Private connectivity for Integration Connectors

This page explains how to use the Private Service Connect (PSC) to establish a connection between your backend system which is on a private network and the Integration Connectors runtime. The page assumes that you are familiar with the following concepts:

• Google Cloud Virtual Private Cloud (VPC)
• Integration Connectors
• Private Service Connect
• Internal load balancers
• Compute Engine

Why is PSC required?

Integration Connectors runtime requires PSC to access services or endpoints running on a private network which can be in Google Cloud, on-premise, or other cloud provider networks.

For example, you might want to run a private MySQL instance without assigning an external IP address. In this scenario, you must create a PSC service attachment so that the Integration Connectors runtime can access your private MySQL instance. By using the PSC service attachment, there is no need for you to assign a public IP address for your backend system.

How to create a PSC service attachment?

The following are the high-level steps to create a PSC service attachment:

1. Create a VPC network and the required subnets.
2. Create a VM instance for installing your backend service.
3. Install your backend service.
4. Create an instance group for the VM instance.
5. Create a health-check probe.
6. Set up an internal load balancer.
7. Configure the appropriate firewall rules for your network traffic.
8. Create the PSC service attachment.
9. Create an endpoint attachment.
10. Verify the PSC service attachment connectivity by creating a connection.

These steps are described in detail with an example for the following scenarios:

• MySQL instance deployed in a Compute Engine VM
• Cloud SQL instance deployed in Google Cloud
• MongoDB Atlas cluster deployed in Google Cloud