Infrastructure as a Service

As enterprises continue to navigate the complexities of digital transformation, they're looking for cloud solutions that offer security, scalability, and flexibility while ensuring privacy and compliance with regulatory standards. IBM is pleased to announce the general availability of Private Path offering which can provide private connectivity and secure access to services and applications on IBM Cloud. With Private Path service, you can securely connect to services on IBM Cloud over the IBM Cloud private network backbone, avoiding data exposure to the internet/public network.

Private Path service provides for:

• Point-to-point connectivity

• Private Path allows targeted directional connectivity between consumers and service providers from different VPCs and accounts, only consumers can initiate a connection to a provider.

• Scalable and fault-tolerant network load balancer

• Private Path network load balancer handles millions of requests per second and supports hundreds of pool members while ensuring minimal latency and resilience to zone-wide failures. 

• Granular control over network access

• Private Path allows consumers to access only the provider service and not the entire VPC of the provider, enabling granular control over network access.

Key components that form the Private Path service are:

• Private Path service: IBM, partners and third-party service providers can create a Private Path service Gateway to host and publish their service on IBM Cloud VPC.

• Private Path network load balancer: The provider can create a Private Path network load balancer and host their service behind the load balancer providing for auto-scale and regional availability.

• Virtual Private Endpoint (VPE) gateway:  Consumers create a Virtual Private Endpoint and accesses the provider’s service over private connectivity once the provider approves the consumer access request.

High-level workflow for deploying and consuming a Private Path service on IBM Cloud VPC:

Provider setup

• Deploy service in VPC — The provider deploys their service on IBM Cloud VPC and a Private Path network load balancer fronting their service running in virtual server instances on VPC.

• Create Private Path service — The provider creates a Private Path service comprising of a Private Path network load balancer (PPNLB) and a service name for the consumer to connect. Private Path network load balancer scales horizontally and provides for zonal fault-tolerance and regional resiliency.

• Setup Account policies — The provider sets up account policies for the Private Path service, allowing to permit or deny connection requests from the consumer. This provides access control and security that the provider can configure and control. The various access actions the provider can configure are — Review, Permit, and Deny.

• Publish the service — The provider publishes the Private Path service and that creates a cloud resource name (CRN) that consumers can use to connect to the provider service.

Consumer setup

• Create a VPE gateway — For consumers to connect to a provider service, the consumer creates a Virtual Private Endpoint (VPE) gateway in their VPC.

• Select IBM or non-IBM service — Consumers can connect to IBM or non-IBM (partner and third-party) services from their VPC through a VPE gateway.

• IBM service — With this option selected, the consumer can connect to select managed IBM services that support VPE.

• non-IBM service — With this option selected, the consumer can connect to a Private Path service published by the provider using its cloud resource name (CRN).

• Connect to the service — After the creation of the VPE gateway, a connection request is sent to the provider for review (the default policy). If there is an account policy for the consumer, that policy takes precedence over the default policy (to review, permit, or deny access).

Use cases:

• Access a third-party or IBM partner service from a consumer’s VPC

• IBM Cloud partners and third-party service providers can host their services and applications fronted by a Private Path network load balancer on an IBM Cloud VPC. Consumers access the service through a Virtual Private Endpoint (VPE) gateway in their VPC.

• Access IBM Cloud services from a consumer’s VPC

• Consumers access IBM Cloud services through a VPE gateway, keeping traffic within the IBM Cloud network backbone. Consumers can be in an IBM Cloud VPC or on-premises (connected via Direct Link).

• Enable an IBM Cloud service to connect to provider’s VPCs

• Private Path allows a connection between an IBM Cloud service like IBM Cloud Code Engine and providers VPC without compromising security. For example, a serverless function running in IBM Cloud Code Engine VPC accessing virtual server instances and applications in their provider’s VPC.

Get started today

IBM Cloud Private Path service is available today in all IBM Cloud multi-zone regions (MZRs). To learn more about Private Path service and securely host your services on IBM Cloud VPC, refer to the Private Path Solutions Guide and tutorials available on IBM Cloud documentation.