🗞️ Cloud logging 可以做到 field level access 啦 [link]
🗞️ Introducing improved maintenance policy for Cloud Memorystore [link]
For each Cloud Memorystore instance, you may set an optional preferred maintenance window when updates are scheduled
In addition to selecting the preferred maintenance window, users can subscribe to maintenance notifications for advanced notice when an update is scheduled. After an update is scheduled, subscribed users will receive an email notification with the date and time of the scheduled maintenance. At this point, you can begin to plan for the upcoming maintenance update, opt to undergo maintenance sooner than the scheduled date, or defer maintenance by up to one week after the originally scheduled time
🗞️ Monitor models for training-serving skew with Vertex AI [link]
「Vertex AI 提供偵測 training-serving data skew 的工具,及早發現 serving 資料處理端的錯誤 or 需要重新 training model」
Turn on skew detection for a model deployed in Vertex AI’s Online Prediction service. No prior pre-processing tasks are required. Just run a command with a few basic parameters to turn on monitoring
Training-serving skew is a difference between model performance during training and performance during serving
Thus, one of the most important MLOps lessons Google has learned is: continuously monitor model input data for changes. For a production ML application, this is just as important as writing unit tests
🎦 How does query processing work in BigQuery? [video]
「這一系列的 BigQuery internal 影片真的蠻不錯的 #bigqueryspotlight」👏
🗞️ Introducing Cloud Build private pools: Secure CI/CD for private networks [link]
「Cloud Build 支援對接地端的私有程式碼庫了,對於重視安全性的企業來說,更有機會導入」👏
With Cloud Build private pools, you get the benefits of a cloud-hosted, fully managed CI/CD product while meeting enterprise security and compliance requirements—even for highly regulated industries like finance, healthcare, retail, and others. For instance, you can trigger fully managed DevOps workflows from source-code repositories hosted in private networks, including Github Enterprise
💣 What’s new with Google Cloud’s infrastructure - Q2 edition [link]
「回顧 2021 Q2 的各種更新,訊息量有點過大」😅
🗞️ Getting the most out of Cloud IDS for advanced network threat detection [link]
「Cloud IDS 使用指南」👨💻
Cloud IDS uses Packet Mirroring to copy and forward network traffic, and Private Service Access (PSA) to connect to a set of cloud-native IDS instances which exist in a Google managed project. This allows a Cloud IDS to be seamlessly integrated into an existing Google Cloud Platform (GCP) network without needing to change the VPC design
When creating the Packet Mirroring Policy to attach to your Cloud IDS, there are three options to select the mirrored sources: subnets, tags, individual instances
Inside a Packet Mirroring Policy, there is an option to filter traffic. There are some use cases, however, where filters may be quite useful. For example, consider the case where you want to have different alert severities for trusted and untrusted remote networks
Cloud IDS offers flexibility when attaching Packet Mirroring Policies. Multiple Packet Mirroring Policies can be attached to the same IDS Endpoint
If your organization has a centralized networking and security team supporting various projects, and multiple projects require IDS coverage, consider using a Shared VPC. By using a Shared VPC, a single Cloud IDS can support multiple projects as these projects share network resources, including Cloud IDS
Cloud IDS inspects not only the IP header of the packet, but also the payload. In the case where the payload is encrypted, such as with HTTPS/TLS/SSL traffic, consider placing the application behind a L7 Internal Load Balancer (ILB) or HTTP(S) External Load Balancer
🗞️ Building with Looker made easier with the Extension Framework [link]
「開發 Looker application 不需要自己 host server 惹」 👏
The Extension Framework is a fully hosted development platform that enables developers to build any data-powered application, workflow or tool right in Looker. By eliminating the need to spin up and host infrastructure, the Extension Framework lets developers focus on building great experiences for their users
🗞️ Mount a file as a volume in Cloud Run [link]
Cloud Run does not yet support the volumes, but you can simulate this support thanks to Secret Manager integration and for a specific use case
📙 Assuring Compliance in the Cloud [pdf]
Your team can leverage the paper to add value to enterprises, both by charting a course to the safe use of cloud technology and by reducing risk through the use of the public cloud
🤯 Bringing Kubernetes’ goodness to Windows Server apps with Anthos [link]
Last year, we announced support for Windows Server containers running on Google Kubernetes Engine (GKE), our cloud-based managed Kubernetes service, which lets you take the advantage of containers without porting your apps to .NET core or rewriting them for Linux.
Today, we’re going a step further with support for Windows Server containers on Anthos clusters on VMware in your on-premises environment. Now available in preview, you can consolidate all your Windows operations across on-prem and Google Cloud.
🤯 Cloud-native network threat detection with Cloud IDS [link]
Today we’re announcing Cloud IDS, our cloud-native, managed intrusion detection system that helps detect malware, spyware, command-and-control attacks, and other network-based threats.
Cloud IDS is built with Palo Alto Networks’ advanced threat detection technologies to deliver highly effective security - the ability for the system to detect malicious activity with low false positives.
📅 Registration is open for Google Cloud Next: October 12–14 [link]
🗞️ Introducing the Data Validation Tool for EDW migrations [link]
資料驗證是資料搬遷後的一個很重要的步驟 👏
Today, we are excited to announce the Data Validation Tool (DVT), an open sourced Python CLI tool that provides an automated and repeatable solution for validation across different environments. The tool uses the Ibis framework to connect to a large number of data sources including BigQuery, Cloud Spanner, Cloud SQL, Teradata, and more.
The DVT performs multi-leveled data validation functions, from the table level all the way to the row level.
🗞️ Speech To Text 支援 emoji 惹 😇
The Speech-to-Text API now offers spoken punctuation and spoken emoji features. When you enable this feature, instances of spoken punctuation and emojis detected in your audio data will be replaced by the corresponding punctuation and emoji symbols
🗞️ Cloud CDN
Cloud CDN now treats HTTP responses with a max-age or s-maxage directive as cacheable, even if those responses do not have a Cache-Control: public directive.
This allows Cloud CDN to cache additional responses and better align with HTTP standards.
🗞️ Faster Cloud Storage transfers using the gcloud command-line [link]
gcloud alpha storagecommands are now available.
These commands provide faster uploading and downloading performance over the gsutil command line tool.
🗞️ The Ops Agent is now GA and it leverages OpenTelemetry [link]
General Availability of the new Ops Agent, which replaces both the Logging and Monitoring agents and simplifies installation, management, and configuration across the board
For those who prefer a managed solution, we provide a mechanism to automatically manage the installation of the Ops Agent called Agent Policies, which is currently in preview
🗞️ Calling a private Google Cloud Function from on-prem [link]
Private Cloud Functions can only be invoked by resources within the same Google Cloud project
Instead of sending API requests to the publicly available IP addresses for service endpoints such as storage.googleapis.com, you can send the requests to the internal IP address of this Private Service Connect endpoint. All the calls flowing through this endpoint will behave as if they were made from within the same project