 2025. The event will showcase how AI and security solutions are transforming education and government. Attendees can expect keynotes, lightning talks, breakouts, showcase demos, spotlights, solution talks, and more.

Slides, Videos, Audio

Kubernetes Podcast - #249 Kubernetes at LinkedIn, with Ahmet Alp Balkan and Ronak Nathani.

Security Podcast - #216 Ephemeral Clouds, Lasting Security: CIRA, CDR, and the Future of Cloud Investigations.

GCP Bytes Podcast - #13 In this episode we discuss; Cloud Flare Wave Motion, Daves PC, Google Developer Centre, GCR is dead, Italy Blocking Domains, Google ChromeCast, Sweden Cloud Region, Network Security Integration, Google Spanner HDD, MyGov Passkeys, FIIG security failures, Google buys Wiz, Gemma-3, Gemini Canvas.

Releases

Datastore - Firestore in Datastore mode now supports multi-region nam7 United States (Central and East), which consists of regions us-central1 (Iowa) and us-east4 (Northern Virginia).

Cloud Deploy - Cloud Deploy is now available in the following regions: northamerica-south1 (Mexico) europe-north2 (Stockholm).

Document AI - As we launch Custom Extractor version pretrained-foundation-model-v1.4-2025-02-05 in GA with fine tuning (in Preview), these versions will no longer be accessible effective September 24, 2025: pretrained-foundation-model-v1.2-2024-05-10 pretrained-foundation-model-v1.3-2024-08-31 To avoid service disruptions, migrate to a later version, such as pretrained-foundation-model-v1.4-2025-02-05.

Cloud Filestore - Instance replication is now generally available (GA).

Cloud Firestore - Cloud Firestore now supports multi-region nam7 United States (Central and East), which consists of regions us-central1 (Iowa) and us-east4 (Northern Virginia).

Gemini - Local codebase awareness is now available for IntelliJ Gemini Code Assist. You can now see what files are used by IntelliJ Gemini Code Assist chat and can customize the context as needed.

GKE new features - In version 1.32.1-gke.1729000 and later, you can customize specific kubelet and Linux kernel parameters like sysctls and huge pages by using the nodeSystemConfig field in your GKE compute classes.

Looker - Looker (Google Cloud core) and Looker (original) changes. The following features have been added to Studio in Looker, which is available in preview: The Looker connector can now connect to a private IP (private services access) only Looker (Google Cloud core) instance or to a private IP (Private Service Connect) Looker (Google Cloud core) instance using the Looker instance ID.

Media CDN - Media CDN supports dynamic compression in General Availability.

Memorystore for Redis Cluster - Finding and setting maintenance windows are now Generally Available (GA) on Memorystore for Redis Cluster. After you create a Memorystore for Redis Cluster instance, you can now change the node type for the instance.

Migration Center - The discovery client 6.3.6 is available with new features and bug fixes. Preview: Added support for discovery of Amazon Relational Database Service (Amazon RDS) instances and uploading the collected information to Migration Center. Added upload of disk read and write input/output operations per second (IOPS) to Migration Center. Added collection and upload of AWS tags to Migration Center. Added the --extended flag to the mcdc discover ls command to include location and collection parameters columns. Fixed an issue that prevented users from sorting Windows Servers by scan status. Fixed an issue that caused VMware vCenter collection to take significantly more time to initiate a subsequent collection after a details or credential updates. Fixed an issue where the IP range scan remained in the In Progress state indefinitely after restarting the discovery client service during a scan. Fixed an issue that caused incorrect primary IP addresses of Amazon EC2 instances to be uploaded to Migration Center. Fixed an issue that caused the Win32_Service Windows Management Instrumentation (WMI) query to fail, resulting in Windows guest collection timeouts. Fixed an issue where disk space reporting excluded virtual disk partitions for some filesystems (specifically fuse) on Linux machines. Fixed an issue that caused incorrect capacity and storage reporting for Windows RAID partitions. Fixed an issue where system memory swap space was sometimes incorrectly reported as disk storage. Fixed an issue that incorrectly calculated storage sizes for ZFS file systems. Fixed an issue in Linux guest collection that omitted filesystem overhead and reservations from total partition size calculations. Fixed an issue that required an IP address when using the test credentials feature with VMware tools. Fixed an issue on Linux where partition data couldn't be retrieved when mount points contained spaces. Added an indicative message to alert users of unsupported browsers.

NetApp - The backups feature for the Flex service level is now generally available. Google Cloud NetApp Volumes now supports cross-region backup vaults in Preview. The Flex service level of Google Cloud NetApp Volumes now supports custom performance in Preview, enabling independent provisioning of capacity and performance with zonal pools in selected regions.

Network Connectivity Center - Site-to-site data transfer locations in the following countries have been added to Network Connectivity Center: Belgium Canada Chile Finland Israel Mexico Sweden.

Resource Manager - Custom organization policies are now available in Preview for Cloud Resource Manager.

Cloud Run - The ability to disable the Invoker IAM check for Cloud Run services is now at general availability (GA). Cloud Run services configured with Direct VPC egress now use only 2 times (2X) as many IP addresses as the number of instances for the duration of the instance plus up to 20 minutes, reduced from 4X as many IP addresses. New services using GPUs by default will have zonal redundancy turned on.

Service Mesh - 1.24.x. 1.24.3-asm.6 is now available for in-cluster Cloud Service Mesh. 1.23.x. 1.23.5-asm.3 is now available for in-cluster Cloud Service Mesh. 1.22.x. 1.22.8-asm.5 is now available for in-cluster Cloud Service Mesh. 1.21.x. 1.21.5-asm.34 is now available for in-cluster Cloud Service Mesh.

Cloud Spanner - Spanner vector index and approximate nearest neighbor (ANN) distance functions in the GoogleSQL-dialect are Generally Available. Spanner ANN indexes are now supported in Langchain. You can save and manage your SQL scripts in Spanner Studio.

Cloud SQL - Cloud SQL read pools provide operational simplicity and scaling for your large read workloads. Cloud SQL now lets you retain existing backups after an instance is deleted.

Cloud SQL SQL Server - You can export the transaction logs for all Cloud SQL for SQL Server instances that have point-in-time recovery (PITR) enabled and their logs stored in Cloud Storage. Cloud SQL now lets you retain existing backups after an instance is deleted.

Cloud Trace - To send trace data to your Google Cloud project, we recommend that you use the new Telemetry API, which implements the OpenTelemetry OTLP API and provides compatibility and support for the open source ecosystem.

Vertex AI - Generally available: You can consume reservations of VMs that have GPUs attached with your custom training jobs or prediction jobs.

Vertex AI Workbench - The ability to back up and restore data on a Vertex AI Workbench instance is now generally available.

VPC Service Controls - Preview stage support for the following integration: Telemetry (OTLP) API. Preview stage support for the following integration: Parameter Manager.

Virtual Private Cloud - Support for the following is available in General availability for dual-stack configurations: IPv6 static routes with a next hop internal passthrough Network Load Balancer (next-hop-ilb) IPv6 static routes with a next hop instance identified by address (next-hop-address) For more information, see Next hops and features in the static routes overview.

Workflows - Support for a Kubernetes API connector is generally available (GA).

Workstation - Cloud Workstations is available in the me-central2 region (Dammam, Saudi Arabia, Middle East).

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.29.1200-gke.99 is now available for download. The 1.29.1200-gke.99 release includes many vulnerability fixes. Since release 1.30.0-gke.1930, the featureGates.enableGMPForSystemMetrics field in the stackdriver custom resource is always on and can't be disabled.

API Gateway - On March 26, 2025, we released an updated version of API Gateway. With this release, customer data in API Gateway is now CMEK-compliant at rest. v1. On March 25, 2025, we released an updated version of API Gateway. API Gateway now supports Workforce Identity Federation.

Apigee Advanced API Security - On March 25, 2025 we released an updated version of Advanced API Security. Risk Assessment v2 is now the default Risk Assessment version Starting with this release, Risk Assessment v2 is the default Risk Assessment version in the UI. New Advanced API Security support when using data residency (DRZ) with Apigee hybrid Advanced API Security is now available for Apigee hybrid orgs using DRZ, for hybrid versions 1.14.0 and later. New features added to public preview of Risk Assessment v2 This release introduces new features to the Risk Assessment v2 preview: Security monitoring conditions.

Apigee Hybrid - v1.14.0. On March 27, 2025, we released an updated version of Apigee. Availability of client IP resolution functionality with Apigee hybrid. v1.14.0. On March 25, 2025 we released an updated version of Advanced API Security. New Advanced API Security support when using data residency (DRZ) with Apigee hybrid Advanced API Security is now available for Apigee hybrid orgs using DRZ, for hybrid versions 1.14.0 and later.

BigQuery - You can now enable metadata caching for SQL translation, which can significantly reduce latency for subsequent translation requests. You can now set the column granularity when you create a search index, which stores additional column information in your search index to further optimize your search query performance. BigQuery ML now supports visualization of model monitoring metrics. You can now use KLL quantile functions to efficiently compute approximate quantiles. You can now set labels on reservations. The BigQuery Data Transfer Service can now transfer reporting and configuration data from Google Analytics 4 into BigQuery. We have redesigned the Add Data dialog to guide you through loading data into BigQuery with a source-first experience and enhanced search and filtering capabilities.

Bigtable - The Monitoring page in the Google Cloud console for Bigtable has been renamed to System insights.

Cloud Build - In the filtering toolbar of the Build history page, you can now filter builds by region.

Chronicle - Google SecOps is renaming Applied Threat Intelligence (ATI) rules to improve clarity and better reflect the associated UDM fields with each rule detection. The managed BigQuery resources and API keys associated with the chronicle-tla Google Cloud project will be fully deprecated by April 30, 2025. Purging of expired raw logs and normalized events is now based on the Ingestion Timestamp instead of the Event Timestamp.

Chronicle SOAR - Release 6.3.40 is now available for all regions. Release 6.3.41 is being rolled out to the first wave of regions as listed here. Configure user preferences The ability to manage platform time zones, date/time settings, and notifications have moved to the new User Preferences dialog, accessible from your avatar.

Cloud Composer - A new Cloud Composer release has started on March 26, 2025. All Cloud Composer environment's GKE clusters are set up with maintenance exclusions from March 27, 2025 to April 04, 2025. Data lineage in Cloud Composer now uses OpenLineage. (Available without upgrading) Fixed an issue with updating maintenance windows when there is an upcoming Cloud Composer 3 infrastructure operation. (Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-google package was upgraded to version 14.0.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.10.2 and 2.9.3) The apache-airflow-providers-cncf-kubernetes package was upgraded to version 10.3.0 in Cloud Composer 2 images and Cloud Composer 3 builds. (Airflow 2.10.2 and 2.9.3) Changes in preinstalled packages: apache-airflow-providers-postgres was upgraded to 6.1.0 from 5.14.0. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.10.2-build.12 (default) composer-3-airflow-2.9.3-build.19. New images are available in Cloud Composer 2: composer-2.12.0-airflow-2.10.2 (default) composer-2.12.0-airflow-2.9.3. Cloud Composer versions 2.6.4, 2.6.5, and 2.6.6 have reached their end of support period.

Compute Engine - Generally available: You can use instant snapshots to take in-place backups of the following types of disks: Hyperdisk Balanced Hyperdisk Balanced High Availability Hyperdisk Extreme Instant snapshots are ideal for rapid data restoration only within the same location as the source disk. Generally available: You can specify a custom ephemeral internal IPv6 address when creating an instance. Generally available: Asynchronous Replication is now generally available for Hyperdisk Balanced, Hyperdisk Balanced High Availability, and Hyperdisk Extreme disks. Resolved: Fixed the issue that caused Persistent Disks attached to VMs with n2d-standard-64 machine types to inconsistently reach the maximum performance limit of 100,000 IOPS. Generally available: Multi-writer support for Hyperdisk Balanced High Availability disks.

Confidential VM - On February 18, 2025, Google released a security fix for Confidential VM instances using AMD SEV-SNP on N2D machine types, which might result in performance degradation.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.96 1.2.40 2.2.40. Dataproc Serverless for Spark: All Dataproc serverless for spark runtimes now support hadoop native libraries by default.

Dataproc - New Dataproc Serverless for Spark runtime versions: 1.1.96 1.2.40 2.2.40. Dataproc Serverless for Spark: All Dataproc serverless for spark runtimes now support hadoop native libraries by default.