Securing your connection to Watson OpenScale

To ensure that you have enhanced control and security over your data when you use Watson OpenScale, you have the option of using private routes to IBM Cloud service endpoints. Private routes are not accessible or reachable over the internet. By using the IBM Cloud private service endpoints feature, you can protect your data from threats from the public network and logically extend your private network.

_Required: Document any customer data that goes over public routes even with the IBM Cloud service endpoints feature enabled using a connection over private routes. For example, if your service sends customer data to a data-service using a public route or sends customer logs using public routes to LogDNA that should be documented._ -->

Before you begin

You must first enable virtual routing and forwarding in your account, and then you can enable the use of service endpoints. For more information about setting up your account to support the private connectivity option, see Enabling VRF and service endpoints.

Setting up service endpoints for Watson OpenScale

After your account is enabled for VRF and service endpoints, you can add a private network endpoint to a service instance.

A service instance can have a private network endpoint, a public network endpoint, or both.

  • Public: A service endpoint on the IBM Cloud public network.
  • Private: A service endpoint that is accessible only on the network with no access from the public internet.
  • Both public and private: Service endpoints that allow access over both networks.

Adding a private network endpoint

You add a private endpoint to a service instance from the service details page if you have a Manager or Writer service access role.

  1. Go to your Resource list.
  2. Click the name of a service instance that is on a Premium plan.
  3. In the service details page, click the Manage tab.
  4. Click Add private network endpoint.