Direct connectivity is a connection solution that allows high-performance, authenticated, direct gRPC network connections between a Trusted Cloud by S3NS client library and Cloud Storage, resulting in lower latency and connection overhead. When you use gRPC to connect to Trusted Cloud by S3NS using direct connectivity, requests initiated through supported Trusted Cloud by S3NS client libraries are routed directly to Cloud Storage, bypassing Google Front Ends (GFEs).
Direct connectivity is only available for requests made from Compute Engine virtual machines (VMs).
Requirements for direct connectivity
Direct connectivity is enabled by default when you use supported Cloud Storage client libraries to connect to Cloud Storage, but becomes available only if the following conditions are all met:
The Compute Engine VMs interacting with Cloud Storage must have an attached service account, even if the service account has no permissions. The service account is used to represent the Compute Engine VM in the Application Layer Transport Security handshake process.
The Compute Engine VMs interacting with a Cloud Storage bucket must be co-located with the bucket. For example, if the bucket is in
us-central1, the VM can be located inus-central1-a.Your routes and firewall rules allow IPv4 traffic to reach
34.126.0.0/18and IPv6 traffic to reach2001:4860:8040::/42. In addition, traffic must be allowed to reach the endpointsstorage.googleapis.com:443anddirectpath-pa.googleapis.com:443.For information about setting up routes, see Configure routes.