Vertex AI supports enterprise networking options for accessing Vertex AI endpoints and services that help you:
- Safely access your Vertex AI resources from an on-premises or multicloud environment.
- Protect your Vertex AI artifacts from exfiltration.
- Configure network traffic for your Vertex AI resources.
This page is intended for enterprise networking architects and administrators who are already familiar with Google Cloud networking concepts.
Private access options for Vertex AI
Vertex AI supports the following options for accessing Vertex AI endpoints and services privately, without an external IP address:
- Private Service Connect endpoints for Google APIs lets Google Cloud resources or on-premises systems connect to an endpoint in your VPC network, which forwards requests to Google APIs and services.
- Private Google Access:
- Lets Google Cloud resources connect to the standard external IP addresses or Private Google Access domains and VIPs for Google APIs and services through the VPC network's default internet gateway.
- Lets on-premises hosts connect to Google APIs and services through a Cloud VPN tunnel or VLAN attachment by using one of the Private Google Access-specific domains and VIPs.
Private services access lets Google Cloud VM instances connect to a Google or third-party managed VPC network through a VPC Network Peering connection.
Private Service Connect endpoints lets Google Cloud VM instances connect to services in another VPC network through an endpoint.
The following table shows the supported access methods for connecting from on-premises and multicloud environments to Vertex AI services. In this table, a checkmark indicates that an access method is supported. For more information about using an access method with a specific Vertex AI service, click the Learn more link.
| Internet | Private Service Connect for Google APIs | Private Google Access | Private services access | Private Service Connect endpoints | |
|---|---|---|---|---|---|
| Batch predictions | |||||
| Custom training (control plane) | |||||
| Custom training (data plane) | Learn more |
||||
| Datasets | |||||
| Generative AI Studio | |||||
| Vector Search (index creation) | |||||
| Vector Search (index query) | Learn more |
||||
| Online prediction | |||||
| Private online prediction endpoints | Learn more |
||||
| Vertex AI Feature Store | |||||
| Model Registry | |||||
| Vertex AI Pipelines |
Securing your Vertex AI resources
To reduce the risk of data exfiltration for your Vertex AI resources, you can place them within a service perimeter using VPC Service Controls.
- To understand VPC Service Controls, see Overview of VPC Service Controls.
- For detailed guidance, see VPC Service Controls with Vertex AI.
- To understand costs, review pricing.
What's next
- Learn how to Set up VPC Network Peering for Vertex AI.
- Learn how to Set up connectivity from Vertex AI to Other Networks.
- For general guidance and best practices for configuring your VPC networks, see Connecting multiple VPC networks.
- Learn more about using Google Cloud network connectivity products such as Cloud VPN, Cloud Interconnect, and Cloud Router to connect your non-Google Cloud (on-premises or multicloud) network to a Google Cloud Virtual Private Cloud (VPC) host network.