Google Cloud Platform Newsletter

Check Archive for older issues

News

Announcing a new monitoring library to optimize TPU performance - A new monitoring library for Cloud TPUs provides observability and diagnostic tools to help you assess and improve the efficiency of your workloads.

AI/ML-ready Apache Spark with Dataproc - New Dataproc AI/ML-ready capabilities for Apache Spark streamline development and operations, reducing setup overhead and simplifying workflows.

Build with more flexibility: New open models arrive in the Vertex AI Model Garden - New open models like Deepseek R1 are available in the Vertex AI Model Garden. Learn how you can access new open models both via the UI and the API.

Powering Intelligent Search with Cloud SQL for MySQL and Vertex AI - Boost your MySQL applications with AI. Building generative AI applications with MySQL is even easier now that Cloud SQL offers built-in integration with Vertex AI.

Securely deploy ChromeOS Flex – from anywhere - Millions are breathing new life into existing hardware with ChromeOS, a modern, secure, and sustainable operating system designed to empower businesses.

Tzafon selects Google Cloud to build next-generation agentic machine intelligence - Tzafon will partner with Google Cloud to access the compute capacity and cloud services it needs to train its new multi-agent models and to develop new automation frameworks.

Google Public Sector awarded $200 million contract to accelerate AI and cloud capabilities across Department of Defense’s Chief Digital and Artificial Intelligence Office (CDAO) - Google Public Sector secures $200M DoD CDAO contract, accelerating AI and cloud adoption to enhance U.S. national security and mission readiness with cutting-edge tech.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Ongoing SonicWall Secure Mobile Access (SMA) Exploitation Campaign using the OVERSTEP Backdoor - A financially-motivated threat actor is targeting fully patched end-of-life SonicWall devices to deploy a backdoor known as OVERSTEP.

Cloud CISO Perspectives: Our Big Sleep agent makes a big leap, and other AI news - Google Threat Intelligence’s Sandra Joyce details a remarkable achievement from our Big Sleep AI agent in this newsletter.

Implementing High-Performance LLM Serving on GKE: An Inference Gateway Walkthrough - Discover how to serve high-performance LLMs on GKE using the new Inference Gateway. This guide walks you through deploying models like Gemma with intelligent load balancing, AI-aware autoscaling, and robust security features on Google Cloud.

Engineering Deutsche Telekom's sovereign data platform - Deutsche Telekom modernized its data ecosystem using Google Cloud's Sovereign Cloud, creating a "One Data Ecosystem" that handles sensitive customer data within German regulatory boundaries.

App Development, Serverless, Databases, DevOps

How to enable Secure Boot for your AI workloads - Secure Boot can help protect AI from the moment GPU-accelerated workloads power up. Here’s how to use it on Google Cloud.

Application monitoring in Google Cloud: Bridging manual and AI-assisted troubleshooting - Cloud Observability’s curated Application Monitoring dashboards improve troubleshooting with best practices from Google SREs.

Unlock AlloyDB performance secrets with new performance snapshot report - Learn how AlloyDB’s performance snapshot report lets you identify and solve performance issues with greater clarity, control, and ease.

How Renault Group is using Google’s software-defined vehicle industry solution - Renault Group’s Ampere uses Google Cloud Workstations and Gemini Code Assist to streamline and secure its software-defined Vehicle development.

Blue-Green Deployment on GCE with Terraform: A Developer’s Journey to Zero Downtime Releases - “Why does App Engine have all the fun? What about us GCE folks?”.

Mastering GCP cbt: From Beginner to Pro - The article is a guide to using the `cbt` command-line tool for interacting with Google Cloud Bigtable. It covers installation, authentication, basic commands, and configuration, providing a practical walkthrough for users of all levels.

Building an automated GitLab Merge Request Review Agent with Gemini CLI - Learn how to build a hands-off AI code review agent in GitLab. This tutorial uses Gemini CLI in a CI/CD pipeline to automate Merge Reviews.

Securing Cloud Run with Coraza WAF - The article explains how to protect a microservice on Google Cloud Run using Coraza WAF with Caddy as a reverse proxy in a sidecar container configuration.

Why We Moved 10 Million Users Off Firebase (And What Broke) - And What We Replaced It With — Architecture, Benchmarks, Source Code & Lessons Learned.

MySQL 5.7 - 8.0 on Google CloudSQL: Inplace Migration

GCP Workflows for GCP Filestore backup automation - The article explains how to automate GCP Filestore backup creation and cleanup using GCP Workflows, offering an alternative to Cloud Run Functions due to its declarative YAML nature.

What is app-enabled folder in Google Cloud - App-enabled folders are key for Google Cloud’s new app-centric model. Learn what they are, why you need one, and how to create one.

Big Data, Analytics, ML&AI

Go beyond data: Four steps to master enterprise excellence - You can’t win with AI on data alone. Explore why Enterprise Intelligence is the missing link between data and real AI impact.

Ulta Beauty redefines beauty retail with BigQuery - Ulta Beauty partnered with Google Cloud, Accenture, IBM and Infosys to embark on a comprehensive digital transformation, redefining the beauty retail experience.

Google Cloud Batch. Large Workflows. No SQL? No Spark? - Why Batch Workloads Still Matter.

Parallelizing BigQuery Stored Procedures with Google Cloud Functions - A case study in squeezing speed out of serverless stored procedures in BigQuery.

The Conditional Array Cross-Join Pattern in SQL - The article explains a SQL pattern for dynamically generating rows based on conditions in BigQuery. It uses CROSS JOIN UNNEST, STRUCT arrays, and conditional array concatenation. This pattern helps in scenarios like event logging, multi-step tracking, and financial reporting.

The Wall Between Structured and Unstructured Data Just Crumbled - Google BigQuery's new ObjectRef feature bridges the gap between structured and unstructured data by allowing users to store references to files like images and audio within SQL tables.

This is Multimodal Analytics - BigQuery’s ObjectRef Explained (For Humans).

50%+ cost reduction by changing how we get table’s partition in dbt - Small improvement for dbt + BigQuery’s cost-saving measures.

Shaping the future together with our partners: The potential of agentic AI - Learnings from a new report on the potential of agentic AI, especially for our partners. These findings represent a profound opportunity to lead customers into a more intelligent and automated future.

How to enable real time semantic search and RAG applications with Dataflow ML - Learn streaming and batch approaches for generating embeddings and storing them in vector databases such as AlloyDB to power semantic search and RAG applications with their vector search capabilities.

Gemini CLI Tutorial Series — Part 6 : More MCP Servers - Welcome to Part 6 of the Gemini CLI Tutorial series.

Don’t Let Your AI Go Rogue: Securing Database Tools with MCP Toolbox - A guide to keeping your database safe and secure in the age of AI.

Slides, Videos, Audio

Security Podcast - #234 The SIEM Paradox: Logs, Lies, and Failing to Detect.

GCP Bytes Podcast - #21 In this episode we discuss; Infinity Train, Cloud Summit, Cloud Technical Series, New Head of GCP NZ, HPE & Juniper, Google Fusion, Floating DC’s, Google Energy, VMWare Rivals, Citrix Hypervisors, Telefnica Germany, VMWARE Single Node, Qantas Hack, Gemini Prompt Injection, Vertex AI Memory Bank, Real World AI Use Cases.

Releases

AlloyDB - You can now create an AlloyDB instance with a specific IP address range using the Google Cloud CLI, Terraform, or REST API.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.32.200-gke.104 is now available for download. The following issues were fixed in 1.32.200-gke.104: Fixed vulnerabilities listed in Vulnerability fixes.

Apigee API Hub - Apigee and hybrid plugin instance management You can now create and delete plugin instances for Apigee and Apigee Hybrid while associating the respective Apigee runtime projects to API hub. Apigee and Apigee hybrid plugin creation now requires source project ID When creating new instances of the Apigee X and hybrid plugin, you must now provide a source project ID. Edit plugin instances changes You can now change or modify the name and curation logic of your plugin instance. Resource URI format for Apigee deployments To ensure optimal functionality and consistency while creating or updating Apigee deployments, we now recommend that the Resource URI conforms to the following format: organizations/([^/]+)/environments/([^/]+)/apis/([^/]+)$ For more information, see Introduction to deployments.

Apigee Advanced API Security - On July 14, 2025 we released an updated version of Advanced API Security Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Support for editing and deleting security actions With this release you can edit and delete existing security actions using either the UI or the Apigee Management APIs.

AppEngine Flexible Go - Support for Go 1.24 runtime is in Preview.

AppEngine Standard Go - Support for Go 1.24 runtime is in Preview.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs.

Assured Workloads for Goverment - The Data Boundary for Impact Level 4 (IL4) now supports the following products: Certificate Authority Service Cloud Build Cloud NAT GKE Hub Memorystore for Redis Secret Manager Sensitive Data Protection The Data Boundary for Impact Level 5 (IL5) now supports the following products: Certificate Authority Service Cloud Build Cloud NAT Cloud VPN GKE Hub Memorystore for Redis Secret Manager Sensitive Data Protection See Supported products by control package for more information.

BigQuery - You can now use the WITH pipe operator to define common table expressions in your pipe syntax queries. You can now use named windows in your pipe syntax queries. You can now add comments to notebooks, data canvases, data preparation files, or saved queries. You can now create BigQuery ML models by using the Google Cloud console user interface. You can now commercialize your BigQuery sharing listings on Google Cloud Marketplace. You can flatten JSON columns in BigQuery data preparation with a single operation.

Billing - Spend-based committed use discount (CUD) metadata export to BigQuery (public preview) You can now access spend-based CUD metadata programmatically through a BigQuery export.

Chronicle SOAR - Release 6.3.54 is being rolled out to the first phase of regions as listed here. Release 6.3.53 is now available for all regions.

Cloud Composer - Highly resilient environments are now generally available (GA) in Cloud Composer 3. We're changing the way we provide support dates for Airflow builds in Cloud Composer 3.

Compute Engine - Generally available: You can create instant and standard snapshots from Hyperdisk volumes in multi-writer mode. Compute flexible committed use discounts (CUDs) offer expanded coverage by supporting the following resources and services: Memory-optimized M1, M2, M3, and M4 VMs Compute-optimized H3 instances Cloud Run services with request-based billing Cloud Run Functions To receive the expanded coverage for flexible CUDs, you must opt in to the new spend-based CUD model.

Confidential VM - As of June 20, 2025, Confidential VM instances using AMD SEV-SNP or Intel TDX do not support remote attestation when running the following guest OS images: SLES 15 SP7 Ubuntu 25.04 To restore remote attestation, use an earlier guest OS version such as SLES 15 SP6 or Ubuntu 24.04.

Contact Center AI Insights - Quality AI offers multiple scorecards in preview.

Dataform - Updates to the automatic cataloging of Dataform metadata in Dataplex improve the near real-time management and search capabilities for repository metadata.

Dataproc - Dataproc on Compute Engine: Starting August 18, 2025, the following diagnostic properties will be enabled by default for newly created Dataproc clusters: dataproc:diagnostic.capture.enabled: Enables the collection of checkpoint data in the cluster temp bucket. New Dataproc on Compute Engine subminor image versions: 2.3.6-debian12, 2.3.6-ubuntu22, and 2.3.6-rocky9. Dataproc now allows Dynamic update of multi-tenancy clusters.

Deep Learning VM - The following framework versions have reached their end of patch and support dates: Base versions with CUDA 12.4 and earlier Tensorflow versions 2.17 and earlier PyTorch versions 2.3 and earlier To view the end of patch and support dates, see Supported framework versions.

Dialogflow - Conversational Agents: CMEK is now available in EU regions. Conversational Agents: The conversational history flow analysis feature is now available. Conversational Agents: The model gemini-2.5-flash is now available in all regions.

Cloud Functions - Support for the Go 1.24 runtime is in Preview.

Gemini - Improved code completion speed VS Code Gemini Code Assist 2.41.0 Code completion suggestion speed is improved with VS Code Extension 2.41.0. Checkpoints, selected code snippets and terminal output, and other features are now Generally Available (GA) The following features, which launched in Preview in May and June 2025, are now Generally Available: Revert to checkpoints Add selected code snippets to context Prompt Gemini Code Assist with selected terminal output Specify filenames in your workspace Exclude files from Gemini Code Assist use.

Marketplace Partners - The Detailed Disbursements and Customer Incremental Insights ISV reports are now available in BigQuery.

Migration Center - Generally available: Migration Center lets you generate a network dependencies report from the data you collect from your infrastructure. Generally available: On the Migration Center Data Import page, you can now see short descriptions for connection errors with the discovery client.

Cloud Monitoring - Application-specific resource attributes are attached to your trace data when your App Hub applications use supported Google Cloud resources, or when you instrument an application with OpenTelemetry and use the Google Cloud Telemetry endpoint.

Cloud PubSub - General availability: The Go Pub/Sub client library has a new major version. Deprecated: The v1 Pub/Sub Go client library, cloud.google.com/go/pubsub, is now deprecated.

Cloud Run - You can disable the built-in run.app URL of a Cloud Run service to ensure that traffic can only ingress through paths that you've explicitly configured (GA). Compute flexible committed use discounts (CUDs) have expanded to also cover your Cloud Billing account's spend across Cloud Run services with request-based billing and Cloud Run functions. Support for the Go 1.24 runtime is in Preview.

Security Command Center - The following Container Threat Detection detectors for file monitoring are in Preview: Collection: Pam.d Modification Credential Access: Access Sensitive Files on Nodes Defense Evasion: Disable or modify Linux audit system Defense Evasion: Root Certificate Installed Execution: Suspicious Cron Modification Persistence: Modify ld.so.preload. The following Security Command Center Enterprise pages in the Google Cloud console now fully replace equivalent pages that you accessed previously in the Google Security Operations console. In the Google Kubernetes Engine (GKE) security posture dashboard, the software vulnerabilities pane is available in Preview, not General Availability.

Service Mesh - 1.26.x. 1.26.0-asm.11 is now available for in-cluster Cloud Service Mesh. 1.23.x. In-cluster Cloud Service Mesh 1.23 is no longer supported. 1.25.x. 1.25.3-asm.11 is now available for in-cluster Cloud Service Mesh. 1.24.x. 1.24.6-asm.9 is now available for in-cluster Cloud Service Mesh.

SAP Solutions - New SAP certification for operating system: SLES 15 SP7 for SAP For use with SAP HANA and SAP NetWeaver on Google Cloud, SAP has certified the operating system SUSE Linux Enterprise Server (SLES) 15 SP7 for SAP.

Cloud Spanner - Spanner Data Boost supports data stored on hard disk drives (HDD).

Cloud Trace - Application-specific resource attributes are attached to your trace data when your App Hub applications use supported Google Cloud resources, or when you instrument an application with OpenTelemetry and use the Google Cloud Telemetry endpoint.

Vertex AI - Added Gemma 3 fine-tuning notebook using Axolotl docker with support for 1b, 4b, 12b, and 27b variants. Multimodal MedGemma 27B IT, MedSigLIP, and T5Gemma models are available through Model Garden.

VMware Engine - VMware Engine ve2 nodes are now available in the São Paulo, Brazil (southamerica-east1-c) zone in the São Paulo region (southamerica-east1).

VPC Service Controls - Preview stage support for the following integration: Address Validation API Places (New) API.