Google Cloud Platform Newsletter

Check Archive for older issues

News

Investigate fast with AI: Gemini Cloud Assist for Dataproc & Serverless for Apache Spark - Struggling with failed or slow Spark jobs? Use Gemini Cloud Assist AI in Dataproc to find root causes, get actionable fixes and boost performance.

Save more with expanded coverage for Compute Flex CUDs - Compute Flexible Committed Use Discounts (Flex CUDs) now cover memory-optimized and HPC VM families and Cloud Run.

Accelerate your IPv6 journey: Introducing DNS64 and NAT64 for the Cross-Cloud Network - Learn how the newly launched DNS64 and NAT64 services enable IPv6-only devices to reach services and content that still resides on IPv4 networks.

Introducing BigQuery soft failover: Greater control for disaster recovery testing - Minimize data loss during planned DR activities and ensure business continuity with soft failover in BigQuery Managed Disaster Recovery.

Calling all devs: Join the GKE Turns 10 Hackathon and build with agentic AI - Enter the GKE Turns 10 Hackathon to experience hands-on learning with GKE and showcase your skills — including integrating agentic AI into your apps.

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Tata Steel enhances equipment and operations monitoring with the Manufacturing Data Engine - Discover how Tata Steel leverages Google Cloud Industrial IoT for unified data, predictive maintenance, and environmental KPIs monitoring.

ViewState Deserialization Zero-Day Vulnerability in Sitecore Products (CVE-2025-53690) - An active ViewState deserialization attack affecting Sitecore products, where attackers achieved remote code execution.

Setting Up Tinyproxy to Access GKE Control Plane from On-Premises - The article addresses the challenge of accessing Google Kubernetes Engine (GKE) control plane from on-premises environments due to Private Service Connect (PSC) limitations.

Upgrades!!! — Everything New With Kubernetes 1.34 - Kubernetes 1.34 focuses on enhanced security, observability, and resource management, featuring 58 enhancements.

App Development, Serverless, Databases, DevOps

How to Build Highly Available Multi-regional Services with Cloud Run - Learn how to build highly available multi-regional services with Cloud Run, featuring built-in fault tolerance, multi-regional deployments, and a preview of the upcoming Service Health feature for automated failover.

Running and Securing AI Applications on Cloud Run with Model Armor - The article discusses deploying and securing AI applications on Google Cloud Run using Model Armor. It highlights the security challenges of AI applications and demonstrates how to deploy Ollama, an open model runtime, on Cloud Run. It also details how to add Model Armor as a service extension for request filtering, traffic inspection, and content safety.

From query to cart: Inside Target’s search bar overhaul with AlloyDB AI - As Target pushed the boundaries of retail personalization and scale, the company began reevaluating the systems that power its digital experience.

Do you know what AlloyDB AI can do? - An overview of AlloyDB features that focus on AI.

Your First Million Users: Is Your Database an Investment or a 900-Hour Time Sink? - A deep dive into the true TCO of Cloud SQL vs. a self-managed database on GCP, and why our cheaper cloud bill was a $50,000 mistake.

Bridging SAP and Google Cloud: Securely Calling APIs with ABAP SDK and Apigee - The article presents a proof of concept for securely connecting on-premise SAP systems with Google Cloud APIs, specifically BigQuery, using the ABAP SDK for Google Cloud and an Apigee proxy with JWT authentication.

Building Scalable Email Processing at Enterprise Scale: A Deep Dive into Cloud-Native Architecture Patterns - The article discusses the evolution of an email processing system from a monolith to an event-driven architecture on Google Cloud.

Using Gemini CLI to Keep Your User Docs Flawless - Stop shipping outdated documentation. Learn how to use Gemini CLI to create user guides that automatically test themselves for accuracy.

Mounting Google Cloud Storage Buckets as Static Assets in Next.js - This article explains how to serve files from a Google Cloud Storage (GCS) bucket as static assets in a Next.js application deployed on Google Cloud Run.

Big Data, Analytics, ML&AI

StreamSight: Driving transparency in music royalties with AI-powered forecasting - BMG and Google have built a tool demonstrating how cloud-based AI can help modernize royalty processing, while furthering their commitment to fairer and faster payouts.

How We Migrated and Scaled Our Data Architecture for the Future - Introduction.

A Case Statement Tutorial | BigQuery SQL | 2025 - The article provides a comprehensive guide to the CASE statement in BigQuery SQL, highlighting its flexibility in shaping data compared to IF statements.

How to Mix BigQuery On-Demand and Slot Pricing in Practice - Which one is cheaper for what type of workload, and how can you route them on the fly?

SAP S/4 Data Marts Cost and Performance Optimization with Google BigQuery - The article discusses cost and performance optimization of SAP S/4 data marts in Google BigQuery using primary and foreign keys. It addresses challenges in ensuring reliable keys and maintaining them, and proposes solutions like using a scheduled Airflow DAG pipeline.

How Baseten achieves 225% better cost-performance for AI inference (and you can too) - Leveraging Google Cloud A4 virtual machines, based on NVIDIA Blackwell, and Dynamic Workload Scheduler, Baseten achieved significant gains in model performance.

Building Finwise with Agent Development Kit: four tool patterns that matter - This article explores building an application called Finwise using Google's Agent Development Kit (ADK), demonstrating four tool patterns: direct functions, code execution agents, MCP services, and authenticated actions.

The Agent Development Kit Hackathon with Google Cloud: Announcing the winners and highlights - We just wrapped our Agent Development Kit (ADK) hackathon. Learn more about the winners, the highlights, and what’s coming next.

Agent Factory Recap: Keith Ballinger on AI, The Future of Development, and Vibe Coding - Discover how AI agents are transforming software development. In this Agent Factory podcast recap, Keith Ballinger (Google Cloud) discusses "Impossible Computing," AI's impact on team productivity, the evolving developer's role, and demos like Vibe Coding. Learn about Cloud Run with GPUs for AI workloads.

Chain of Trust for AI: A Secure Toolbox App Architecture on Cloud Run - Deconstructing the flow of credentials from end-user to database in a secure AI stack.

Serving Gemma 3 on GKE with TPUs and vLLM - Learn how to deploy Gemma 3 model on GKE using TPUs and vLLM.

Slides, Videos, Audio

Security Podcast - #241 From Black Box to Building Blocks: More Modern Detection Engineering Lessons from Google.

Releases

AlloyDB - Parameterized secure views in AlloyDB for PostgreSQL enhance data security and row access control while using SQL, providing a new secure interface for application developers. AlloyDB AI natural language delivers secure and accurate responses for application end user natural language questions. You can create organization policies with custom constraints for AlloyDB backups and clusters, and a custom constraint with any field for an AlloyDB instance.

Anthos clusters on VMware - Google Distributed Cloud (software only) for VMware 1.33.0-gke.799 is now available for download. GA: Changed the cluster creation process so that all new clusters are advanced clusters. GA: Enabled the vsphere-metrics-exporter component for advanced clusters. The following issues were fixed in 1.33.0-gke.799: Fixed vulnerabilities listed in Vulnerability fixes.

Apigee API Hub - New API versions view API version information is now available as a separate tab in the API details page.

BigQuery - BigQuery now supports soft failover with managed disaster recovery. You can flatten records in BigQuery data preparation with a single operation. The INFORMATION_SCHEMA.RESERVATIONS_TIMELINE view now includes the per_second_details schema field. You can now create a remote model based on an open embedding model from Vertex Model Garden or Hugging Face that is deployed to Vertex AI. You can now create a remote model based on the Vertex AI gemini-embedding-001 model. You can now reference BigQuery ML and DataFrames in your prompts when you use the Data Science Agent in a BigQuery notebook. You can now configure listings for multiple regions for shared datasets and linked dataset replicas in BigQuery sharing. You can now enable the automatic selection of a processing location in your pipeline configurations.

Cloud Build - Dark theme is now available for Cloud Build.

Carbon Footprint - We recently released a new technical paper, "Measuring the Environmental Impact of Delivering AI at Google Scale" and blogpost.

Chronicle - Advanced filtering in alerts and search results You can now filter alerts and search results by any field in the detection object. Time zone override for forwarder logs Google SecOps now lets you override the default time zone for your logs when you create or configure a forwarder. Improved Okta and Symantec Endpoint Protection parsers These changes are currently in Preview. CBN alerts functionality removed from all prebuilt parsers As part of deprecating the Configuration Based Normalization (CBN) alerts functionality, all prebuilt parsers that included the CBN alerts functionality were updated, and the functionality was removed. Extended match window for multi-event rules You can now configure rules to analyze data over a longer period.

Chronicle Security Operations - Advanced job scheduling The job scheduling functionality has been enhanced with advanced options. Use custom fields in the Close Case dialog Administrators can now add custom fields to the Close Case dialog. Advanced filtering in Alerts and Search This update significantly enhances filtering capabilities across the platform, resolving some bugs and providing more granular control over your queries. Override the default time zone for forwarder logs Google SecOps now lets you override the default time zone for your logs when creating or configuring a forwarder. Improvements to Okta parser and Symantec Endpoint Protection parser These changes are currently in Preview. Removed CBN alerts functionality from all prebuilt parsers As part of deprecating the Configuration Based Normalization (CBN) alerts functionality, all prebuilt parsers that included the CBN alerts functionality were updated, and the functionality was removed. Extended match window for multi-event rules You can now configure rules to analyze data over a longer period.

Chronicle SOAR - Release 6.3.61 is being rolled out to the first phase of regions, as outlined in our Google SecOps release plan. Advanced job scheduling The job scheduling functionality has been enhanced with advanced options. Use custom fields in the Close Case dialog Administrators can now add custom fields to the Close Case dialog. Release 6.3.60 is now available for all regions.

Compute Engine - Hyperdisk Balanced High Availability (Hyperdisk Balanced HA) volumes attached to C3 instances have increased performance limits for several C3 machine types. Generally available: Windows OS images have been updated with a new version of the gVNIC driver.

Contact Center AI Platform - Agent desktop is GA Agent desktop is now generally available (GA). Mobile SDK 2.14 is released Mobile SDK 2.14 includes the following updates: Android SDK and iOS SDK: Support for virtual agent to virtual agent chat transfers by queue.

Dataform - Dataform now automatically selects a processing location based on the datasets referenced in your SQL queries.

Dataproc - Multi-tenant clusters are now available in Preview.

Datastore - Use Query insights to view query performance metrics for your database.

Cloud Deploy - You can now use custom constraints with Organization Policy to provide more granular control over specific fields for some Cloud Deploy resources.

Dialogflow - Dialogflow CX (Conversational Agents): This is a correction of the release note posted on August 7, 2025. Dialogflow CX (Conversational Agents): The following regions are now available: asia-southeast2 europe-west4 europe-west6. Dalogflow CX (Conversational Agents): New prompt security controls are available in agent settings. Dialogflow CX (Conversational Agents) The model gemini-2.5-flash-lite is now available in all regions, and gemini-2.5-flash is now GA.

Cloud Firestore - Use Query insights to view query performance metrics for your database.

Gemini - Monitor Gemini Code Assist usage You can now monitor your organization's usage of Gemini Code Assist with a dashboard that is automatically available when you enable and use Gemini Code Assist. Mention a remote repository to prioritize context You can now start your prompt with the @ symbol and select a specific remote repository from a list to ensure Gemini prioritizes that context. IntelliJ Gemini Code Assist 1.28.0. Create and manage multiple chats in IntelliJ You can create and manage multiple chats in IntelliJ Gemini Code Assist. Edit a prior prompt in IntelliJ You can edit a prior prompt in IntelliJ Gemini Code Assist and receive a regenerated response based on your edited prompt.

Google Kubernetes Engine - Kubernetes 1.34 is now available in the Rapid channel Kubernetes 1.34 is now available in the Rapid channel. New features in Kubernetes 1.34 The Kubernetes Dynamic Resource Allocation (DRA) APIs are now generally available. Other changes in 1.34 containerd 2.1: GKE nodes are now upgraded to containerd 2.1. Deprecated in 1.34 The v1beta1 gRPC API between the Kubelet and DRA drivers is deprecated in this release in favor of the v1 API. CNI spec version for GKE Dataplane V2 updated to v1.1.0 Starting with GKE patch version 1.34, clusters using GKE Dataplane V2 are being updated from CNI spec v0.3.1 to v1.1.0. On clusters with GKE Dataplane V2 that are on GKE version 1.34 and later, the ptp plugin is removed from the Container Network Interface (CNI) path. GKE alpha clusters enable all alpha and the default beta feature gates, which help you to test and validate upcoming Kubernetes capabilities. (2025-R37) Version updates GKE cluster versions have been updated. In GKE version 1.33.3-gke.1392000 or later, you can use ComputeClasses to provision Confidential GKE Nodes with any supported Confidential Computing type. Features that were part of GKE Enterprise are now available as part of the standard GKE offering, or offered as standalone SKUs.

GKE new features - New features in Kubernetes 1.34 The Kubernetes Dynamic Resource Allocation (DRA) APIs are now generally available. On clusters with GKE Dataplane V2 that are on GKE version 1.34 and later, the ptp plugin is removed from the Container Network Interface (CNI) path. GKE alpha clusters enable all alpha and the default beta feature gates, which help you to test and validate upcoming Kubernetes capabilities. In GKE version 1.33.3-gke.1392000 or later, you can use ComputeClasses to provision Confidential GKE Nodes with any supported Confidential Computing type.

Live Stream API - You can now distribute live stream content to remote endpoints by using the Secure Reliable Transport (SRT) protocol or the Real-Time Messaging Protocol (RTMP). You can now create AI-generated captions and translated captions for a live stream. Added support for UHD (4K) inputs and outputs. Added support for H.265 (HEVC) inputs and outputs, which allows for more efficient compression. You can now generate Web Video Text Tracks format (WebVTT) subtitles from cea608 or cea708 embedded captions in the input stream. You can now update the encryption key of your encrypted live stream contents while the channel is running. You can now preview your input streams with ultra-low latency, which allows you to take corrective actions and maintain high-quality viewing experience for your viewers.

NetApp - The auto-tiering feature for the Flex service level is now generally available for custom-performance Flex zonal pools.

Cloud Run - You can configure GPU in your Cloud Run worker pool (Preview).

Secret Manager - Automatic secret rotation with the Secret Manager add-on for Google Kubernetes Engine (GKE): You can configure the Secret Manager add-on to automatically rotate secrets so that secrets updated in Secret Manager after initial pod deployment are automatically and periodically pushed to the pod.

Security Command Center - Vulnerability assessment for Google Cloud supports scanning disks configured with customer-managed encryption keys (CMEK) for projects that are outside of VPC Service Control perimeters.

Sensitive Data Protection - When configuring schedules for Cloud Storage data discovery, you can select data based on specific tags.

Service Mesh - 1.26.x. 1.26.4-asm.1 is now available for in-cluster Cloud Service Mesh.

Cloud Spanner - You can import your own data into a Spanner database by using a CSV file, a MySQL dump file, or a PostgreSQL dump file.

Cloud SQL MySQL - The release note on August 13, 2025 regarding Private Service Connect (PSC) outbound connectivity has been updated. Cloud SQL Managed Connection Pooling is now generally available (GA). You can now enable your instance to take a final backup at instance deletion and define its retention period by setting the final backup instance setting.

Cloud SQL Postgres - The release note on August 13, 2025 regarding Private Service Connect (PSC) outbound connectivity has been updated. You can now enable your instance to take a final backup at instance deletion and define its retention period by setting the final backup instance setting.

Cloud SQL SQL Server - You can now enable your instance to take a final backup at instance deletion and define its retention period by setting the final backup instance setting.

VPC Service Controls - Preview stage support for the following integration: Google Cloud Managed Service for Apache Kafka.