You can configure a virtual private cloud (VPC) for an Elastic Algorithm Service (EAS) service to enable mutual access between the EAS service and other cloud services that reside in the same VPC. You can also access the EAS service over the Internet through VPC configurations. To access Alibaba Cloud services with access restrictions, you must configure a whitelist. This topic describes how to configure a VPC, Internet access, and whitelist.
Configure a VPC
Description: Add an EAS service or a dedicated resource group to a VPC. The Elastic Compute Service (ECS) instances that reside in the VPC can access the EAS service by using the created elastic network interface (ENI). The EAS service can also access other cloud services that reside in the VPC.
Benefits:
Secure connectivity: enables secure communication between the EAS service and other cloud resources in the VPC, effectively reducing the risk of external network attacks.
Improved access efficiency: enables efficient communication between cloud resources in the VPC, significantly improving access efficiency and reducing latency.
Scenarios:
You want to call an EAS service in a VPC over a direct connection or an endpoint.
You want to access other cloud services, such as ECS and ApsaraDB RDS, in the same VPC as the EAS service over an endpoint.
You can configure a VPC, vSwitch, and security group by using the following methods:
Use the console
When you deploy a service, you can configure the VPC, vSwitch, and security group parameters in the VPC section of the service deployment page.
After a service is deployed, you can update the service and modify the VPC configurations.
If the instances in your dedicated resource group use the ARM architecture, such as Yitian compute-optimized and YiTian general-purpose instance families, use one of the following methods to configure a VPC:
Method 1: On the Resource Group tab of the Elastic Algorithm Service (EAS) page, click Enable VPC Configuration in the Actions column of the resource group that you want to manage, and complete the configuration.
Method 2: On the Resource Group tab of the Elastic Algorithm Service (EAS) page, click the name of the resource group that you want to manage. On the page that appears, click in the upper-right corner, and complete the configuration.
Use the EASCMD client
Prepare a JSON file that contains the key parameters described in the following table.
Parameter
Description
vswitch_id
The ID of the vSwitch to which your client connects. An ENI is created for the vSwitch. Make sure that the vSwitch has sufficient idle IP addresses. Otherwise, EAS instances cannot be created.
security_group_id
The ID of the security group to which the ECS instance that hosts your client belongs.
vpc_id
The VPC ID of the client.
Sample JSON configuration:
{ "metadata": { "name": "service_name", "instance": 1, "enable_webservice": true }, "cloud": { "computing": { "instance_type": "ml.gu7i.c16m60.1-gu30", "instances": null }, "networking": { "vswitch_id": "vsw-bp17jg7wr6s3pzbfe****", "security_group_id": "sg-bp14zqduxqm04qg7****", "vpc_id": "vpc-bp1s37ltnbvxgcqfc****" } }, "containers": [ { "image": "eas-registry-vpc.cn-hangzhou.cr.aliyuncs.com/pai-eas/chat-llm-webui:2.0", "script": "python webui/webui_server.py --port=8000 --model-path=meta-llama/Llama-2-7b-chat-hf", "port": 8000 } ] }Open a terminal tool, navigate to the directory where the JSON file is located, and execute the following commands. Open the EASCMD client. In the directory in which the JSON file is located, run the following commands.
In this example, a Windows 64 server is used:
Create a service
# Replace <service.json> with the name of your JSON configuration file. eascmdwin64.exe create <service.json>Update a service
# Replace <service_name> with the name of the EAS service you want to update; replace <service.json> with the name of the JSON configuration file you want to update. eascmdwin64.exe modify <service_name> -s <service.json>
Configure a VPC for dedicated resource groups that contain instances that use the ARM architecture.
Configure Internet access
Description: By default, EAS services cannot be accessed over the Internet. You can configure Internet access through VPC configurations.
Benefits: You can access the EAS service over the Internet.
Scenarios:
You want to access public data sources to download training data.
You want to use the Internet search feature.
You want to use public data sources as request data to call services.
You want to call third-party APIs for services such as weather forecasting and news broadcasting to enhance service interactions and enrich data sources.
You want to access other Alibaba Cloud services, such as database and vector retrieval services, over the Internet.
Procedure:
Configure a VPC for the EAS service.
After the configuration is complete, you can access the EAS service over the Internet.
Configure a whitelist
Description: For Alibaba Cloud services with access restrictions, you must add the public or private IP address of the EAS service to a whitelist.
Benefits: You can access Alibaba Cloud services with access restrictions.
Scenarios: You want to access cloud services with access restrictions, such as vector retrieval services (Elasticsearch, Milvus, OpenSearch), database services, and Object Storage Service (OSS).
Perform the following steps to obtain the public or private IP address of the EAS service, and then add the public or private IP address to the whitelist of the service that you want to access.
Configure a VPC for the EAS service.
Query the IP address of the EAS service.
Query the public IP address
Make sure that Internet access is enabled for the VPC to which the EAS service belongs. Log on to the VPC console and follow the instructions in the following figure to obtain the public IP address, which is the elastic IP address (EIP) that you created and associated.
Query private IP address
Log on to the VPC console and follow the instructions in the following figure to obtain the private IP address, which is the CIDR block of the vSwitch that you configured.
References
You can configure Simple Log Service for resource groups to collect logs of EAS services that are deployed in the resource groups and store the logs in your Simple Log Service.
EAS services support multiple deployment methods. You must select a suitable method based on your business scenarios.