Stay organized with collections
Save and categorize content based on your preferences.
To reduce network latency for vector matching
online queries, call the Vertex AI service endpoints from your
Virtual Private Cloud (VPC) by using
private services access. For
each Google Cloud project, only one VPC network can be peered
with Vector Search. If you already have a
VPC with private services access configured, you can use that
VPC to peer with Vector Search.
VPC Network Peering connection configuration is an initial task required
only one time per Google Cloud project. After this setup is
done, you can make calls to the Vector Search index
from any client running inside your VPC.
The VPC Network Peering connection is required only for vector matching
online queries. API calls to create, deploy, and delete indexes don't require
a VPC Network Peering connection.
A designated Google Cloud project administrator or network administrator
can complete the following steps to create a VPC Network Peering connection.
To set up your Google Cloud projects, enable billing, and enable APIs,
complete the following
Before you begin steps.
To avoid IP address collisions between your VPC network and
our service producer's network, you must allocate an IP address range for
the Vector Search service in which the
Vector Search indexes are deployed. For more
information, see
Allocating IP address ranges.
# Note: `prefix-length=16` means a CIDR block with mask /16 is reserved for
# use by Google services. Make sure to enable the Service Networking API.
gcloud compute addresses create $PEERING_RANGE_NAME \
--global \
--prefix-length=16 \
--description="peering range for Vector Search" \
--network=$NETWORK_NAME \
--purpose=VPC_PEERING \
--project=$PROJECT_ID
After you create a private connection, you can make online calls to a
Vector Search index from any virtual machine (VM)
instance running within the peered VPC.
Access control with IAM
Vertex AI uses Identity and Access Management (IAM) to manage
access to resources. To grant access to a resource, assign one or more roles to
a user, group, or service account.
To use Vector Search, use
these predefined roles
to grant varying levels of access to resources at the project level.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[],[],null,["# Set up a VPC Network Peering connection\n\nTo reduce network latency for vector matching\nonline queries, call the Vertex AI service endpoints from your\nVirtual Private Cloud (VPC) by using\n[private services access](/vpc/docs/private-services-access). For\neach Google Cloud project, only one VPC network can be peered\nwith Vector Search. If you already have a\nVPC with private services access configured, you can use that\nVPC to peer with Vector Search.\n\nVPC Network Peering connection configuration is an initial task required\nonly one time per Google Cloud project. After this setup is\ndone, you can make calls to the Vector Search index\nfrom any client running inside your VPC.\n\nThe VPC Network Peering connection is required only for vector matching\nonline queries. API calls to create, deploy, and delete indexes don't require\na VPC Network Peering connection.\n\nA designated Google Cloud project administrator or network administrator\ncan complete the following steps to create a VPC Network Peering connection.\n\n1. To set up your Google Cloud projects, enable billing, and enable APIs,\n complete the following\n [Before you begin](/vertex-ai/docs/general/vpc-peering#before_you_begin) steps.\n\n2. To avoid IP address collisions between your VPC network and\n our service producer's network, you must allocate an IP address range for\n the Vector Search service in which the\n Vector Search indexes are deployed. For more\n information, see\n [Allocating IP address ranges](/vpc/docs/configure-private-services-access#allocating-range).\n\n ```sh\n # Note: `prefix-length=16` means a CIDR block with mask /16 is reserved for\n # use by Google services. Make sure to enable the Service Networking API.\n gcloud compute addresses create $PEERING_RANGE_NAME \\\n --global \\\n --prefix-length=16 \\\n --description=\"peering range for Vector Search\" \\\n --network=$NETWORK_NAME \\\n --purpose=VPC_PEERING \\\n --project=$PROJECT_ID\n ``` \n\n ```sh\n # Create the VPC connection.\n gcloud services vpc-peerings connect \\\n --service=servicenetworking.googleapis.com \\\n --network=$NETWORK_NAME \\\n --ranges=$PEERING_RANGE_NAME \\\n --project=$PROJECT_ID\n ```\n\nAfter you create a private connection, you can make online calls to a\nVector Search index from any virtual machine (VM)\ninstance running within the peered VPC.\n\nAccess control with IAM\n-----------------------\n\nVertex AI uses Identity and Access Management (IAM) to manage\naccess to resources. To grant access to a resource, assign one or more roles to\na user, group, or service account.\n\nTo use Vector Search, use\n[these predefined roles](/vertex-ai/docs/general/access-control#predefined-roles)\nto grant varying levels of access to resources at the project level."]]
