Welcome to issue #292 May 2nd, 2022

News

Introducing SWIFT on Google Cloud - Introducing SWIFT on Google Cloud - modernize your payments by bringing it to the cloud.

SAP BTP on Google Cloud Announces 5 new capabilities - Learn how you can gain insight into sales teams, target campaigns based on inventory + margin, & develop custom apps running SAP BTP on Google Cloud.

Introducing Media CDN—the modern extensible platform for delivering immersive experiences - We're excited to announce the general availability of Media CDN — a content and media distribution platform with unparalleled scale.

Announcing new simple query options in Cloud Logging - The faster you can find logs, the faster you can resolve issues! Today, we’re pleased to announce a simpler way to find logs in Logs Explorer.

Service Catalog: Introducing version selection for Terraform solutions - Announcing support for multiple Terraform versions for Google Service Catalog Terraform solutions.

Data movement for the masses with Dataflow Templates - Dataflow Templates enable data and application engineers to deploy data pipelines without writing any code, leveraging the fully-managed Dataflow service.

The next step for Istio and cloud-native open source - As an incubating project with the Cloud Native Computing Foundation, Istio joins the Kubernetes and Knative cloud-native ecosystem.

---

Vultr's new Optimized Cloud Instances deliver all of the power of the cloud without the Big Tech bloat. Instantly deploy worldwide for as low as $28/mo. Exclusive for GCP Weekly readers: Redeem $150 in free credit!

---

Articles, Tutorials

Infrastructure, Networking, Security, Kubernetes

Cloud CISO Perspectives: April 2022 - Google Cloud CISO Phil Venables shares his thoughts on the latest security updates from the Google Cybersecurity Action Team.

Running VMware in the cloud: How Google Cloud VMware Engine stacks up - Learn how Google Cloud VMware Engine provides unique capabilities to migrate and run VMware workloads natively in Google Cloud.

A focus on network connectivity use cases in the cloud - Google Cloud’s Network Connectivity Center lets you manage site-to-cloud, site-to-site, and VPC-to-VPC connections, and it’s now generally available.

10 considerations to help you design cloud networks - In this blog DevRel Ammett Williams and Solution Architect Jens Kuehlers, provide 10 tips to help users design better cloud networks for their environments.

App Development, Serverless, Databases, DevOps

Differences between Google Identity Platform and Firebase Authentication - An overview and comparison of Google Identity Platform and Firebase Authentication.

Cloud SQL Auth Proxy demystified - Use Google Cloud SQL Auth Proxy to handle secure connectivity to your database instances while eliminating other authentication hurdles.

Enable GCP Audit Logs with Terraform - Explanation of Audit Logs and how to enable them via Terraform.

Monitoring Changes In Firebase Remote Config Using Kotlin, Slack, and Google Cloud Functions - Implementing Remote Config notification system in Firebase using Cloud Functions.

Using Google Cloud Identity-Aware Proxy with Compute Engine - Sample repository with an explanation on how IAP works with both the web and TCP flows, and build an environment by running a series of Terraform deployments.

Big Data, Analytics, ML&AI

Monitor & analyze BigQuery performance using Information Schema - This blog equips the BigQuery user base with an easy way to analyze and decipher the key BigQuery metrics using the Information Schema to understand Slot Consumption and Query Concurrency / Throughput.

More Options to Restore your Data in Google BigQuery - How to use the Time Travel Function in BigQuery.

Access Control in BigQuery - A list of supported access controls in BigQuery.

Predicting Conversion Events from Google Analytics Dataset for Google Merchandise Store in BigQuery - Analyzing Google Analytics sample dataset for BigQuery.

Google Cloud Analytics Hub - An overview of Analytics Hub.

Serving a Spark ML model on Vertex AI using a CI/CD Pipeline with Cloud Build and Cloud Function - Example of using PySpark on Vertex AI.

Creating A Machine Learning Model For An NFT Horse Racing Game Using Vertex AI - A process of the training ML model in Vertex AI.

Various

Introducing "Visualizing Google Cloud: 101 Illustrated References for Cloud Engineers and Architects" - Shortly after I started creating and sharing visual explanations of Google Cloud concepts in late 2020, I began receiving overwhelmingly positive feedback from fellow cloud architects and enthusiasts. That feedback led me to pull these sketches together into a reference guide!

Meet the people of Google Cloud: Priyanka Vergadia, bringing Google Cloud to life in illustrations - When COVID shut down our world, Developer Advocate Priyanka Vergadia found ways to connect with the developer community through illustrations.

Build your cloud skills with no-cost access to Google Cloud training on Coursera - Advance your technical skills and boost your career by getting hands-on practice with Google Cloud projects.

Slides, Videos, Audio

GCP Podcast - #302 BigLake with Gaurav Saxena and Justin Levandoski.

Kubernetes Podcast - #177 IstioCon, with Mitch Connors.

Security Podcast - #6 Protect Modern Applications in the Cloud: Union of API and Application Security.

SRE Podcast - #4 Rethinking SLOs with Narayan Desai - Narayan Desai explains why SLOs can be problematic and proposes alternative methods for monitoring complex, large-scale systems.

Releases

Anthos clusters on AWS - Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel.

Anthos clusters on bare metal - 1.9. Release 1.9.7 Anthos clusters on bare metal 1.9.7 is now available for download. Fixes: The following container image security vulnerabilities have been fixed: CVE-2021-3999 CVE-2022-24407. Known issues: For information about the latest known issues, see Anthos on bare metal known issues in the Troubleshooting section. 1.6 & 1.7 & 1.8 & 1.9 & 1.10 & 1.11. Security bulletin (all minor versions) Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel.

Anthos clusters on Azure - Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel.

Anthos clusters on VMware - Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666, have been discovered in the Linux kernel. Anthos clusters on VMware 1.11.0-gke.543 is now available. The structure of the Anthos clusters on VMware documentation is substantially different from previous versions. Kubernetes 1.22 has deprecated certain APIs, a list of which can be found in Kubernetes 1.22 deprecated APIs. Cluster lifecycle Improvements: Admin cluster creation is now resumable. Terminology changes: The connect project is now called fleet host project. We have removed the over-privileged RBAC permissions for the following components.

Anthos GKE on AWS - Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel.

BI Engine - The ability to configure the time travel window is now in Preview. Three new INFORMATION_SCHEMA views that show table storage metadata are now in Preview. BigQuery Admin Resource Charts are now generally available (GA) for on-demand users, enabling administrators to monitor key metrics and troubleshoot issues across the entire organization.

BigQuery - The ability to configure the time travel window is now in Preview. Three new INFORMATION_SCHEMA views that show table storage metadata are now in Preview. BigQuery Admin Resource Charts are now generally available (GA) for on-demand users, enabling administrators to monitor key metrics and troubleshoot issues across the entire organization.

Billing - Cost table report now supports updated filters, project ancestry, and report sharing In the Cloud Billing Console Cost table report, we've updated the report's filters and invoice month selector to function similarly to the Cloud Billing Reports page and Cost breakdown page, added project ancestry functionality, and enabled report sharing.

Chronicle - The following supported default parsers have changed (listed by product name and ingestion label): Apache Tomcat (TOMCAT) Azure AD (AZURE_AD) BIND (BIND_DNS) Bitdefender (BITDEFENDER) Blue Coat Proxy (BLUECOAT_WEBPROXY) Cisco ACS (CISCO_ACS) Cisco Email Security (CISCO_EMAIL_SECURITY) Cisco Firepower NGFW (CISCO_FIREPOWER_FIREWALL) Cisco ISE (CISCO_ISE) Citrix Netscaler (CITRIX_NETSCALER) CrowdStrike Falcon (CS_EDR) Darktrace (DARKTRACE) Dell EMC Data Domain (DELL_EMC_DATA_DOMAIN) Elastic Windows Event Log Beats (ELASTIC_WINLOGBEAT) EPIC Systems (EPIC) F5 ASM (F5_ASM) GCP Cloud Identity Device Users (GCP_CLOUDIDENTITY_DEVICEUSERS) GMV Checker ATM Security (GMV_CHECKER) HCL BigFix (HCL_BIGFIX) Layer7 SiteMinder (SITEMINDER_SSO) Microsoft Azure NSG Flow (AZURE_NSG_FLOW) Microsoft Defender for Identity(MICROSOFT_DEFENDER_IDENTITY) Microsoft Powershell (POWERSHELL) Mobileiron (MOBILEIRON) Office 365 (OFFICE_365) Salesforce (SALESFORCE) SecureAuth (SECUREAUTH_SSO) SentinelOne EDR (SENTINEL_EDR) Windows Event (WINEVTLOG) Workspace Activities (WORKSPACE_ACTIVITY) ZScaler NGFW (ZSCALER_FIREWALL) For details about the changes in each parser, see Supported default parsers. Chronicle now supports the following functions in Detection Engine rules: strings.concat(a, b) strings.to_lower(stringText) strings.to_upper(stringText) strings.base64_decode(encodedString) re.capture(stringText, regex) re.replace(stringText, replaceRegex, replacementText) timestamp.get_minute(unix_seconds [, time_zone]) timestamp.get_hour(unix_seconds [, time_zone]) timestamp.get_day_of_week(unix_seconds [, time_zone]) timestamp.get_week(unix_seconds [, time_zone]) timestamp.current_seconds() math.abs(intExpression) For more information about these functions, see YARA-L 2.0 language syntax. Rules run frequency Rules can now be run at different frequencies.

Cloud Composer - Join us for the Airflow in the Cloud: Lessons from the Field talk during Airflow Summit 2022.

Compute Engine - Generally available: Spot VMs are available for all machine types, regions, and zones.

Config Connector - Config Connector version 1.83.0 is now available. Made the spec.resourceRef.apiVersion field in IAMPolicy, IAMPartialPolicy, IAMPolicyMember, IAMAuditConfig optional.

Datastore - The datastore.databases.getMetadata permission now supports custom Identity and Access Management roles.

Dialogflow Enterprise - Dialogflow ES has added preview support for the following languages: Afrikaans, Albanian, Amharic, Armenian, Azerbaijani, Basque, Belarusian, Bosnian, Bulgarian, Catalan, Cebuano, Chichewa, Corsican, Croatian, Czech, Esperanto, Estonian, Frisian, Galician, Georgian, Greek, Gujarati, Haitian Creole, Hausa, Hmong, Hungarian, Icelandic, Igbo, Irish, Javanese, Kannada, Kazakh, Khmer, Kinyarwanda, Kurdish, Kyrgyz, Latin, Latvian, Lithuanian, Luxembourgish, Macedonian, Malagasy, Malayalam, Maltese, Maori, Mongolian, Nepali, Oriya/Odia, Punjabi, Samoan, Scots Gaelic, Serbian - Cyrillic, Serbian - Latin, Sesotho, Shona, Slovak, Slovenian, Somali, Sundanese, Swahili, Tajik, Tatar, Turkmen, Uzbek, Welsh, Xhosa, Yoruba, Zulu.

Error Reporting - Preview: You can now get notification recommendations and insights for Error Reporting.

Cloud Firestore - The datastore.databases.getMetadata permission now supports custom Identity and Access Management roles.

Cloud Functions - Cloud Functions has added support for the following new runtimes at the Preview release level: Python 3.10 PHP 8.1.

Google Kubernetes Engine - Two security vulnerabilities, CVE-2022-1055 and CVE-2022-27666 have been discovered in the Linux kernel.

Cloud Logging - You can now comment within your Logging queries. You can now do the following in the improved Logs Explorer: Use the new plain-text search field and filter menus to construct queries without using the query language Customize your date and time format preferences for building queries and to display dates and times in the UI. When querying your logs data in the Logs Explorer, you can now select queries from a library, making it easier to explore your data and find logs during time-critical troubleshooting sessions. The Cloud Logging API now supports the following regions: Europe: europe-southwest1 europe-west6 europe-west8 europe-west9 South America: southamerica-west1 For more information, see Data Regionality for Cloud Logging.

Network Intelligence Center - Connectivity to router appliances is now generally available in Network Topology.

reCAPTCHA Enterprise - The v1 version of the reCAPTCHA Enterprise API now supports API key authentication.

Security Command Center - Security Command Center error detectors are generally available (GA). The connections[] and description attributes were added to the Finding object.

Cloud SQL MySQL - MySQL 8.0 is now the default major database version for Cloud SQL for MySQL. The following Cloud SQL recommenders that help you optimize your database costs are now generally available: Idle database instance recommender: Identifies idle database instances in your project and provides recommendations about the savings that you can make by shutting them down. You can now accept a maintenance update on your instance outside of the normal flow of scheduled maintenance. Cloud SQL now supports maintenance changelogs.

VMware Engine - The VMware Engine operations team will apply important security updates to vCenter Server and NSX-T beginning early May 2022.

Virtual Private Cloud - Automatic DNS configuration for Private Service Connect endpoints is available in General Availability.

If you have suggestion, feedback or link you want to share feel free to email me at zdenko@gcpweekly.com

Have a great week,

Zdenko