Cloud Blog

How Commerzbank is transforming financial advisory workflows with gen AI

Fri, 22 Nov 2024 11:00:00 +0000

In today's fast-paced financial landscape, staying competitive requires embracing innovation and efficiency. Commerzbank, a leading German bank, recognized the potential to streamline its internal workflows, particularly within its financial advisory division for corporate clients.

Given regulatory requirements, sales advisors need to carefully document investment suggestions in detailed protocols. It’s a highly manual and time consuming task.This has led to significant productivity bottlenecks and reduces the time available for advising customers.

"Our Sales advisor team spends a considerable amount of time in documentation of advisory calls," Ulrich Heitbaum, COO, Corporate Clients segment at Commerzbank. "By partnering with Google to build a sophisticated GenAI system to automate this process, we considerably boost productivity and efficiency. One thought leads us: Only lean, smoothly functioning processes and reliable technology lead to an outstanding - excellent - service delivery to the customer."

Recognizing the potential for improvement, Commerzbank partnered with Google Cloud to develop an advanced gen AI-powered solution that automates this labor-intensive process. By leveraging Google Cloud's AI and machine learning capabilities, Commerzbank was able to automate this process and achieve a 300% gain in sales advisor productivity.

The Challenge: Time-Consuming Manual Processes

Financial advisors play a crucial role in providing personalized financial advice to clients. However, the process of reviewing client interactions and extracting and summarizing relevant domain and client-specific information was highly manual and inefficient. Sales advisors had to dedicate significant time to listening to call recordings, identifying key details, and manually entering data into various systems. This process not only consumed valuable time but also increased the risk of errors and inconsistencies.

The Technical Solution: A Deep Dive into Commerzbank's gen-AI system

Commerzbank's solution for automating financial advisory workflows leverages a sophisticated multi-step gen-AI architecture built using Vertex AI and designed for quality, scalability and extensibility. Gemini 1.5 Pro's ability to understand multiple modalities and process long context information played a key role in building this system that would not have been possible with any other model. Here's a breakdown of the key steps involved:

An end-to-end architecture of the AI Advisor system

1. User interaction and data import (1, 2, 3):
The process begins with the sales advisor using a user-friendly frontend interface (1) to select the client calls they need to process. This interface communicates with a Java Spring backend (2) that manages the workflow. The backend then initiates the import of the selected audio recordings from Commerzbank's recording system (3) into Google Cloud Platform (GCP) storage buckets. This ensures the data is readily available for the AI processing pipeline.

2. Audio chunking and storage (4.1, 4.2):
To handle potentially lengthy client calls, the imported audio recordings are divided into smaller, manageable segments (4.1). This "chunking" process allows the system to process even multi-hour calls efficiently. These audio chunks are then stored securely within GCP storage (4.2), ensuring data durability and accessibility for subsequent steps.

3. Advanced diarization and transcription (4.3):
This step is crucial for generating a high-quality, structured transcript that captures the nuances of the conversation. Gemini 1.5 Pro is employed to create a diarized transcript, meaning each speaker is identified and their contributions are accurately attributed. This process occurs sequentially, with each audio chunk processed in order. To maximize accuracy, the model receives the transcript generated up to that point, along with carefully engineered prompts and a few-shot example of audio-to-text transcription. This ensures the final transcript is not only accurate in terms of content but also includes correct speaker identification and especially numerical information, which is crucial in a financial context. Once the final transcript is generated, the individual audio chunks from step 4.2 are deleted to optimize storage.

4. Fact extraction (4.4):
With a comprehensive and long transcript in hand, Gemini 1.5 Pro long context is then used to analyze and extract relevant facts (4.4). This involves identifying key information related to the specific financial advisory document that needs to be completed. The model is prompted to recognize and extract crucial details such as client names, investment preferences, risk tolerance, and financial goals.

5. Summary generation (4.5):
This step focuses on generating concise and accurate summaries for each field within the financial advisory document. Leveraging the extracted facts from the previous step and employing Chain-of-Thought (CoT) prompting, Gemini 1.5 Pro creates multiple German-language summaries tailored to the specific domain and the requirements of each form field. This ensures the generated summaries are not only informative but also comply with Commerzbank's internal guidelines and regulatory requirements.

6. Summary optimization and explanation (4.6):
To ensure the highest quality output, the multiple summaries generated for each form field are evaluated and the best summary for each field is selected using the Vertex AI Gen AI Evaluation Service (4.6). Importantly, the service also provides a human-readable explanation for its selection, enabling sales advisors to understand the reasoning behind the AI's choices and maintain trust in the automated process.

This multi-stage architecture, combining the power of Gemini 1.5 Pro with Vertex AI's evaluation capabilities, enables Commerzbank to automate a complex and time-consuming process with high accuracy and efficiency. By streamlining these workflows, Commerzbank empowers its sales advisors to focus on higher-value tasks, ultimately improving client service and driving business growth.

The Benefits: Increased Efficiency and Productivity

The impact of this AI-powered automation has been significant. By automating the manual tasks associated with financial advisory documentation, Commerzbank has achieved substantial productivity gains. Sales advisors now have more time to focus on higher-value activities, such as building client relationships and providing personalized financial advice.

Key benefits of the solution include:

Reduced processing time: The automated solution significantly reduces the time required to process client interactions by achieving what takes a client 60-plus minutes in just a few minutes with manual human overview. This greatly accelerates time to business.
Increased productivity: By automating manual tasks, the solution empowers sales advisors to focus on more strategic activities, leading to increased productivity by 3x and improved client service.

Looking into the Future

Commerzbank's collaboration with Google Cloud exemplifies the transformative power of AI in the financial services industry. By embracing innovative technologies, Commerzbank is streamlining its operations, empowering its employees, and enhancing the client experience. “Therefore, we set up a Strategic Initiative Corporate Clients AI powered sales force - to make our sales focus on high value activities” Sebastian Kauck, CIO Corporate Clients at Commerzbank.

They plan to scale this solution to other use cases and enhance its functionality, providing new and additional value to their sales team. This AI-powered solution is just one example of how Commerzbank is leveraging technology to stay ahead of the curve and deliver exceptional financial services, in addition to many other cloud and GenAI use cases.

This partnership has not only delivered significant productivity gains but has also laid the foundation for future innovation. Commerzbank plans to expand the use of AI and automation across other areas of its business, further optimizing its operations and enhancing its offerings to clients.

^{This project was a joint collaboration between Anant Nawalgaria, Patrick Nestler, Florian Baumert and Markus Staab from Google and Tolga Bastürk, Otto Franke, Mirko Franke, Gregor Wilde, Janine Unger, Enis Muhaxhiri, Andre Stubig, Ayse-Maria Köken and Andreas Racke from Commerzbank.}

Seeing Through a GLASSBRIDGE: Understanding the Digital Marketing Ecosystem Spreading Pro-PRC Influence Operations

Fri, 22 Nov 2024 10:00:00 +0000

Written by: Vanessa Molter

Special thanks to Mandiant's Ryan Serabian for his contributions to this analysis.

This blog post details GLASSBRIDGE—an umbrella group of four different companies that operate networks of inauthentic news sites and newswire services tracked by the Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant). Collectively these firms bulk-create and operate hundreds of domains that pose as independent news websites from dozens of countries, but are in fact publishing thematically similar, inauthentic content that emphasizes narratives aligned to the political interests of the People’s Republic of China (PRC). Since 2022, Google has blocked more than a thousand GLASSBRIDGE-operated websites from eligibility to appear in Google News features and Google Discover because these sites violated our policies that prohibit deceptive behavior and require editorial transparency.

We cannot attribute who hired these services to create the sites and publish content, but assess the firms may be taking directions from a shared customer who has outsourced the distribution of pro-PRC content via imitation news websites.

These campaigns are another example of private public relations (PR) firms conducting coordinated influence campaigns—in this case, spreading content aligned with the PRC’s views and political agenda to audiences dispersed across the globe. By using private PR firms, the actors behind the information operations (IO) gain plausible deniability, obscuring their role in the dissemination of coordinated inauthentic content.

The Basics

These inauthentic news sites are operated by a small number of stand-alone digital PR firms that offer newswire, syndication and marketing services. They pose as independent outlets that republish articles from PRC state media, press releases, and other content likely commissioned by other PR agency clients. In some cases, they publish localized news content copied from legitimate news outlets. We have also observed content from DRAGONBRIDGE, the most prolific IO actor TAG tracks, disseminated in these campaigns.

Although the four PR firms discussed in this post are separate from one another, they operate in a similar fashion, bulk-creating dozens of domains at a time and sharing thematically similar inauthentic content. Based on the set of inauthentic news domain names, the firms target audiences outside the PRC, including Australia, Austria, Czechia, Egypt, France, Germany, Hungary, Kenya, India, Indonesia, Japan, Luxemburg, Macao, Malaysia, New Zealand, Nigeria, Poland, Portugal, Qatar, Russia, Saudi Arabia, Singapore, South Korea, Spain, Switzerland, Taiwan, Thailand, Turkey, the United States, Vietnam, and the Chinese-speaking diaspora.

The use of newswire services is a shared tactic across all campaigns, and two of the PR firms directly control and operate the newswire services.

Figure 1: GLASSBRIDGE is an ecosystem of companies and newswire services that publish inauthentic news content

The Most Prolific: Shanghai Haixun Technology

Of the PR and marketing firms we have observed supporting pro-China IO campaigns, the most prolific is Shanghai Haixun Technology Co., Ltd or “Haixun”. Since TAG first began tracking Haixun, Google has removed more than 600 policy-violating domains linked to the firm from the ability to appear in Google News features. The sites target English- and Chinese-speaking audiences, as well as audiences in a number of countries such as Brazil, India, Japan, Kenya, Korea, Malaysia, Saudi Arabia, Singapore, Spain, Russia, Thailand, Qatar, and Vietnam. Google has also terminated a limited number of policy-violating YouTube channels tied to the group.

In July 2023, Mandiant identified Haixun using both Times Newswire and World Newswire to place pro-Beijing content on the subdomains of legitimate news outlets. Mandiant also identified Haixun’s use of freelance services such as Fiverr to recruit for-hire social media accounts to promote pro-Beijing content.

Haixun’s inauthentic news sites are generally low quality, and much of the content on the domains is spammy and repetitive. Mixed in with “filler” articles on topics such as the metaverse, the sites publish news content that is politically aligned to the views of the PRC government. This includes articles from the Global Times, a PRC state-controlled media outlet, and narratives aligned to common PRC talking points on Beijing’s territorial claims in the South China Sea, Taiwan, ASEAN, Falun Gong, Xinjiang, and the COVID-19 pandemic.

Figure 2: Haixun inauthentic news featuring a mix of content, including PRC government talking points, Global Times articles, and content on the metaverse

Times Newswire and Shenzhen Haimai Yunxiang Media

In February 2024, we removed policy-violating domains from appearing on Google News surfaces associated with a pro-PRC coordinated influence campaign reported by Citizen Lab as PAPERWALL that operated a network of over 100 websites in more than 30 countries masquerading as local news outlets. The imitation news sites published localized news content copied from legitimate local news outlets alongside articles republished from PRC state-controlled media, as well as press releases, conspiracy theories, and ad hominem attacks targeting specific individuals.

Based on technical indicators, TAG determined the inauthentic news websites were operated and controlled directly by Times Newswire, one of the news wire services that has distributed content on behalf of Haixun. TAG believes Times Newswire is, in turn, operated by another Chinese media company, Shenzhen Haimai Yunxiang Media Co., Ltd., or “Haimai”, which bills itself as a service provider specialized in global media communication and overseas network promotion.

The views expressed in the conspiracy and smear content were similar to past pro-PRC IO campaigns—for example, character attacks against the Chinese virologist Yan Limeng and claims that the US is conducting biological experiments on humans. Much of the smear content targeting specific individuals was ephemeral—it was posted on imitation news sites for a short period of time and then removed.

DURINBRIDGE

Another example of a commercial firm distributing content linked to pro-China IO campaigns is DURINBRIDGE, an alias we use to track a technology and marketing company that has multiple subsidiaries that provide news and PR services. DURINBRIDGE operates a network of over 200 websites designed to look like independent media outlets that publish news content on various topics. These domains violated our policies and have been blocked from appearing on Google News surfaces and Discover.

Importantly, DURINBRIDGE itself is not an IO actor and likely published the IO content on behalf of a customer or partner. Most of the content on the sites is news and press releases from various sources and has no apparent links to coordinated influence campaigns. However, a small portion of the content includes pro-PRC narratives and content directly linked to IO campaigns from Haixun and DRAGONBRIDGE. DURINBRIDGE sites also used articles and images from Times Newswire, which is operated by the aforementioned Chinese PR firm Haimai.

We identified multiple DRAGONBRIDGE articles published to DURINBRIDGE’s news sites. The content included narratives focused on exiled businessman Guo Wengui, a perennial topic for DRAGONBRIDGE, and multiple narratives amplified by DRAGONBRIDGE in the lead up to the Taiwanese presidential election.

Figure 3: DRAGONBRIDGE content published to inauthentic news sites operated by DURINBRIDGE

Figure 4: “Secret History of Tsai Ing-Wen,” on DURINBRIDGE-operated inauthentic news site

Figure 5: Narratives about then-candidate Lai Ching-te promoted by DRAGONBRIDGE prior to the Taiwanese presidential election

Shenzhen Bowen Media

In early 2024, TAG and Mandiant identified a fourth marketing firm that operates a network of over 100 domains that pose as independent news sites focused on countries and cities across Europe, the Americas, Asia, and Australia. These domains violated our policies and have been blocked from appearing on Google News surfaces and Discover. The operator of the sites, Shenzhen Bowen Media Information Technology Co., Ltd., is a PRC-based marketing firm that also operates World Newswire, the same press release service used by Haixun to place content on the subdomains of legitimate news outlets.

Figure 6: Sites linked to Shenzhen Bowen with localized content for Brazil and Germany

Shenzhen Bowen’s sites present themselves as local outlets focused on a particular country or city, with articles in the local language about business, sports, and politics. The content is in multiple languages, aligned to each target audience, including Chinese, English, French, German, Japanese, and Thai. The sites do not disclose their connection to the marketing firm.

Side-by-side with local content, the sites include narratives promoting the Chinese government’s interests, much of it sourced from World Newswire. In more than one case, TAG and Mandiant have identified content linked to DRAGONBRIDGE published on Shenzhen Bowen-operated sites.

Figure 7: DRAGONBRIDGE content on “Boston Journal” website linked to Shenzhen Bowen Media

Conclusion

The inauthentic news sites operated by GLASSBRIDGE illustrate how information operations actors have embraced methods beyond social media in an attempt to spread their narratives. We have observed similar behavior from Russian and Iranian IO actors. By posing as independent, and often local news outlets, IO actors are able to tailor their content to specific regional audiences and present their narratives as seemingly legitimate news and editorial content. In fact, the content has been crafted or amplified by PR and newswire firms who conceal their role, or actively misrepresent their content as local and independent news coverage. In the case of GLASSBRIDGE, the consistency in content, behavioral similarities, connections across firms, and pro-PRC messaging suggests the private firms take direction from a shared customer who outsourced the creation of influence campaigns. Google is committed to information transparency, and we will continue tracking GLASSBRIDGE and blocking their inauthentic content on Google’s platforms. We regularly disclose our latest enforcement actions in the TAG Bulletin.

Don't let resource exhaustion leave your users hanging: A guide to handling 429 errors

Thu, 21 Nov 2024 17:00:00 +0000

Large language models (LLMs) give developers immense power and scalability, but managing resource consumption is key to delivering a smooth user experience. LLMs demand significant computational resources, which means it's essential to anticipate and handle potential resource exhaustion. If not, you might encounter 429 “resource exhaustion” errors, which can disrupt how users interact with your AI application.

Today, we'll delve into why 429 errors occur with LLMs and equip you with three practical strategies to address them effectively. By understanding the root causes and implementing the right solutions, you can help ensure a smooth and uninterrupted experience, even during times of peak demand.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud AI and ML'), ('body', <wagtail.rich_text.RichText object at 0x3e712ce599a0>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/'), ('image', None)])]>

Backoff!

Exponential backoff and retry logic have been around for a number of years. These basic techniques for handling resource exhaustion or API unavailability also apply to LLMs. When a generative AI application’s calls floods a model’s API, or when an excessive amount of queries overloads a system, backoff and retry logic in the code can help. The waiting time increases exponentially with each retry until the overloaded system recovers.

In Python, there are decorators available to implement backoff logic in your application code. For example, tenacity is a useful general-purpose retrying library written in Python to simplify the task of adding retry behavior to your code. 429 errors are more likely to occur with asynchronous code and multimodal models such as Gemini with large context windows. Below is a sample of an asynchronous code for retry using tenacity. To view the entire notebook, please visit this link.

code_block: <ListValue: [StructValue([('code', 'from tenacity import retry, wait_random_exponential\r\n\r\nasync def async_ask_gemini(contents, model_name=DEFAUL_MODEL_NAME):\r\n # This basic function calls Gemini asynchronously without a retry logic\r\n multimodal_model = GenerativeModel(model_name)\r\n response = await multimodal_model.generate_content_async(\r\n contents=contents, generation_config=config)\r\n return response.text\r\n\r\n\r\n@retry(wait=wait_random_exponential(multiplier=1, max=60))\r\nasync def retry_async_ask_gemini(contents, model_name=DEFAUL_MODEL_NAME):\r\n """This is the same code as the async_ask_gemini function but implements a\r\n retry logic using tenacity decorator.\r\n wait_random_exponential(multiplier=1, max=60) means that it will\r\n Retry “Randomly wait up to 2^x * 1 seconds between each retry until the \r\n range reaches 60 seconds, then randomly up to 60 seconds afterwards.\r\n """\r\n multimodal_model = GenerativeModel(model_name)\r\n response = await multimodal_model.generate_content_async(contents=contents, generation_config=config)\r\n return response.text'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3e712ce59e20>)])]>

We tested passing a large amount of input to Gemini 1.5 Pro to demonstrate how backoff and retry is crucial to the success of your gen AI application. We’re using images and videos stored in Google Cloud Storage to heavily tax the Gemini system.

Below are the results without backoff and retry configured; where four out of five attempts failed.

Below are the results with backoff and retry configured. Implementing backoff and retry allowed all five attempts to succeed. Even with a successful API call and a response from the model, there is a trade-off. The backoff and retry adds increasing latency to a response. There may be other changes to make to the code, changes to the model, or a different cloud region that could improve performance. Nonetheless, backoff and retry is an overall improvement during moments of peak traffic and congestion.

Additionally, when working with LLMs, you may often encounter issues from the underlying APIs such as rate-limiting or downtime. As you move your LLM applications into production it becomes more and more important to safeguard against these. That's why LangChain introduced the concept of a fallback, an alternative plan that may be used in an emergency. A fallback can be to a different model or even to another LLM provider altogether. Fallbacks can be implemented in code along with backoff and retry methods for greater resilience of your LLM applications.

Another robust option for LLM resiliency is circuit breaking with Apigee. By placing Apigee between a retrieval-augmented generation (RAG) application and LLM endpoints, you can manage traffic distribution and graceful failure handling. Of course, each model will provide a different answer so fallbacks and circuit breaking architecture should be thoroughly tested to ensure it meets your users needs.

Dynamic shared quota

Dynamic shared quota is one way that Google Cloud manages resource allocation for certain models, aiming to provide a more flexible and efficient user experience. Here's how it works:

Traditional quota vs. dynamic shared quota

Traditional quota: In a traditional quota system, you're assigned a fixed limit for a specific resource (e.g., API requests per day, per minute, per region). If you need more capacity, you usually have to submit a quota increase request and wait for approval. This can be slow and inconvenient. Of course, simply having quota allocated does not guarantee capacity, as it is still on-demand and not dedicated capacity. We will talk more about dedicated capacity when we discuss Provisioned Throughput later in this blog.
Dynamic shared quota: With dynamic shared quota, Google Cloud has a pool of available capacity for a service. This capacity is dynamically distributed among all users who are making requests. Instead of having a fixed individual limit, you draw from this shared pool based on your needs at any given moment.

Benefits of dynamic shared quota

Eliminates quota increase requests: You no longer need to submit quota increase requests for services that use dynamic shared quota. The system automatically adjusts to your usage patterns.
Improved efficiency: Resources are used more efficiently because the system can allocate capacity where it's needed most at any given time.
Reduced latency: By dynamically allocating resources, Google Cloud can minimize latency and provide faster responses to your requests.
Simplified management: It simplifies capacity planning because you don't have to worry about hitting fixed limits.

Dynamic shared quota in action

429 resource exhaustion errors are more likely to occur with asynchronous calls to Gemini with large multimodal input such as large video files. Below is a comparison of model performance of Gemini-1.5-pro-001 with traditional quota versus Gemini-1.5-pro-002 with dynamic shared quota. We can see even without retry (not recommended) the second-generation Gemini Pro model outperforms the previous-generation model because of dynamic shared quota.

Backoff and retry mechanisms should be combined with dynamic shared quota, especially as request volume and token size increase. During our testing of the -002 model with larger video input, we encountered 429 errors in all our initial attempts. However, the test results below demonstrate that incorporating backoff and retry logic allowed all five subsequent attempts to succeed. This highlights the necessity of this strategy for the newer -002 Gemini model to be consistently successful.

Dynamic shared quota represents a shift towards a more flexible and efficient way of managing resources in Google Cloud. By dynamically allocating capacity, it aims to provide a tightly integrated experience for users while optimizing resource utilization. Dynamic shared quota is not user-configurable. Google enables it only on specific models’ versions like Gemini-1.5-pro-002 and Gemini-1.5-flash-002. Check supported Google Model versions for more details.

Alternatively, there are times where you want a hard-stop threshold to prevent excessive API calls to Gemini. Abuse, budget limits and controls, or security reasons all play a factor in purposely setting a customer-defined quota in Vertex AI. This is where the feature of consumer quota override comes in. This can be a useful tool to protect your AI applications and systems. You can manage consumer quota with Terraform using the google_service_usage_consumer_quota_override schema.

Provisioned Throughput

Provisioned Throughput from Google Cloud is a service that allows you to reserve dedicated capacity for generative AI models on the Vertex AI platform. This means you can have predictable and reliable performance for your AI workloads, even during peak demand.

Here's a breakdown of what it offers and why it's useful:

Benefits:

Predictable performance: You get consistent response times and avoid performance variability, helping your AI applications run smoothly.
Reserved capacity: No more worrying about resource contention or queuing. You have your own dedicated capacity for your AI models. By default, when Provisioned Throughput capacity is surpassed, the excess traffic is billed at the pay-as-you-go rate.

Cost-effective: It can be more cost-effective than pay-as-you-go pricing if you have consistent, high-volume AI workloads. To estimate if you can save money using Provisioned Throughput, follow steps one through ten in the order process.
Scalable: You can easily scale your reserved capacity up or down as your needs change.

If you have an application with a large user base and need to provide fast response times then this is definitely going to help. This is designed especially for applications that require immediate AI processing, such as chatbots or interactive content generation. Provisioned Throughput can also help computationally-intensive AI tasks, such as processing massive datasets or generating complex outputs.

Leave 429s behind

When using generative AI in production, reliable performance is crucial. To achieve this, consider implementing these three strategies. They are designed to work together, and incorporating backoff and retry mechanisms into all your gen AI applications is a best practice. To get started building with generative AI, you can use these Vertex AI samples on GitHub or take advantage of the beginner's guide, quickstarts, or starter pack Google Cloud offers.

Make IAM for GKE easier to use with Workload Identity Federation

Thu, 21 Nov 2024 17:00:00 +0000

At Google Cloud, we work to continually improve our platform’s security capabilities to deliver the most trusted cloud. As part of this goal, we’re helping our users move away from less secure authentication methods such as long-lived, unauditable, service account keys towards more secure alternatives when authenticating to Google Cloud APIs and services.

In the context of Kubernetes workloads, there have been three ways users can do this:

Export credentials and mount as a secret in the Pod at runtime. This is done using service account keys but could be a security risk if the keys are not managed correctly.
Use the worker node identity or credential, such as the node service account. The security issue is that the credential is shared by all workloads deployed on that node. This can result in over-provisioning of permissions, which violates the principle of least privilege and is not recommended for multi-tenant clusters nor microservices in general.
Use GKE Workload Identity, which allows you to grant access to Cloud APIs using OpenID Connect without needing manual configuration or less secure methods like the aforementioned options.

The preferred option has been to use GKE Workload Identity. Earlier this year, we renamed it Workload Identity Federation for GKE, and rolled out a significant update that made it even easier to use. The update also enabled deeper integration into Google Cloud’s IAM platform. Here’s what you need to know about the changes.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud security products'), ('body', <wagtail.rich_text.RichText object at 0x3e712c76eb50>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

Why you should avoid service account impersonation (for most cases)

Previously, a workload on GKE needed to impersonate a Google Cloud service account with its Kubernetes service account (KSA) in order to enable Pod access to Google Cloud services. Although this improved security, we heard from many users that it was difficult to set up. Having to maintain both a Kubernetes service account and a Google Cloud service account for every Kubernetes workload also contributed to a sprawl of identities that needed to be managed and audited.

While the previous configuration is still possible and will continue to be supported, there is now a simpler way to configure this access: Google Cloud IAM policies can directly reference GKE workloads and Kubernetes service accounts. This significantly simplifies the setup (six configuration steps to three), removing the need to manage another set of Google Cloud service accounts, and perform annotations on Kubernetes service accounts referencing the Google Cloud service account.

More integrated experience inside Cloud IAM

Moving towards this new configuration also gives your Kubernetes identities first class principal and principalSet representations inside Google Cloud IAM. When you use IAM tools such as IAM recommender and IAM policies, you no longer need to apply changes to the impersonated service account and then mentally map the service account to the Kubernetes workload.

For example, inside the IAM recommender you can now directly see least privileged recommendations for your Kubernetes workloads and apply these recommendations directly to the Kubernetes principal.

Referencing multiple GKE workloads inside IAM using principalSet notation

Previously, you could only reference a single principal (such as a single Kubernetes service account). The new configuration supports the principalSet notation which enables an attribute-based selection of multiple identities just like any other Workload Identity Federation principal. As a result, you can now refer to multiple GKE workloads in a single IAM policy, for example:

1) All workloads or Pods that belong to a Kubernetes namespace.

code_block: <ListValue: [StructValue([('code', 'principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/namespace/NAMESPACE'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3e712c750070>)])]>

2) All workloads or Pods that belong to a Kubernetes cluster.

code_block: <ListValue: [StructValue([('code', 'principalSet://iam.googleapis.com/projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/PROJECT_ID.svc.id.goog/kubernetes.cluster/https://container.googleapis.com/v1/projects/PROJECT_ID/locations/LOCATION/clusters/CLUSTER_NAME'), ('language', ''), ('caption', <wagtail.rich_text.RichText object at 0x3e712c7501f0>)])]>

Limitations and next steps

There are still a few limitations when using this capability that you should be aware of. If any of these apply, you will need to continue to use the previous service account impersonation method to perform authentication:

A small number of Google Cloud services don’t yet support Workload and Workforce Identity Federation principals.
VPC Service Controls ingress and egress rules do not support Workload Identity Federation principal and principalSets.
The specific permission to invoke a Cloud Run instance does not support Workload Identity Federation principal and principalSets.

We encourage you to update your existing configurations and use this new simplified IAM policy syntax where you can, moving forward.

To get started, consult the following guidance:

View our updated documentation (Concept, How-to) pages and update your configurations.
Check out our Container Native Security Con lighting talk on removing the need for impersonation.
Check out our Container Bytes video on Workload Identity Federation for GKE.

Announcing Mistral AI’s Large-Instruct-2411 on Vertex AI

Thu, 21 Nov 2024 17:00:00 +0000

In July, we announced the availability of Mistral AI’s models on Vertex AI: Codestral for code generation tasks, Mistral Large 2 for high-complexity tasks, and the lightweight Mistral Nemo for reasoning tasks like creative writing. Today, we’re announcing the availability of Mistral AI’s newest model on Vertex AI Model Garden: Mistral-Large-Instruct-2411 is now generally available

Large-Instruct-2411 is an advanced dense large language model (LLM) of 123B parameters with strong reasoning, knowledge and coding capabilities extending its predecessor with better long context, function calling and system prompt. The model is ideal for use cases that include complex agentic workflows with precise instruction following and JSON outputs, or large context applications requiring strong adherence for retrieval-augmented generation (RAG), and code generation.

You can access and deploy the new Mistral AI Large-Instruct-2411 model on Vertex AI through our Model-as-a-Service (MaaS) or self-service offering today.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud AI and ML'), ('body', <wagtail.rich_text.RichText object at 0x3e712c770970>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/'), ('image', None)])]>

What can you do with the new Mistral AI models on Vertex AI?

By building with Mistral’s models on Vertex AI, you can:

Select the best model for your use case: Choose from a range of Mistral AI models, including efficient options for low-latency needs and powerful models for complex tasks like agentic workflows. Vertex AI makes it easy to evaluate and select the optimal model.
Experiment with confidence: Mistral AI models are available as fully managed Model-as-a-Service on Vertex AI. You can explore Mistral AI models through simple API calls and comprehensive side-by-side evaluations within our intuitive environment.
Manage models without overhead: Simplify how you deploy the new Mistral AI models at scale with fully managed infrastructure designed for AI workloads and the flexibility of pay-as-you-go pricing.
Tune the models to your needs: In the coming weeks, you will be able to fine-tune Mistral AI's models to create bespoke solutions, with your unique data and domain knowledge.
Craft intelligent agents: Create and orchestrate agents powered by Mistral AI models, using Vertex AI's comprehensive set of tools, including LangChain on Vertex AI. Integrate Mistral AI models into your production-ready AI experiences with Genkit’s Vertex AI plugin.
Build with enterprise-grade security and compliance: Leverage Google Cloud's built-in security, privacy, and compliance measures. Enterprise controls, such as Vertex AI Model Garden’s new organization policy, provide the right access controls to make sure only approved models can be accessed.

Get started with Mistral AI models on Google Cloud

These additions continue Google Cloud’s commitment to open and flexible AI ecosystems that help you build solutions best-suited to your needs. Our collaboration with Mistral AI is a testament to our open approach, within a unified and an enterprise ready environment. Vertex AI provides a curated collection of first-party, open-source, and third-party models, many of which — including the new Mistral AI models — can be delivered as a fully-managed Model-as-a-service (MaaS) offering — providing you with the simplicity of a single bill and enterprise-grade security on our fully-managed infrastructure.

To start building with Mistral’s newest models, visit Model Garden and select the Mistral Large model tile. The models are also available on Google Cloud Marketplace here: Mistral Large.

You can check out our sample code and documentation to help you get started.

Announcing new updates to Cloud Translation AI, now covering 189 languages

Wed, 20 Nov 2024 17:00:00 +0000

Your next big customer doesn't speak your language. In fact, 40% of global consumers won't even consider buying from websites not in their native tongue. With 51.6% of internet users speaking languages other than English, you're potentially missing half your market.

Until now, enterprises faced an impossible choice in addressing translation use cases. They had to choose one of the following:

Human translators: High quality but slow and expensive
Basic machine translation: Fast but lacks nuance
DIY solutions: Inconsistent and risky

But the challenge with translation is, you need all three – and traditional translation methods can't keep up. This isn't just about converting words - it's about connecting with people using the right context and tone.

That’s why at Google Cloud, we built Translation AI in Vertex AI. We’re excited to share the latest updates, and how you can apply it to your business.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud AI and ML'), ('body', <wagtail.rich_text.RichText object at 0x3e712cbc8250>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/vertex-ai/'), ('image', None)])]>

Translation AI: Unmatched translation quality, but your way

Google Cloud’s Translation AI includes two offerings for you to choose from:

Translation API Basic: An essential toolkit for translation capabilities. You can instantly detect languages and translate text using our advanced Neural Machine Translation (NMT) model. Translation AI Basic is perfect for chat conversations, short-form content, and scenarios where speed and consistency are crucial.
Translation API Advanced: Process entire documents, run batch translations, and maintain terminology consistency with custom glossaries. You can leverage our Gemini-powered Translation model for long-form content, or use Adaptive Translation to capture your brand's unique voice and tone. You can even customize translations by applying glossary, fine tuning our industry leading translation models, or adapting translation predictions in real time.

What’s new in Translation AI

Expanded reach and accuracy: You can now reach global audiences with our expanded language support, now covering 189 languages — including Cantonese, Fijian, and Balinese — while maintaining lightning-fast performance, perfect for user content and contact centers.
"Per our evaluations, Google NMT is among the best-performing real-time NMT models for 97% of the language-domain combinations we've tested (87 out of 90) -- which is 15% more than the closest competitor." -- Konstantin Savenkov, CEO & Co-Founder, Intento, Inc.

Smarter adaptive translation: You can customize your translations' tone and style with as few as five examples, or use up to 30,000 for ultimate precision.
Model selection based on your use case: Using Cloud Translation Advanced, you have the option to choose from multiple approaches based on the complexity of your translation use case. For example, you can use our NMT model for translating general text or choose Adaptive Translation for customization in real-time.
Quality without compromise: While leaderboards and reports offer insights into overall model performance, they don't reveal how a model handles your specific needs. The gen AI evaluation service helps you pick your own evaluation criteria, giving you a clear understanding of how well AI models and applications align with your use case. For example, Google’s MetricX and the widely used COMET correlate strongly with human evaluation, are widely used for evaluating translation quality, and available now on the Vertex gen AI evaluation service. Compare models, prototype solutions, and select the best translation approach for your needs.

We built Translation AI with a dual focus – transform how you translate and transform how you work with translation. While most vendors offer either powerful translation or easy implementation, we deliver on both in four critical ways.

Vertex AI for rapid prototyping: Instantly test translations across 189 languages. Compare NMT or our latest translation fine-tuned Gemini-powered model to find your perfect fit. See how your custom adaptations perform without writing a single line of code, and get immediate quality metrics to validate your choices.
Production-ready APIs for your existing workflows: Plug our Translation API (NMT) directly into your applications for real-time, high-volume translations. Switch your model selection to our Adaptive Translation Gemini-powered model via the same Translation API when tone and context matter most. Both models integrate into your existing workflows and automatically scale with your needs.
Customization without coding: Train custom translation models on your specific industry terms and phrases. Simply upload your domain-specific data and let Translation AI build a custom model that speaks your language. It’s perfect for specialized content in legal, medical, or technical fields—no ML expertise required.
Full control with Vertex AI: Own your complete translation pipeline using Translation AI through our comprehensive platform – Vertex AI. With Vertex AI, you can select your preferred models, customize their behavior, and monitor real-world performance. Integrate seamlessly with your existing CI/CD processes for true enterprise-grade translation at scale.

Real impact: The Uber story

Uber is leveraging Google Cloud Translation AI product suite to achieve their mission to help people go anywhere and get anything and earn their way.

"Operating in tens of thousands of cities worldwide, Uber prioritizes seamless communication and support for riders, drivers, couriers, and eaters across diverse languages. Misinterpretations can result in delays, frustration, and even safety concerns. For years, Google has been our trusted translation platform. With recent advancements in Translation models, automatic quality metrics, and language expansion, we’re excited to partner with Google to deliver innovative multilingual experiences to our users." — Megha Yethadka, Senior Director, Uber.

Get started with Translation AI

Here are a few resources to help you get started with the latest features in Translation AI. Gemini-powered Translation model and Adaptive Translation are publicly available to use today. You can try them out in Vertex AI Studio.

Build, deploy, and promote AI agents through Google Cloud’s AI agent ecosystem

Wed, 20 Nov 2024 17:00:00 +0000

We’ve seen a sharp rise in demand from enterprises that want to use AI agents to automate complex tasks, personalize customer experiences, and increase operational efficiency. Today, we’re announcing a Google Cloud AI agent ecosystem program to help partners build and co-innovate AI agents with technical and go-to-market resources from Google Cloud. We’re also launching AI Agent Space, a new category in our Google Cloud Marketplace for customers to easily find and deploy partner-built AI agents.

Through this program, we’ll provide product support, marketing amplification, and co-selling opportunities to help our services and ISV partners bring these solutions to market faster, reach more customers, and grow their AI agent businesses. Our goal is to provide customers with a rich ecosystem of solutions that sit on top of our world-class infrastructure and offer the choice and optionality needed to tailor AI for their businesses and maximize value from AI investments.

aside_block: <ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x3e712cbe8f40>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

New resources for partners building AI Agents

To increase the development and adoption of AI agents, we’re focusing on supporting partners in three key areas:

Accelerated agent development: We'll provide partners with direct access to Google Cloud's product and engineering teams for guidance and optimization of their AI agents. Partners will also receive early access to our latest AI technologies, technical enablement and best practices, and dedicated support for bringing their solutions to market quickly via Google Cloud Marketplace.
Go-to-market success: New go-to-market programs and co-selling opportunities specifically designed for AI agent solutions will help partners more effectively promote their offerings and drive adoption across a wider range of customers.
Increased customer visibility: We will highlight the innovative work of our partners through targeted marketing resources, blogs, and dedicated events, which will increase visibility of partner-built AI agents and help them stand out in our growing AI ecosystem.

Offerings from services partners

We’ve seen significant momentum from services partners who have used Google Cloud’s technology to help customers successfully build and deploy AI agents. Through this program, our services partners will make their AI agents available to even more customers, including on AI Agent Space in the future. Here are some of their innovative agent solutions:

Accenture is transforming customer support at a major retailer by offering convenient self-service options through virtual assistants, enhancing the overall customer experience.
Bain supports SEB’s wealth management division with an AI agent that enhances end-customer conversations with suggested responses and generates call summaries that help increase efficiency by 15%.
BCG provides a sales optimization tool to improve the effectiveness and impact of insurance advisors.
Capgemini optimizes the ecommerce experience by helping retailers accept customer orders through new revenue channels and to accelerate the order-to-cash process for digital stores.
Cognizant helps legal teams draft contracts, assigning risk scores and recommendations for how to optimize operational impact.
Deloitte offers a “Care Finder” agent as part of its Agent Fleet, helping care seekers find in-network providers often in less than a minute — significantly faster than the average call time of 5-8 minutes.
HCLTech helps predict and eliminate different types of defects on manufacturing products with its manufacturing quality agent, Insight.
Infosys optimizes digital marketplaces for a leading consumer brand manufacturer, providing actionable insights on inventory planning, promotions, and product descriptions.
PwC uses AI agent technology to help oncology clinics streamline administrative work so that doctors can optimize their time with patients.
TCS helps build persona-based AI agents contextualized with enterprise knowledge to accelerate software development.
Wipro supports a national healthcare provider in using agent technology to develop and adjust contracts, streamlining a complex and time-consuming task while improving accuracy.

Partners have already given us positive feedback about the support we’ve provided to more effectively scale their agent solutions, including Datatonic, Kyndryl, Quantiphi, and Slalom who plan to bring new agents to market soon. Here’s what partners had to say:

“Leaders who prioritize and invest in agentic architecture will be at the forefront of their industries, driving future growth with generative AI. For example, Accenture's marketing team is using autonomous agents to streamline campaign creation and execution, reducing manual steps by 25-35%, saving 6% in costs, and speeding up time-to-market by 25-55%.” - Scott Alfieri, Global Lead, Google Business Group, Accenture
“BCG continues to see strong business value partnering with Google Cloud to deliver gen AI transformations for our joint clients across industries. Google Cloud's support for a robust ecosystem of AI agents demonstrates its commitment to innovation and democratization of AI.” - Val Elbert, Managing Director and Senior Partner, BCG
“By partnering with Google Cloud, we are building AI agents that transform customer experiences and bring efficiency to business processes. Google Cloud's Agent Marketplace empowers Capgemini to continue developing and deploying innovative AI agents, leveraging our deep understanding of our customers.” – Fernando Alvarez, Chief Strategy and Development Officer and Group Executive Board Member, Capgemini
“Deloitte has helped some of its largest clients improve how they operate with AI agents built with Google Cloud’s technology. As agentic AI takes off, this initiative can enhance our agent-building and distribution capabilities, thus enabling us to accelerate our clients’ time to business value with AI solutions.” – Gopal Srinivasan, Alphabet Google Alliance Generative AI Leader, Deloitte Consulting LLP

Offerings from ISV partners

Our ISV partners are leveraging the power of Google Cloud's AI technology, including Vertex AI and Gemini models, to develop cutting-edge AI agent solutions. Many have already made their offerings available on Google Cloud Marketplace, and we're thrilled that they will be expanding their reach through AI Agent Space to make it even easier for customers to deploy and benefit from these innovative AI agents.

Here are some examples of their agent capabilities:

Bud Financial uses its "Financial LLM" to provide personalized answers to customer queries and supports automation of banking tasks such as moving money between accounts to avoid overdrafts.
Dun & Bradstreet uses its Hoovers SmartSearch AI to help customers quickly build targeted lists of companies and contacts matching specific criteria such as location, industry, and company size, making it easier to identify and action targeted opportunities.
Elastic helps SREs and SecOps interpret log messages and errors, optimize code, write reports, and even identify and execute a runbook.
Exabeam enhances cybersecurity with natural language search, visualization, and investigation acceleration, automating threat explanations and next steps for multi-terabyte datasets.
FullStory integrates its real-time data capture with Google Cloud's AI to create context-aware conversational agents, enabling faster data discovery and analysis of web and mobile interactions and more intelligent AI responses.
GrowthLoop gives marketers tools that automate audience building, suggest optimal targeting, and create custom attributes, optimizing the power of BigQuery data.
OpenText enables users to quickly find fast, accurate answers to inquiries that span a broad set of business domains, such as DevOps, customer service, and content management.
Quantum Metric uses its Felix AI agent to help customer service associates quickly summarize and identify important takeaways from consumer engagements, with reporting metrics that help businesses enhance inquiry resolutions.
Sprinklr offers multiple AI agents that can help businesses improve decision-making, resolve service queries, and handle complex tasks end-to-end.
Teradata helps analyze, categorize, and summarize customer inquiries or complaints by using multimodal capabilities that process text and voice data, identifying key trends and actionable insights to enhance customer loyalty.
ThoughtSpot uses its Spotter agent to empower customers with autonomous analytics capabilities and a natural-language chat interface that brings deep data analysis and contextual reasoning to any user.
Typeface enables users to automate marketing workloads and across teams with its Arc Agent, which supports marketers with campaign performance, creative content creation updates, and audience optimization.
UKG enhances the workplace experience with Bryte AI, a conversational agent that enables HR administrators and people managers to request information about company policies, business insights, and more.

ISV partners are successfully using our AI to enhance their agent solutions, which they expect to grow through our ecosystem. Here’s what they had to say:

“Dun & Bradstreet built Hoovers SmartSearch AI with Google's AI to revolutionize sales prospecting by instantly generating targeted lists of companies and contacts. Through this innovative initiative, customer adoption of our AI agent will be accelerated to help users effortlessly identify ideal customers and accelerate revenue growth.” - Michael Manos, Chief Technology Officer, Dun & Bradstreet
“Elastic AI Assistant uses Vertex AI and Gemini models to empower SREs and SecOps teams to build intelligent agents that interpret log messages, optimize code, automate reports, and even generate runbooks. This is the future of agentic architecture, and it's available now in partnership with Google Cloud.” - Ken Exner, CPO, Elastic
“By leveraging Google's advanced AI capabilities, ThoughtSpot Spotter delivers an autonomous analytics agent that empowers users to extract valuable insights from their data through natural language interactions. We're excited to scale our AI agent to even more customers in partnership with Google Cloud." - Sumeet Arora, Chief Development Officer, ThoughtSpot
“UKG leverages Vertex AI to power UKG Bryte AI, a gen AI sidekick for UKG’s Pro and Ready HCM solutions. Bryte AI is built on UKG’s proprietary people, culture, and work data to enhance insights and decision-making, and to enable more conversational AI experiences” - Venkat Ramamurthy, Head of Product, AI, and Data, UKG

We’re pleased by how quickly partners have built AI agents to help customers improve their businesses. Additional partners with powerful AI agent capabilities available through Google Cloud include AUI.io, Automation Anywhere, Big SUR AI, BigCommerce, DataStax, Decagon.ai, Dialpad, Elastic, ema.co, Livex.ai, Lyzr.ai, Mojix, Moveo.ai, Regnology, Tamr, Tektonic AI, Vijil, VMware, Wisdom AI, and Zeotap.

Joining AI Agent Space

AI Agent Space is available today with solutions from select partners, and we plan to add hundreds of additional AI agents over the coming months. Partners interested in learning more can visit Google Cloud Marketplace to start listing AI agent solutions, and they can apply to the program here or reach out to their partner representative to explore additional collaboration opportunities.

We’re dedicated to empowering our partners with the tools, resources, and support they need to build and deploy successful AI agents. We're excited to see the transformative solutions they create and the positive impact they'll have on customers in the coming year.

Google Cloud NetApp Volumes now available for OpenShift on Google Cloud

Tue, 19 Nov 2024 17:00:00 +0000

As a result of new joint efforts across NetApp, Red Hat and Google Cloud, we are announcing support for Google Cloud NetApp Volumes in OpenShift on Google Cloud through NetApp Trident Version 24.10. This enables joint customers to take advantage of Google Cloud infrastructure that’s optimized for OpenShift, reduce operational toil, and streamline migration of complex workloads.

The power of OpenShift-optimized infrastructure

Red Hat and Google Cloud have a long history of collaborating on and contributing to Kubernetes as well as other Cloud Native Compute Foundation (CNCF) projects including Istio, Knative and Tekton. Together, these projects make up the basis for OpenShift, Red Hat’s platform that helps developers build, deploy, and manage applications. In fact, Google and Red Hat have been collaborating since before Kubernetes was even conceived, including co-developing Cgroups, a precursor to Linux containers. When Google open-sourced Kubernetes, Red Hat was one of the first to jump on board, betting the Red Hat OpenShift platform on the new open-source standard. Today, Google and Red Hat hold prominent leadership roles in Kubernetes governance, and are #1 and #2 largest contributors to Kubernetes, respectively.

Google Cloud infrastructure is highly optimized for OpenShift. Custom machine shapes let you optimize OpenShift Pods:Nodes bin-packing, reducing how much compute capacity you need to provision for a typical OpenShift workload. Hyperdisk Storage Pools enables thin-provisioning for OpenShift PersistentVolumes, reducing the amount of storage that needs to be provisioned. Additionally, support for live migration in a wide array of Compute Engine families lets you provide higher uptime guarantees for stateful OpenShift workloads, which are common in enterprise application portfolios.

And when you deploy OpenShift workloads on Google Cloud, you can count on access to a deep bench of L3/ L4 engineers who are experts in the OpenShift runtime core components (in Kubernetes) given Google’s staff strong participation as core maintainers and technical leads in Kubernetes, providing you with enterprise-grade support and coverage for mission-critical workloads.

aside_block: <ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x3e712c735100>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

NetApp Volumes storage comes to OpenShift on Google Cloud

When you deploy OpenShift workloads on Google Cloud, there’s a wide array of options for modernizing your operations, with OpenShift-native integrations into managed infrastructure services across compute, networking, storage, monitoring/logging, secrets/encryption, serverless, CI/CD, etc.

These managed infrastructure services give you the ability to “carry much fewer pagers” than you typically would with an on-prem OpenShift deployment. However, sometimes you are migrating applications that have requirements or dependencies on specific solutions for infrastructure pillars (such as storage). The typical approach is to rely on self-managing the architecture — and going back to carrying pagers…

With support for Google Cloud NetApp Volumes in OpenShift, you benefit from the best of both worlds for your file storage needs: the modernization, toil-reduction, and efficiency benefits of a managed service, with enterprise-ready features, compatibility, and familiarity of NetApp on-premises storage.

You can maximize data performance and reliability for your Red Hat OpenShift workloads on Google Cloud by leveraging high-performance file storage on Google Cloud infrastructure while using NetApp Volumes features like automated snapshots, and Red Hat OpenShift-native persistent storage integration helps ensure high availability and fault tolerance across your workloads.

Streamlined deployment for a variety of workloads

Collaboration between Google Cloud, NetApp and Red Hat makes it easier to quickly configure and deploy Red Hat OpenShift clusters and workloads in Google Cloud with NetApp Volumes for file storage, with streamlined access to Google Cloud IAM, service account management, and the Certificate Authority Service, among others. NetApp Volumes provides as small as 1 GiB volumes, read-write many (RWX) PVs, low-latency performance and up to 12.5 GiB/sec throughput with large volumes, all while protecting your applications and data with customer managed encryption keys (CMEK).

“Google Cloud is heavily invested in our partner community with the common goal of providing a world-class experience for our customers. Building on our long-standing technical collaborations with industry-leading partners like Red Hat and NetApp, we are deeply aligned on the core principles of both openness and reliability to help enterprise customers get what they need done. Our customers are increasingly turning to us to help them transform their business and together, and through a joint partnership with NetApp and Red Hat, we can help customers with a new way to cloud, while leveraging familiarity and consistency that brings together innovations across their business.” - Stephen Orban, Google Cloud VP of Migrations, ISVs, and Marketplace

De-risk cloud adoption while accelerating time to value

We are partnering with one of our trusted resellers, Converge Technology Solutions, to bridge on-premises, multi-cloud, and Google Cloud, and provide unified management and operational experience for your Red Hat OpenShift and NetApp workloads. Converge’s expertise in Red Hat OpenShift and NetApp technologies helps ensure solutions are architected for peak performance, scalability, and reliability. You can take advantage of their deep understanding of hybrid cloud and Kubernetes/Red Hat OpenShift to provide a smooth transition to Google Cloud, minimizing disruption and maximizing uptime. At the same time, Converge’s best-practice-aligned methodologies help streamline Google Cloud deployments while integrating Red Hat OpenShift and NetApp Volumes, so you can run persistent containerized workloads on an enterprise-class hybrid cloud environment.

"Converge is thrilled to partner with Google Cloud, Red Hat, and NetApp to deliver this powerful new solution for OpenShift on Google Cloud. Our deep expertise in hybrid cloud and Kubernetes, coupled with our proven methodologies, ensures a seamless transition and rapid time-to-value for clients adopting this innovative offering. This collaboration empowers enterprises to modernize their operations, optimize their infrastructure, and unlock the full potential of containerized workloads in a secure and reliable hybrid cloud environment." - David Luftig, Executive Vice President Strategy and Solutions, Converge Technology Solutions

Connect with us to learn more

Are you ready to get more value from the cloud? Learn more about Red Hat solutions on Google Cloud Marketplace, and Google Cloud NetApp Volumes. You can also contact your Red Hat, NetApp, or Google sales representatives, or reach out to Converge Technology specialists to discuss your specific use cases.

About NetApp
NetApp is the intelligent data infrastructure company, combining unified data storage, integrated data services, and CloudOps solutions to turn a world of disruption into opportunity for every customer. NetApp creates silo-free infrastructure, harnessing observability and AI to enable the industry’s best data management. As the only enterprise-grade storage service natively embedded in the world’s biggest clouds, our data storage delivers seamless flexibility. In addition, our data services create a data advantage through superior cyber resilience, governance, and application agility. Our CloudOps solutions provide continuous optimization of performance and efficiency through observability and AI. No matter the data type, workload, or environment, with NetApp you can transform your data infrastructure to realize your business possibilities.

About Red Hat, Inc.
Red Hat is the world’s leading provider of enterprise open source software solutions, using a community-powered approach to deliver reliable and high-performing Linux, hybrid cloud, container, and Kubernetes technologies. Red Hat helps customers integrate new and existing IT applications, develop cloud-native applications, standardize on our industry-leading operating system, and automate, secure, and manage complex environments. Award-winning support, training, and consulting services make Red Hat a trusted adviser to the Fortune 500. As a strategic partner to cloud providers, system integrators, application vendors, customers, and open source communities, Red Hat can help organizations prepare for the digital future.

About Converge
Converge Technology Solutions Corp. is a services-led, software-enabled, IT & Cloud Solutions provider focused on delivering industry-leading solutions. Converge’s global approach delivers advanced analytics, artificial intelligence (AI), application modernization, cloud platforms, cybersecurity, digital infrastructure, and digital workplace offerings to clients across various industries. The Company supports these solutions with advisory, implementation, and managed services expertise across all major IT vendors in the marketplace. This multi-faceted approach enables Converge to address the unique business and technology requirements for all clients in the public and private sectors. For more information, visit convergetp.com.

Realizing AI's Full Potential where Workforce, Security, & Collaboration Matter

Tue, 19 Nov 2024 17:00:00 +0000

AI is rapidly reshaping the public sector, ushering in a new era of intelligent and AI-powered service delivery and mission impact. Chief AI Officers (CAIOs) and other agency leaders play a critical role as AI becomes more pervasive. At Google, we've long believed that AI is a foundational and transformational technology, with the potential to benefit people and society. Realizing its full potential to improve government services, enhance decision-making, and ultimately create a more efficient and effective public sector requires leadership and a clear commitment.

Google recently commissioned IDC to conduct a study that surveyed 161 federal CAIOs, government AI leaders and other decision makers to understand how agency leaders are leading in this new AI era – and the value they are already bringing when it comes to AI governance, collaboration, and building public trust and citizen engagement¹. I recently sat down with Ruthbea Yesner, Vice-President of IDC Government Insights to explore the key findings of this research and what it means for the public sector - see excerpts of our discussion and key insights below.

Key Finding #1: 62% of those surveyed say strengthening cybersecurity is a top motivator for AI investments

Agencies are embracing AI to enhance cybersecurity and protect critical infrastructure - with 60% of respondents indicating that internal cybersecurity protection is their top AI/ML use case. Over 40% of federal agencies surveyed state that protecting critical infrastructure is a key driver for their AI investments going forward. Additionally, respondents believe that applying AI to strengthen cybersecurity and protect critical infrastructure will deliver positive outcomes in just 9 months; the second fastest time to value of any expected outcome of AI.

CAIOs and other agency leaders play a crucial role in driving AI adoption and ensuring that agencies are able to leverage this powerful technology. While 50% of federal agencies have already appointed a CAIO, the rest are expected to follow soon. As adoption accelerates and AI maturity grows, CAIOs need to prioritize robust cybersecurity measures and risk mitigation strategies in all AI initiatives, ensuring the protection of sensitive data and systems.

Key Finding #2: Higher AI maturity increases likelihood to explore other Gen AI use cases by 4x

IDC created a 5-phase approach to assessing AI maturity and the findings are remarkable - 50% of agencies surveyed reported high levels of AI maturity which corresponds to mature behaviors like piloting and implementing generative AI use cases to drive innovation and mission impact. Mature AI agencies are embracing an innovation culture and are focused on AI use cases and projects with high potential for impact.

We’re seeing some agencies solving for one specific problem or use case and creating quick wins and the appetite to do more, and in other cases, they are tackling big, complex challenges head-on. By adopting an AI-first mindset, incorporating AI into their workflows and scaling their use of AI, they are creating the groundswell to do more. This has a compounding effect as AI becomes more pervasive across the agency, and individuals increasingly feel part of its positive cultural change and impact.

This has a catalyst effect, it just takes one person doing something amazing with AI to motivate others to learn and apply AI Ruthbea Yesner
Vice-President of IDC Government Insights

Generative AI is the future - attracting 42% of AI investments. Agencies are eager to explore its potential - and innovation will be a key motivator for continued AI investment going forward. As organizations prioritize AI, the CAIO role becomes even more multifaceted, demanding not just technical expertise but also visionary leadership to drive organizational culture change and develop a truly AI-enabled workforce.

We believe that a robust AI maturity model, as outlined in IDC’s The Chief Artificial Intelligence Officer (CAIO) Playbook: A Practical Guide for Advancing AI Innovation in Government, is key to guiding agencies in their adoption of AI and fostering organizational readiness. By providing a clear framework for progress, agencies can strategically navigate the complexities of AI implementation and unlock its full potential.

Key Finding #3: An AI-ready workforce is the key to unlocking AI’s potential

The rapid pace of AI adoption has highlighted a significant challenge: a shortage of AI expertise. 39% percent of survey respondents report that their biggest challenge is a lack of in-house AI skills and expertise, and 68% are focused on training and retaining their workforce.

Google is tackling this skills challenge head-on. We recently announced our Google Cloud Launchpad for Veterans - a no-cost training and certification journey to equip veterans in all roles and at all levels with the cloud knowledge and skills needed to drive innovation, and contribute to their employer’s digital transformation strategy. And we also announced a new AI training initiative through Google.org’s AI Opportunity Fund – with $15 million for AI skills training for US government workers for the Partnership for Public Service and InnovateUS. This also includes a grant to the Partnership for Public Service to establish the new Center for Federal AI to provide AI skills and literacy to federal leaders and workers, including 2,000 senior government officials.

One thing is clear - AI requires leadership, and the CAIO is an important new C-suite role signaling the government’s commitment to harness AI and reach its full potential. CAIOs and other agency leaders are critical to charting this new AI era and providing the expertise and leadership necessary to leverage AI for the public good.

To learn more about how CAIOs are leading in this new AI era, download The Chief Artificial Intelligence Officer (CAIO) Playbook: A Practical Guide for Advancing AI Innovation in Government. By embracing its recommendations, agencies can create their own roadmap to drive AI adoption to accelerate mission outcomes and impact. To hear the full interview with Ruthbea Yesner, Vice-President of IDC Government Insights, please register to join the Google Public Sector Summit On-Demand on December 3rd.

_{¹ IDC Signature White Paper, The Chief Artificial Intelligence Officer (CAIO) Playbook: A Practical Guide for Advancing AI Innovation in Government, sponsored by Google Public Sector, Doc# US52616824, October 2024.}

The overwhelmed person’s guide to Google Cloud: week of November 14

Tue, 19 Nov 2024 17:00:00 +0000

The content in this blog post was originally published last week as a members-only email to the Google Cloud Innovators community. To get this content directly in your inbox (not to mention lots of other benefits), sign up to be an Innovator today.

New and shiny

Three new things to know this week

Ground Gemini’s answers with Google Search in Vertex AI and Google AI Studio. There’s brand new support in Google AI Studio for connecting the Gemini model’s output to verifiable sources of data through Google Search. This functionality is already part of Vertex AI, but both platforms now support dynamic retrieval. This means that grounding only happens if we predict that the query needs it. See how it works in Vertex AI, and learn how to get started in Google AI Studio.
Use Google’s own Arm-based CPUs. The Axion CPU is now ready for you! Get some excellent price performance and better energy efficiency by deploying C4A VMs powered by our first Arm-based processors.
Business process automation service gets AI upgrade, increased sophistication. It’s likely flying below your radar, but take a look at Google Cloud Application Integration. You can model out workflows for connecting systems in all sorts of ways. There’s now Gemini Code Assist functionality to help you build integrations, model out data transformations, create test cases, and even apply complex retry strategies.
Build and Deploy Gen AI Applications on Google Cloud with Genkit and Go. Join us on November 19th for a hands-on workshop to build and deploy a generative AI app on Google Cloud! Use Genkit, Vertex AI, and Go to create and automate a reusable app deployment pipeline—perfect for beginners and pros alike.

Watch this

Learn advanced RAG techniques. Watch this excellent video series to get up to speed on LLM fundamentals. This edition looks at retrieval augmented generation and enhancing quality of responses.

Community cuts

Every week I round up some of my favorite links from builders around the Google Cloud-iverse. Want to see your blog or video in the next issue? [email protected]">Drop Richard a line!

“Perfect” is a strong word, but yeah, we’re pretty good. Simon at SADA makes the case that you should be looking at Google Cloud for your AI work because of our models, security posture, tools, and expertise. Who am I to disagree?
Build an ETL pipeline locally and then transition to the cloud. Thomas looks at the exercise of taking a working data pipeline and using our data and compute services to get it running successfully in Google Cloud.
What exactly is Firebase? It’s been part of Google for a while and is used by mobile devs around the world. Now it’s appealing to new audiences, and this post from Hermant explains what it offers to modern developers.

Learn and grow

Three ways to build your cloud muscles this week

In-person Workshop! AI In Action - AlloyDB and Vertex AI Agent Builder. Level up your AI skills with a hands-on journey in building knowledge-driven chat applications! Dive into AlloyDB and Vertex AI Agent Builder to create intelligent, interactive customer solutions. Sign up now! New York - 11/20, Toronto - 11/22, Bay Area - 12/3, Seattle - 12/5.
Let’s modernize our old apps. Here’s a great code lab that walks you through, step-by-step, the process to modernize an old PHP app. Learn what it takes to containerize the app, automate the path to production, add generative AI features, and introduce modern operations.
Running Apache Airflow? You have choices. If you’re orchestrating data, there’s a good chance you’ve come across Apache Airflow. This post points out that you can run it yourself on VMs, use a more managed GKE environment, or embrace a fully managed service with Cloud Composer.
Cloud Workstations is ready for devs in government. You deserve nice things, wherever you may work. Those in restricted environments sometimes have to settle for less. But now, Cloud Workstations is FedRAMP High Authorized. Curious about Cloud Workstations? Stanal has a good new overview post.
Standard storage format, and all the BigQuery goodness. We just shipped a preview of BigQuery tables for Apache Iceberg. Use this open format to store data, but get all the lakehouse goodness that BigQuery offers.

One more thing

https://x.com/JeffDean/status/1851471466543620513

Gemini is used across Google to create helpful AI experiences. Jeff highlights Sundar’s message about the billions of Google users with access to Gemini.

Become an Innovator to stay up-to-date on the latest news, product updates, events, and learning opportunities with Google Cloud.

New ways to protect your sensitive data with Chrome Enterprise

Tue, 19 Nov 2024 15:30:00 +0000

Protecting sensitive company data is no longer just a best practice—it’s business critical. In today's world, data breaches can have serious consequences, from financial losses and reputational damage to legal repercussions and operational disruptions. That’s why Chrome Enterprise Premium, our advanced secure enterprise browser offering, includes a growing suite of Data Loss Prevention (DLP) capabilities to help organizations safeguard their sensitive information and maintain compliance.

We recently launched a number of enhancements to our DLP capabilities, giving you even more granular control over your company's data. This blog post will explore how these new capabilities support your organization’s comprehensive DLP journey—from discovering potential risks and user behavior, to controlling data flow with robust security measures, to investigating potential incidents with detailed reporting and analysis, and finally, to expanding protection beyond desktops.

Discover and understand user behavior

Understanding how your users interact with data is the first step in preventing data leaks. Chrome Enterprise provides powerful tools to gain visibility into user activity and to identify potential risks:

1. Chrome Security Insights

Chrome Security Insights empowers Chrome Enterprise customers to proactively identify potential threats with simplified security monitoring. This feature monitors key security configurations, security event logging, and 50 common DLP detectors with just a few clicks. Administrators gain valuable insights into high-risk activities through detailed reports on users, domains, and sensitive data transfers, enabling swift identification and remediation of security concerns. Start your 30-day Chrome Enterprise Premium trial and enable Chrome Security Insights here.

2. URL Filtering Audit Mode [Currently in Public Preview (beta), general availability coming soon]

Chrome Enterprise Premium’s URL Filtering Audit Mode offers a valuable tool for organizations seeking to refine their web access policies. It allows administrators to selectively activate monitoring of employee browsing activity without enforcing restrictions, providing insights into users behavior and potential security risks. By analyzing this data, IT and security teams can make informed decisions regarding URL filtering rules, striking an effective balance between security and user productivity. See here to learn how to configure URL Filtering Audit Mode.

Enforce DLP controls

Once you understand your users' behavior, it's time to put the right controls in place to prevent data leaks. Chrome Enterprise offers a robust set of in-browser protections.

1. Copy and paste protections

Controlling how users interact with sensitive data is crucial. Chrome Enterprise Premium's copy and paste protections allow you to restrict or block users from copying sensitive information from web pages or pasting it into unauthorized applications or websites. This granular control helps prevent data exfiltration and ensures that sensitive information stays within designated boundaries, reducing the risk of data breaches and helping with compliance with data protection regulations. The copy and paste protections include:

Preventing data leakage to Incognito mode: Concerned about sensitive data being copied into incognito mode, where it can potentially bypass security measures? Chrome Enterprise Premium now allows you to block or warn users when they attempt to copy data between regular browsing sessions and incognito windows.
Controlling data sharing between applications: For organizations looking to prevent data leakage to external applications, Chrome Enterprise Premium now allows you to block or warn users when they attempt to copy data from your web applications into external programs like Notepad, Microsoft Word, or other apps.
Isolating data between Chrome profiles: Shared devices or users with multiple Chrome profiles can introduce risks of data cross-contamination. Chrome Enterprise Premium’s new copy-paste controls now allow you to block or warn users when they attempt to move data between different profiles.
Securing sensitive emails: Emails often contain highly confidential information requiring stringent protection. With Chrome Enterprise Premium, you can implement specific rules, such as blocking any copying from Gmail unless it’s being pasted back into Gmail.

See more details about setting up copy and paste protections here.

2. Watermarking

Watermarking acts as a deterrent to unauthorized data sharing. Chrome Enterprise Premium allows you to apply visible watermarks to sensitive company documents viewed in the browser, displaying information like the user's email address, date, or a custom message. This helps discourage data exfiltration and makes it easier to trace the source of any leaked information. See here on how to set up watermarking with Chrome Enterprise Premium

3. Screenshot protections

Screenshots can be a convenient way to capture information, but they also pose a data leak risk. Chrome Enterprise Premium's screenshot protection allows you to prevent users from taking screenshots of sensitive content within the browser. This adds another layer of protection to your DLP strategy, limiting the potential for unauthorized data capture. Learn how to set up screenshot protection rules here.

These controls work together to create a comprehensive security strategy, limiting the ways in which data can be exfiltrated from your organization.

Investigate potential data leaks

Even with the best preventative measures in place, it's crucial to be prepared to investigate potential security incidents. Chrome Enterprise provides tools to help you quickly identify and address threats:

1. Evidence Locker [Currently in Private Preview, general availability coming soon]

The evidence locker provides a secure repository for storing files and data that require further investigation by security teams. For instance, if an employee attempts to download a non-public financial report, Chrome Enterprise Premium can block the action and retain a copy of the file in the evidence locker. This triggers a detailed report for IT and security teams, enabling them to take appropriate investigation and remediation steps. Stay tuned for more information on the upcoming release of Evidence Locker.

2. Chrome Extension Telemetry in Google Security Operations

Chrome Enterprise Core integrates with Google Security Operations, our cloud-native security analytics platform, to provide deeper visibility into browser activity. Previously, detection and response teams were limited to analyzing static extension attributes. Now, you can set dynamic rules that continuously monitor extension behavior in your production environment, enabling proactive identification and remediation of risks before they escalate into threats. For example, you can monitor if extensions are unexpectedly contacting remote hosts or accessing cookies. This enhanced visibility empowers your security team to detect and mitigate data theft and infrastructure attacks in near real-time, significantly reducing your organization's vulnerability to malicious extensions. See how to set this up here.

Expand protection to other platforms

Chrome Enterprise is committed to extending its threat protection capabilities beyond the desktop.

1. Mobile threat protections

With the growing use of mobile devices for work, securing the browser on these devices is essential. Chrome Enterprise Core is extending its threat protection capabilities to Android devices with download blocking. This feature will allow organizations to set policies to prevent users from downloading malicious files flagged by Google Safe Browsing from the web onto their mobile devices, bringing threat protections beyond desktops. Organizations can also choose to block all downloads on Android on managed Chrome. Get started with Chrome Enterprise Core today at no additional costs.

Chrome Enterprise Premium: Your partner in DLP

These features are just a glimpse into the comprehensive DLP capabilities offered by Chrome Enterprise. We are consistently enhancing our security capabilities to help organizations like yours take a proactive approach to data loss prevention, safeguarding sensitive information at the critical browser layer and ensuring compliance in today's increasingly complex digital landscape.

Start using Chrome Enterprise Core today at no additional cost to gain foundational security capabilities. Or, experience Chrome Enterprise Premium’s advanced security and DLP features with a free 60-day trial and enable Chrome Security Insights here.

Empowering Gemini for Malware Analysis with Code Interpreter and Google Threat Intelligence

Tue, 19 Nov 2024 14:00:00 +0000

One of Google Cloud's major missions is to arm security professionals with modern tools to help them defend against the latest threats. Part of that mission involves moving closer to a more autonomous, adaptive approach in threat intelligence automation.

In our latest advancements in malware analysis, we’re equipping Gemini with new capabilities to address obfuscation techniques and obtain real-time insights on indicators of compromise (IOCs). By integrating the Code Interpreter extension, Gemini can now dynamically create and execute code to help deobfuscate specific strings or code sections, while Google Threat Intelligence (GTI) function calling enables it to query GTI for additional context on URLs, IPs, and domains found within malware samples. These tools are a step toward transforming Gemini into a more adaptive agent for malware analysis, enhancing its ability to interpret obfuscated elements and gather contextual information based on the unique characteristics of each sample.

Building on this foundation, we previously explored critical preparatory steps with Gemini 1.5 Pro, leveraging its expansive 2-million-token input window to process substantial sections of decompiled code in a single pass. To further enhance scalability, we introduced Gemini 1.5 Flash, incorporating automated binary unpacking through Mandiant Backscatter before the decompilation phase to tackle certain obfuscation techniques. Yet, as any seasoned malware analyst knows, the true challenge often begins once the code is exposed. Malware developers frequently employ obfuscation tactics to conceal critical IOCs and underlying logic. Malware may also download additional malicious code, making it challenging to fully understand the behavior of a given sample.

For large language models (LLMs), obfuscation techniques and additional payloads create unique challenges. When dealing with obfuscated strings such as URLs, IPs, domains, or file names, LLMs often “hallucinate” without explicit decoding methods. Additionally, LLMs cannot access, for example, URLs that host additional payloads, often resulting in speculative interpretations about the sample’s behavior.

To help with these challenges, Code Interpreter and GTI function calling tools provide targeted solutions. Code Interpreter enables Gemini to autonomously create and execute custom scripts, as needed, using its own judgment to decode obfuscated elements within a sample, such as strings encoded with XOR-based algorithms. This capability minimizes interpretation errors and enhances Gemini's ability to reveal hidden logic without requiring manual intervention.

Meanwhile, GTI function calling expands Gemini’s reach by retrieving contextualized information from Google Threat Intelligence on suspicious external resources such as URLs, IPs, or domains, providing verified insights without speculative guesses. Together, these tools equip Gemini to better handle obfuscated or externally hosted data, bringing it closer to the goal of functioning as an autonomous agent for malware analysis.

To illustrate how these enhancements boost Gemini's capabilities, let's look at a practical example. In this case, we’re analyzing a PowerShell script that contains an obfuscated URL that hosts a second-stage payload. This particular sample was previously analyzed with some of the most advanced publicly available LLM models, which incorporate code generation and execution as part of their reasoning process. Despite these capabilities, each model “hallucinated,” generating completely fabricated URLs instead of accurately revealing the correct one.

Obfuscated PowerShell code sample to be analyzed by Gemini

Utilizing Code Interpreter and GTI function calling as part of its reasoning process, Gemini autonomously generated the following report without any human intervention. When deemed necessary, it applies these tools to process and extract additional information from the sample.

Final Report: PowerShell Malware with URL Deobfuscation

This report analyzes a PowerShell script designed to download and execute a file from an obfuscated URL. The script employs a custom obfuscation routine resembling the RC4 stream cipher to conceal the malicious URL.

Functionality:

Obfuscation Routine: The script defines a function F that performs byte-level XOR encryption using a key derived from the string "tox2". This function is used to deobfuscate the malicious URL.
URL Decryption: The obfuscated URL, stored as a byte array, is decrypted using the F function with "tox2" as the key.
File Download: The script downloads a file from the decrypted URL (hxxps://filedn[.]eu/lODWTgN8sswHA6Pn8HXWe1J/tox2/Scan_docs%2398097960[.]msi) and saves it to the system's temporary directory under a randomly generated filename.
Execution: Finally, the script executes the downloaded file.

Indicators of Compromise (IOCs):

URL: hxxps://filedn[.]eu/lODWTgN8sswHA6Pn8HXWe1J/tox2/Scan_docs%2398097960[.]msi

Deobfuscation Code:

def deobfuscate(x, y):
    s = list(range(256))
    j = 0
    k = [ord(c) for c in y]
    for i in range(256):
        j = (j + s[i] + k[i % len(k)]) % 256
        s[i], s[j] = s[j], s[i]
    i = 0
    j = 0
    output = []
    for m in range(len(x)):
        i = (i + 1) % 256
        j = (j + s[i]) % 256
        s[i], s[j] = s[j], s[i]
        output.append(x[m] ^ s[(s[i] + s[j]) % 256])
    return output

a = [0x25, 0x7B, 0x5A, 0xD8, 0x9C, 0xFF, 0xC3, 0xA4, 0x95, 0xB7, 
0x9D, 0x6E, 0x5F, 0x4D, 0x49, 0xFB, 0x78, 0x32, 0xB8, 0x17, 0x72, 
0x01, 0x31, 0xFB, 0xC0, 0x58, 0x45, 0xCB, 0x5C, 0x3C, 0xDD, 0x00, 
0x60, 0x87, 0x25, 0xB2, 0x44, 0xA6, 0xC5, 0xEA, 0x71, 0xAA, 0x9D, 
0xA1, 0x05, 0x5F, 0xBD, 0x41, 0x28, 0x70, 0x30, 0x6B, 0x96, 0x24, 
0x92, 0xA0, 0x9D, 0x92, 0x23, 0x79, 0x69, 0x2C, 0x1B, 0x1E, 0xEB, 
0x69, 0x8F, 0x04, 0x10, 0x74, 0xBC]
b = "tox2"
c = deobfuscate(a, b)
decoded_url = "".join(chr(i) for i in c)
print(decoded_url)

Google Threat Intelligence (GTI) Lookup:

The GTI lookup provides valuable context regarding the identified IOC:

Threat Actor: UNC5687, known for using MESHAGENT in phishing campaigns impersonating the Security Service of Ukraine.
Campaign: This specific URL is linked to a campaign spreading MESHAGENT via phishing emails with malicious links. The campaign involved a captcha page leading to the download of either a malicious MSI or EXE file.
Malware: The campaign delivers MESHAGENT, an open-source remote access framework, configured to communicate with C2 domains linked to a service called "AnonVNC."

Conclusion:

The analyzed PowerShell script is confirmed to be malicious, associated with a phishing campaign by UNC5687 distributing the MESHAGENT remote access tool.

Gemini identified that the script employs an XOR-based obfuscation algorithm that resembles RC4 to conceal the download URL. Recognizing this pattern, Gemini autonomously generates and executes a Python deobfuscation script within the Code Interpreter sandbox, successfully revealing the external resource.

With the URL in hand, Gemini then utilizes GTI function calling to query Google Threat Intelligence for further context. This analysis links the URL to UNC5687, a threat cluster known for using a remote access tool in phishing campaigns impersonating the Security Service of Ukraine.

As we’ve seen, the integration of these tools has strengthened Gemini’s ability to function as a malware analyst capable of adapting its approach to address obfuscation and gathering vital context on IOCs. By incorporating the Code Interpreter and GTI function calling, Gemini is better equipped to navigate complex samples by autonomously interpreting hidden elements and contextualizing external references.

While these are significant advancements, many challenges remain, especially given the vast diversity of malware and scenarios that exist in the threat landscape. We’re committed to making steady progress, and future updates will continue to enhance Gemini's capabilities, moving us closer to a more autonomous, adaptive approach in threat intelligence automation.

New Cassandra to Spanner adapter simplifies Yahoo's migration journey

Mon, 18 Nov 2024 17:00:00 +0000

Cassandra, a key-value NoSQL database, is prized for its speed and scalability, and used broadly for applications that require rapid data retrieval and storage such as caching, session management, and real-time analytics. Its simple key-value pair structure helps ensure high performance and easy management, especially for large datasets.

But this simplicity also leads to limitations like poor support for complex queries, potential data redundancy, and difficulty in modeling intricate relationships. Spanner, Google Cloud’s always-on, globally consistent, and virtually unlimited-scale database, combines the scalability and availability of NoSQL with the strong consistency and relational model of traditional databases, positioning it for traditional Cassandra workloads. And today, it’s easier than ever to switch from Cassandra to Spanner, with the introduction of the Cassandra to Spanner Proxy Adapter, an open-source tool for plug-and-play migrations of Cassandra workloads to Spanner, without any changes to the application logic.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud databases'), ('body', <wagtail.rich_text.RichText object at 0x3e71416b4550>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/products?#databases'), ('image', None)])]>

Spanner for NoSQL workloads

Spanner provides strong consistency, high availability, virtually unlimited scalability, and a familiar relational data model with support for SQL and ACID transactions for data integrity. As a fully managed service, it helps simplify operations, allowing teams to focus on application development rather than database administration. Furthermore, Spanner's high availability, even at a massive global scale, supports business continuity by minimizing database downtime.

We’re constantly evolving Spanner to meet the needs of modern businesses. Some of the latest Spanner capabilities include enhanced multi-model capabilities such as graph, full-text search, vector search, improved performance for analytical queries with Spanner Data Boost, and unique enterprise features such as geo-partitioning and dual-region configurations. For Cassandra users, these powerful features, along with Spanner’s compelling price-performance, unlock a world of new, exciting possibilities.

The Cassandra to Spanner adapter — battle-tested by Yahoo!

If you’re wondering, “Spanner sounds like a leap forward from Cassandra. How do I get started?” the proxy adapter provides a plug-n-play way to forward your client applications' Cassandra Query Language (CQL) traffic to Spanner. Under the hood, the adapter functions as a Cassandra client for the application but operates internally by interacting with Spanner for all data manipulation tasks. With the Cassandra to Spanner proxy adapter there is no migration for your application code needed — it just works!

Yahoo successfully migrated from Cassandra to Spanner, reaping the benefits of improved performance, scalability, consistency, and operational efficiency. And the proxy adapter made it easy to migrate.

“The Cassandra Adapter has provided a foundation for migrating the Yahoo Contacts workload from Cassandra to Spanner without changing any of our CQL queries. Our migration strategy has more flexibility, and we can focus on other engineering activities while utilizing the scale, redundancy, and support of Spanner without updating the codebase. Spanner is cost-effective for our specific needs, delivering the performance required for a business of our scale. This transition enables us to maintain operational continuity while optimizing cost and performance.” - Patrick JD Newnan, Principal Product Manager, Core Mail and Analytics, Yahoo

Another Google Cloud customer that successfully migrated from Cassandra to Spanner recently is Reltio. Reltio benefited from an effortless migration process to minimize downtime and disruption to their services while reaping the benefits of a fully managed, globally distributed, and strongly consistent database.

These success stories demonstrate that migrating from Cassandra to Spanner can be a transformative step for businesses seeking to modernize their data infrastructure, unlock new capabilities, and accelerate innovation.

How does the new proxy adapter simplify your migration? A typical database migration involves the following steps:

Some of these steps — migrate your application (step 4) and migrate the data (step 6) — are more complex than others. The proxy adapter vastly simplifies migrating a Cassandra-backed application to point to Spanner. Here's a high-level overview of the steps involved when using the new proxy adapter:

1. Assessment: Evaluate your Cassandra schema, data model, and query patterns which ones you can simplify after moving to Spanner.

2. Schema design: Spanner’s table declaration syntax and data types are similar to Cassandra’s; the documentation covers these similarities and differences in depth. With Spanner, you can also take advantage of relational capabilities and features like interleaved tables for optimal performance.

3. Data migration: There are several steps to migrate your data:

Bulk load: Export data from Cassandra and import it into Spanner using tools like the Spanner Dataflow connector or BigQuery reverse ETL.
Replicate incoming data: Replicate incoming updates to your Cassandra cluster to Spanner in real-time using Cassandra’s Change Data Capture (CDC).

Another possibility is to update your application logic to perform dual-writes to Cassandra and Spanner. We don’t recommend this approach if you’re trying to minimize changes to your application code.

4. Set up the proxy adapter and update your Cassandra configuration: Download and run the Cassandra to Spanner Proxy Adapter, which runs as a sidecar next to your application. By default, the proxy adapter runs on port 9042. In case you decide to use a different port, don’t forget to update your application code to point to the proxy adapter.

5. Testing: Thoroughly test your migrated application and data in a non-production environment to ensure everything works as expected.

6. Cutover: Once you're confident in the migration, switch your application traffic to Spanner. Monitor closely for any issues and fine-tune performance as needed.

What’s under the hood of the new proxy adapter?

The new proxy adapter presents itself as a Cassandra client to the application. From the application's perspective, the only noticeable change is the IP address or hostname of the Cassandra endpoint, which now points to the proxy adapter. This streamlines the Spanner migration, without requiring extensive modifications to application code.

We designed the proxy adapter to establish a one-to-one mapping between each Cassandra cluster and a corresponding Spanner database. The proxy instance employs a multi-listener architecture, with each listener bound to a distinct port. This facilitates concurrent handling of multiple client connections, where each listener manages a distinct connection with the specified Spanner database.

The proxy’s translation layer handles the intricacies of the Cassandra protocol. This layer performs message decoding and encoding, manages buffers and caches, and crucially, parses incoming CQL queries and translates them into Spanner-compatible equivalents.

The proxy adapter supports OpenTelemetry to collect and export traces to Cloud Trace.

For more details about different ways of setting up the adapter, limitations, mapping of CQL data types to Spanner, and more, refer to the proxy adapter documentation.

Addressing common concerns and challenges

Let's address a few concerns you may have with your migrations:

Cost: Have a look at Accenture’s benchmark result that demonstrates that Spanner ensures not only consistent latency and throughput but also cost efficiency. Furthermore, Spanner now offers a new tiered pricing model (Spanner editions) that delivers better cost transparency and cost savings opportunities to help you take advantage of all of Spanner’s capabilities.
Latency increases: To minimize an increase in query latencies, we recommend running the proxy adapter on the same host as the client application (as a side-car proxy) or running on the same Docker network when running the proxy adapter in a Docker container. We also recommend keeping the CPU utilization of the proxy adapter host to under 80%.
Schema flexibility: While Cassandra offers schema flexibility, Spanner's stricter relational schema provides advantages in terms of data integrity, query power, and consistency.
Learning curve: Spanner’s data types have some differences with Cassandra’s. Have a look at this comprehensive documentation that can ease the transition.

Get started today

The benefits of strong consistency, simplified operations, enhanced data integrity, and global scalability make Spanner a compelling option for businesses looking to leverage the cloud's full potential for NoSQL workloads. With the new Cassandra to Spanner proxy adapter, we are making it easier to plan and execute on your migration strategy, so you can unlock a new era of data-driven innovation for your organization.

Download the new Cassandra to Spanner proxy adapter, and try it out on a Spanner Free Trial instance at no cost today.

What’s new with Google Cloud

Fri, 15 Nov 2024 17:00:00 +0000

Want to know the latest from Google Cloud? Find it here in one handy location. Check back regularly for our newest updates, announcements, resources, events, learning opportunities, and more.

Tip: Not sure where to find what you’re looking for on the Google Cloud blog? Start here: Google Cloud blog 101: Full list of topics, links, and resources.

Week of Nov 11 - Nov 15

Subsea cable connectivity is coming to Tuvalu for the first time with the addition of the Tuvalu Vaka cable. Building on the Bulikula subsea cable system announced last year, this new network infrastructure is a collaboration among several partners including Australia, Japan, New Zealand, Taiwan, Tuvalu, Tuvalu Telecommunications Corporation and the United States, and will help reduce the digital divide in the Pacific.

Week of Nov 4-8

We are excited to announce the reCAPTCHA Password Leak Detection Container App, a new tool that makes it easier than ever to protect your users from account takeovers. This container app simplifies the integration of reCAPTCHA's powerful password leak detection, allowing you to instantly detect compromised credentials and proactively prompt users to change their password before their account is compromised. With pre-built libraries and a streamlined process, you can significantly reduce integration time and enhance your website's security with ease.

Week of Oct 21-25

We're excited to announce GA support for scanning: Rocky Linux, Alma, SUSE (SLES), Red Hat (UBI), Chainguard, Wolfi & Google Distroless. These operating systems are now supported in both Artifact Registry scanning, as well as On Demand Scanning.
When the Container Scanning API is enabled, any container with these new operating systems or distroless images will automatically be scanned for vulnerabilities when pushed to Artifact Registry. We've also upgraded our On Demand scan to include; NPM, Python, Ruby, Rust, .Net & PHP language packages. See all supported package types.
Term Extension Now Available for Compute Engine Committed Use Discounts: You can now extend the term length of your Compute Engine resource-based Committed Use Discounts (“CUDs”) beyond the preset 1-year and 3-year options. CUDs offer significant cost savings for predictable workloads. You can now choose a CUDs term length beyond the original commitment end date that perfectly aligns with your workload needs, from one year and one day up to 6 years. Learn more

Week of Oct 14-18

Announcing Google Cloud Marketplace private offer enhancements that enable additional payment flexibility for enterprises, including when transacting generative AI models.

Week of Oct 7-11

We are excited to announce the launch of new Google Cloud Cortex Framework data integration and analytics solution content for BigQuery and Looker with Oracle EBS data. To learn more read our announcement blog.
Google Cloud is partnering with leading AI and cybersecurity startups to accelerate their growth and innovation, through the ISV Startup Springboard program, announced this week at the Google Cloud Startup Summit. Learn more and register interest.
Privileged Access Manager (PAM) is now Generally Available. The GA release offers new capabilities in addition to recently released public preview and includes features such as Pub/Sub integration for custom alerting and monitoring, alerts on IAM grant modifications outside of PAM, and integration with VPC Service Controls to tackle data exfiltration. Learn more.

Week of Sept 23-27

We are excited to announce that registration is open for the App Dev & Infrastructure Summit on October 30 (AMER) and October 31 (EMEA). Google Technology Fellows - our luminary technical leaders - and industry experts will share strategies and learnings on how to improve efficiency, reduce costs, and speed up AI innovation for your cloud and application infrastructure at this global digital event. Register here.

Week of Sept 16-20

Starting this week, Google Cloud customers with eligible support plans can access assistance for the Cluster Toolkit through the Cloud Console. Cluster Toolkit, formerly known as Cloud HPC Toolkit, is open-source software offered by Google Cloud which simplifies the process for you to deploy HPC, AI and ML workloads on Google Cloud. The Cloud Support team will handle filed cases, ensuring that users receive timely and effective support for their Cluster Toolkit implementations. Select 'Cluster Toolkit' as the sub-category under 'Compute Engine' when creating a support ticket in your Cloud Console to get in touch about any Cluster Toolkit issues.
Backup and DR service is excited to announce the public preview of backup vaults and simplified VM backup offering. Backup vaults provide secure backups for cyber resilience through immutable and indelible backups for VMs and databases, delivering security against accidental or malicious data deletion. Simplified Compute Engine VM backup with a fully-managed experience, directly integrated into the cloud console makes backing of VMs as easy as 1-2-3. The solution also enables backup admins to empower application developers to self-protect their VMs while retaining centralized governance and oversight. Read the full blog to learn more and try out the new features.

Week of Sept 2-6

We’re excited to share that Topaz will be extended to Taiwan. Announced in 2022, the transpacific subsea cable system was the first to connect Canada and Japan. Now, with the extension of Topaz to Taiwan, we’ll provide the region with increased reliability and resilience for network operators, for Google, and for users.

Week of Aug 26-30

We are excited to announce the general availability of Instant snapshots for Google Compute Engine Persistent Disks, which provide near-instantaneous, high-frequency, point-in-time checkpoints of a disk that can be rapidly restored as needed. Read the full blog to try it out.
In response to customer and partner requests for pollen data in Japan, we are excited to announce that data for Japanese Cedar and Cypress trees-the 2 main sources of pollen allergens in Japan-have been added to our Pollen API from Google Maps Platform.

Week of Aug 19-23

We are excited to announce we’re adding support for NVIDIA L4 GPUs to Cloud Run, in preview. Developers love Cloud Run for its simplicity, fast autoscaling, scale-to-zero capabilities, and pay-per-use pricing. Those same benefits come into play for real-time inference apps serving open gen AI models. Check out this launch blog. Also watch demos from this launch event webinar Run AI on Cloud run.
We are excited to announce that Google Cloud Functions is now Cloud Run functions — event-driven programming in one unified serverless platform. This goes beyond a simple name change. We’ve unified the Cloud Functions infrastructure with Cloud Run, and developers of Cloud Functions (2nd gen) get immediate access to all new Cloud Run features, including NVIDIA GPUs. Read the launch blog and watch demos from this launch event webinar Run AI on Cloud run.

Week of Aug 5-9

Google’s Workforce Identity federation now enables Microsoft Entra ID users to access Google BigQuery from Microsoft Power BI with Single-Sign-On. No users or groups need to be provisioned in Google Cloud as Workforce identity Federation leverages a syncless federation capability using attribute based access control to authorize access to Google BigQuery using Microsoft Entra user attributes such as user group membership. You can refer to our documentation to learn more.
We are excited to announce the preview of SQL support in Bigtable to bring Google’s pioneering NoSQL database to a broader developer audience. Bigtable leverages GoogleSQL ─the same SQL dialect used by BigQuery─ making it easier to use Bigtable as low-latency analytics serving layer in combination with BigQuery’s newly announced continuous queries but does so with extensions to support its signature data model so you can use SQL without giving up on all the flexibility that comes with a NoSQL database. It also simplifies migrations from open source databases such as Apache Cassandra. With over 100 new functions from JSON processing capabilities, kNN for GenAI and HLL for real-time analytics, SQL opens the door to many new possibilities with Bigtable. Learn more in our detailed blog post.
We are excited to announce the public preview of BigQuery continuous queries, a groundbreaking new feature that empowers users to run continuously processing SQL statements that can process, analyze, and transform data as new events arrive in BigQuery, ensuring insights are always up to date. Native integration with the Google Cloud ecosystem unlocks the ability of Vertex AI and Gemini to perform machine learning inference on incoming data in real time. As well as streaming replication of continuous query results to Pub/Sub topics, Bigtable instances, or other BigQuery tables. Read the full blog and try it out!
AlloyDB’s AutoPilot capabilities- Automatic memory management, Adaptive AutoVacuum, Automatic storage tiering ,Automatic data columnarization and query rewrite- makes management super efficient and easy. AlloyDB eliminates the drudgery of maintaining a PostgreSQL database by using, behind the scenes , advanced self-tuning machine learning algorithm. In this blog we will look into a real world example of AlloyDB Adaptive AutoVacuum in work and how AlloyDB Cluster Storage Space is Released
Google Cloud Identity Platform, our consumer identity solution, now supports Passkeys. With Passkeys, developers can authenticate their app's end users securely, protecting them from account takeover attacks like phishing and leaked credentials. To join the private preview, contact your Google account team.

Week of July 15-19

Google Cloud is excited to launch the Modern SecOps Masterclass, now available on Coursera. This course equips security professionals with cutting-edge skills to modernize their Security Operations Centers (SOCs) using our Autonomic Security Operations framework and Continuous Detection, Continuous Response (CD/CR) methodology. Read the full blog and enroll now.
Learn how to potentially achieve a strong consistency in Cloud Bigtable for your next big data solution. Bigtable offers high throughput at low latency. It is ideal for storing large amounts of data in a key-value store while supporting high read and write throughput at low latency for fast access. Bigtable provides eventual consistency as well as strong consistency. This blog talks about achieving strong data consistency in a multi-cluster Bigtable instance. Read the full blog.

Week of June 24-28

Introducing Google Cloud Marketplace Channel Private Offers, enabling customers, ISV partners, and channel partners to efficiently transact private offers via reseller-initiated sales of third-party solutions listed on the Google Cloud Marketplace. This differentiated program also empowers channel partners to manage the customer relationship from billing, collections to revenue recognition. Read the full blog.
A blog on benchmark study (collaborated with Yahoo) by comparing the cost and performance of Apache Flink and Google Cloud Dataflow for two specific streaming data processing use cases. The goal of the study was to determine the most cost-effective platform for these use cases by establishing a fair comparison methodology and controlling variables such as throughput and workload. The results indicate that, with some optimization on Dataflow can perform on-par with Apache Flink. Read the full blog.
A Blog on Secure Gateways: Mutual TLS for Ingress Gateway Secure Gateways: Mutual TLS for Ingress Gateway," discusses the implementation of mutual TLS (mTLS) for enhanced security in ingress gateways. It explains how mTLS ensures both client and server authentication through certificates, going beyond the traditional server-only verification. The article explores the setup process and the benefits of using mTLS, emphasizing its role in establishing secure communication channels in modern cloud architectures. Read the full blog.
A Blog on Wildcard certificates with Ingress Gateway "Wildcard certificates with Ingress Gateway" provides a guide on how to use wildcard certificates to secure multiple services behind a single Istio Ingress Gateway. This simplifies certificate management and improves the user experience by allowing seamless connections across different services within the same domain. The article demonstrates the configuration process step-by-step and explains how wildcard certificates are matched to incoming requests. Read the full blog

Week of June 17-21

Learn how to leverage BigQuery vector search to analyze your logs and asset metadata stored in BigQuery. Using vector search, you can find semantically similar logs which can be helpful in several use cases such as outlier detection, triage and investigation. This how-to blog walks you through the setup from processing logs, generating vector embeddings, to analyzing vector search results. It includes sample SQL queries which can be adapted for your own logs and use case. Read the full blog.
Nuvem, first announced last year, is a transatlantic subsea cable system that will connect Portugal, Bermuda, and the United States. We are now working with the Regional Government of Azores to enable extending the system to the Azores as well. Named after the Portuguese word for “cloud,” Nuvem will improve network resiliency across the Atlantic, helping meet growing demand for digital services and further establishing its landing locations as digital hubs.

Week of June 10-14

General Availability of A3 Mega, a new instance type in the A3 VM family. A3 Mega is powered by the NVIDIA H100 Tensor Core GPU, delivers a 2.4x improvement in large scale training performance over multiple A3 instances.
- 2x the GPU-to-GPU networking bandwidth over A3 Instances.
- Enhanced GPUDirect-TCPXO networking offloads GPUDirect memory access from the CPU, providing direct access through through the NIC (Network Interface Card) to GPU memory, based on Titanium TOPs, which improves performance of multi-node distributed training workloads.
Simplify your Network: The Cloud Networking Product Management and Engineering team will be traveling across US cities in June/July and Sept. Learn how Cross-Cloud Network can transform your infrastructure. The workshop will address Cross-Cloud Networking for hybrid and multicloud enterprises with distributed applications, internet-facing content and applications, security, and AI-assisted network operations with Gemini Cloud Assist. Join us at one of the following Google office locations and meet the experts who will share the latest innovations, use cases, and demos. Register here.
Learn how you can leverage the cloud deployment archetypes (zonal, regional, multi-regional, global, hybrid, & multicloud) to architect cloud topologies that meet your workload’s requirements for reliability, cost, performance, & operational simplicity. Read the full blog.

Week of May 20-24

Maximize performance and optimize spend with Compute Engine’s latest General Purpose VMs, N4 and C4. N4's flexible configurations and price-performance gains help optimize costs, while C4 provides top-tier performance for demanding applications. With N4 and C4, you get tailored solutions for all your general-purpose workloads, so you can lower the total cost of running your business without compromising on performance or workload-specific requirements. Learn more here.

Week of Apr 22 - April 26

Simplify your connectivity to Google by using a Verified Peering Provider to connect to Google, instead of using Direct Peering. Verified Peering Providers handle all of the complex connectivity allowing you to focus on your core business. Learn more here.

Week of Apr 15- Apr 19

New training in AI, data analytics and cybersecurity, designed to expand onramps to tech careers through colleges and employers. Learn more.

Week of Apr 1- Apr 5

Security Command Center (SCC) Enterprise is now generally available (GA). It is the industry’s first cloud risk management solution that converges cloud security and enterprise security operations into a single platform, supercharged by Mandiant expertise and AI. Learn more in our announcement blog.
Identify common container runtime attacks, analyzes suspicious code, and use natural language processing to pinpoint malicious scripts with GKE threat detection, powered by Security Command Center. Now in public preview.
Get a fully managed compliance service that automatically delivers end-to-end coverage for GKE, scanning for issues against the most important benchmarks with GKE compliance, now in public preview. Near-real-time insights are available in a centralized dashboard, with compliance reports automatically produced for you.
Streamline your GCE backup strategy! With tag-based backups in Google Backup and DR, protection is automated – new VMs with the right tags are protected immediately, saving you time and increasing reliability. Read more on the blog here. Differential privacy enforcement with privacy budgeting is now available in BigQuery data clean rooms so organizations can prevent data from being reidentified when it is shared.

Week of Mar 18- Mar 22

Google Kubernetes Engine (GKE) and NVIDIA NeMo framework are used to train large language models (LLMs). Due to the increasing demand for efficient and scalable training of LLMs, the need for GPUs at a large scale with high speed networking is rapidly growing. GKE offers a comprehensive set of features that make it suitable for enterprise-level training and inference. This blog post shows how generative AI models can be adapted to your use cases by demonstrating how to train models on Google Kubernetes Engine (GKE) using the NVIDIA NeMo framework.
Cloud Run now supports volume mounts! Mount a Cloud Storage bucket or NFS file share as a volume to easily serve static assets, access app configuration data, or access an AI/ML model. Learn more in our blog post.

Week of Mar 11- Mar 15

Datastream adds support for SQL Server sources, now in preview. With existing support for MySQL, PostgreSQL, and Oracle, support for SQL Server sources extends the reach of Datastream and empowers you to replicate data from a range of relational sources to several Google Cloud services, such as BigQuery, Cloud Storage, AlloyDB, and Spanner. Read more in the blog here.

Week of Feb 5- Feb 9

Check out this new blog and learn more about the Integrated Commerce Network (ICN) delivered by Kin + Carta and built on Google Cloud. The ICN features 3 of our premier digital commerce partners for an integrated end-to-end solution including Bloomreach, commercetools and Quantum Metric.

Week of Jan 29- Feb 2

IDC finds 318% ROI from migrating to Google Cloud IaaS: Check out the latest IDC research study to learn how organizations worldwide are benefitting by adopting Google Cloud Infrastructure as a Service.

Week of Jan 15-19

Check out the latest generative AI training available from Google Cloud : Take a look at our top ten trainings in Duet AI to help boost your productivity in 2024.

Week of Jan 1-5

The year in Google Cloud: Top news of 2023: A look back at the biggest stories of 2023 from Google Cloud, covering generative AI, DevOps, containers, data and databases, security, and more.

What’s new with HPC and AI infrastructure at Google Cloud

Fri, 15 Nov 2024 17:00:00 +0000

At Google Cloud, we’re rapidly advancing our high-performance computing (HPC) capabilities, providing researchers and engineers with powerful tools and infrastructure to tackle the most demanding computational challenges. Here's a look at some of the key developments driving HPC innovation on Google Cloud, as well as our presence at Supercomputing 2024.

You can also stay apprised of our HPC and AI advances by joining the new Google Cloud Advanced Computing Community (details below).

Next-generation HPC VMs

We began our H-series with H3 VMs, specifically designed to meet the needs of demanding HPC workloads. Now, we’re excited to share some key features of the next generation of the H family, bringing even more innovation and performance to the table. The upcoming VMs will feature:

Improved workload scalability via RDMA-enabled 200 Gbps networking
Native support to directly provision full, tightly-coupled HPC clusters on demand
Dynamic Workload Scheduler to provision fixed-lifetime clusters now or in the future
Titanium technology that delivers superior performance, reliability, and security

We provide system blueprints for setting up turnkey, pre-configured HPC clusters on our H series VMs.

The next generation of H series is coming in early 2025.

aside_block: <ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x3e71416b4520>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

Parallelstore: World’s first fully-managed DAOS offering

Parallelstore is a fully managed, scalable, high-performance storage solution based on next-generation DAOS technology, designed for demanding HPC and AI workloads. It is now generally available and provides:

Up to 6x greater read throughput performance compared to competitive Lustre scratch offerings
Low latency (<0.5ms at p50) and high throughput (>1GiB/s per TiB) to access data with minimal delays, even at massive scale
High IOPS (30K IOPS per TiB) for metadata operations
Simplified management that reduces operational overhead with a fully managed service

Parallelstore is great for applications requiring fast access to large datasets, such as:

Analyzing massive genomic datasets for personalized medicine
Training large language models (LLMs) and other AI applications efficiently
Running complex HPC simulations with rapid data access

A3 Ultra VMs with NVIDIA H200 Tensor Core GPUs

For GPU-based HPC workloads, we recently announced A3 Ultra VMs, which feature NVIDIA H200 Tensor Core GPUs. A3 Ultra VMs offer a significant leap in performance over previous generations. They are built on servers with our new Titanium ML network adapter, optimized to deliver a secure, high-performance cloud experience for AI workloads, and powered by NVIDIA ConnectX-7 networking. Combined with our datacenter-wide 4-way rail-aligned network, A3 Ultra VMs deliver non-blocking 3.2 Tbps of GPU-to-GPU traffic with RDMA over Converged Ethernet (RoCE).

Compared with A3 Mega, A3 Ultra offers:

2x the GPU-to-GPU networking bandwidth, powered by Google Cloud’s Titanium ML network adapter and backed by our Jupiter data center network
Up to 2x higher LLM inferencing performance with nearly double the memory capacity and 1.4x more memory bandwidth
Ability to scale to tens of thousands of GPUs in a dense, performance-optimized cluster for large AI and HPC workloads

With system blueprints, available through Cluster Toolkit, customers can quickly and easily create turnkey, pre-configured HPC clusters with Slurm support on A3 VMs.

A3 Ultra VMs will also be available through Google Kubernetes Engine (GKE), which provides an open, portable, extensible, and highly-scalable platform for large-scale training and serving of AI workloads.

Trillium: Ushering in a new era of TPU performance for AI

Tensor Processing Units, or TPUs, power our most advanced AI models such as Gemini, popular Google services like Search, Photos, and Maps, as well as scientific breakthroughs like AlphaFold 2 — which led to a Nobel Prize this year!

We recently announced that Trillium, our sixth-generation TPU, is available to Google Cloud customers in preview.

Compared with TPU v5e, Trillium delivers:

Over 4x improvement in training performance
Up to 3x increase in inference throughput
67% increase in energy efficiency
4.7x increase in peak compute performance per chip
Double the high bandwidth memory capacity
Double the interchip interconnect bandwidth

Cluster Toolkit: Streamlining HPC deployments

We continue to improve Cluster Toolkit, providing open-source tools for deploying and managing HPC environments on Google Cloud. Recent updates include:

Slurm-gcp V6 is now generally available, providing faster deployments and robust reconfiguration among other benefits.
Google Cloud Customer Care is now available for Toolkit. You can find more information here on how to get support via the Cloud Customer Care console.
HPC VM Image Rocky Linux 8 is now generally available, making it easy to build an HPC-ready VM instance, incorporating our best practices running HPC on Google Cloud.

GKE: Container orchestration with scale and performance

GKE continues to lead the way for containerized workloads with the support of the largest Kubernetes clusters in the industry. With support for up to 65,000 nodes, we believe GKE offers more than 10X larger scale than the other two largest public cloud providers.

At the same time, we continue to invest in automating and simplifying the building of HPC and AI platforms, with:

Secondary boot disk, which provides faster workload startups through container image caching
Fully-managed DCGM metrics for improved accelerator monitoring
Custom compute classes, offering greater control over compute resource allocation and scaling
Extensive innovations in Kueue.sh, which is becoming the de facto standard for job queueing on Kubernetes with topology-aware scheduling, priority and fairness in queueing, multi-cluster support (see demo by Google and CERN engineers), and more

Customer success stories: Atommap and beyond

Atommap, a company specializing in atomic-scale materials design, is using Google Cloud HPC to accelerate its research and development efforts. With H3 VMs and Parallelstore, Atommap has achieved:

Significant speedup in simulations: Reduced time-to-results by more than half, enabling faster innovation
Improved scalability: Easily scaled resources for 1,000s to 10,000s of molecular simulations, to meet growing computational demands
Better cost-effectiveness: Optimized infrastructure costs, with savings of up to 80%, while achieving high performance

Atommap's success story highlights the transformative potential of Google Cloud HPC for organizations pushing the boundaries of scientific discovery and technological advancement.

Looking ahead

Google Cloud is committed to continuous innovation for HPC. Expect further enhancements to HPC VMs, Parallelstore, Cluster Toolkit, Slurm-gcp, and other HPC products and solutions. With a focus on performance, scalability, compatibility, and ease of use, we’re empowering researchers and engineers to tackle the world's most complex computational challenges.

Google Cloud Advanced Computing Community

We’re excited to announce the launch of the Google Cloud Advanced Computing Community, a new kind of community of practice for sharing and growing HPC, AI, and quantum computing expertise, innovation, and impact.

This community of practice will bring together thought leaders and experts from Google, its partners, and HPC, AI, and quantum computing organizations around the world for engaging presentations and panels on innovative technologies and their applications. The Community will also leverage Google’s powerful, comprehensive, and cloud-native tools to create an interactive, dynamic, and engaging forum for discussion and collaboration.

The Community launches now, with meetings starting in December 2024 and a full rollout of learning and collaboration resources in early 2025. To learn more, register here.

Google Cloud at Supercomputing 2024

The annual Supercomputing Conference series brings together the global HPC community to showcase the latest advancements in HPC, networking, storage and data analysis. Google Cloud is excited to return to Supercomputing 2024 in Atlanta with our largest presence ever.

Visit Google Cloud at booth #1730 to jump in and learn about our HPC, AI infrastructure, and quantum solutions. The booth will feature a Trillium TPU board, NVIDIA H200 GPU and ConnectX-7 NIC, hands-on labs, a full schedule of talks, a comfortable lounge space, and plenty of great swag!

The booth theater will include talks from ARM, Altair, Ansys, Intel, NAG, SchedMD, Siemens, Sycomp, Weka, and more. Booth labs will get you deploying Slurm clusters to fine-tune the Llama2 model or run GROMACS using Cloud Batch to run microbenchmarks or quantum simulations, and more.

We’re also involved in several parts of SC24's technical program, including BoFs, User Groups, and Workshops. Googlers will participate in the following technical sessions:

Converged HPC and Cloud Computing in the Era of Generative AI (Bill Magro speaking)
HPC & Cloud Convergence: drivers, triggers, and constraints (Felix Schürmann speaking)
DAOS User Group (DUG) ‘24 (Dean Hildebrand speaking)
DAOS BoF (Dean Hildebrand speaking)
9th International Parallel Data Systems Workshop (PDSW) (Dean Hildebrand speaking)
IO500: The High-Performance Storage Community BoF (Dean Hildebrand speaking)
High-Performance Object Storage: I/O for the Exascale Era Tutorial (Dean Hildebrand speaking)
Women in HPC Workshop

Google is also hosting or sponsoring the following exciting events during SC24. We’re looking forward to seeing you there!

Finally, we’ll be holding private meetings and roadmap briefings with our HPC leadership throughout the conference. To schedule a meeting, please contact [email protected]">[email protected].

Dataproc Serverless: Now faster, easier and smarter

Fri, 15 Nov 2024 17:00:00 +0000

We are thrilled to announce new capabilities that make running Dataproc Serverless even faster, easier, and more intelligent.

Elevate your Spark experience with:

Native query execution: Experience significant performance gains with the new Native query execution in the Premium tier.
Seamless monitoring with Spark UI: Track job progress in real time with a built-in Spark UI available by default for all Spark batches and sessions.
Streamlined investigation: Troubleshoot batch jobs from a central "Investigate" tab displaying all the essential metrics highlights and logs filtered by errors automatically.
Proactive autotuning and assisted troubleshooting with Gemini: Let Gemini minimize failures and autotune performance based on historical patterns. Quickly resolve issues using Gemini-powered insights and recommendations.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud data analytics'), ('body', <wagtail.rich_text.RichText object at 0x3e712c7355b0>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/bigquery/'), ('image', None)])]>

Accelerate your Spark jobs with native query execution

You can unlock considerable speed improvements for your Spark batch jobs in the Premium tier on Dataproc Serverless Runtimes 2.2.26+ or 1.2.26+ by enabling native query execution — no application changes required.

This new feature in Dataproc Serverless Premium tier improved the query performance by ~47%in our tests on queries derived from TPC-DS and TPC-H benchmarks.

Note: Performance results are based on 1TB GCS Parquet data and queries derived from the TPC-DS standard and TPC-H standard. These runs as such aren’t comparable to published TPC-DS standard and TPC-H standard results, as these runs don’t comply with all requirements of the TPC-DS standard and and TPC-H standard specification.

Start now by running the native query execution qualification tool that can help you easily identify eligible jobs and estimate potential performance gains. Once you have the list of batch jobs identified for native query execution, you can enable it and have the jobs run faster and potentially save costs.

Seamless monitoring with Spark UI

Tired of wrestling with setting up the persistent history server (PHS) clusters and maintaining them just to debug your Spark batches? Wouldn't it be easier if you could avoid the ongoing costs of the history server and yet see the Spark UI in real-time?

Until now, monitoring and troubleshooting Spark jobs in Dataproc Serverless required setting up and managing a separate Spark persistent history server. Crucially, each batch job had to be configured to use the history server. Otherwise, the open-source UI would be unavailable for analysis for the batch job. Additionally, the open-source UI suffered from slow navigation between applications.

We’ve heard you, loud and clear. We’re excited to announce a fully managed Spark UI in Dataproc Serverless that makes monitoring and troubleshooting a breeze.

The new Spark UI is built-in and automatically available for every batch job and session in both Standard and Premium tiers of Dataproc Serverless at no additional cost. Simply submit your job and start analyzing performance in real time with the Spark UI right away.

Here's why you'll love the Serverless Spark UI:

	Traditional Approach	The new Dataproc Serverless Spark UI
Effort	Create and manage a Spark history server cluster. Configure each batch job to use the cluster.	No cluster setup or management required. Spark UI is available by default for all your batches without any extra configuration.The UI can be accessed directly from the Batch / Session details page in the Google Cloud console.
Latency	UI performance can degrade with increased load. Requires active resource management.	Enjoy a responsive UI that automatically scales to handle even the most demanding workloads.
Availability	The UI is only available as long as the history server cluster is running.	Access your Spark UI for 90 days after your batch job is submitted.
Data freshness	Wait for a stage to complete to see that its events are in the UI.	View regularly updated data without waiting for the stage to complete.
Functionality	Basic UI based on open-source Spark.	Enhanced UI with ongoing improvements based on user feedback.
Cost	Ongoing cost for the PHS cluster.	No additional charge.

Accessing the Spark UI

To gain deeper insights into your Spark batches and sessions — whether they’re still running or completed — simply navigate to the Batch Details or Session Details page in the Google Cloud console. You'll find a "VIEW SPARK UI" link in the top right corner.

The new Spark UI provides the same powerful features as the open-source Spark History Server, giving you deep insights into your Spark job performance. Easily browse both running and completed applications, explore jobs, stages, and tasks, and analyze SQL queries for a comprehensive understanding of the execution of your application. Quickly identify bottlenecks and troubleshoot issues with detailed execution information. For even deeper analysis, the 'Executors' tab provides direct links to the relevant logs in Cloud Logging, allowing you to quickly investigate issues related to specific executors.

You can still use the "VIEW SPARK HISTORY SERVER" link to view the Persistent Spark History Server if you had already configured one.

Explore this feature now. Click "VIEW SPARK UI" on the top right corner of the Batch details page of any of your recent Spark batch jobs to get started. Learn more in the Dataproc Serverless user guide.

Streamlined investigation (Preview)

A new "Investigate" tab in the Batch details screen gives you instant diagnostic highlights collected at a single place.

In the “Metrics highlights” section, the essential metrics are automatically displayed, giving you a clear picture of your batch job's health. You can further create a custom dashboard if you need more metrics.

Below the metrics highlights, a widget “Job Logs” shows the logs filtered by errors, so you can instantly spot and address problems. If you would like to dig further into the logs, you can go to the Logs Explorer.

Proactive autotuning and assisted troubleshooting with Gemini (Preview)

Last but not least, Gemini in BigQuery can help reduce the complexity of optimizing hundreds of Spark properties in your batch job configurations while submitting the job. If the job fails or runs slow, Gemini can save the effort of wading through several GBs of logs to troubleshoot the job.

Optimize performance: Gemini can automatically fine-tune the Spark configurations of your Dataproc Serverless batch jobs for optimal performance and reliability.

Simplify troubleshooting: You can quickly diagnose and resolve issues with slow or failed jobs by clicking "Ask Gemini" for AI-powered analysis and guidance.

Sign up here for a free preview of the Gemini features and “Investigate” tab for Dataproc Serverless.

Shift-left your cloud compliance auditing with Audit Manager

Fri, 15 Nov 2024 17:00:00 +0000

Cloud compliance can present significant regulatory and technical challenges for organizations. These complexities often include delineating compliance responsibilities and accountabilities between the customer and cloud provider.

At Google Cloud, we understand these challenges faced by our customers’ cloud engineering, compliance, and audit teams, and want to help make them easier to manage. That's why we’re pleased to announce that our Audit Manager service, which can digitize and help streamline the compliance auditing process, is now generally available.

Understanding compliance across layers in Google Cloud.

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud security products'), ('body', <wagtail.rich_text.RichText object at 0x3e712caaf520>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

Traditional compliance methodologies, reliant on manual processes for evidence collection, are inefficient, prone to errors, and resource-intensive. According to the Gartner® Audit Survey, “When surveyed on their key priorities for 2024, 75% of chief audit executives (CAEs) cited audit’s ability to keep up with the fast-evolving cybersecurity landscape as their top priority — making it the most commonly cited priority.”

Introducing Audit Manager

Audit Manager can help organizations accelerate compliance efforts by providing:

Clear shared responsibility outlines: A matrix of shared responsibilities that delineates compliance duties between the cloud provider and customers, offering actionable recommendations tailored to your workloads.
Automated compliance assessments: Evaluation of your workloads against industry-standard technical control requirements in a simple and automated manner. Audit manager already supports popular industry and regulatory frameworks including NIST 800-53, ISO, SOC, and CSA-CCM. You can see the full list of supported frameworks here.
Audit-ready evidence: Automated generation of comprehensive verifiable evidence reports to support your compliance claims and overarching governance activity. Audit Manager provides you with a quick execution summary of compliance at a framework level and the ability to deep-dive using control level reports.
Actionable remediation guidance: Insights to swiftly address each compliance gap that is identified.

The compliance audit journey with Audit Manager

The cloud compliance audit process involves defining responsibilities, identifying and mitigating risks, collecting supporting data, and generating a final report. This process requires collaboration between Governance, Risk, and Compliance analysts, compliance managers, developers, and auditors, each with their own specific tasks. Audit Manager streamlines this process for all involved roles, which can help simplify their work and improve efficiency.

Shift left your compliance audit process with Audit Manager.

Customer case study: Deutsche Börse Group

Deutsche Börse Group, an international stock exchange organization and innovative market infrastructure provider, began their strategic partnership with Google Cloud in 2022. Their cloud transformation journey is well under way, which brings with it the challenge of achieving and documenting compliance in their environment.

Florian Rodeit, head of cloud governance for Google Cloud, Deutsche Börse Group, first heard about Audit Manager during a Las Vegas Google Cloud Next 2024 session.

“The Audit Manager product promises a level of automation and audit control that has a lot of potential. At Deutsche Börse Group, we were excited to access the preview, explore the functionality further and build out a joint solution,” he said.

Following the European preview launch of Audit Manager, Deutsche Börse Group and Google Cloud set up a collaborative project to explore automating cloud controls via Audit Manager. Deutsche Börse Group had already created a comprehensive control catalog to manage their cloud control requirements across the organization. They analyzed the Cloud Security Alliance’s Cloud Controls Matrix against their written rules framework to create inputs for Audit Manager, and set out ownership and implementation guidelines for cloud-specific controls.

Now, Deutsche Börse Group can use Audit Manager to check if there are resources configured that deviate from the control framework, such as any resources that have been set up outside of approved regions. This provides automated, auditable evidence to support their specific requirements for compliant usage of Google Cloud resources.

Benjamin Möller, expert cloud governance, vice-president, Deutsche Börse Group, has been leading the collaborative project. “Moving forward, we hope that Audit Manager will allow us to automate many of our technical controls — giving us robust assurance that we are compliant, enabling us to quickly identify and rectify non-compliance, and minimizing the manual over-head of audit evidence. We are excited to continue making progress on our joint venture,” he said.

Take the next step

To use Audit Manager, access the tool directly from your Google Cloud console. Navigate to the Compliance tab in your Google Cloud console, and select Audit Manager. For a comprehensive guide on using Audit Manager, please refer to our detailed product documentation. We encourage you to share your feedback on this service to help us improve Audit Manager’s user experience.

AlloyDB Omni supercharges performance: Faster transactions, analytics, and vector search

Fri, 15 Nov 2024 17:00:00 +0000

AlloyDB Omni is back with a new release, version 15.7.0, and it's bringing serious enhancements to your PostgreSQL workflows, including:

Faster performance
A new ultra-fast disk cache
An enhanced columnar engine
The general availability of ScANN vector indexing
A new release of the AlloyDB Omni Kubernetes operator

From transactional and analytical workloads to cutting-edge vector search, this update delivers across the board – in your data center, at the edge, on your laptop, and in any cloud and with 100% PostgreSQL compatibility.

Let’s jump in.

Better performance

Many workloads already get a boost compared to standard PostgreSQL. In our performance tests, AlloyDB Omni is more than 2x faster than standard PostgreSQL for transactional workloads, with most of the tuning being done for you automatically, without special configurations. One of the key advantages is the memory agent that optimizes shared buffers while at the same time avoiding out-of-memory errors. In general, the more memory you configure for AlloyDB Omni, the better it performs, serving more queries from the shared buffers and reducing the need to make calls to disk, which can be magnitudes slower than memory, particularly when using durable network storage

aside_block: <ListValue: [StructValue([('title', '$300 in free credit to try Google Cloud databases'), ('body', <wagtail.rich_text.RichText object at 0x3e71402ad220>), ('btn_text', 'Start building for free'), ('href', 'http://console.cloud.google.com/freetrial?redirectPath=/products?#databases'), ('image', None)])]>

An ultra-fast disk cache

This trade-off between memory and disk storage also just got more flexible, with the introduction of an ultra-fast disk cache. It allows you to configure a fast, local, and not necessarily durable storage device as an extension of Postgres’ buffer cache. Instead of aging data out of memory to make space for new data, AlloyDB Omni can keep a copy of not-quite-hot data in the disk cache, where it can be accessed faster than from persistent disk.

Enhanced columnar engine

AlloyDB Omni's analytics accelerator is changing the game for mixed workloads. Developers are finding it invaluable for gaining real-time analytical insights from their transactional data, all without the overhead of managing extra data pipelines or separate databases. You can instead enable the columnar engine, assign a portion of your memory to it, and let AlloyDB Omni decide which columns or tables to populate in the columnar engine to speed up queries. In our benchmarks, the columnar engine speeds up analytical queries up to 100x compared to standard PostgreSQL.

The practical size limit to the analytics accelerator was determined by the amount of memory you are able to assign to the columnar engine. What’s new is a feature that allows you to configure a fast local storage device for the columnar engine to spill to. This increases the volume of data that you can run analytical queries on.

SCaNN goes GA

Lastly, for vector database use-cases, AlloyDB Omni already offers great performance with pgvector using either the ivf or hnsw indexes. But while vector indexes are a great way to accelerate queries, they can be slow to build and rebuild. At Google Cloud Next 2024 we introduced ScaNN index as another available index type. AlloyDB AI's ScaNN index surpasses standard PostgreSQL's HNSW index by offering up to 4x faster vector queries. Beyond pure speed, ScaNN delivers significant advantages for real-world applications:

Rapid indexing: Accelerate development and eliminate bottlenecks in large-scale deployments with significantly faster index build times.
Optimized memory utilization: Reduce memory consumption by 3-4x compared to PostgreSQL's HNSW index. This allows larger workloads to run on smaller hardware and boosts performance for diverse, hybrid workloads.

As of AlloyDB Omni version 15.7.0, AlloyDB AI ScANN indexing is generally available.

A new Kubernetes operator

In addition to the new version of AlloyDB Omni, we have also released version 1.2.0 of the AlloyDB Omni Kubernetes operator. This release adds support for more configuration options for health checks when high availability is enabled, support for configuring high availability to be enabled when a disaster recovery secondary cluster is promoted to primary, and support for log rotation to help manage storage space used by PostgreSQL log files.

Ready to explore? Dive into the full release notes and experience the new features. Try them now in our marketplace image or grab the latest container image from Docker Hub! Also, learn why AlloyDB is the new way to PostgreSQL in this ebook.

How cloud and AI are bringing scale to corporate climate mitigation and adaptation

Fri, 15 Nov 2024 17:00:00 +0000

Climate change is the biggest challenge our society faces. As scientists, governments, and industry leaders gather in Baku, Azerbaijan for the 2024 United Nations Climate Change Conference, a.k.a. COP29, it’s incumbent upon all of us to find innovative solutions that can drive impact at a global scale.

The gravity of climate change requires solutions that go beyond incremental change. To find those solutions, we need the ability to make better decisions about how to approach climate mitigation and adaptation across every human activity — from transport, industry, and agriculture to communications, finance, and housing. This requires processing vast volumes of data generated by these industries. The combination of AI and cloud technologies offer the potential to unlock climate change solutions that can be both transformational and global in scale.

We already have a lot of examples that we can draw from.

aside_block: <ListValue: [StructValue([('title', 'Try Google Cloud for free'), ('body', <wagtail.rich_text.RichText object at 0x3e712c770be0>), ('btn_text', 'Get started for free'), ('href', 'https://console.cloud.google.com/freetrial?redirectPath=/welcome'), ('image', None)])]>

Today, for example, Google Earth Engine is being used by the Forest Data Partnership, a collaboration for global monitoring of commodity-driven deforestation, to monitor every oil palm plantation around the globe, providing participating companies live early-warning signals for deforestation risks, and dramatically reducing the costs involved in forest monitoring. Similarly, NGIS is using Google Earth Engine to power TraceMark, helping businesses deliver traceability and transparency across global supply chains.

Another example is Global Fishing Watch, an international nonprofit co-founded by Google that is using geospatial analytics and AI to understand how human activity impacts the seas, global industries, climate, biodiversity and more. The datasets map global ocean infrastructure and vessels that don’t publicly broadcast their positions. This helps to advance policy conversations about offshore renewables development, provides insight into carbon dioxide emissions from maritime vessels, and enables marine protection.

It’s clear that AI can process large volumes of data, optimize complex systems, and drive the development of new business models. We see businesses harnessing the technology in the fight against climate change in four ways:

1. Measuring business performance

Businesses are using AI-powered insights to help monitor their advance towards sustainability targets, which ultimately contributes to building business resilience.

In today's business landscape, this is of paramount importance as companies face growing demands for transparency and accountability regarding their environmental and social impact.

We are seeing cloud and AI being used to de-risk investments, improve transparency, and increase profitability through the use of large-scale datasets, machine learning, and generative AI. These technologies allow companies to analyze their ESG performance, gain insights into climate risks, and monitor supplier behaviors.

For example, Palo Alto Networks partnered with Watershed, a Google Cloud Ready - Sustainability Partner, to measure and track their carbon emissions across their entire business using Google Cloud. This partnership enabled them to gain a comprehensive understanding of their environmental impact and set actionable targets for reducing emissions.

Another example is HSBC, which developed a new credit ranking tool on Google Cloud that allows them to run multiple climate risk scenarios simultaneously. This tool empowers HSBC to make more informed investment decisions while considering the potential impact of climate change on their portfolio.

Or Swiss Re, which is using Google Earth Engine and AI for flood modeling for better risk calculation in insurance.

2. Optimizing operations and supply chains

Secondly, businesses are using AI to optimize their operations and supply chains for energy and resource efficiency, as well as to cut costs.

This is crucial for companies seeking to enhance their sustainability performance while simultaneously improving their bottom line. Through the use of AI and machine learning, cloud technologies empower organizations to optimize their existing operations, improve cost efficiency, and minimize waste.

For example, Geotab, another Google Cloud Ready - Sustainability partner, is managing 75 billion data records in BigQuery for 4 million commercial fleet vehicles every day to optimize vehicle routes, increase driver safety behaviors and accelerate the path to fleet electrification.

3. Identifying cleaner business models

As the world shifts towards more sustainable practices, businesses must adapt and identify new avenues for growth. Cloud and AI is helping businesses do just that. Cloud and AI allow organizations to reimagine their business models, explore new markets, and create innovative products and services that align with their sustainability goals.

Recykal, for instance, has partnered with Google Cloud to build Asia's largest circular economy marketplace. By leveraging Google Cloud's AI and machine learning capabilities, Recykal is revolutionizing waste management and promoting sustainable practices in Asia.

Another example is Einride, a company that is reimagining freight transport by using electric, self-driving vehicles and an AI-powered platform. Their innovative approach to logistics is disrupting the transportation industry and contributing to a more sustainable future.

More recently, Climate Engine and Robeco have started using AI and geospatial technologies with their scientific expertise and investment knowledge to inform how publicly traded companies’ actions impact biodiversity. You can read their joint thought leadership paper here.

4. Building more sustainably

Finally, and very importantly, businesses want to ensure that the actual use of cloud and AI technologies doesn’t lead to increased climate impacts. From the get-go, developers need to take concrete steps towards reducing the carbon footprint and cost of their applications in the cloud.

This is why, through our Carbon Sense suite, we provide developers with the tools and resources they need to build and deploy applications in a way that minimizes their environmental impact, all while maintaining cost efficiency.

L'Oréal, for example, leverages Google Cloud's Carbon Footprint tool to track the gross carbon emissions associated with their cloud usage. This allows L'Oréal to understand the environmental impact of their technology decisions and implement strategies to reduce their footprint.

Finally, Google takes its own carbon footprint very seriously, and is pursuing an ambitious goal to achieve net-zero emissions across all of its operations and value chain, supported by a goal to run on 24/7 carbon-free energy on every grid where it operates by 2030.

Google Cloud is committed to helping organizations of all sizes achieve their sustainability goals. With cloud, data analytics, and AI, we’re delivering new ways to build resilience, reduce costs, and unlock sustainable growth, while also accelerating the impact of organizations’ sustainability initiatives through the smarter use of data. This is an opportunity to drive tangible business results and create a more sustainable future for all.

Use AI to build AI: Save time on prompt design with AI-powered prompt writing

Thu, 14 Nov 2024 20:00:00 +0000

Crafting the perfect prompt for generative AI models can be an art in itself. The difference between a useful and a generic AI response can sometimes be a well-crafted prompt. But, getting there often requires time-consuming tweaking, iteration, and a learning curve. That's why we're thrilled to announce new updates to the AI-powered prompt writing tools in Vertex AI, designed to make prompting easier and more accessible for all developers.

We're introducing two powerful features designed to streamline your prompt engineering workflow: Generate prompt and Refine prompt.

Generate prompt: From objective to prompt in seconds

Imagine you need a prompt to summarize customer reviews about your latest product. Instead of crafting the prompt yourself, you can simply tell the Generate prompt feature your goal. It will then create a comprehensive prompt, including placeholders for the reviews, which you can easily populate with your own data later. Generate prompt takes the guesswork out of prompt engineering by:

Turning simple objectives into tailor-made, effective prompts. This way, you don’t need to agonize over phrasing and keywords.
Generating placeholders for context, like customer reviews, news articles, or code snippets. This allows you to quickly add your specific data and get immediate results.
Speeding up the prompt writing process. Focus on your core tasks, not on perfecting prompt syntax.

Refine prompt: Iterate and improve with AI-powered suggestions

Once you have a prompt, either crafted by Generate prompt or one you've written yourself, Refine prompt helps you modify it for optimal performance. Here’s how it works:

Provide feedback: After running your prompt, simply provide feedback on the response, the same way you would critique a writer.
Instant suggestions: Vertex AI generates a new, suggested prompt in one step, taking your feedback into account.
Iterate and improve: You can accept or reject the suggestion and continue iterating by running the refined prompt and providing further feedback.

Prompt refinement boosts the quality of the prompt, while also saving significant times during prompt design. The quality is typically improved by augmenting the prompt instructions in a way that Gemini will better understand.

Below are some sample prompts that were revised with Refine prompt:

Original prompts

After using Prompt Refinement

Suggest engaging lesson plan ideas for art class

Suggest 3 engaging lesson plan ideas for a high school art class, each focusing on a different art form. Be concise and only include the most relevant information, such as the art form, target age group, and key activity.

Plan a schedule for a week with focus time and meeting time. Take in account that there are 2 teams with 6 hour delay

Create a detailed weekly schedule for a team with a 6-hour time difference. The schedule should include:

Specific time blocks for focus time and meetings.
Consideration of overlapping work hours to ensure effective communication and collaboration.
A balance of individual work and team interactions.
Suggestions for time zone conversion tools or strategies to facilitate scheduling.

A powerful duo: Generate prompt meets Refine prompt

These two features work in tandem to help you craft the most effective prompt for your objective – irrespective of your skill level. Generate prompt gets you started quickly, while Refine prompt allows for iterative improvement in five steps:

Define your objective: Tell Generate prompt what you want to achieve.
Generate a prompt: Generate prompt creates a ready-to-use prompt, often with helpful placeholders for context.
Run the prompt and review the output: Execute the prompt with your chosen LLM in Vertex AI.
Refine with feedback: Use Refine prompt to provide feedback on the output and receive AI-powered suggestions for prompt improvement.
Iterate until ideal performance: Continue refining and rerunning your prompt until you achieve your desired results.

How to get started

Go ahead and try out an AI-assisted prompt-writing through our interactive critiquing workflow. Vertex AI’s easy-to-use UI for refining prompts can be tested without setting up a Google Cloud account through this link (to demo without a Google Cloud account, be sure you are logged out of your Google account in your web browser or use incognito mode). For those with an account, you’ll have the ability to save, manage, and fine-tune your prompts.