Accessing Generative AI with a Private Network

To enable private access to OCI Generative AI without exposing user traffic over the internet, OCIGenerative AI supports private network access through OCI Virtual Cloud Network (VCN) service gateway.

Important

A service gateway uses a private subnet with private access to supported Oracle services within a region. By using a service gateway, you can connect to Generative AI only from that subnet.

Here are high-level steps to set up a service gateway.

  1. In the navigation bar of the Console, select a region with Generative AI, for example, US Midwest (Chicago) or UK South (London). See which models are offered in your region.
  2. Open the navigation menu, click Networking, and then click Virtual cloud networks.
  3. Set up a VCN by using one of the following options:
    • Start VCN wizard (You get the resources needed for a private access which includes a service gateway, a private subnet, and a route table in the private subnet with a route rule for the service gateway.)
    • Create VCN or use an existing VCN.
  4. Under Virtual cloud networks, in the listed VCNs, click the VCN name. If the VCN was created with the VCN wizard, skip steps 5 to 7.
  5. If the VCN has no service gateway, create a service gateway, and in the Create Service Gateway panel, for Services, select All <region> Services in Oracle Services Network.

    The <region> populates with the region that you're creating the service gateway in. For example, in the us-chicago-1 region, it populates with All ORD Services in Oracle Services Network.

    A VCN can have only have one service gateway.

  6. In the VCN's detail page, click Route Tables and create a route table with the following route rule:
    • Target Type: Service Gateway
    • Destination Service: All <region> Services in Oracle Services Network
    • Target Service Gateway: The service gateway for this VCN
  7. In the VCN's detail page, click Subnets and create a private subnet and add the route table that you created in the previous step.
  8. (Optional) For the private subnet, create a Security list and add security rules that control access between hosts in the VCN and the Generative AI service through the service gateway.