As developers create more advanced reasoning systems, they need high-quality resources—like enterprise data and specialized tools—to generate real business value. Google-managed model context protocol (MCP) servers serve as a secure engine for AI agents to interact with Google and Google Cloud services.
These fully-managed Google endpoints facilitate communication with various Google services, including Google Maps and BigQuery. This guide illustrates how to build agents securely on these managed MCP servers.
Benefits of Google-Managed MCP Servers
Transitioning from local testing to enterprise-level AI necessitates a solid, managed infrastructure. Here are the main advantages:
- Production readiness: Unlike open-source MCP servers, Google’s managed servers eliminate infrastructure provisioning, handling hosting, scaling, and security seamlessly.
- Unified discoverability: Easily query and discover all available MCP endpoints for Google services through a simple directory service.
- Enterprise security: Native integrations with Google Cloud’s security stack, including Cloud IAM and VPC-SC, enhance security.
- Integrated observability: With Cloud Audit Logs, teams can monitor agent performance and troubleshoot through a centralized logging interface.
Figure 1: Google MCP Servers high-level architecture diagram
Example: Cityscape Agent Using Google MCP Server
The Cityscape demo agent, built with Google’s Application Development Kit (ADK), converts simple text prompts like "Generate a cityscape for Kyoto" into unique city images. It utilizes the Google Maps Grounding Lite-managed MCP server for reliable location data and the Nano Banana model for image generation.
This lightweight application can be deployed on Google Cloud Run for user interaction. Below are two examples of images generated based on real-time weather conditions.
Figure 2: Example images generated by the Cityscape agent with real-time weather info
1. Interfacing with Google MCP Server
The Cityscape agent uses a Streamable HTTP endpoint to connect with the Google Maps MCP server, retrieving real-time weather data to enhance the generated cityscape image. This Google-managed server ensures automatic scaling and built-in reliability, making it ideal for production.
In addition to the remote Google Maps server, the Cityscape agent also employs a locally hosted MCP server for image generation, allowing for greater control over the process but requiring more complex setup.
2. Security Features and Content Guardrails
Security is paramount in this context. Here’s how two important security features are applied:
Granular Control with IAM Deny Policies: Google Cloud enables control over MCP tool access through IAM deny policies, ensuring that the agent can only query data without executing any write operations.
For instance, if the agent accesses a BigQuery MCP server, it can only query datasets, with IAM policies blocking any write actions, thus providing an additional layer of security.
Content Security with Model Armor: Model Armor integrates with Google Cloud MCP servers to sanitize tool calls and responses, preventing prompt injection attacks and blocking malicious content. Once enabled, it automatically scans all MCP traffic for potential threats.
Getting Started
Google MCP servers eliminate the infrastructure challenges that hinder AI agents during prototyping. By leveraging managed endpoints alongside robust security measures, you can create a production-ready environment with minimal operational overhead.
- Explore the ADK Cityscape agent code repo.
- Learn more about Google MCP servers and supported services here.
- Participate in a hands-on codelab for full-stack app migration with Google Cloud services.
