Some Vertex AI service producers require you to connect to their services through Private Service Connect interfaces. These services are listed in the Vertex AI access methods table.
When a Private Service Connect interface is created, a VM instance with at least two network interfaces is also created. The first interface connects to a subnet in a producer VPC network. The second interface requests a connection to the network attachment subnet in a consumer network. If accepted, this interface is assigned an internal IP address from the consumer subnet.
On the service producer's side of the private connection, there is a VPC network where your service resources are provisioned. This network is created exclusively for you and contains only your resources. Connectivity between the producer and consumer network is established through the Private Service Connect interface.
The following diagram shows a Vertex AI Pipelines architecture in which the Vertex AI API is enabled and managed in the consumer's network. The Vertex AI Pipelines resources are deployed as a Google-managed infrastructure as a service (IaaS) in the service producer's VPC network. Since the Private Service Connect interface is deployed with an IP address from the consumer's subnet, the producer's network has access to the consumer's learned routes that can span VPC networks, multicloud environments, and on-premises networks.
Features and limitations
The following are features and limitations of Private Service Connect (PSC) interfaces:
- The service consumer creates a network attachment in their VPC network, which is a resource that represents their side of the private connection.
- The service producer creates the managed resource with a PSC interface that references the consumer's network attachment.
- Once the consumer accepts the connection, the PSC interface is assigned an internal IP address from a subnet in the consumer's VPC network, allowing for secure, private, and bidirectional communication.
- The subnet of the network attachment
supports RFC 1918 and non RFC 1918 addresses with the exception of subnets
100.64.0.0/10and240.0.0.0/4. - Vertex AI can only connect to RFC 1918 IP address ranges that are routable from the specified network.
- Private Service Connect interfaces don't support external IP addresses.
Vertex AI can't reach a privately used public IP address or these non-RFC 1918 ranges:
100.64.0.0/10192.0.0.0/24192.0.2.0/24198.18.0.0/15198.51.100.0/24203.0.113.0/24240.0.0.0/4
Private Service Connect connection preference
Private Service Connect offers a connection preference when deploying a
network attachment that determines whether connection requests from a producer
are automatically accepted or require manual approval. In Vertex AI,
accessing a network attachment with the preference "Automatically accept
connections for all projects" (ACCEPT_AUTOMATIC) or "Accept connections for
selected projects" (ACCEPT_MANUAL) are treated as follows:
- A network attachment configured with the
ACCEPT_MANUALconnection preference is supported in Vertex AI without configuring the Vertex AI project ID in the accepted project. - Vertex AI uses the permissions (
compute.networkAttachments.updateandcompute.regionOperations.get) to authorize the tenant project hosting Vertex AI to use the network attachment for PSC Interface deployment for bothACCEPT_AUTOMATICandACCEPT_MANUALconnection preferences.
To learn more about IAM and deployment guidelines, see Set up a Private Service Connect interface for Vertex AI resources.
Private Service Connect interface deployment options
To create a Private Service Connect interface, first deploy a subnet within the consumer VPC that shares the same region as your producer service. Check the specific service requirements to make sure there are no subnet ranges that you should avoid. Then create a network attachment that references the subnet. We recommend that you dedicate the subnet allocated for the network attachment exclusively to Private Service Connect interface deployments.
The following pages discuss specific use cases for Vertex AI Private Service Connect interfaces:
- Configure Private Service Connect interface for a pipeline
- Use Private Service Connect interface for Vertex AI Training
- Create a Ray cluster on Vertex AI
- Using Private Service Connect interface with Vertex AI Agent Engine
VPC Service Controls considerations
Vertex AI producers' service ability to access the public internet depends on your project's security configuration, specifically whether you'are using VPC Service Controls.
- Without VPC Service Controls: The Google managed tenting hosting Vertex AI retains its default internet access. This outbound traffic egresses directly from the secure, Google-managed environment where your producer service runs.
- With VPC Service Controls: When your project is part of a VPC Service Controls perimeter, the Google-managed tenting hosting Vertex AI default internet access is blocked by the perimeter to prevent data exfiltration. To allow the to access the public internet in this scenario, you must explicitly configure a secure egress path that routes traffic through your VPC network. The recommended way to achieve this is by setting up a proxy server inside your VPC perimeter and creating a Cloud NAT gateway to allow the proxy VM to access the internet.
To learn more about VPC Service Controls considerations, see VPC Service Controls with Vertex AI.
Deployment considerations
The following are considerations for communication from your on-premises, multicloud, and VPC workloads to Google-managed Vertex AI services.
Vertex AI subnet recommendations
The following table lists the recommended subnet ranges for Vertex AI services that support Private Service Connect interfaces.
| Vertex AI feature | Recommended subnet range |
|---|---|
| Vertex AI Pipelines | /28 |
| Custom training jobs | /28 |
| Ray on Vertex AI | /28 |
| Vertex AI Agent Engine | /28 |
IP advertisement
- When you use the Private Service Connect interface to connect to services in the consumer VPC network, you choose an IP address from a list of supported IP ranges in your VPC network.
- By default, the Cloud Router will advertise regular VPC subnets unless custom advertisement mode is configured. For more information, see Custom advertisement.
- A connection between a network attachment and a Private Service Connect interface is transitive. Workloads in the producer VPC network can communicate with workloads that are connected to the consumer VPC network.
Firewall rules
Private Service Connect interfaces are created and managed by a producer organization, but they are located in a consumer VPC network. For consumer-side security, we recommend firewall rules that are based on IP address ranges from the consumer VPC network. You must update firewall rules to allow the network attachment subnet access to the consumer's network. For more information, see Limit producer-to-consumer ingress.
Domain name resolution
Using a Private Service Connect interface alone requires connecting to services through their internal IP addresses. This isn't a recommended practice for production systems, because IP addresses can change, leading to brittle configurations.
By implementing DNS peering, Vertex AI producers can instead resolve and connect to services in your VPC and on-premises or multicloud networks. This is achieved by querying records from a Cloud DNS private zone within your VPC network, which ensures stable, reliable service access even if underlying IP addresses are modified.
For more information, see Set up a private DNS peering.
What's next
- Learn about network attachment specifications.
- Try a codelab on using Private Service Connect interfaces with Vertex AI Pipelines.
- Try a codelab on using an explicit proxy to reach non-rfc1918 endpoints with Vertex AI Pipelines.