Google Cloud Platform Newsletter

Check Archive for older issues

News

Introducing Google Cloud Setup: Your guided pathway to a secure cloud foundation - Google Cloud Setup helps you quickly implement a robust cloud foundation based on recommended best practices, to get up and running quickly.

Introducing audit-only mode for Access Transparency - Introducing a new, lightweight audit-only mode for Access Approval to enable access approvals in an “on demand only” model.

Announcing a complete developer toolkit for scaling A2A agents on Google Cloud - Google Cloud tools help developers build, deploy, and sell collaborative Agent2Agent (A2A) systems that solve complex problems seamlessly.

Google Cloud's commitment to EU AI Act support - Google announced this week that we intend to sign the European Union AI Act Code of Practice. Here’s what our European customers should know.

Now GA: C4 VMs with Local SSD, bare metal, and larger shapes, on Intel Xeon 6 - C4 VMs running on Intel 6th Gen Xeon Granite Rapids include local SSD support on Titanium SSDs, and include bare metal instances and new extra-large shapes, all GA.

System-centric monitoring and observability for SAP workloads running on Google Cloud - New observability and monitoring functionality in Workload Manager is purpose built for SAP workloads, providing a unified view of cloud-based environments.

Veo 3 and Veo 3 Fast are now generally available on Vertex AI - Building on momentum with Veo 3 by making Veo 3 available for everyone on Vertex AI, and announcing Veo 3 Fast, a model designed for speed and rapid iteration. Try Veo 3 today.

The global endpoint offers improved availability for Anthropic’s Claude on Vertex AI - Anthropic's Claude models on Vertex AI now have improved overall availability with the global endpoint for Claude models. Get started today.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: Going beyond 2FA to address fast-rising, emerging threats - Token theft can bypass 2FA. Andy Wen explains how Workspace is helping to protect users by layering cutting-edge defenses against emerging threats.

Understanding Calendar mode for Dynamic Workload Scheduler: Reserve ML GPUs and TPUs - Dynamic Workload Scheduler Calendar mode provides up to 90 days of reserved GPU and TPU capacity for your ML workloads without long-term commitments.

Too many threats, too much data, say security and IT leaders. Here’s how to fix that - Operationalizing threat intelligence remains a major challenge, say security and IT leaders in a new survey. Here’s how to fix that.

Terraform Targeted Destruction & Error Resolution Cheat Sheet - Guide for GKE Clusters with Multiple Node Pools.

How to Create an HA-VPN with BGP and AS-Path Prepending using Terraform in Google Cloud - A Step-by-Step Guide to Building a Highly Available VPN with Advanced BGP Routing.

Google Cloud Security Threat Horizons Report #12 Is Out! - Most important points from Cloud Threat Horizons Report.

App Development, Serverless, Databases, DevOps

A deep dive into code reviews with Gemini Code Assist in GitHub - Transform code reviews with Gemini Code Assist in GitHub. Get instant AI summaries, automated reviews, and improve code quality. Free up human reviewers.

Stop Burning Money on GCP: Everything You Need to Know - “You can read the complete blog using “Friend’s Link” in case you are not a member of Medium yet!!”.

Lost in Logs and Silent Failures? - The article discusses how to solve serverless debugging challenges using cloud-native observability techniques on Google Cloud Platform, without altering application code.

Harnessing Apigee API Management Platform as an LLM Gateway: Implementation Walkthrough (Part 2/2) - The article provides a step-by-step guide on implementing an LLM gateway using Apigee, detailing the setup of a backend service on Google Cloud Run for interacting with various LLMs (Gemini, OpenAI, Anthropic), configuring Apigee for security, prompt sanitization, and traffic management, and deploying a Streamlit frontend for user interaction, while also emphasizing the importance of analytics and monitoring for cost management and monetization.

Build a Better VM: Creating a Golden Image Pipeline on GCP - In the world of cloud, consistency is key. How do you ensure that every virtual machine you deploy is secure and compliant? A golden image!

How to make persistent changes to software in Google Cloud Shell - Google Cloud Shell's software changes are ephemeral by default, resetting after inactivity. The article explains how to use the `$HOME/.customize_environment` file to persist software installations and upgrades across sessions.

Yes! Cloud Run apps are supported in Cloud Profiler - Cloud Profiler, a tool for profiling resource usage in applications, officially supports platforms like GCE, GKE, and App Engine. The article confirms that Cloud Run is also supported without needing special configurations and points to a GitHub repository with a working solution.

Google Cloud Database Digest:The Architectural Revolution Disaggregated Compute & Storage - The latest GCP database updates and what they mean for your production systems, dev workflows, and architecture.

Big Data, Analytics, ML&AI

BigQuery meets ADK & MCP: Accelerate agent development with BigQuery's new first-party toolset - Securely connect AI agents to BigQuery. Use ADK and MCP to simplify data access, reducing development overhead and risk. Check out the tutorial.

Mastering BigQuery Default Values with Dataflow - This article explains how to effectively use BigQuery's default value feature with Apache Beam and Dataflow. It details how to configure Dataflow pipelines using FILE_LOADS, STREAMING_INSERTS, and the STORAGE_WRITE_API to trigger BigQuery's default values by omitting columns in the data being written, simplifying ETL logic and delegating data enrichment to BigQuery.

Pattern Matching with SQL: Real-Time Anomaly Detection Using BigQuery’s MATCH_RECOGNIZE - The article introduces BigQuery's MATCH_RECOGNIZE clause as a powerful SQL tool for behavioral pattern detection, enabling users to identify sequences of events within data.

Real-Time Data Validation on GCP with Apache Flink: Patterns, Scaling and Production Architecture - Building Robust Real-Time Data Validation Pipelines on Google Cloud with Apache Flink.

How We Cut BigQuery Costs by 35% During a Teradata-to-GCP Migration - An enterprise migrating from Teradata to GCP reduced BigQuery costs by 35% by implementing detailed billing exports, usage dashboards, and Looker Studio visualizations.

Deciphering Dataplex Consumption in Google Cloud Billing - This article explains how to understand Dataplex consumption in Google Cloud billing by breaking down charges by workload type using Cloud Billing reports and BigQuery.

Building an analytics crew with CrewAI and BigQuery - The article provides a step-by-step guide to building an AI-powered analytics team using CrewAI and Google BigQuery. It details the project structure, agent configuration, task definitions, and the creation of a custom BigQuery tool for data analysis.

Gemini CLI: Custom slash commands - Gemini CLI now supports custom slash commands, enabling users to define reusable prompts for streamlined interactions and improved workflow efficiency.

Remember this: Agent state and memory with ADK - Discover how Agent Development Kit (ADK) enables AI agents to remember information within and across user sessions through short-term state and long-term memory, enhancing personalization and contextual awareness. Explore ADK's session and memory storage options, including SQL databases and Vertex AI Agent Engine.

Building Agentic Applications with Google’s ADK: A Hands-On SQL Agent Example - Not just prompts — agentic development lets you build systems that think, act, and adapt.

Building a Medical RAG System with Google’s Agent Technologies: A Complete Implementation Guide - The article details the implementation of a Retrieval-Augmented Generation (RAG) system on Google Cloud Platform for medical customer support.

How to Build an MCP Server with Gemini CLI and Go - A step-by-step guide on how I built GoDoctor, an AI-powered Go development assistant, using the Model Context Protocol (MCP) and Gemini CLI.

Gemini CLI: Power up your Linux workflow - The author discusses how the Gemini CLI tool has enhanced their Linux workflow by simplifying tasks such as configuring `vim`, setting up Docker development environments, and performing data analysis with `awk`.

Gen AI Evaluation Service — Agent Metrics - The article discusses how to evaluate Gen AI agents using Google Cloud's Gen AI Evaluation Service, focusing on response evaluation and trajectory evaluation (the path of tool calls an agent takes).

Is Your AI Agent Using the Right Tools for the Job? - Understanding the trade-offs in security, performance, and control for your agent’s toolkit.

Fine-tuning Gemma 3 on an A3 Mega Slurm Cluster - This article demonstrates fine-tuning the Gemma 3 language model on a multi-node, multi-GPU Slurm cluster on Google Cloud using the Google Cloud Cluster Toolkit, Hugging Face Accelerate, and FSDP for distributed training.

Fine-tuning Gemma 3 on an A4 Slurm Cluster - This article demonstrates how to fine-tune the Gemma 3 language model on a multi-node, multi-GPU Slurm cluster on Google Cloud using the Google Cloud Cluster Toolkit.

Serving Gemma 3 on TPU v5e and v6e using vLLM - Learn how to serve Gemma 3 27B on v5e and v6e TPU VMs!

Serving Gemma 3 on A2 Machines using vLLM - Learn how to host inference service on GPU powered machine in Google Cloud using Gemma 3 and vLLM!

Part III — Deploy Gemma workloads on A3 Ultra with H200 GPUs on GKE : (3) Inferencing - In part I we introduced the topics of RDMA, in part II we deployed a RDMA VPC, A3 Ultra node with H200 GPU in a GKE cluster.

Slides, Videos, Audio

Security Podcast - #236 Accelerated SIEM Journey: A SOC Leader's Playbook for Modernization and AI.

GCP Bytes Podcast - #22 In this episode we discuss; Pixel 10, Dave’s new NAS, MS and Poo, Google TV Streamer, Bankys Certs, VEO3 is now GA, Google Summit, Sol Trans Atlantic Cable, Google Q2 Results, GKE Turns 10, Europe and VMWare, UNC3944, Backup for GKE, Bucket Relocation, Big Query Costs, GMAIL Subscription Tool, Gemini Pro 2.5 in Search, AI and neurodivergent people, SA Government and AI.

Releases

AlloyDB - Database server compatibility with PostgreSQL version 17 is now available in Preview.

Apigee API Hub - New data source support for plugins API hub now supports importing API metadata through new dedicated plugins for the following data sources: Apigee Edge Public Cloud Apigee Edge Private Cloud (OPDK) For more information, see Plugins overview. Push-based plugin ingestion API hub now supports push-based plugin ingestion. Create custom plugins [API only] You can now use the Create Plugin API to create custom plugins in API hub. Default Apigee plugin instance not auto-created during runtime attachment Issue: When provisioning API hub as part of Apigee provisioning, the default Apigee X and hybrid plugin instance is not automatically created. Delete plugin instance changes API hub no longer retains any ingested metadata from a plugin after its deletion. Provisioning changes and Apigee API proxy registration API hub changed how it registers API proxies from Apigee and how it creates default plugin instances during provisioning. New tutorial: Enrich API data in API hub A new tutorial is available for enriching API data in Apigee API hub. Deprecation of pull-based ingestion for Apigee plugins Pull-based ingestion is no longer supported for Apigee and Apigee hybrid plugins as of July 31, 2025. Deprecation of Apigee proxy deployment attributes As of July 31st, 2025, the Apigee X and Hybrid Environment and Apigee X and Hybrid Organization attributes will no longer be added to new Apigee proxy deployments.

Apigee UI - On July 30, 2025 we began redirecting the following Apigee Classic UI navigation items to Apigee UI in the Google Cloud console: Develop > API Proxies Develop > Shared Flows Develop > Offline Debug See Apigee UI in Cloud console navigation for a mapping of each Classic Apigee UI feature page to its location in the Apigee UI in Cloud console. On July 29, 2025 we removed the Switch to Classic option from the following Apigee UI in the Google Cloud console pages: API Proxy Shared Flow Offline Debug detail This is part of the Apigee Classic UI shutdown plan.

App Hub - The following Vertex AI supported resources are now generally available (GA): Dataset items Featurestore containers MetadataStore instances Model resources.

AppEngine Flexible Go - Support for Go 1.24 runtime is in General Availability (GA). Support for Go 1.25 runtime is in Preview.

AppEngine Flexible NodeJS - Support for Node.js 24 runtime is in Preview.

AppEngine Standard Go - Support for Go 1.24 runtime is in General Availability (GA). Support for Go 1.25 runtime is in Preview.

AppEngine Standard NodeJS - Support for Node.js 24 runtime is in Preview.

Cloud Architecture Center - (New guide) Well-Architected Framework: Financial services industry (FSI) perspective: Principles and recommendations that are specific to FSI, aligned to each pillar of the Architecture Framework.

Backup and DR Service - Announcing the Public Preview launch of Cloud SQL enhanced backups with Backup and DR.

BigQuery - You can manage data profile scans and data quality scans across your project by using the Metadata curation page in the Google Cloud console. BigQuery ML has improved throughput by more than 100x for the following generative AI functions: ML.GENERATE_TEXT AI.GENERATE_TABLE AI.GENERATE AI.GENERATE_BOOL AI.GENERATE_DOUBLE AI.GENERATE_INT Actual performance varies based on the number of input and output tokens in the request, but a typical 6-hour job can now process millions of rows. BigQuery ML now can automatically detect model quota increases in Vertex AI, and automatically adjusts the quota for any BigQuery ML functions that use those models. You can now use continuous queries to export BigQuery data to Spanner in real time. The Gemini for Google Cloud API (cloudaicompanion.googleapis.com) is now enabled by default for most BigQuery projects. You can now associate data policies directly on columns.

Bigtable - Logical views for Bigtable are now generally available (GA).

Chronicle Security Operations - New rules added to rule pack Curated detections has been enhanced with additional Chrome Enterprise Premium Browser Threat detections. Automated retries for failed playbook actions This feature is in Preview. Custom Fields Form widget is now supported in Playbook View The Custom Fields Form widget is now supported in Playbook View.

Chronicle SOAR - Release 6.3.56 is rolling out to the first phase of regions, as outlined in our Google SecOps release plan. Automated retries for failed playbook actions This feature is in Preview. Custom Fields Form widget is now supported in Playbook View The Custom Fields Form widget is now supported in Playbook View. Release 6.3.55 is now available for all regions.

Cloud Composer - Fixed an issue that caused unexpected restarts of Airflow component workloads in the environment's cluster. (Cloud Composer 3) The DAGS_FOLDER reserved environment variable now correctly points to the local directory where DAG files are stored. New Airflow builds are available in Cloud Composer 3: composer-3-airflow-2.10.5-build.10 (default) composer-3-airflow-2.9.3-build.30. New images are available in Cloud Composer 2: composer-2.13.8-airflow-2.10.5 (default) composer-2.13.8-airflow-2.9.3. Cloud Composer version 2.8.6 has reached its end of support period.

Compute Engine - Generally available: The general purpose C4 machine series now supports the following machine types on Intel's Xeon 6 processor (Granite Rapids): C4 VMs with Titanium Local SSD attached using new machine types: c4-standard-*-lssd c4-highmem-*-lssd New bare metal machine types: c4-standard-288-metal c4-highmem-288-metal C4 standard, highmem, and highcpu VMs with 144 and 288 vCPUs To learn more, see the C4 machine series.

Confidential VM - Support for accelerator-optimized a3-highgpu-1g machine type for securely running AI and ML workloads is now generally available, with the following specifications: 4th Generation Intel Xeon Scalable processor (Sapphire Rapids) Intel TDX 1 NVIDIA H100 GPU.

Config Connector - Config Connector version 1.133.0 is now available. New Beta Resources (Direct Reconciler): APIGatewayAPI AppHubApplication StorageAnywhereCache. New Alpha Resources (Direct Reconciler): BigtableLogicalView. Reconciliation Improvements Added support for direct reconciliation to more resources, with opt-in behaviour. PR#4808 filtered out Kubernetes labels that are invalid for Google Cloud in the ComputeForwardingRule direct controller, ensuring backward compatibility after migrating to the direct controller.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.1.111 1.2.55 2.2.55 2.3.6. Dataproc Serverless for Spark: Subminor version 1.1.111 is the last release of runtime version 1.1, which will no longer be supported and will not receive new releases.

Datastore - You can clone an existing database at a selected timestamp into a new database.

Dialogflow - Conversational Agents: Routine playbooks are now generally available. Conversational Agents: Parameter passing is now available and documented between routine playbooks, task playbooks, and flows.

Eventarc - Eventarc Advanced is generally available (GA). Eventarc Advanced is available in the asia-south1 (Mumbai, India), europe-north1 (Hamina, Finland), and us-east4 (Ashburn, Virginia, North America) regions. There is a limit of one MessageBus resource per project per region, and a limit of one GoogleApiSource resource per project per region.

Cloud Firestore - You can clone an existing database at a selected timestamp into a new database.

Cloud Functions - Support for Go 1.24 runtime is in General Availability (GA). Support for Go 1.25 runtime is in Preview. Support for Node.js 24 runtime is in Preview.

Gemini - View code diff in IntelliJ chat IntelliJ Gemini Code Assist 1.23.3 With the code diff view in IntelliJ Gemini Code Assist, you can view suggested code changes directly in your chat with Gemini Code Assist. Multi-part chat code suggestions IntelliJ Gemini Code Assist 1.23.3 IntelliJ Gemini Code Assist now supports streamlined multi-part chat code suggestions. Clickable filenames in chat output IntelliJ Gemini Code Assist 1.23.3 IntelliJ Gemini Code Assist provides clickable filenames when it references a file in your workspace as part of its chat response. BYOID support for IntelliJ IntelliJ Gemini Code Assist 1.23.3 The IntelliJ Gemini Code Assist Standard and Enterprise editions support Bring Your Own ID (BYOID) login. Chat banner shows release channel information IntelliJ Gemini Code Assist 1.23.3 The IntelliJ Gemini Code Assist chat banner shows the release channel that you're currently working in. IntelliJ Gemini Code Assist 1.23.3. Use Gemini Code Assist agent mode in IntelliJ (Preview) Stay in control with interactive reviews and approvals You can use Gemini Code Assist chat in agent mode to complete complex, multi-step tasks and goals with complete control over every change. IntelliJ Gemini Code Assist 1.23.3. Auto Approve mode lets the Agent act on your behalf Enable auto approve mode to let the agent act on your behalf. VS Code Gemini Code Assist 2.43.0. Use agent mode in Gemini Code Assist for VS Code (Preview) Tackle complex tasks with Gemini Code Assist agent mode for VS Code Gemini Code Assist agent mode is available for all users. VS Code Gemini Code Assist 2.43.0. Effectively collaborate with your agent with the improved diff view functionality (Preview) We've enhanced Gemini Code Assist agent mode with powerful new editing capabilities. Inline diff (Preview) VS Code Gemini Code Assist 2.42.0 Inline diff is available for VS Code Gemini Code Assist 2.42.0 in Preview.

Google Kubernetes Engine - (2025-R32) Version updates GKE cluster versions have been updated. Control plane datastore maintenance Starting in May, 2025, Google is performing maintenance on the internal control plane datastore for all GKE clusters to improve scalability and reliability. A fix is available for an issue in which the Compute Engine Persistent Disk CSI driver failed with an invalid cpuString error on GKE nodes that used custom machine types. In GKE version 1.33.1-gke.1788000 and later, you can target specific reservation sub-blocks in a reservation block by using the reservationSubBlock field in compute classes. In GKE version 1.32.2-gke.1359000 and later, you can now configure collection scheduling for single-host and multi-host TPU node pools by using compute classes. In GKE version 1.33.2-gke.1335000 and later, the GKE Gateway controller supports Gateway API v1.3 CRDs.

GKE new features - In GKE version 1.33.1-gke.1788000 and later, you can target specific reservation sub-blocks in a reservation block by using the reservationSubBlock field in compute classes. In GKE version 1.32.2-gke.1359000 and later, you can now configure collection scheduling for single-host and multi-host TPU node pools by using compute classes. In GKE version 1.33.2-gke.1335000 and later, the GKE Gateway controller supports Gateway API v1.3 CRDs.

Load Balancing - Starting October 15, 2025, the global and classic external Application Load Balancers are improving HTTP header handling for headers with obs-fold values to comply with the RFC 9112 standard Previously, these load balancers would forward HTTP headers with obs-fold values (those split across multiple lines, with subsequent lines starting with a space or a tab) without any changes. Global external Application Load Balancers now support the JA4 fingerprint.

NetApp - Google Cloud NetApp Volumes now supports organization policy for Customer Managed Encryption Keys (CMEK). Google Cloud NetApp Volumes is now integrated with NetApp BlueXP Connector.

Cloud Interconnect - Custom IP address ranges are available for Cloud Interconnect in Preview.

Cloud VPN - Classic VPN full deprecation update As of August 1, 2025, dynamic routing or Border Gateway Protocol (BGP) for Classic VPN tunnels is deprecated.

Cloud PubSub - General availability: The Ruby Pub/Sub client library has a new major version. Deprecated: The v2 Pub/Sub Ruby client library, google-cloud-pubsub/v2.x, is now deprecated.

Cloud Run - Support for Go 1.24 runtime is in General Availability (GA). Support for Go 1.25 runtime is in Preview. Support for Node.js 24 runtime is in Preview.

Security Command Center - Model Armor and Vertex AI integration Model Armor integrates with Vertex AI, providing a default security configuration for all new prediction endpoints. You can send a bulk export of Security Command Center findings to a BigQuery dataset. You can use Terraform to manage Model Armor floor settings and templates. Model Armor filter updates The prompt injection and jailbreak detection filter now supports 10,000 tokens.

Sensitive Data Protection - The following infoType detectors are available in all regions.

Cloud Spanner - When you create the free trial instance using the Google Cloud console, Spanner creates and preloads it with a sample database for an ecommerce store. You can use continuous queries to export BigQuery data into Spanner in real time.

Cloud SQL - Cloud SQL now offers two options of backup services to manage your instance's backups: Enhanced backups (Preview): backups are managed and stored in a centralized backup management project that leverages the Backup and DR service, and provides enforced retention, granular scheduling, and longer retention.