If you set the Resource Quota parameter to Public Resources when you create a Data Science Workshop (DSW) instance, you must configure network settings. This topic describes how to select a network configuration solution based on your business requirements.
DSW network architecture
The following figure shows the DSW network architecture.
DSW instances are deployed in the virtual private cloud (VPC) of the service account. By default, the instances can access the Internet by using the shared Internet gateway. You are not charged for the shared Internet gateway. DSW also allows you to connect to your VPC and access the Internet by using the private Internet gateway of your VPC. However, this requires additional configurations.
Usage notes
The following table describes multiple network configuration solutions that you can choose from based on your business requirements.
Scenario | Solution | References | ||
|
|
| ||
If you do not have requirements such as access to resources in a VPC and SSH logon when you use a DSW instance, you can skip the network configuration. Suitable for most cases. | N/A | The public gateway is automatically used. | N/A | N/A |
If you want to connect the DSW instance to your VPC, you must select a VPC, a security group, and a vSwitch. This allows the DSW instance to access private resources in the VPC, such as databases and application servers. | Select the VPC, security group, and vSwitch that you want to use. | Select a public gateway. | N/A | N/A |
If you want to accelerate the upload and download of models and data for the DSW instance, you can select a private Internet gateway and configure an outbound network, such as an Internet NAT gateway and an SNAT entry. This increases the bandwidth and reduces network congestion. | Select the VPC, security group, and vSwitch that you want to use. | Select a private Internet gateway. You must create an Internet NAT gateway, associate an elastic IP address (EIP) with the DSW instance, and configure an SNAT entry. | N/A | Configure a DSW instance to access the Internet by using a private NAT gateway |
If you do not want to allow Internet access for the DSW instance, you can set the Internet gateway to a private gateway when you create the DSW instance and do not configure an outbound network, such as an Internet NAT gateway or SNAT entries in the specified VPC. This ensures that the DSW instance can only access data in the VPC and cannot access the Internet. | Select the VPC, security group, and vSwitch that you want to use. | Select a private Internet gateway, and do not configure a NAT gateway, an EIP, or SNAT entries. | N/A | Configure a DSW instance to access the Internet by using a private NAT gateway |
You want to connect to a DSW instance in a VPC, such as using an Elastic Computing Service (ECS) instance to access the DSW instance from within the same VPC. | Select the VPC, security group, and vSwitch that you want to use. | N/A | Turn on SSH Configuration, enter the public key generated on the client, and then select Logon over VPC. | |
If you want to connect to a DSW instance over the Internet, for example, use an on-premises command line tool or an integrated development environment (IDE) to access the instance. | Select the VPC, security group, and vSwitch that you want to use. | N/A | Turn on the SSH Configuration, enter the public key generated on the client, and select Logon over the Internet. | |