What is an MCP Server?

MCP (Model Context Protocol) is an open protocol standardizing how applications provide context to LLMs. An MCP server acts as a bridge, allowing AI models to access and interact with external data sources and tools.

Why host an MCP server on Google Cloud Run?

Google Cloud Run provides a secure, scalable, and cost-effective environment for hosting MCP servers. It offers built-in IAM authentication, automatic scaling, and a pay-as-you-go pricing model.

What are the security benefits of this setup?

Your MCP server is not publicly accessible without authentication. All connections are secured with Google Cloud IAM, and team members need Google Cloud SDK access to connect.

What if I have connection issues?

Verify the Cloud Run URL in `mcp_proxy.ts` matches your deployed service, check that your Google Cloud SDK is properly authenticated, and ensure the service account has the necessary permissions. Also, check the Cloud Run logs for any server-side errors.

Can I use this setup with tools other than Cursor?

Yes, you can configure any MCP client to connect to the local proxy URL (`http://localhost:3030`) to access your MCP server.

What permissions does the service account need?

The service account requires the 'Cloud Run Invoker' and 'Service Account User' roles.

How do I update the MCP server code after deployment?

Modify the MCP server code, rebuild the Docker image, and redeploy to Cloud Run using the `deploy.sh` script.

Is this solution suitable for production environments?

Yes, this setup is suitable for production environments due to its security, scalability, and cost-effectiveness. However, ensure you follow best practices for monitoring and logging.

What is UBOS and how does it relate to MCP Servers?

UBOS is a full-stack AI Agent development platform. It allows you to orchestrate AI Agents, connect them with your enterprise data, build custom AI Agents with your LLM model and Multi-Agent Systems. UBOS agents can use MCP servers to access external information and tools.

Where can I find the repository mentioned in the guide?

The repository URL will vary depending on where the code is hosted. You'll need to replace `[repository URL]` with the actual URL of the Git repository.

MCP SSE Cloud Run Proxy – Overview

UBOS Asset Marketplace: Securely Host Your MCP Server on Google Cloud Run

In the rapidly evolving landscape of AI and Large Language Models (LLMs), the Model Context Protocol (MCP) emerges as a critical standard. It bridges the gap between applications and LLMs by standardizing how applications provide context. An MCP server acts as an intermediary, facilitating the interaction of AI models with external data sources and tools. However, deploying and securing an MCP server, especially for collaborative use, presents unique challenges.

This comprehensive guide focuses on a robust solution: hosting an MCP Streaming Server-Sent Events (SSE) server on Google Cloud Run with user-based Identity and Access Management (IAM) authentication. This approach addresses the immediate need for secure MCP server sharing within teams, especially considering the ongoing development of native authentication and authorization features within the MCP framework itself.

The MCP Authentication Challenge

As of early 2024, the MCP project is still actively developing its authentication and authorization mechanisms, with completion targeted for the first half of 2025. This delay creates a pressing need for developers who want to leverage MCP servers with tools like Cursor immediately. Traditional methods like basic authentication or API keys fall short of providing the necessary security and user management capabilities.

Google Cloud Run: A Secure and Scalable Solution

Google Cloud Run offers an ideal environment for hosting MCP servers due to its inherent security features and scalability. By leveraging Cloud Run IAM Authentication, you can establish a secure connection to your MCP server over the internet. This method relies on the Google Cloud SDK to create a proxy connection, ensuring that only authenticated users can access the server.

Key Benefits of This Approach:

Enhanced Security: Your MCP server is not publicly accessible without proper authentication via Google Cloud IAM.
User-Based Access Control: Granular control over who can access the server, managed through Google Cloud’s IAM system.
Simplified Deployment: Streamlined deployment process using Docker and the Google Cloud SDK.
Scalability: Cloud Run automatically scales your MCP server based on demand, ensuring optimal performance.
Cost-Effectiveness: Pay-as-you-go pricing model, minimizing costs when the server is not actively in use.

Use Cases:

Secure Team Collaboration: Share your MCP server with team members without compromising security.
Integration with AI Development Tools: Connect your MCP server to tools like Cursor for enhanced AI development workflows.
Prototyping and Experimentation: Quickly deploy and test MCP server configurations in a secure and scalable environment.
Production Deployments: Host your MCP server in a production-ready environment with built-in security and scalability.

Setting Up Your Secure MCP Server on Google Cloud Run: A Step-by-Step Guide

The following steps outline the process of deploying your MCP server to Google Cloud Run and connecting to it securely:

Prerequisites:

Docker installed on your local machine.
Google Cloud SDK (gcloud CLI) installed and configured.
A Google Cloud project with billing enabled.

Step 1: Clone the Repository and Install Dependencies

Begin by cloning the repository containing the necessary deployment scripts and configuration files:

bash git clone [repository URL] cd [repository directory] npm install

Step 2: Configure the Deployment Script

Update the deploy.sh script with your specific Google Cloud project details:

PROJECT_ID: Your Google Cloud project ID.
REGION: Your preferred GCP region (e.g., us-central1).
SERVICE_ACCOUNT_EMAIL: The email address of a Google Cloud service account with appropriate permissions (e.g., Cloud Run Invoker, Service Account User).

Step 3: Deploy to Google Cloud Run

Make the deploy.sh script executable and run it:

bash chmod +x deploy.sh ./deploy.sh

The script will build a Docker container for your MCP server, push it to the Google Container Registry, and deploy it to Cloud Run with authentication enabled. Upon successful deployment, the script will output the Cloud Run URL.

Step 4: Configure the MCP Proxy

Update the mcp_proxy.ts file with the Cloud Run URL obtained in the previous step, along with your Google Cloud project ID.

Step 5: Run the MCP Proxy Locally

Execute the MCP proxy using the following command:

bash npx ts-node mcp_proxy.ts

The proxy will authenticate with Google Cloud, obtain the necessary tokens, and create a local proxy server (default: http://localhost:3030).

Step 6: Configure Your MCP Client

Configure your MCP client (e.g., Cursor) to connect to the local proxy URL (http://localhost:3030). Ensure that you select “SSE” (Server-Sent Events) as the connection type.

Security Considerations

This setup provides a significant improvement in security compared to exposing your MCP server directly to the internet. By leveraging Google Cloud IAM, you can control who has access to the server and ensure that all connections are authenticated and authorized.

Troubleshooting Connection Issues

If you encounter connection issues, verify the following:

The Cloud Run URL in mcp_proxy.ts matches the URL of your deployed service.
Your Google Cloud SDK is properly authenticated.
The service account has the necessary permissions (Cloud Run Invoker, Service Account User).
Check the Cloud Run logs for any server-side errors.

Contributing to the Project

Contributions to this project are welcome! Feel free to submit issues or pull requests on the project’s GitHub repository.

UBOS: The Full-Stack AI Agent Development Platform

UBOS is a comprehensive platform designed to streamline the development, orchestration, and deployment of AI Agents. It empowers businesses to integrate AI Agents into various departments, connect them with enterprise data, and build custom AI Agents using their own LLM models and Multi-Agent Systems.

Key Features of UBOS:

AI Agent Orchestration: Visually design and manage complex AI Agent workflows.
Enterprise Data Integration: Seamlessly connect AI Agents to your existing data sources.
Custom AI Agent Development: Build AI Agents tailored to your specific business needs.
Multi-Agent Systems: Create collaborative AI Agent ecosystems to solve complex problems.
Scalable Infrastructure: Deploy and scale your AI Agents with ease.

By leveraging UBOS in conjunction with a secure MCP server deployment on Google Cloud Run, you can unlock the full potential of AI Agents and accelerate your AI initiatives.

UBOS & MCP Servers: A Powerful Combination

UBOS provides a platform to create, deploy and manage AI Agents. These agents often need access to external information. This is where MCP servers become important.

Here are some use cases where UBOS and MCP servers can be used together:

Real-time Data Integration: AI agents within UBOS can use MCP servers to access real-time data feeds, enabling them to make informed decisions based on the latest information. Imagine an agent that monitors stock prices and recommends trades based on market conditions.
Accessing Legacy Systems: MCP servers can act as a bridge between UBOS agents and legacy systems that don’t have modern APIs. This allows agents to interact with valuable data stored in older systems, extending their functionality.
Contextual Awareness: MCP servers can provide agents with contextual information about the user or the environment, enabling them to personalize their responses and actions. For example, an agent could use location data from an MCP server to provide relevant recommendations for nearby restaurants.
Tool Integration: MCP servers can expose various tools and services to UBOS agents, allowing them to perform tasks such as sending emails, scheduling meetings, or creating documents. This allows the agents to automate complex workflows and improve productivity.

By using MCP servers in conjunction with UBOS, businesses can create more powerful and versatile AI agents that can access a wider range of data and services. This can lead to improved decision-making, increased efficiency, and better customer experiences.

Conclusion

Securing your MCP server is paramount, especially when sharing it with a team. Hosting it on Google Cloud Run with IAM authentication offers a robust and scalable solution. Combined with the power of UBOS for AI Agent development and orchestration, you can create a secure and efficient environment for building and deploying cutting-edge AI applications.