Stay organized with collections
Save and categorize content based on your preferences.
Vertex AI supports enterprise networking options for
accessing Vertex AI endpoints and services that help you:
Safely access your Vertex AI resources from an on-premises or
multi cloud environment.
Protect your Vertex AI artifacts from exfiltration.
Configure network traffic for your Vertex AI resources.
This page is intended for enterprise networking architects and administrators
who are already familiar with Google Cloud networking concepts.
Public access for Vertex AI
Vertex AI services that are accessible from the internet
have a checkmark
in the Public internet
column of the
Accessing Vertex AI from on-premises and multi cloud
table. The APIs for these services resolve to the fully
qualified domain name
REGION-aiplatform.googleapis.com, which returns publicly
routable IP addresses.
Private access options for Vertex AI
Vertex AI supports the following options for accessing Vertex AI
endpoints and services privately, without assigning external IP addresses
to your Google Cloud resources:
Private Service Connect endpoints for Google APIs
let your Google Cloud resources or on-premises systems connect to an endpoint
in your VPC network, which forwards requests to Google APIs
and services.
Lets your Google Cloud VM instances connect to Google-managed
Infrastructure-as-a-Service (IaaS) in the service producer's
VPC network through an endpoint.
Lets your on-premises hosts connect to the service producer through hybrid
networking, for example, by using a Cloud VPN tunnel or VLAN
attachment once the private service access subnet is advertised from the
Cloud Router.
Lets your Google Cloud VM instances connect to a Google or third-party
managed VPC network through a VPC Network Peering
connection.
Private Service Connect
lets your Google Cloud consumer projects and VPC networks
connect to services in other VPC networks through a forwarding
rule that deploys an endpoint.
Vertex AI access methods
The following table shows the supported access methods for
connecting from on-premises and multi cloud environments to
Vertex AI services. In this table, a
checkmark
indicates that an access method is supported.
For more information about using an access method with a specific
Vertex AI service, click the Learn more link.
Vertex AI product
Public internet
Private Service Connect for Google APIs
Private Google Access
Private services access
Private Service Connect
Batch inferences
Datasets
Vertex AI Feature Store (Bigtable online serving)
Vertex AI Feature Store (optimized online serving)
Learn more about using
Google Cloud Network Connectivity products
such as Cloud VPN, Cloud Interconnect, and Cloud Router to connect
your non-Google Cloud (on-premises or multi cloud) network to a Google Cloud
Virtual Private Cloud (VPC) host network.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-28 UTC."],[],[],null,["# Vertex AI networking access overview\n\nVertex AI supports enterprise networking options for\naccessing Vertex AI endpoints and services that help you:\n\n- Safely access your Vertex AI resources from an on-premises or multi cloud environment.\n- Protect your Vertex AI artifacts from exfiltration.\n- Configure network traffic for your Vertex AI resources.\n\nThis page is intended for enterprise networking architects and administrators\nwho are already familiar with Google Cloud networking concepts.\n\nPublic access for Vertex AI\n---------------------------\n\nVertex AI services that are accessible from the internet\nhave a checkmark\nin the **Public internet**\ncolumn of the\n[Accessing Vertex AI from on-premises and multi cloud](/vertex-ai/docs/general/netsec-overview#access-methods)\ntable. The APIs for these services resolve to the fully\nqualified domain name\n\u003cvar translate=\"no\"\u003eREGION\u003c/var\u003e`-aiplatform.googleapis.com`, which returns publicly\nroutable IP addresses.\n\nPrivate access options for Vertex AI\n------------------------------------\n\nVertex AI supports the following options for accessing Vertex AI\nendpoints and services privately, without assigning external IP addresses\nto your Google Cloud resources:\n\n- [Private Service Connect endpoints for Google APIs](/vertex-ai/docs/general/googleapi-access-methods#psc) let your Google Cloud resources or on-premises systems connect to an endpoint in your VPC network, which forwards requests to Google APIs and services.\n- [Private Google Access](/vertex-ai/docs/general/googleapi-access-methods#pga):\n - Lets your Google Cloud resources connect to the [standard\n external IP addresses or Private Google Access\n domains and virtual IP (VIP) addresses](/vpc/docs/configure-private-google-access#config) for Google APIs and services through the VPC network's default internet gateway.\n - Lets your on-premises hosts connect to Google APIs and services through a Cloud VPN tunnel or VLAN attachment by using one of the [Private Google Access-specific domains and VIPs](/vpc/docs/private-google-access-hybrid#private-vips).\n- [Private services access](/vertex-ai/docs/general/private-services-access):\n - Lets your Google Cloud VM instances connect to Google-managed Infrastructure-as-a-Service (IaaS) in the service producer's VPC network through an endpoint.\n - Lets your on-premises hosts connect to the service producer through hybrid networking, for example, by using a Cloud VPN tunnel or VLAN attachment once the private service access subnet is advertised from the Cloud Router.\n - Lets your Google Cloud VM instances connect to a Google or third-party managed VPC network through a VPC Network Peering connection.\n- [Private Service Connect](/vertex-ai/docs/general/psc-endpoints) lets your Google Cloud consumer projects and VPC networks connect to services in other VPC networks through a forwarding rule that deploys an endpoint.\n\nVertex AI access methods\n------------------------\n\nThe following table shows the supported access methods for\nconnecting from on-premises and multi cloud environments to\nVertex AI services. In this table, a\ncheckmark\nindicates that an access method is supported.\nFor more information about using an access method with a specific\nVertex AI service, click the *Learn more* link.\n\nSecuring your Vertex AI resources\n---------------------------------\n\nTo reduce the risk of data exfiltration for your Vertex AI resources,\nyou can place them within a service perimeter using VPC Service Controls.\n\n- To understand VPC Service Controls, see [Overview of VPC Service Controls](/vpc-service-controls/docs/overview).\n- For detailed guidance, see [VPC Service Controls with Vertex AI](/vertex-ai/docs/general/vpc-service-controls).\n- To understand costs, review [pricing](/vpc-service-controls/pricing).\n\nWhat's next\n-----------\n\n- Learn how to [Set up VPC Network Peering](/vertex-ai/docs/general/vpc-peering) for Vertex AI.\n- Learn how to [Set up connectivity from Vertex AI to Other Networks](/vertex-ai/docs/general/hybrid-connectivity).\n- For general guidance and best practices for configuring your VPC networks, see [Connecting multiple VPC networks](https://cloud.google.com/architecture/best-practices-vpc-design#connecting_multiple_networks).\n- Learn more about using\n [Google Cloud Network Connectivity products](/network-connectivity/docs/how-to/choose-product#google-cloud)\n such as Cloud VPN, Cloud Interconnect, and Cloud Router to connect\n your non-Google Cloud (on-premises or multi cloud) network to a Google Cloud\n Virtual Private Cloud (VPC) host network."]]