After you configure a virtual private cloud (VPC) for an Elastic Algorithm Service (EAS) service, it can mutually access other cloud services that reside in the same VPC, and access the Internet through the VPC. For cloud services that has access restrictions, you need to configure a whitelist. This topic describes how to configure network connectivity, Internet access, and whitelist.
Prerequisites
Your account has the permissions to use EAS. For more information, see Grant the permissions that are required to use EAS.
A VPC, a vSwitch, and a security group are created. For more information, see Create and manage a VPC and Create a security group.
Configure VPC
Configuring a VPC refers to adding the EAS service or the dedicated resource group to the VPC network environment. After successful configuration, ECS (Elastic Compute Service) instances and other resources within this VPC can access the EAS service through the VPC. At the same time, the EAS service can also access other cloud resources within the same VPC.
Take the following steps to configure a VPC. If you do not have a VPC, vSwitch, or security group, create them first. For more information, see Create and manage a VPC and Create a security group.
Use the console
When deploying an EAS service, in the VPC Settings section, configure the VPC, vSwitch, and Security Group Name parameters.
After you deploy the service, you can update the service to modify the VPC settings.
If the instances in your dedicated resource group use the ARM architecture, such as Yitian compute-optimized and YiTian general-purpose instance families, perform the following steps to turn on VPC direct connection:
Method 1:
On the Resource Group tab, find the resource group for which you want to enable the feature and turn on VPC Direct Connection in the VPC Direct Connection column.
In the Enable VPC Direct Connection dialog box, configure the VPC, vSwitch, and Security Group Name parameters and click OK.
Method 2:
On the Resource Group tab, click the name of the resource group that you want to view.
Turn on VPC Direct Connection.
In the Enable VPC Direct Connection dialog box, configure the VPC, vSwitch, and Security Group Name parameters and click OK.
Use the EASCMD client
Prepare a JSON configuration file. Sample file:
{ "metadata": { "name": "service_name", "instance": 1, "enable_webservice": true }, "cloud": { "computing": { "instance_type": "ml.gu7i.c16m60.1-gu30", "instances": null }, "networking": { "vswitch_id": "vsw-bp17jg7wr6s3pzbfe****", "security_group_id": "sg-bp14zqduxqm04qg7****", "vpc_id": "vpc-bp1s37ltnbvxgcqfc****" } }, "containers": [ { "image": "eas-registry-vpc.cn-hangzhou.cr.aliyuncs.com/pai-eas/chat-llm-webui:2.0", "script": "python webui/webui_server.py --port=8000 --model-path=meta-llama/Llama-2-7b-chat-hf", "port": 8000 } ] }The following table describes the parameters about the VPC settings.
Parameter
Description
vswitch_id
The ID of the vSwitch to which your client connects. An ENI is created for the vSwitch. Make sure that the vSwitch has sufficient idle IP addresses. Otherwise, EAS instances cannot be created.
security_group_id
The ID of the security group to which the ECS instance that hosts your client belongs.
vpc_id
The VPC ID of the client.
Run the following command in the directory in which the JSON file is stored. For more information, see Run commands to use the EASCMD client. The following sample command uses Windows 64.
Create service
eascmdwin64.exe create <service.json>Replace <service.json> with the name of your JSON configuration file.
For information about how to configure VPC for dedicated resource groups that consist of instances that use the ARM architecture, see Enable direct connection for a resource group.
Configure Internet access
By default, EAS online services do not support Internet access. To configure Internet access, perform the following steps:
Optional. Create a VPC and configure Internet access for the VPC.
NoteIf you have a VPC that contains an Internet NAT gateway associated with an EIP, skip this step.
Create a VPC, vSwitch, and security group. For more information, see Create and manage a VPC and Create a security group.
Configure Internet access, see Use the SNAT feature of an Internet NAT gateway to access the Internet.
Configure the VPC for the EAS service, see Configure VPC.
After the VPC is configured, the EAS online service can access the Internet.
Configure a whitelist
If an EAS online service needs to access a cloud service that allows access only from specific IP addresses, you must add the IP address of the EAS online service to a whitelist of the cloud service. This way, the EAS online service can access the cloud service. To configure a whitelist, perform the following steps:
Obtain the public IP address or internal CIDR block of the EAS online service.
Obtain the public IP address of the EAS online service
Log on to the VPC console and follow the instructions shown in the following figure to obtain the public IP address of the EAS online service. The public IP address is the IP address of the EIP that is created and associated with the NAT gateway in the Configure Internet access section.
Obtain the internal CIDR block of the EAS online service
Log on to the VPC console and follow the instructions shown in the following figure to obtain the internal CIDR block of the EAS online service. This internal CIDR block is the CIDR block that is configured for your vSwitch.
Configure a whitelist.
After you obtain the public IP address or internal CIDR block of the EAS online service, you can add the IP address to a whitelist of the cloud service that you want to access.
References
You can configure log collection for a resource group. After the configuration is complete, EAS collects the logs generated by EAS online services that are deployed in the resource group and stores the logs in a Simple Log Service Logstore. For more information, see Configure log collection for a resource group.
EAS online services provide multiple methods that you can use to deploy model services based on your business requirements. For more information, see Overview.