Google Cloud Platform Newsletter

Check Archive for older issues

News

Monitor your databases on Compute Engine with Database Center - Database Center can now monitor self-managed MySQL, PostgreSQL, and SQL Server running on Compute Engine, and has several new usability enhancements.

Announcing multi-subnet support for more scalable GKE clusters - Overcome GKE node IP exhaustion with multi-subnet support, now in public preview for GKE Clusters.

Start and scale your apps faster with improved container image streaming in GKE - Performance improvements to GKE image streaming allow workloads to start up faster, particularly AI/ML apps that come in large containers.

Accelerate AI with Cloud Run: Sign up now for a developer workshop near you! - Learn to build secure, scalable AI applications with Cloud Run at our free global workshops. Transform your prototypes into production-ready solutions with hands-on labs and expert guidance. Register now!

Google is a Leader in the 2025 IDC MarketScape for Business Intelligence and Analytics Platforms - Discover why Google has been recognized as a Leader in the 2025 IDC MarketScape for Business Intelligence and Analytics Platforms, highlighting our AI-infused BI platform.

Google is a Leader in the 2025 Gartner® Magic Quadrant™ for Container Management - For the third year in a row, Gartner has recognized Google as a Leader for in the 2025 Gartner® Magic Quadrant™ for Container Management.

Run OpenAI’s new gpt-oss model at scale with Google Kubernetes Engine - We’re announcing immediate support for deploying gpt-oss-120b and gpt-oss-20b on GKE. We are also giving customers detailed benchmarks of gpt-oss-120b on accelerators on Google Cloud.

Boosting defenders with AI: What’s coming at Security Summit 2025 - AI can help empower defenders, and also create new security challenges. Join us for this year's Security Summit as we focus on those themes.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: New Threat Horizons details evolving risks — and defenses - Google Cloud’s Office of the CISO dives into the key trends and evolving threats that we tracked in our just-published Cloud Threat Horizons report.

Uber's modern edge: A new approach to network performance and efficiency - Uber and Google Cloud re-engineered Uber's global edge network using Hybrid NEGs, cutting latency by a significant margin and saving millions.

Designing a multi-tenant GKE platform for Yahoo Mail's migration journey - Yahoo Mail is migrating onto a multi-tenant GKE platform, taking both a lift-and-shift approach and replatforming key components and middleware.

Forrester study: Customers cite 240% ROI with Google Security Operations - A new Forrester Consulting study on Google Security Operations found a 240% ROI over three years, with a net present value (NPV) of $4.3 million.

Streaming CrowdStrike Falcon Events into GCS for Google Chronicle - This article details how to build a serverless data pipeline on Google Cloud to stream CrowdStrike Falcon events into GCS for ingestion into Google Chronicle or analysis in BigQuery.

How to Build a Global HTTP Load-Balancer with Managed Instance Groups in Google Cloud using Terraform - Building Scalable Web Infrastructure on Google Cloud with Terraform.

GKE Gateway API and Service Extensions: Your New Toolkit for Tackling Complex Traffic Challenges in GCP - GKE Gateway API Service Extensions allow users to inject custom logic into the data path, enabling advanced traffic modifications via Plugins (inline code) or Callouts (gRPC calls to external services). The article provides practical examples of how to configure and deploy these extensions in a GKE environment.

GKE Node Registration Workflow/Lifecycle - Understanding the GKE Node Bootstrapping and Registration Process: A Step-by-Step Breakdown.

Prepare your GKE workloads for stricter exec probe timeouts in GKE 1.35 - The article discusses an upcoming change in Google Kubernetes Engine (GKE) version 1.35 where `timeoutSeconds` for Kubernetes exec probes will be strictly enforced.

App Development, Serverless, Databases, DevOps

Beyond guardrails: A taxonomy of platform engineering control mechanisms - Learn how to control the platform engineering application lifecycle with golden paths, guardrails, safety nets, and manual checkpoints and reviews.

How Keeta processes 11 million financial transactions per second with Spanner - A recent public stress test verified that Keeta Network’s transaction volume significantly outperformed traditional layer-1 blockchains.

How Google does it: Your guide to platform engineering - At PlatformCon 2025, we talked about “shift down” — one of the guiding principles behind Google’s approach to platform engineering.

Smarter Authoring, Better Code: How AI is Reshaping Google Cloud's Developer Experience - Discover how Google Cloud's Developer Experience team is leveraging Gemini-powered AI to enhance documentation and code samples, accelerating developer success with smarter authoring and accurate, scalable resources.

How Yahoo Calendar broke free from hardware queues and DBA bottlenecks - Yahoo Mail needed to migrate a high-scale, always-on service without disrupting the experience users rely on every day, whether for standups, presentations, or birthday reminders. Cloud SQL set the date.

Why can’t I connect to Cloud SQL? Demystifying networking for your database - Cloud SQL offers various connection methods, including direct IP, Cloud SQL Auth Proxy, and Private Service Connect (PSC). While direct IP is suitable for testing, Auth Proxy is recommended for security through automated authentication and encryption. PSC offers secure, isolated connections for complex scenarios, especially in large organizations with strict compliance needs.

Goodbye, Passwords: The IAM Trick for Connecting Your Local App to Cloud SQL Friction-Free - The article discusses connecting a local application to Cloud SQL for PostgreSQL using IAM authentication, eliminating the need for passwords.

Oracle to AlloyDB | Cloud SQL (PostgreSQL) Migration Series: A Developer’s Guide (Part 3) - Implementing Autonomous Transactions in AlloyDB.

Big Data, Analytics, ML&AI

Scalable AI starts with storage: Guide to model artifact strategies - Optimize AI model serving by decoupling models from code using Cloud Storage. This guide explores loading strategies like Cloud Storage FUSE CSI, and advanced options such as Managed Lustre and Hyperdisk ML, for scalable and agile MLOps platforms.

From legacy to cloud: How Deutsche Telekom went from PySpark to BigQuery DataFrames - Deutsche Telekom migrated off PySpark to BigQuery DataFrames a.k.a. BigFrames for its distributed Python data processing.

Tutorial: How to use the Gemini Multimodal Live API for QA - This tutorial will show you how to leverage the Gemini API to build an automated quality inspection system that overcomes the common challenges of manual QA.

How to build a deep research agent for lead generation using Google's ADK - This guide details the architecture of a deep research agent, built using the Agent Development Kit (ADK). Get started with Google ADK today.

Taming the stragglers: Maximize AI training performance with automated straggler detection - Slow nodes, or "stragglers," can hurt AI model training performance. Learn how to automatically detect and mitigate these bottlenecks in your ML workloads with Google Cloud.

ADK Agents for BigQuery Series -Part 4: System Instructions and beyond - Part 4: System Instructions and beyond.

Secure your LLM apps with Google Cloud Model Armor - Model Armor is a Google Cloud service designed to enhance the security of AI applications by filtering inputs and outputs to prevent malicious content. It offers customizable filters for responsible AI, prompt injection, malicious URLs, and sensitive data using the Sensitive Data Protection service.

Updating the Rickbot Multi-Personality Agentic Application Part 2 — Integrate Agent Development Kit (ADK) using Gemini CLI - Using the Gemini CLI to migrate our codebase to use the ADK.

Agent Engine with Gemini BiDi Streaming Session Workaround - Real time voice interaction is the best way to interact with agent. But agent engine is not ready yet. How to go beyond the limitations?

One Toolbox, Many Sources: Unifying Your Data Landscape with MCP Toolbox - Effortlessly connect diverse databases and projects for your generative AI applications.

Inferencing — Serve Llama 4 on A4 (B200 GPUs) using VLLM and GKE - This article guides users on deploying the Llama 4 Scout model on Google Cloud using A4 VMs powered by NVIDIA B200 GPUs, a GKE Autopilot cluster, and vLLM for efficient inference.

Good bye Vertex AI SDK - Gemini AI in Vertex AI SDK is deprecated. See how easy to migrate to Gen AI SDK just in three simple steps.

Various

The University of Hawaii is helping the state retain top talent with Google AI - See how the University of Hawaii collaborates with Google Public Sector, using AI to build local career pathways and help graduates thrive in their island home.

Slides, Videos, Audio

Security Podcast - #238 Google Lessons for Using AI Agents for Securing Our Enterprise.

GCP Bytes Podcast - #23 In this episode we discuss; Proxmox 9.0, TP Link Deco, Alphabet Rises, Chrome Bid, Nutanix Surge, Dangling Buckets, Project Zero, Google Power Usage, Veo3 on VertexAI, Australian AI Accelerator, Gemini Self Flagellation, Genie 3.

Releases

Vertex AI - Gemma 3 270M, Wan 2.2 and Wan 2.1 models are available through Model Garden. OpenAI's gpt-oss-120b and gpt-oss-20b are available as Model as a Service (MaaS) models in Model Garden. Qwen3 Coder and Qwen3 235B are available as Model as a Service (MaaS) models in Model Garden.

VMware Engine - VMware Engine v2 nodes are now available in the Santiago, Chile (southamerica-west1-b) zone in the Santiago region (southamerica-west1) region.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.30.1200-gke.63 is now available for download. The following issues were fixed in 1.30.1200-gke.63: Fixed vulnerabilities listed in Vulnerability fixes.

Apigee API Hub - API observations in API hub (Preview) API observations in API hub helps you tackle the challenges of undocumented and unmanaged APIs in your API infrastructure.

Apigee UI - On August 12, 2025, we released an updated version of the Apigee UI. Added path column to Debug transaction table A new column has been added to the transactions table in the Debug view that specifies the path that was used by the transaction to call the proxy. Bug ID Description 421974963 Adjusted tooltip positions in Debug sequence view The tooltips for response items in the Debug sequence view now appear at the bottom of the element, so as not to block the elements above.

Apigee Advanced API Security - On August 11, 2025 we released an updated version of Advanced API Security Abuse Detection Note: Rollouts of this release to production instances will begin within two business days and may take four or more business days to complete across all Google Cloud zones. Improved performance when viewing IP address-specific details for abuse detection incidents With this release, the IP address detail information for abuse incidents displays more quickly for IP addresses with high traffic volumes, potentially reducing load times from minutes to seconds.

Cloud Asset Inventory - The following resource types are now publicly available through the ExportAssets, ListAssets, BatchGetAssetsHistory, QueryAssets, Feed, and Search (SearchAllResources, SearchAllIamPolicies) APIs: Cloud Speech-to-Text - speech.googleapis.com/Endpoint, speech.googleapis.com/Model. Looker - looker.googleapis.com/Backup.

Backup and DR Service - Announcing the General Availability (GA) of Backup Vault support for independent Persistent Disks and Hyperdisks! This new capability empowers you to protect application data, databases, and file shares stored on individual disks (where a full VM backup is not required) — all within a secure, immutable, logically air-gapped vault designed to withstand malicious deletion and advanced threats like ransomware.

BigQuery - You can now visualize your geospatial query results on an interactive map in BigQuery studio. You can use cross region federated queries to query Spanner tables from regions other than the source BigQuery region. You can aggregate table data with Gemini assistance in your BigQuery data preparations. You can now save query results to Cloud Storage. BigQuery resource utilization charts are generally available (GA). You can now use WITH expressions in your GoogleSQL queries to create temporary variables. You can now use chained function call syntax in GoogleSQL to make deeply nested function calls easier to read. BigQuery data preparations are now represented in the SQLX format and in the pipe query syntax to simplify the CI/CD code review process.

Cloud Build - C3 and N2D machine families are now generally available in private pools.

Carbon Footprint - For the July 2025 semi-annual methodology refresh (released in mid-August 2025), we implemented the following improvements and updated the carbon model to version 14: Updating Scope 1 & 3 emissions from Google's corporate footprint: Updated Scope 1 & 3 allocation factors using latest Google company-wide data from 2025 Google Environmental Report.

Chronicle - New parser documentation now available New parser documentation is available to help you ingest and normalize logs from the following sources: Collect Anomali ThreatStream IOC logs Collect Cisco Application Control Engine (ACE) Collect Cisco Firepower NGFW logs Collect Cisco Firewall Service Module (FWSM) Collect Cisco IronPort logs Collect Cisco PIX logs Collect Cisco Prime logs Collect Cisco Wireless Intrusion Prevention System (WIPS) logs Collect Cisco Wireless LAN Controller (WLC) logs Collect Cisco Wireless Security Management (WiSM) logs Collect Cloudian HyperStore logs Collect CrushFTP logs Collect Delinea Distributed Engine logs Collect Duo User context logs Collect ExtraHop DNS logs Collect ExtraHop RevealX logs Collect Extreme Networks switch logs Collect Extreme Networks Wireless logs Collect MuleSoft Anypoint logs Collect Palo Alto Prisma SD-WAN logs Collect Recorded Future IOC logs Collect Veeam logs Collect Veridium ID logs Collect VMware Tanzu logs Collect VMware vCenter logs Collect VMware vRealize logs Collect VMware vSphere logs Collect VSFTPD logs Collect VyOS logs Collect Workday audit logs Collect Yamaha router logs. Data RBAC self-service enablement Data RBAC now includes a self-service option for direct enablement.

Chronicle SOAR - Release 6.3.58 is being rolled out to the first phase of regions as listed here. Release 6.3.57 is now available for all regions.

Compute Engine - Public Preview: You can now access the Compute Engine alpha API at the project level through a self-service process. Generally available: License Manager is now generally available. Preview: The G4 accelerator-optimized machine series is designed for graphics-intensive workloads such as NVIDIA Omniverse simulations, video transcoding, and virtual desktops. You can attach up to 128 instances to the same Hyperdisk ML volume whose size is between 2 TiB and 16 TiB.

Contact Center AI Platform - Check the version number of your instance You can now check the version number of your instance and compare it with the version numbers of the updates and patches that Google announces in these release notes. Availability in three additional regions Google Cloud CCaaS is now available in the following three additional regions: northamerica-northeast2 (Toronto) us-east4 (Virginia) me-west1 (Tel Aviv) In each of these regions, Workforce Management is available and advanced reporting isn't available.

Database Migration Service - Database Migration Service now supports Private Service Connect interfaces for network connectivity in homogeneous Cloud SQL for MySQL, Cloud SQL for PostgreSQL, and AlloyDB for PostgreSQL migrations.

Dataflow - Dataflow now automatically detects performance bottlenecks in streaming jobs.

Dataproc Serverless - New Dataproc Serverless for Spark runtime versions: 1.2.57 2.2.57 2.3.8. New Dataproc Serverless for Spark runtime versions: 1.2.56 2.2.56 2.3.7. Dataproc on Compute Engine: Sharing checkpoint diagnostic data: Setting the dataproc:diagnostic.capture.access=GOOGLE_DATAPROC_DIAGNOSE property during cluster creation shares all of the temp bucket contents with Google Cloud support if uniform bucket-level access is enabled on temp bucket.

Dataproc - New Dataproc on Compute Engine subminor image versions: 2.1.94-debian11, 2.1.94-ubuntu20, 2.1.94-ubuntu20-arm, 2.1.94-rocky8 2.2.62-debian12, 2.2.62-ubuntu22, 2.2.62-ubuntu22-arm, 2.2.62-rocky9 2.3.8-debian12, 2.3.8-ubuntu22, 2.3.8-ubuntu22-arm, 2.3.8-ml-ubuntu22, 2.3.8-rocky9. New Dataproc on Compute Engine subminor image versions: 2.1.93-debian11, 2.1.93-rocky8, 2.1.93-ubuntu20, 2.1.93-ubuntu20-arm 2.2.61-debian12, 2.2.61-rocky9, 2.2.61-ubuntu22.

Google Distributed Cloud Edge - Distributed Cloud connected 1.10.0. This is a minor release of Google Distributed Cloud connected (version 1.10.0). The following new functionality has been introduced in this release of Google Distributed Cloud connected: Pause and resume cluster software upgrades. The following changes to existing functionality have been introduced in this release of Google Distributed Cloud connected: Reduced minimum internet connection bandwidth requirement. Security mitigations for the following vulnerabilities have been implemented in this release of Google Distributed Cloud connected: OS layer security mitigations: CVE-2024-56664, CVE-2024-56658, CVE-2023-52664, CVE-2024-27010, CVE-2024-56647, CVE-2024-53091. The following Google Distributed Cloud connected components have been updated: EdgeOS kernel has been updated to version 5.15.177. The following issues have been resolved in this release of Google Distributed Cloud connected: Storage is now freed immediately upon cluster deletion. This release of Google Distributed Cloud connected contains the following known issues: Machines can experience intermittent connectivity loss.

Buildpacks - The Python buildpack supports Cloud Run source deployments for modern web frameworks such as FastAPI, Gradio, and Streamlit.

Gemini - VS Code Gemini Code Assist 2.45.0. Numerous IDE performance improvements Numerous improvements to VS Code Gemini Code Assist performance, including reductions in CPU usage, memory usage, and extension slowdown. Release channel name in VS Code chat banner VS Code Gemini Code Assist shows the configured Release Channel when you're opted into an experimental channel and are using a Standard or Enterprise license. IntelliJ Gemini Code Assist 1.25.0. Delete prompt and response pair in IntelliJ You can delete your prompt and Gemini's response to that prompt in your chat with IntelliJ Gemini Code Assist. Configure Gemini Code Assist code customization in the Google Cloud Console You can now set up and manage code customization within the Google Cloud Console, including creating a code repository index, adding repositories to be indexed, and managing repository groups for granular access control. Gemini Cloud Assist investigations (preview) are now available for Cloud Monitoring alerting.

Google Kubernetes Engine - For clusters enrolled in the Extended channel, you can now use Gateway with GKE version 1.30 or later, or customized sysctl configuration options. You can now receive a patch version in a release channel as soon as the version is available and before GKE sets the version as an auto-upgrade target in the channel by using accelerated patch auto-upgrades. (2025-R34) Version updates GKE cluster versions have been updated. You can now configure GKE clusters to have a default compute class in GKE versions 1.33.1-gke.1744000 or later. Starting with GKE version 1.33.1-gke.1231000, you can view KubeRay Operator addon logs. Starting on August 1, 2025, the Performance HorizontalPodAutoscaler profile is enabled by default for GKE Standard clusters that run GKE version 1.33.2-gke.4605000 and later and meet all of the Performance profile requirements.

GKE new features - For clusters enrolled in the Extended channel, you can now use Gateway with GKE version 1.30 or later, or customized sysctl configuration options. You can now receive a patch version in a release channel as soon as the version is available and before GKE sets the version as an auto-upgrade target in the channel by using accelerated patch auto-upgrades. You can now configure GKE clusters to have a default compute class in GKE versions 1.33.1-gke.1744000 or later. Starting with GKE version 1.33.1-gke.1231000, you can view KubeRay Operator addon logs. Starting on August 1, 2025, the Performance HorizontalPodAutoscaler profile is enabled by default for GKE Standard clusters that run GKE version 1.33.2-gke.4605000 and later and meet all of the Performance profile requirements.

Looker - Looker (Google Cloud core) and Looker (original) changes. Looker 25.14 is expected to include the following changes, features, and fixes: Expected Looker (original) deployment start: Monday, August 18, 2025 Expected Looker (original) final deployment and download available: Thursday, August 28, 2025 Expected Looker (Google Cloud core) deployment start: Monday, August 18, 2025 Expected Looker (Google Cloud core) final deployment: Monday, September 1, 2025. For projects that are enabled for the New LookML Runtime, the synonyms parameter is now supported. The API Usage Hourly System Activity Explore is now available. Denodo 9 databases are now supported. The Maria JDBC Driver has been updated to version 3.5.3. The Athena driver has been updated to version 2.2.1. The Databricks JDBC driver has been upgraded to version 2.7.3. A new JavaScript event, dashboard:tile:merge, has been added. Looker now displays a notice to instance admins if the instance license has been revoked. The following Looker events are now visible in the System Activity Events Explore: create_project delete_project update_project create_git_deploy_key delete_repository_credential update_repository_credential. A new Customer Engineer Advanced Editor default role has been added and can be used to grant support access to Google Cloud customer engineers. The Query Concurrency System Activity Explore is now available. New visualizations have been added to the Database Performance dashboard and the Instance Performance dashboard in System Activity. Looker 25.14 contains the following accessibility improvements: ARIA labels have been added to iframes that contain custom visualizations. The LookML validation spinner now correctly stops if there is an error with the server's validation process. An issue has been fixed where a route that wasn't intended for embedding was allowed to be embedded. An issue has been fixed where "Create view from table" would fail if it was initiated from a LookML subfolder. An issue has been fixed where color palettes with Japanese labels could not be added or removed. An issue has been fixed where getting LookML for dashboards wouldn't preserve all query filters even if they overlapped with dashboard-level filters. An issue has been fixed where include statements for empty folders that used single-slash syntax returned an unrecognized project reference error. An issue has been fixed where multiple tooltips could be displayed at once. An issue has been fixed where project names weren't fully sanitized. An issue has been fixed where projects that have not been deployed to production wouldn't appear in a user's list of available projects. An issue has been fixed where removing fields from embedded dashboard tiles could become impossible. An issue has been fixed where resetting a project's git connection and attempting to use a bare repo would fail. An issue has been fixed where sorting a pivoted column in the drill modal could sort all pivoted columns instead of just the selected one. An issue has been fixed where special characters such as slashes, ampersands, and question marks were allowed in BigQuery and Spanner connection names. An issue has been fixed where the HTTP error codes for moving and copying dashboards and Looks could return 422 when they should return 404. An issue has been fixed where the last accessed time for Looks that were saved to a dashboard as Looks wasn't updated when the dashboard was accessed. An issue has been fixed where the MoreVert button would not be disabled when no options were available in the menu. An issue has been fixed where the new dashboard name wasn't preserved when a LookML dashboard was copied to a folder. An issue has been fixed where unfavoriting a dashboard or Look on a board would not persist. Looker (Google Cloud core) only changes. Connected Sheets can now connect to a Looker (Google Cloud core) private IP instance by using the Looker instance ID.

Memorystore for Redis Cluster - You can now use the System insights dashboard to view cluster-level and node-level monitoring metrics for your clusters. You can now use the /node/server/healthy metric to determine whether a cluster node is available and functioning correctly.

Migration Center - The Migration Center App Modernization Assessment tool version 0.9.0 is available in Preview. Create custom report from template. Added feedback and support links to HTML report. Added file regex flags. New quantitative metrics. Smaller Default Report and new Full Report. Added a Content Security Policy (CSP) to improve the security of locally viewed HTML reports. Removed 2.5-flash-lite-exp from Suggested Models. Generally available: Migration Center now includes AI-powered suggestions for software detection. Generally available: Added support for discovery of Amazon Relational Database Service (Amazon RDS) instances and uploading the collected information to Migration Center. Generally available: Added support for discovery of Azure virtual machine (VM) instances and uploading the collected information to Migration Center.

Cloud Interconnect - Cross-Site Interconnect (Preview) support is available in the following colocation facilities: Global Switch Singapore, Singapore For more information, see the Locations table and Global Locations.

Network Connectivity Center - Site-to-site data transfer locations in the following countries have been added to Network Connectivity Center: Qatar Switzerland.

Cloud Run - The Python buildpack supports Cloud Run source deployments for modern web frameworks such as FastAPI, Gradio, and Streamlit. You can set multiple environment variables using the .env file (Preview).

Secure Source Manager - Integrated data loss prevention (DLP) is now generally available.

Security Command Center - AI Protection helps you manage the security posture of your AI workloads by detecting threats and helping you to mitigate risks to your AI asset inventory. You can use customer-managed encryption keys (CMEKs) to protect data at rest in Security Command Center. Data Security Posture Management (DSPM) lets you define, deploy, monitor, and audit data security postures for your Google Cloud environment.

Sensitive Data Protection - The AUSTRIA_SOCIAL_SECURITY_NUMBER infoType detector is available in all regions. During discovery operations, Sensitive Data Protection scans the contents of various archive files. You can configure Sensitive Data Protection to save the findings from an inspection job to a Cloud Storage bucket or folder.

Service Mesh - Managed Cloud Service Mesh. The following images are now rolling out for managed Cloud Service Mesh: 1.21.5-asm.55 is rolling out to the rapid release channel.

Cloud Spanner - You can now use cross region federated queries to query Spanner tables from regions other than the source BigQuery region. Spanner offers a predefined library of over 80 MySQL functions that you can install in a database.

Cloud SQL - Now you can use Private Service Connect backends, as an alternative to Private Service Connect endpoints, to access Cloud SQL instances. Now you can create an IPv6 endpoint for Private Service Connect (PSC) connections. You can no longer set a deny maintenance period for instances that are running a maintenance version older than 12 months. Cloud SQL now supports Private Service Connect (PSC) outbound connectivity.

Cloud Storage - You can now use Anywhere Cache in the asia-south1-b and asia-south1-c zones.