VPC controls for generative AI use cases

This document includes the best practices and guidelines for Virtual Private Cloud (VPC) when running generative AI workloads on Google Cloud. Use VPC with Vertex AI to isolate your AI resources from the internet in a secure environment. This network configuration helps protect sensitive data and models from unauthorized access and potential cyberattacks.

You can define granular firewall rules and access controls within your VPC network to restrict traffic and only allow authorized connections to specific resources.

Organize your Vertex AI resources into separate VPC networks based on function or security requirements. This type of organization helps isolate resources and prevents unauthorized access between different projects or teams. You can create dedicated VPC networks for sensitive workloads, such as training models with confidential data, ensuring that only authorized users and services have network access.

You can use Cloud VPN or Cloud Interconnect to establish a secure network connection between your on-premises infrastructure and your Vertex AI environment. Cloud VPN or Cloud Interconnect help enable seamless data transfer and communication between your private network and Google Cloud resources. Consider this integration for scenarios like accessing on-premises data for model training or deploying models to on-premises resources for inference.

Required VPC controls

The following controls are strongly recommended when using VPC.

Block default network creation

Google control ID	VPC-CO-6.1
Category	Required
Description	The compute.skipDefaultNetworkCreation boolean constraint skips the creation of the default network and related resources when creating Google Cloud projects. The default network is an auto-mode Virtual Private Cloud (VPC) network with pre-populated IPv4 firewall rules to allow internal communication paths. Generally, this setup isn't a recommended security posture for production environments.
Applicable products	Organization Policy Service Virtual Private Cloud (VPC)
Path	constraints/compute.skipDefaultNetworkCreation
Value	True
Type	Boolean
Related NIST-800-53 controls	SC-7 SC-8
Related CRI profile controls	PR.AC-5.1 PR.AC-5.2 PR.DS-2.1 PR.DS-2.2 PR.DS-5.1 PR.PT-4.1 DE.CM-1.1 DE.CM-1.2 DE.CM-1.3 DE.CM-1.4
Related information	Organization policy constraints

Restrict external IP addresses on VMs

Google control ID	VPC-CO-6.2
Category	Required
Description	Unless needed, prevent the creation of Compute Engine instances with public IP addresses. The compute.vmExternalIpAccess list constraint defines the set of Compute Engine VM instances that can have external IP addresses. Prevent Compute Engine instances from having external IP addresses to drastically reduce their exposure to the internet. Any instance with an external IP address is immediately discoverable and becomes a direct target for automated scans, brute-force attacks, and attempts to exploit vulnerabilities. Instead, require instances to use private IP addresses and manage access through controlled, authenticated, and logged pathways like the Identity-Aware Proxy (IAP) tunnel or a bastion host. Adopting this deny-by-default posture is a foundational security best practice that helps minimize your attack surface and enforces a zero-trust approach to your network. This constraint isn't retroactive.
Applicable products	Organization Policy Service Virtual Private Cloud (VPC) Compute Engine
Path	constraints/compute.vmExternalIpAccess
Operator	=
Value	The list of VM instances in your organization that can have external IP addresses.
Type	List
Related NIST-800-53 controls	SC-7 SC-8
Related CRI profile controls	PR.AC-5.1 PR.AC-5.2 PR.DS-2.1 PR.DS-2.2 PR.DS-5.1 PR.PT-4.1 DE.CM-1.1 DE.CM-1.2 DE.CM-1.3 DE.CM-1.4
Related information	Restrict external IP addresses to specific instances

Define VM instances that can enable IP forwarding

Google control ID	VPC-CO-6.3
Category	Required
Description	The compute.vmCanIpForward constraint defines the VM instances that can enable IP forwarding. By default, any VM can enable IP forwarding in any virtual network. Specify VM instances using one of the following formats: under:organizations/ORGANIZATION_ID under:folders/FOLDER_ID under:projects/PROJECT_ID projects/PROJECT_ID/zones/ZONE/instances/INSTANCE_NAME. This constraint isn't retroactive.
Applicable products	Organization Policy Service Virtual Private Cloud (VPC) Compute Engine
Path	constraints/compute.vmCanIpForward
Operator	=
Value	Your list of VM instances that can enable IP forwarding.
Type	List
Related NIST-800-53 controls	SC-7 SC-8
Related CRI profile controls	PR.AC-5.1 PR.AC-5.2 PR.DS-2.1 PR.DS-2.2 PR.DS-5.1 PR.PT-4.1 DE.CM-1.1 DE.CM-1.2 DE.CM-1.3 DE.CM-1.4
Related information	Recommendations Enable IP forwarding for instances

Disable VM-nested virtualization

Google control ID	VPC-CO-6.6
Category	Required
Description	The compute.disableNestedVirtualization boolean constraint disables hardware-accelerated nested virtualization for Compute Engine VMs.
Applicable products	Organization Policy Service Virtual Private Cloud (VPC) Compute Engine
Path	constraints/compute.disableNestedVirtualization
Operator	Is
Value	True
Type	Boolean
Related NIST-800-53 controls	SC-7 SC-8
Related CRI profile controls	PR.AC-5.1 PR.AC-5.2 PR.DS-2.1 PR.DS-2.2 PR.DS-5.1 PR.PT-4.1 DE.CM-1.1 DE.CM-1.2 DE.CM-1.3 DE.CM-1.4
Related information	Manage the nested virtualization constraint

What's next

• See more Google Cloud security best practices and guidelines for generative AI workloads.