To enable private access to OCI
Generative AI without exposing user
traffic over the internet, OCIGenerative AI supports private network
access through OCI
Virtual Cloud Network (VCN) service
gateway.
Important
A service gateway uses a private subnet with private access to supported Oracle services within a region. By using a service gateway, you can connect to Generative AI only from that subnet.
Here are high-level steps to set up a service gateway.
-
In the navigation bar of the Console, select a region with Generative AI, for example, US Midwest (Chicago) or UK South (London). See which models are offered in your region.
-
Open the navigation menu, click Networking, and then click Virtual cloud networks.
-
Set up a VCN by using one of the following options:
- Start VCN wizard (You get the resources needed for a private access which includes a service gateway, a private subnet, and a route table in the private subnet with a route rule for the service gateway.)
- Create VCN or use an existing VCN.
-
Under Virtual cloud networks, in the listed VCNs, click the VCN name. If the VCN was created with the VCN wizard, skip steps 5 to 7.
-
If the VCN has no service gateway, create a service gateway, and in the Create Service Gateway panel, for Services, select All <region> Services in Oracle Services Network.
The <region> populates with the region that you're creating the service gateway in. For example, in the us-chicago-1 region, it populates with All ORD Services in Oracle Services Network.
A VCN can have only have one service gateway.
-
In the VCN's detail page, click Route Tables and create a route table with the following route rule:
- Target Type: Service Gateway
- Destination Service: All <region> Services in Oracle Services Network
- Target Service Gateway: The service gateway for this VCN
-
In the VCN's detail page, click Subnets and create a private subnet and add the route table that you created in the previous step.
- (Optional)
For the private subnet, create a Security list and add security rules that control access between hosts in the VCN and the Generative AI service through the service gateway.