As AI adoption grows, secure and reliable connectivity is crucial. Explore private connection options for your Vertex AI workloads with Microfusion, detailing existing options and services to enhance your AI journey.
Table of Contents
Table of Contents
Connectivity matrix
Vertex AI offers various AI workloads with different functionalities, typically accessed via public APIs. However, for security and governance, you may need private API access to avoid internet traffic. We will explore several options for private connections, varying by the specific Vertex AI product. The image below illustrates the connectivity matrix for accessing Vertex AI from on-premises and multicloud environments.
Options
As shown in the previous matrix, there are several private connection methods besides the public internet:
- Private Service Connect (PSC) for Google APIs: Provides private access to Google APIs using a customer-specified IP address and DNS endpoint within a VPC or over hybrid networking.
- Private Google Access: Provides private access to Google APIs using a Google-defined subnet within a VPC or over hybrid networking.
- Private Service Access (PSA): Allows access to services hosted within a Google-managed VPC network via VPC peering, using defined IP addresses for managed services.
- Private Service Connect Endpoint: Enables secure access to managed services from within a VPC or over hybrid networking using PSC endpoints, facilitating multi-tenancy across VPCs.
Example
The diagram shows a Vector Search architecture using a Shared VPC deployment. The Vector Search API is managed in a service project named “serviceproject,” with resources deployed as Google-managed IaaS in the service producer’s VPC.
Private Service Connect endpoints are set up in the consumer’s VPC for index queries and in the host project’s VPC for private index creation. Both are accessible privately through hybrid networking or within the VPC.
For public access to index queries, you can use a Private Service Connect Network Endpoint Group (PSC NEG) with an External Load Balancer. This setup provides public access while enabling WAF and DDoS protection via Cloud Armor.
Get hands-on and learn more
This topic is hot right now, and there are many approaches you can use. There are a few resources available that you can use to get some hands-on experience. Please check out the following tutorials.
- Tutorial – Use Private Service Connect to access a Vector Search index from on-premises.
- Tutorial – Use Private Service Connect to access Generative AI on Vertex AI from on-premises.
- Tutorial – Use Private Service Connect to access Vertex AI online predictions from on-premises
- Tutorial – Use Private Service Connect to access Vertex AI batch predictions from on-premises
This article is translated and adapted from the official Google Cloud blog. We hope you find valuable insights into connection methods for Vertex AI workloads through this piece by Microfusion Technology. Stay tuned as we continue to bring you the latest and most exciting topics in the industry.
