IBM Cloud Docs
Private Path architecture

Private Path architecture

A Private Path service provides private connectivity for IBM Cloud and third-party services. A Private Path service requires a Private Path network load balancer (NLB) to deploy a service on IBM Cloud and a Virtual Private Endpoint (VPE) gateway for consumers to connect to the service.

Figure 1 illustrates the steps required for a Private Path service to connect consumers to provider' services and applications:

  1. The provider creates a Private Path NLB.
  2. The provider creates a Private Path service and associates their service with the Private Path NLB.
  3. The consumer creates a VPE gateway that requests connectivity to the Private Path service.
  4. The provider approves the connectivity request and establishes the connection.

Private Path service architecture
Private Path service architecture

Private Path service components

The following list describes common components included in a Private Path service:

VPE gateway
Allows consumers to connect to a provider's service using the service's cloud resource name (CRN). To learn more, see About virtual private endpoint gateways.
Private Path service
Associates a provider's service with a Private Path NLB to manage incoming connectivity requests. To learn more, see About Private Path services.
Private Path NLB
Load balances traffic in a Private Path service, only receiving requests across the IBM Cloud network. To learn more, see About network load balancers.
DNS Services
Uses a private Domain Name System (DNS) to associate human friendly names with IP addresses. Private DNS zones are resolvable only on IBM Cloud, and only from explicitly permitted networks in an account. To learn more, see Getting started with IBM Cloud DNS Services.