| copyright |
|
||
|---|---|---|---|
| lastupdated | 2023-01-14 | ||
| keywords | service endpoint,private network endpoint,network endpoint | ||
| subcollection | watson |
{{site.data.keyword.attribute-definition-list}}
{: #public-private-endpoints}
[IBM Cloud]{: tag-ibm-cloud}
{{site.data.keyword.cloud}} supports both public and private network endpoints for certain plans. Connections to private network endpoints do not require public internet access. {: shortdesc}
Private network endpoints support routing services over the {{site.data.keyword.cloud_notm}} private network instead of the public network. A private network endpoint provides a unique IP address that is accessible to you without a VPN connection.
{: #requirements-endpoints}
Private network endpoints are supported for paid plans. Check the plan information for your service to learn about the plans that support private network endpoints. {: important}
Your account must be configured before you can use private endpoints. To use private network endpoints, the following account features must be enabled for your account.
- Virtual routing and forwarding (VRF).
- Service endpoints. Enabling service endpoints means that all users in the account can connect to private network endpoints.
To enable VRF, you create a support case. To enable service endpoints, you use the {{site.data.keyword.Bluemix_notm}} CLI. For more information about how to enable your account, see Enabling VRF and service endpoints.
{: #setting-private-endpoints}
After your account is enabled for VRF and service endpoints, you can add a private network endpoint to a service instance.
A service instance can have a private network endpoint, a public network endpoint, or both.
- Public: A service endpoint on the {{site.data.keyword.cloud_notm}} public network.
- Private: A service endpoint that is accessible only on the {{site.data.keyword.cloud_notm}} private network with no access from the public internet.
- Both public and private: Service endpoints that allow access over both networks.
{: #adding-private-network-endpoints}
You add a private endpoint to a paid service instance from the service details page if you have a Manager or Writer service access role.
- Go to your Resource list{: external}.
- Click the name of a service instance that is on a paid plan. Lite plans do not support private network endpoints.
- In the service details page, click the Manage tab.
- Click Add private network endpoint.
{: #viewing-url-endpoints}
The service endpoint URLs are different for private and public network endpoints. You can view the URL for an endpoint from the service details page.
- Go to your Resource list{: external}.
- Click the name of a service instance that has a private network endpoint.
- In the service details page, click the Manage tab, and then click Private Network Endpoint.
{: #what-next-endpoints}
- Configure your account for VRF and Service endpoints.
- Modify your applications to use the new service endpoint URL.
- Read more about service endpoints.