Enable Private Service Connect

Private Service Connect creates a private endpoint that allows secure connections to Redis Cloud databases without exposing your application VPC.

Private Service Connect (PSC) creates a private endpoint that allows secure connections to Redis Cloud databases without exposing your application's virtual private cloud (VPC).

This feature is only available for Redis Cloud Pro subscriptions hosted on Google Cloud.

Considerations

You can use Private Service Connect as an alternative to VPC peering, or you can enable both for your subscription.

Compared to VPC peering, Private Service Connect:

• Only exposes the private endpoint instead of the entire application VPC network.

• Allows producer (Redis Cloud VPC) and consumer (application VPC) CIDR ranges to overlap.

• Has slightly higher network latency than VPC peering due to load balancing requirements.

  Note:

  Larger clusters are more likely to experience increased latency with Private Service Connect versus VPC peering.

Consider using VPC peering and Private Service Connect in parallel for the following situations:

• When migrating from one connectivity solution to the other.

• If different applications need to connect to the same database but have different latency or security requirements.

Set up Private Service Connect

To set up Private Service Connect, you need to:

1. Configure Private Service Connect in the Redis Cloud console.

2. Create Private Service Connect endpoints in the application VPC.

3. From the Redis Cloud console, review and accept the Private Service Connect endpoint connection.

Configure PSC

First, configure Private Service Connect in Redis Cloud:

1. Select Subscriptions from the Redis Cloud console menu and then select your subscription from the list.

2. Select the Connectivity tab and then Private Service Connect.

3. Select the Create connection button:

   

4. Read the Latency and cost impact message and select Accept and continue:

   

5. For Create connection, enter the following Endpoint details:

   Setting name	Description
   Google Cloud project ID	Google Cloud project ID
   VPC name	Name of the VPC that hosts your application
   Subnet name	Name of your VPC's subnet of IP address ranges
   Endpoint name	Prefix used to create PSC endpoints in the consumer application VPC, so endpoint names appear in Google Cloud as endpoint name prefix + endpoint number

6. Continue to the Add connections step:

   

7. Select either Bash Shell or PowerShell and then download or copy the provided gcloud script for later:

   

8. Select Continue to save this endpoint configuration:

   

Create endpoints

Now that you have a pending Private Service Connect entry, you need to create the endpoints in your application's VPC:

1. If you have not already done so, enable Cloud DNS for your Google Cloud project.

   Note:

   Since it can take some time for the DNS changes to become active, we recommend you wait 10 minutes before running the gcloud script in the next steps.

2. If you already have a copy of the gcloud script shown earlier during the Add connections step, you can continue to the next step.

   1. Otherwise, return to your Redis Cloud subscription's Connectivity > Private Service Connect screen and select Complete setup for the pending endpoint:

      

   2. Download or copy the script.

3. Use the gcloud CLI to run the script.

   Warning:

   To ensure the gcloud script configures the endpoints correctly, do not make any changes to it.

The gcloud script creates 40 endpoints in the consumer application VPC. Each endpoint appears in Google Cloud as the configured endpoint name followed by the endpoint number.

Redis Cloud displays this collection of endpoints as a single endpoint in the Redis Cloud console.

Accept PSC connection

After the gcloud script finishes creating the Private Service Connect endpoints, you need to accept the connection in Redis Cloud:

1. In the Redis Cloud console, return to your subscription's Connectivity > Private Service Connect screen.

2. Find your pending endpoint connection in the list and select Accept:

   

Connect to database

Once your Private Service Connect endpoint is active, you can connect your application to a database:

1. From your subscription's Connectivity > Private Service Connect tab, select the Connect button for the active endpoint:

   

2. Select a database from the list.

3. Copy the endpoint and use it in your application to connect to your database.

Deactivate Private Service Connect

To deactivate Private Service Connect for your subscription:

1. Select Subscriptions from the Redis Cloud console menu and then select your subscription from the list.

2. Select the Connectivity tab and then Private Service Connect.

3. For each endpoint:

   1. Select the Delete PSC endpoint button:

      

   2. Copy the provided gcloud script from the Remove endpoint dialog.

   3. Run the gcloud script with gcloud CLI to delete the endpoint.

4. After you remove all endpoints, select the Actions button to see a list of available actions:

   

5. Select Remove service and then Confirm:

   

Once you remove all of your Private Service Connect endpoints and deactivate it, you must migrate any connections from a Private Service Connect endpoint to the public or private endpoint of your database.

Limitations

Private Service Connect has the following limitations in Redis Cloud:

• Although Redis Cloud supports using Private Service Connect with Enterprise clustering, you cannot use the OSS Cluster API with Private Service Connect enabled.

• Private Service Connect is not available for clusters with Redis versions 6.2.12 and earlier. Contact Redis support to upgrade the cluster to a compatible version or create a new subscription.