Public and private network endpoints
IBM Cloud
IBM Cloud® supports both public and private network endpoints for certain plans. Connections to private network endpoints do not require public internet access.
Private network endpoints support routing services over the IBM Cloud private network instead of the public network. A private network endpoint provides a unique IP address that is accessible to you without a VPN connection.
Enabling your account
Private network endpoints are supported for paid plans. Check the plan information for your service to learn about the plans that support private network endpoints.
Your account must be configured before you can use private endpoints. To use private network endpoints, the following account features must be enabled for your account.
- Virtual routing and forwarding (VRF).
- Service endpoints. Enabling service endpoints means that all users in the account can connect to private network endpoints.
To enable VRF, you create a support case. To enable service endpoints, you use the IBM Cloud CLI. For more information about how to enable your account, see Enabling VRF and service endpoints.
Setting a private endpoint
After your account is enabled for VRF and service endpoints, you can add a private network endpoint to a service instance.
A service instance can have a private network endpoint, a public network endpoint, or both.
- Public: A service endpoint on the IBM Cloud public network.
- Private: A service endpoint that is accessible only on the IBM Cloud private network with no access from the public internet.
- Both public and private: Service endpoints that allow access over both networks.
Adding a private network endpoint
You add a private endpoint to a paid service instance from the service details page if you have a Manager or Writer service access role.
- Go to your Resource list.
- Click the name of a service instance that is on a paid plan. Lite plans do not support private network endpoints.
- In the service details page, click the Manage tab.
- Click Add private network endpoint.
Viewing your endpoint URL
The service endpoint URLs are different for private and public network endpoints. You can view the URL for an endpoint from the service details page.
- Go to your Resource list.
- Click the name of a service instance that has a private network endpoint.
- In the service details page, click the Manage tab, and then click Private Network Endpoint.
What to do next
- Configure your account for VRF and Service endpoints.
- Modify your applications to use the new service endpoint URL.
- Read more about service endpoints.