Stay organized with collections
Save and categorize content based on your preferences.
This page provides information on how your data is protected while data moves
between your site and the cloud provider or between two services in the context
of AML AI.
Internal Google services, including those used by AML AI,
generally use ALTS.
ALTS is similar in concept to mTLS but has been optimized for Google's data
center environments. In some cases, TLS is used.
External communications to financialservices.googleapis.com (the
AML AI endpoint) uses TLS to the Google Front End (GFE). The GFE
ensures that all TLS connections are terminated with correct certificates and
that all best practices are followed. Traffic between the GFE and financialservices.googleapis.com
is internal and is encrypted with ALTS.
Traffic from a VM on Google Cloud to the GFE is encrypted with TLS. By default,
this traffic uses external IP addresses but can use internal IP addresses using
Private Google Access.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-04-12 UTC."],[[["AML AI data moving between your site and the cloud or between two services is protected through encryption."],["Internal Google services, including AML AI, primarily utilize ALTS encryption, which is similar to mTLS but tailored for Google's environment, and in some cases TLS is used."],["External communication to the AML AI endpoint uses TLS to the Google Front End (GFE), with ALTS employed for internal traffic between the GFE and financialservices.googleapis.com."],["Traffic from a Google Cloud VM to the GFE is encrypted with TLS and can use internal IP addresses via Private Google Access."],["mTLS encryption can be enabled using BeyondCorp Enterprise, with a specific mTLS endpoint, `financialservices.mtls.googleapis.com`, and a configured VPC-SC access level."]]],[]]
