You can use the dedicated gateway feature of Elastic Algorithm Service (EAS) to implement isolation and access control. Dedicated gateway allows various access methods, such as Internet access, intra-region virtual private cloud (VPC) access, and inter-region VPC access. This topic describes how to use Cloud Enterprise Network (CEN) to access a dedicated gateway across VPCs.
Overview
VPCs in different regions are connected by using CEN, VPC peering, or other methods. This solution describes how to connect the VPCs to a dedicated gateway in four steps:
Create a dedicated gateway and associate VPC 1 with the dedicated gateway: Configure access control policies for the dedicated gateway.
Associate VPC 2 with the dedicated gateway: Associate a VPC in another region with the dedicated gateway and complete the domain name resolution and authorization.
Verify gateway connectivity: Verify whether VPCs can access the dedicated gateway through the endpoint.
Create a service and associate the service with the dedicated gateway: If you associate a service with the dedicated gateway when you deploy the service, you can access the dedicated gateway from the VPCs.
Prerequisites
Make sure the following prerequisites are met before you proceed:
Two VPCs are created and vSwitches are configured for the VPCs. In this example, VPC 1 is created in the China (Beijing) region and VPC 2 is created in the China (Hangzhou) region.
Connection between the two VPCs is established by using CEN, VPC peering, or other methods.
Step 1: Create a dedicated gateway and associate VPC 1 with the dedicated gateway
Create a dedicated gateway.
Log on to the PAI console, select the China (Beijing) region, and then go to the Elastic Algorithm Service (EAS) page.
Switch to the Dedicated Gateway tab, and create a dedicated gateway.
Associate VPC 1 with the dedicated gateway.
Click the name of the dedicated gateway. On the page that appears, click the VPC tab, and configure VPC access for the dedicated gateway.
Select the VPC (ID) and vSwitch that you created in the China (Beijing) region.
NoteIf the a similar error message appears when you add a VPC, select a vSwitch from a supported zone.
Vswitch vsw-2zeqwh8hv0gb96zcd**** in zone cn-beijing-g is not supported, supported zones: [cn-beijing-i cn-beijing-l cn-beijing-k]If Status changes to Running, VPC 1 is added.
Step 2: Associate VPC 2 with the dedicated gateway
On the VPC tab of the details page of the dedicated gateway, associate VPC 2 with the dedicated gateway and complete the domain name resolution and authorization based on the instructions shown in the following figure. Note that you must select a VPC created in the China (Hangzhou) region.
Step 3: Verify gateway connectivity
On the details page of the dedicated gateway, click the VPC tab and view the Endpoint.
Log on to VPC 2 in Step 2 and access the endpoint of the gateway.
If the following content is returned, you can access the dedicated gateway across VPCs.
Step 4: Create a service and associate the service with the dedicated gateway
Associate the dedicated gateway when you deploy a service
On the Inference Service tab of the Elastic Algorithm Service (EAS) page, deploy a custom service. In the Features section, select the dedicated gateway that you created. Then, configure other parameters on the Custom Deployment page.
Verify service connectivity
View service endpoint.
In the service list, click the created service to view its details.
Click View Endpoint Information.
Verify cross-region access over VPCs.
Log on to the VPC in the China (Hangzhou) region. Access the endpoint of the service. You need to delete http:// at the beginning and / at the end of the endpoint. If the following content is returned, the EAS service is accessible across VPCs through the dedicated gateway.
References
For information about the billing, usage, and other details about dedicated gateways, see Use a dedicated gateway.