Vertex AI supports enterprise networking options for accessing Vertex AI endpoints and services that help you:
- Safely access your Vertex AI resources from an on-premises or multi cloud environment.
- Protect your Vertex AI artifacts from exfiltration.
- Configure network traffic for your Vertex AI resources.
This page is intended for enterprise networking architects and administrators who are already familiar with Google Cloud networking concepts.
Public access for Vertex AI
Vertex AI services that are accessible from the internet
have a checkmark
in the Public internet
column of the
Accessing Vertex AI from on-premises and multi cloud
table. The APIs for these services resolve to the fully
qualified domain name
REGION-aiplatform.googleapis.com, which returns publicly
routable IP addresses.
Private access options for Vertex AI
Vertex AI supports the following options for accessing Vertex AI endpoints and services privately, without assigning external IP addresses to your Google Cloud resources:
- Vertex AI deployed with Private Service Connect (PSC)
enables secure, private,
and explicit access to Vertex AI services, eliminating the need for
complex configurations like VPC peering that result in peered
network route table exchange and IP address allocation. This makes it easier
to connect to services. It's a key solution for both service consumers and
producers, simplifying network management and enhancing security.
Private Service Connect
offers the following features:
- PSC Endpoints: A consumer can create a forwarding rule in their VPC that references the service attachment. This creates a private IP address within their network, allowing internal resources (like VMs) and cross-cloud clients over hybrid networking to access Vertex AI.
- PSC Backends: A consumer can use a PSC network endpoint group (NEG) as a backend for an internal or external regional load balancer. This unlocks load balancer features such as:
- Logging and monitoring of ingress traffic
- Traffic management
- Google Cloud Armor integration
- Transitivity over VPC peering
- Private Service Connect endpoints for Google APIs let your Google Cloud resources or on-premises systems connect to an endpoint in your VPC network, which forwards requests to Google APIs and services.
- Private Google Access:
- Lets your Google Cloud resources connect to the standard external IP addresses or Private Google Access domains and virtual IP (VIP) addresses for Google APIs and services through the VPC network's default internet gateway.
- Lets your on-premises hosts connect to Google APIs and services through a Cloud VPN tunnel or VLAN attachment by using one of the Private Google Access-specific domains and VIPs.
- Vertex AI deployed with private services access (PSA)
enables a private connection between your Virtual Private Cloud (VPC) network and
service producer's (Vertex AI) VPC network.
The underlying infrastructure of private services access is VPC
peering between the consumer and producer network, allowing route exchange
between the networks.
Following are features and limitations of private services access (PSA):
- PSA is built on top of VPC Network Peering. When you set up PSA, Google Cloud establishes a peering connection between your VPC network and the service producer's VPC network.
- A key requirement of PSA is that you, the service consumer, must allocate a dedicated internal IP address range for the service producer's use. This range is reserved and cannot be used in your own VPC, which helps prevent IP address conflicts.
- Once the connection is established, the service producer provisions your requested resources within their own VPC network, using an IP address from the address range you allocated. These resources are isolated to your project.
- VPC peering is not transitive.
- Private Service Connect, through endpoints, backends, or an interface, provides significant enhancements compared to private services access, including network transitivity and lower consumption of IP addresses. Therefore, Private Service Connect is the recommended solution.
Vertex AI deployed with PSC interface enables traffic flows from the service producer's (Vertex AI) network out to the consumer's network. This is useful for scenarios where a managed service needs to interact with resources in the customer's VPC, on-premises, or multicloud networks.
Following are features and limitations of PSC interface:
- The service consumer creates a network attachment in their VPC network, which is a resource that represents their side of the private connection.
- The service producer creates the managed resource with a PSC interface that references the consumer's network attachment.
- Once the consumer accepts the connection, the PSC interface is assigned an internal IP address from a subnet in the consumer's VPC network, allowing for secure, private, and bidirectional communication.
- The subnet of the network attachment
supports RFC 1918 and non RFC 1918 addresses with the exception of subnets
100.64.0.0/10and240.0.0.0/4. - Vertex AI can only connect to RFC 1918 IP address ranges that are routable from the specified network.
Vertex AI can't reach a privately used public IP address or these non-RFC 1918 ranges:
100.64.0.0/10192.0.0.0/24192.0.2.0/24198.18.0.0/15198.51.100.0/24203.0.113.0/24240.0.0.0/4
Vertex AI access methods
The following table shows the supported access methods for connecting from on-premises and multi cloud environments to Vertex AI services. In this table, a checkmark indicates that an access method is supported. For more information about using an access method with a specific Vertex AI service, click the Learn more link.
| Vertex AI product | Public internet | Private Service Connect for Google APIs | Private Google Access | Private services access | Private Service Connect |
|---|---|---|---|---|---|
| Batch inferences | |||||
| Datasets | |||||
| Vertex AI Feature Store (Bigtable online serving) | |||||
| Vertex AI Feature Store (optimized online serving) | Learn more |
||||
| Generative AI on Vertex AI (Gemini) | |||||
| Model Registry | |||||
| Online inference | Learn more |
||||
| Vector Search (index creation) | |||||
| Vector Search (index query) | Learn more |
||||
| Custom training (control plane) | |||||
| Custom training (data plane) | Learn more |
Learn more using PSC-I |
|||
| Vertex AI Pipelines | Learn more using PSC-I |
||||
| Private online inference endpoints | Learn more |
Learn more |
|||
| Vertex AI Agent Engine | Learn more using PSC-I |
Securing your Vertex AI resources
To reduce the risk of data exfiltration for your Vertex AI resources, you can place them within a service perimeter using VPC Service Controls.
- To understand VPC Service Controls, see Overview of VPC Service Controls.
- For detailed guidance, see VPC Service Controls with Vertex AI.
- To understand costs, review pricing.
What's next
- Learn how to Set up VPC Network Peering for Vertex AI.
- Learn how to Set up connectivity from Vertex AI to Other Networks.
- For general guidance and best practices for configuring your VPC networks, see Connecting multiple VPC networks.
Learn more about using Google Cloud Network Connectivity products such as Cloud VPN, Cloud Interconnect, and Cloud Router to connect your non-Google Cloud (on-premises or multi cloud) network to a Google Cloud Virtual Private Cloud (VPC) host network.