VPC Service Controls can help you mitigate the risk of data exfiltration from Vertex AI. Use VPC Service Controls to create a service perimeter that protects the resources and data that you specify. For example, when you use VPC Service Controls to protect Vertex AI, the following artifacts can't leave your service perimeter:
- Training data for an AutoML model or custom model
- Models that you created
- Models that you searched by using Neural Architecture Search
- Requests for online predictions
- Results from a batch prediction request
Service perimeter creation
When you create a service perimeter, include Vertex AI
(aiplatform.googleapis.com
) and Vertex AI Workbench
(notebooks.googleapis.com
) as protected services. You aren't required to
include any additional services for Vertex AI to function. However,
Vertex AI won't be able to reach resources outside the perimeter,
such as files in a Cloud Storage bucket that is outside the perimeter.
For more information about creating a service perimeter, see Creating a service perimeter in the VPC Service Controls documentation.
Enable VPC Service Controls for peerings to configure the servicenetworking
VPC network without a default route. The name is a bit misleading, because it's not explicitly a VPC-SC configuration; rather, it's commonly used when using VPC-SC. Without the default route, from the perspective of the servicenetworking
VPC network.
- Packets to
199.36.153.4/30
(restricted.googleapis.com) are sent to the default internet gateway of theservicenetworking
VPC network. This is because the command creates a custom route for this destination. DNS entries for the following domains are added to the
servicenetworking
VPC network to facility Private Google Accessbackupdr.cloud.google.com
backupdr.googleusercontent.com
gcr.io
googleapis.com
kernels.googleusercontent.com
notebooks.cloud.google.com
pkg.dev
The default route (or broader routes) in the customer's VPC network can be used to route traffic from the
servicenetworking
VPC network into the customer's VPC network or into an on-premises network connected to the customer's VPC network. For this to work, the following conditions must be met.- The routes in the customer's VPC network must use next hops different than the default internet gateway next hop. (Routes using the default internet gateway next hop are never exchanged in a VPC network peering relationship.)
- The customer's VPC network must be configured to export custom routes in the peering to the
servicenetworking
VPC network. (Theservicenetworking
network is already configured to import custom routes in the peering relationship.)
You can query the state of VPC Service Controls for Peerings by running the following command.
gcloud services vpc-peerings get-vpc-service-controls \
--network YOUR_NETWORK
This will return enabled: true
if the configuration is enabled and empty
list ({}
) if it is disabled.
For further discussion on this, see set up connectivity from Vertex AI to other networks.
VPC Service Controls support for Generative AI tuning pipelines
VPC Service Controls support is provided in the tuning pipeline of the following models:
text-bison for PaLM 2
BERT
T5
- The
textembedding-gecko
family of models.
Limitations
The following limitations apply when you use VPC Service Controls:
- For data labeling, you must add labelers' IP addresses to an access level.
- For Google Cloud Pipeline Components, the components launch containers that
check their base image for all requirements. If requirements are missing,
download them from the Python Package Index (PyPI).
The KFP package, as well as any packages
listed in the
packages_to_install
argument are the requirements for a container. If a requirement is specified that is not present in the base image (either provided or custom), the component will fail if it isn't able to download the requirement. - When using VPC Service Controls with custom kernels in
Vertex AI Workbench, you must instead configure DNS peering to send
requests for
*.notebooks.googleusercontent.com
to the subnet 199.36.153.8/30 (private.googleapis.com
) instead of 199.36.153.4/30 (restricted.googleapis.com
).
What's next
- Learn more about VPC Service Controls.
- Learn about troubleshooting VPC Service Controls issues.