Private Service Connect (PSC) creates a private endpoint that allows secure connections to Redis Cloud databases without exposing your application’s virtual private cloud (VPC).

This feature is only available for Flexible and Annual subscriptions hosted on Google Cloud.

Considerations

You can use Private Service Connect as an alternative to VPC peering, or you can enable both for your subscription.

Compared to VPC peering, Private Service Connect:

  • Only exposes the private endpoint instead of the entire application VPC network.

  • Allows producer (Redis Cloud VPC) and consumer (application VPC) CIDR ranges to overlap.

  • Has slightly higher network latency than VPC peering due to load balancing requirements.

    Note:
    Larger clusters are more likely to experience increased latency with Private Service Connect versus VPC peering.

Consider using VPC peering and Private Service Connect in parallel for the following situations:

  • When migrating from one connectivity solution to the other.

  • If different applications need to connect to the same database but have different latency or security requirements.

Set up Private Service Connect

To set up Private Service Connect, you need to:

  1. Configure Private Service Connect in the Redis Cloud console.

  2. Create Private Service Connect endpoints in the application VPC.

  3. From the Redis Cloud console, review and accept the Private Service Connect endpoint connection.

Configure PSC

First, configure Private Service Connect in Redis Cloud:

  1. Select Subscriptions from the Redis Cloud console menu and then select your subscription from the list.

  2. Select the Connectivity tab and then Private Service Connect.

  3. Select the Create connection button:

    Use the Create connection button to configure a new PSC endpoint.
  4. Read the Latency and cost impact message and select Accept and continue:

    Use the Accept and continue button to acknowledge PSC's impact on latency and cost.
  5. For Create connection, enter the following Endpoint details:

    Setting name Description
    Google Cloud project ID Google Cloud project ID
    VPC name Name of the VPC that hosts your application
    Subnet name Name of your VPC’s subnet of IP address ranges
    Endpoint name Prefix used to create PSC endpoints in the consumer application VPC, so endpoint names appear in Google Cloud as endpoint name prefix + endpoint number
  6. Continue to the Add connections step:

    Use the Continue button to proceed to the Add connections step.
  7. Select either Bash Shell or PowerShell and then download or copy the provided gcloud script for later:

    Use the Download or Copy buttons to save the gcloud script for later use.
  8. Select Continue to save this endpoint configuration:

    Use the Continue button to save the PSC endpoint configuration.

Create endpoints

Now that you have a pending Private Service Connect entry, you need to create the endpoints in your application’s VPC:

  1. If you have not already done so, enable Cloud DNS for your Google Cloud project.

    Note:
    Since it can take some time for the DNS changes to become active, we recommend you wait 10 minutes before running the gcloud script in the next steps.
  2. If you already have a copy of the gcloud script shown earlier during the Add connections step, you can continue to the next step.

    1. Otherwise, return to your Redis Cloud subscription’s Connectivity > Private Service Connect screen and select Complete setup for the pending endpoint:

      Use the Complete setup button if you need access to the gcloud script again.
    2. Download or copy the script.

  3. Use the gcloud CLI to run the script.

    Warning -
    To ensure the gcloud script configures the endpoints correctly, do not make any changes to it.

The gcloud script creates 40 endpoints in the consumer application VPC. Each endpoint appears in Google Cloud as the configured endpoint name followed by the endpoint number.

Redis Cloud displays this collection of endpoints as a single endpoint in the Redis Cloud console.

Accept PSC connection

After the gcloud script finishes creating the Private Service Connect endpoints, you need to accept the connection in Redis Cloud:

  1. In the Redis Cloud console, return to your subscription’s Connectivity > Private Service Connect screen.

  2. Find your pending endpoint connection in the list and select Accept:

    Use the Accept button to finish PSC endpoint setup.

Connect to database

Once your Private Service Connect endpoint is active, you can connect your application to a database:

  1. From your subscription’s Connectivity > Private Service Connect tab, select the Connect button for the active endpoint:

    Use the Connect button to retrieve PSC connection details.
  2. Select a database from the list.

  3. Copy the endpoint and use it in your application to connect to your database.

Deactivate Private Service Connect

To deactivate Private Service Connect for your subscription:

  1. Select Subscriptions from the Redis Cloud console menu and then select your subscription from the list.

  2. Select the Connectivity tab and then Private Service Connect.

  3. For each endpoint:

    1. Select the Delete PSC endpoint button:

      Use the Delete PSC endpoint button to remove an endpoint.
    2. Copy the provided gcloud script from the Remove endpoint dialog.

    3. Run the gcloud script with gcloud CLI to delete the endpoint.

  4. After you remove all endpoints, select the Actions button to see a list of available actions:

    Use the Toggle actions button to see a list of actions.
  5. Select Remove service and then Confirm:

    Use the Confirm button to deactivate Private Service Connect.

Limitations

Private Service Connect has the following limitations in Redis Cloud:

  • Although Redis Cloud supports using Private Service Connect with Enterprise clustering, you cannot use the OSS Cluster API with Private Service Connect enabled.

  • Private Service Connect is not available for clusters with Redis versions 6.2.12 and earlier. Contact Redis support to upgrade the cluster to a compatible version or create a new subscription.