Google Cloud Platform Newsletter

Check Archive for older issues

News

From analytics to data management: New BigQuery transactional features - New BigQuery features support near-real-time, transactional-style operations, letting you perform common data management in your data warehouse.

Enhancing Google Cloud protection: 4 new capabilities in Security Command Center - Security Command Center has a unique vantage point to protect Google Cloud environments. Here are four new SCC capabilities.

Announcing new MCP integrations to Google Cloud Databases to enable AI-assisted development - Today, we are announcing additional capabilities in Toolbox specifically designed to empower AI-assisted development. Toolbox now makes it easy to connect databases to AI assistants in your IDE.

Cloud Run GPUs, now GA, makes running AI workloads easier for everyone - Support for GPUs in Cloud Run makes running GPU-accelerated applications simpler, faster, and more cost-effective, as well as enabling new use cases.

Emulating the air-gapped experience: GDC Sandbox is now generally available - GDC Sandbox lets you build, demo, train, and demo workloads before transferring them to a production GDC air-gapped environment.

Streamline your your AI/ML data transfers with new GKE Volume Populator - GKE Volume Populator transfers data from your Cloud Storage bucket to a destination storage volume during PVC dynamic provisioning.

Google is a Leader in the 2025 Gartner® Magic Quadrant™ for Data Science and Machine Learning Platforms report - Google is a Leader in Gartner’s 2025 Magic Quadrant for Data Science and Machine Learning Platforms, validating investments in predictive and gen AI.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Hello, Operator? A Technical Analysis of Vishing Threats - Details on the voice phishing (vishing) threat, and strategic recommendations and best practices to stay ahead of it.

The Cost of a Call: From Voice Phishing to Data Extortion - UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.

How to build a digital twin on Google Cloud - Digital twins are essentially IT stunt doubles, cloud-based replicas of physical systems for testing. Here’s how to build them on Google Cloud.

How Project Shield helped defend against one of the largest DDoS attacks to date - Project Shield, Google’s free service that protects at-risk sites against DDoS attacks, kept KrebsOnSecurity up during a recent, massive one. Here’s how.

Cloud Billing Spikes from Idle Model Containers — Detect, Alert, and Prevent - Idle model containers in cloud environments can lead to unexpected billing spikes due to continuous resource allocation even without active traffic. The article suggests using tools like Prometheus, Cloud Monitoring, and autoscaling features like Horizontal Pod Autoscalers to detect, alert, and automatically scale down or schedule containers, optimizing cloud spending and preventing unnecessary costs.

This One Trick Saved Us Thousands on GCP Kubernetes in Staging - The article discusses how to reduce GKE staging environment costs by implementing automatic node scaling.

Our AWS to GCP Migration: The Good, The Bad, and The Terrifying - Migrating cloud infrastructure is like switching the engine of a plane mid-flight.

Why Your GCP Load Balancer Is Denying Access (403): Avoiding Cloud Armor Throttling Pitfalls - The article discusses how Google Cloud Armor's throttling feature can cause 403 (Permission Denied) errors on Google Cloud Load Balancers, especially under heavy load.

App Development, Serverless, Databases, DevOps

Fine grained IAM permissions with AlloyDB - How to Enforce Least Privilege and Granular Access for Your AlloyDB Databases with IAM Conditions.

Databases for Dummies (and AI Agents): Cloud Run with an MCP Toolbox Sidecar - Learn how the MCP Toolbox for Databases makes it easy for AI agents to load data and why it’s a perfect match for Cloud Run.

Boost your productivity while working with Google Cloud databases in Visual Studio Code - The article discusses the latest release of MCP Toolbox for Databases, which integrates with AI assistants like Visual Studio Code, to allow developers to interact with Google Cloud databases using natural language queries.

Big Data, Analytics, ML&AI

From data lakes to user applications: How Bigtable works with Apache Iceberg - The Bigtable Spark connector lets you read and write data between Apache Spark applications and Bigtable using Scala, SparkSQL and DataFrames.

Maximize BigQuery performance with enhanced workload management - Updates to BigQuery workload management help optimize workloads and resource allocation, preventing performance issues and resource contention.

Apache Airflow on Helm in GKE + Cloud Functions Integration - This article explains how to deploy Apache Airflow on Google Kubernetes Engine (GKE) using Helm, offering more control and flexibility compared to Google Cloud Composer.

Dynamically Creating NamedTuple Classes for SpannerInsert Beam Python Module - The article discusses dynamically creating NamedTuple classes for the SpannerInsert Beam Python module to handle multiple tables with varying schemas.

Efficiently applying multiple combiners on the same input in Apache Beam - The article discusses efficient ways to apply multiple combiners on the same input PCollection in Apache Beam. It compares SQL transforms, Schema transforms and Composed CombineFn, highlighting the benefits of using Composed CombineFn to process the input only once, improving performance and scalability, especially when dealing with numerous branches or complex filtering logic.

How I Tuned Apache Beam for High-Throughput Streaming in GCP Dataflow - A data engineer tuned an Apache Beam pipeline on Google Cloud Dataflow to handle 10TB of daily streaming data with sub-minute latency. Key optimizations included fixed-time windows, fusion breaking, hot key management using sharding, Avro/Proto serialization, and strategic Dataflow worker configuration for cost efficiency. Cloud Monitoring was crucial for identifying bottlenecks and performance debt.

Computing Actual Physical vs. Logical Storage Costs in BigQuery - How to identify immediate potential cost savings, by determining the optimal storage billing model for each BigQuery dataset.

If Only Terraform Used Maps: Fixing BigQuery Schema State Pain - Terraform, while excellent for infrastructure as code, struggles with BigQuery table schemas due to its naive linear comparison strategy. This can lead to unintended column deletion and recreation, potentially causing data loss. The author suggests Terraform should treat the schema like a map instead of an array list to resolve this issue.

dbt + BigQuery in Production: 13 Technical Practices to Scale and Optimize Your Data Platform - Best practices using dbt with BigQuery.

Things I wish I knew before migrating Snowflake to Bigquery - Migrating from Snowflake to BigQuery requires careful planning due to key differences like shorter time travel, different CDC approaches, and case sensitivity. Optimization strategies also vary, with BigQuery needing manual partitioning and clustering for peak performance. The author advises early stakeholder engagement, phased migration, rigorous data validation, and continuous cost monitoring to ensure a smooth transition.

Accelerate your gen AI: Deploy Llama4 & DeepSeek on AI Hypercomputer with new recipes - Learn about new recipes on GitHub for deploying the latest Llama4 and DeepSeek models on the AI Hypercomputer platform.

Building a Production Multimodal Fine-Tuning Pipeline - Google Cloud’s enterprise infrastructure combined with Axolotl’s configuration-driven approach enables organizations to build scalable multimodal AI fine-tuning pipelines that bring custom AI capabilities from concept to production.

How Alpian is redefining private banking for the digital age with gen AI - Alpian wants to set a new standard for private banking in the 21st century through its use of the cloud and AI.

Multimodal agents tutorial: How to use Gemini, Langchain, and LangGraph to build agents for object detection - Learn how to combine Gemini models with open-source frameworks like LangChain and LangGraph. To get started right away, use ADK Quickstart or visit our Agent Development GitHub.

Step-by-Step: Serving PyTorch Models with a Custom Handler on Vertex AI - The article provides a step-by-step guide on deploying PyTorch models with custom handlers on Google Cloud's Vertex AI.

Slides, Videos, Audio

Security Podcast - #228 SIEM in 2025: Still Hard? Reimagining Detection at Cloud Scale and with More Pipelines.

Releases

Apigee Advanced API Security - On June 4, 2025 we released an update to the Anomaly Detection model in Advanced API Security Abuse Detection. New model for Abuse Detection's Advanced Anomaly Detection rule With this release, we introduced a new and improved machine learning model for anomaly detection in Advanced API Security.

Apigee Hybrid - On June 4, 2025 we released an updated version of the Apigee hybrid software, 1.15.0. Large message payload support in Apigee hybrid Apigee now supports message payloads up to 30MB. Bug ID Description 412324617 Fixed issue where Runtime container could spin at 100% cpu limit. Fixed in this release Bug ID Description N/A Security fixes for apigee-asm-ingress. Fixed since last minor release Bug ID Description 391923260 Security fixes for apigee-watcher.

Cloud Architecture Center - (New guide) Optimize AI and ML workloads with Google Cloud Managed Lustre: Shows how to use Managed Lustre to optimize the performance of AI and ML workloads.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

BigQuery - The organization-level configuration settings for default_sql_dialect_option and query_runtime are unsupported. You can now use the BigQuery advanced runtime to improve query execution time and slot usage. BigQuery tables for Apache Iceberg have been renamed BigLake tables for Apache Iceberg in BigQuery. BigQuery metastore has been renamed BigLake metastore and is now generally available (GA). In the navigation menu, you can now go to Settings and select Configuration settings to customize the BigQuery Studio experience for users within the selected project or organization. BigQuery now supports using Spanner external datasets with authorized views, authorized routines, and Cloud resource connections. The CREATE EXTERNAL TABLE and LOAD DATA statements now support the following options in preview: time_zone: specify a time zone to use when loading data date_format, datetime_format, time_format, and timestamp_format: define how date and time values are formatted in your source files. In the BigQuery console, in the Welcome tab, you can now try the Apache Spark demo notebook that walks you through the basics of Spark notebook and showcases serverless Spark in BigQuery.

Chronicle - The following parser documentation is now available: Collect Abnormal Security logs Collect Apache Cassandra logs Collect Darktrace logs Collect Nix Systems Ubuntu Server (Unix System) logs Collect 1Password logs Collect 1Password audit logs Collect Symantec Endpoint Protection logs Collect Symantec VIP Authentication Hub logs Collect Symantec VIP Enterprise Gateway logs Collect Symantec Web Isolation logs Collect Varonis logs Collect Oracle DB logs Collect Akeyless Vault logs Collect Attivo Networks BOTsink logs Collect Avaya Aura logs Collect BeyondTrust Endpoint Privilege Management logs Collect BeyondTrust Privileged Identity logs Collect Blue Coat ProxySG logs Collect Microsoft Exchange logs Collect MYSQL logs Collect Signal Sciences WAF logs Collect Symantec CloudSOC CASB logs. User interface fixes There was an issue with highlighting regular expressions in Search and Rules Editor.

Chronicle Security Operations - Playbook Permissions: Support for API Key Roles The platform has been updated to extend playbook permissions to also support the SOC Roles associated with API keys, in addition to the user SOC Roles. Advanced Reports: Case Custom Fields Advanced Reports (Looker) has been enhanced to include support for custom fields created for Cases. The following parser documentation is now available: Collect Abnormal Security logs Collect Apache Cassandra logs Collect Darktrace logs Collect Nix Systems Ubuntu Server (Unix System) logs Collect 1Password logs Collect 1Password audit logs Collect Symantec Endpoint Protection logs Collect Symantec VIP Authentication Hub logs Collect Symantec VIP Enterprise Gateway logs Collect Symantec Web Isolation logs Collect Varonis logs Collect Oracle DB logs Collect Akeyless Vault logs Collect Attivo Networks BOTsink logs Collect Avaya Aura logs Collect BeyondTrust Endpoint Privilege Management logs Collect BeyondTrust Privileged Identity logs Collect Blue Coat ProxySG logs Collect Microsoft Exchange logs Collect MYSQL logs Collect Signal Sciences WAF logs Collect Symantec CloudSOC CASB logs. User interface fixes There was an issue with highlighting regular expressions in Search and Rules Editor.

Chronicle SOAR - Release 6.3.47 is now available for all regions. Release 6.3.48 is being rolled out to the first phase of regions. Playbook Permissions: Support for API Key Roles The platform has been updated to extend playbook permissions to also support the SOC Roles associated with API keys, in addition to the user SOC Roles. Advanced Reports: Case Custom Fields Advanced Reports (Looker) has been enhanced to include support for custom fields created for Cases.

Compute Engine - Preview: OS Login now supports connections from SSH certificates in addition to SSH keys. Preview: You can enable your project to send HTTP requests to a Compute Engine feature alpha URI. Preview: The general-purpose C4D machine series offers bare metal (-metal) machine types with 384 vCPUs.

Contact Center AI Platform - Patch 3.35.15 is released This patch does the following: Fixes an issue in agent desktop.

Data Fusion - The Salesforce plugin version 1.6.10 is available in Cloud Data Fusion versions 6.10.1 and 6.11.0.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.107 1.2.51 2.2.51 2.3.2. Dataproc Serverless for Spark: Fixed a bug that prevented the spark.executorEnv property from correctly setting specific executor environment variables across all runtimes.

Cloud Quotas - IAM roles for the Cloud Quotas is generally available (GA).

Cloud Filestore - The promoteReplica API is available for promoting replicas to regular instances.

Gemini - Automatic scrolling VS Code Gemini Code Assist (version 2.35.0) now automatically scrolls through chat responses, enabling easier and faster readability. Stop in-progress chat responses You can now stop chat responses with VS Code Gemini Code Assist (version 2.35.0). Clickable filenames in chat (Preview) You can now click filenames referenced in a chat response to open the file in the IDE with VS Code Gemini Code Assist (2.35.0), as Preview. Exclude files from local context (Preview) Context exclusion of files using .gitIgnore is now enforced.

Load Balancing - Application Load Balancers now support the use of custom metrics that let you configure your load balancer's traffic distribution behavior to be based on metrics specific to your application or infrastructure requirements, rather than Google Cloud's standard utilization or rate-based metrics. Cleartext HTTP/2 over TCP, also known as H2C, lets you use HTTP/2 without TLS.

Cloud Logging - You can now cancel a running query in the Logs Explorer by clicking the Stop query button.

Cloud Monitoring - You can now add treemap widgets to your custom dashboards.

Cloud Interconnect - Cross-Site Interconnect (Preview) support is available in the following colocation facilities: Melbourne, Australia For more information, see the Locations table and Global Locations.

Cloud PubSub - General availability: Pub/Sub now offers Single Message Transforms (SMTs) that enable lightweight modifications to message data and attributes directly within Pub/Sub.

Security Command Center - The Security Risk Overview dashboard for Compute Engine is in General Availability. Vulnerability Assessment for Google Cloud supports scanning on Google Kubernetes Engine (GKE) nodes and containers. Muted findings are no longer considered in the Security Command Center Risk Engine. Security Command Center Premium customers can now access toxic combinations, which are in General Availability, and chokepoints, which are in Preview. The following Container Threat Detection detectors for Google Kubernetes Engine have been released to General Availability: Credential Access: Find Google Cloud Credentials Credential Access: GPG Key Reconnaissance Defense Evasion: Base64 ELF File Command Line Defense Evasion: Base64 Encoded Python Script Executed Defense Evasion: Base64 Encoded Shell Script Executed Execution: Fileless Execution in /memfd: Execution: Suspicious OpenSSL Shared Object Loaded Privilege Escalation: Fileless Execution in /dev/shm.

Service Mesh - Managed Cloud Service Mesh. DNS Proxy feature is now available in the Rapid release channel. This change affects clusters using both the TRAFFIC_DIRECTOR and ISTIOD control plane implementations. Isolation support to prevent cross-region overflow is now available as a preview feature for TRAFFIC_DIRECTOR implementations of Cloud Service Mesh.

Cloud Spanner - BigQuery now supports using Spanner external datasets with authorized views, authorized routines, and Cloud resource connections.

Virtual Private Cloud - You can publish a Secure Web Proxy instance as a Private Service Connect service.

Workstation - The JetBrains CLion preconfigured base image uses CLion 2025.1.1. The JetBrains GoLand preconfigured base image uses GoLand 2025.1.1. The JetBrains IntelliJ Ultimate preconfigured base image uses IntelliJ-IDEA 2025.1.1. The JetBrains PhpStorm preconfigured base image uses PhpStorm 2025.1.1. The JetBrains WebStorm preconfigured base image uses WebStorm 2025.1.1. The JetBrains RubyMine preconfigured base image uses RubyMine 2025.1.1. The JetBrains PyCharm preconfigured base image uses PyCharm 2025.1.1.1. The JetBrains Rider preconfigured base image uses Rider 2025.1.2.

AlloyDB - You can let AlloyDB automatically create Private Service Connect endpoints for authorized projects when you create Private Service Connect-enabled instances, based on your defined service connection policy. You can create AlloyDB clusters with Private Services Connect through the Google Cloud console.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.32.100-gke.106 is now available for download. For clusters configured with advanced clusters, introduced an Envoy sidecar into the GKE Identity Service to increase security, reliability, and performance.

Apigee API Hub - On June 3, 2025, we released an updated version of Apigee. Apigee API hub is enabled for new Apigee organizations in supported regions.

Apigee Integrated Portal - On June 2, 2025 we released a new version of the Apigee integrated portal. Bug ID Description 404509044 When configuring an SMTP server, and the portal is first provisioned, email notifications are sent to portal users from a generic sender address.