# Google Private Service Connect If you want your hosts in Google Cloud to access the AxoConsole without leaving the Google network, we recommend that you use [Google Cloud Private Service Connect (PSC)]() to secure the connection from your VPC to Axoflow. ## Prerequisites [Contact Axoflow]() and provide the list of projects so we can set up an endpoint for your PSC. You will receive information from us that you’ll need to properly configure your connection. You will also need to allocate a dedicated IP address for the connection in a subnet that’s accessible for the hosts. ## Steps After you have received the details of your target endpoint from Axoflow, complete the following steps to configure Google Cloud Private Service Connect from your VPC to AxoConsole. 1. Open Google Cloud Console and navigate to [Private Service Connect > Connected endpoints](). 2. Select the project you want to connect to Axoflow. 3. Navigate to [Connect endpoint]() and complete the following steps. 1. Select **Target > Published service**. 2. Set **Target service** to the service name you’ve received from Axoflow. The service name should be similar to: `projects/axoflow-shared/regions//serviceAttachments/` 3. **Set Endpoint name** to the name you prefer, or the one recommended by Axoflow. The recommended service name is similar to: `psc-axoflow-` 4. Select your VPC in the **Network** field. 5. Set **Subnet** where the endpoint should appear. Since subnets are regional resources, select a subnet in the region you received from Axoflow. 6. Select **Create IP address** and allocate an address for the endpoint. Save the address, you’ll need it later to verify that the connection is working. 7. Select **Enable global access**. 8. There is no need to enable the **directory API** even if it’s offered by Google. 9. Select **Add endpoint**. 4. Test the connection. 1. Log in to a machine where you want to use the PSC using SSH. 2. Test the connection. Run the following command using the IP address you’ve allocated for the endpoint. ``` curl -vk https:// ``` If the connection is established, you’ll receive an HTTP 404 response. 5. If the connection is established, configure DNS resolution on the hosts either for [selected machines](../../../docs/axoflow/onboard-hosts/secure-cloud-sources/google-psc/index.md#selected-machines) or the [whole VPC](../../../docs/axoflow/onboard-hosts/secure-cloud-sources/google-psc/index.md#whole-vpc). ### Setting up selected machines to use the PSC 1. Add the following entry to the `/etc/hosts` file of the machine. ```

.cloud.axoflow.io kcp..cloud.axoflow.io telemetry..cloud.axoflow.io ``` 2. Run the following command to test DNS resolution: ``` curl -v https://.cloud.axoflow.io ``` It should load an HTML page from the IP address of the endpoint. 3. If the host is running axolet, restart it by running: ``` sudo systemctl restart axolet.service ``` Check the axolet logs to verify that there’re no errors: ``` sudo journalctl -fu axolet ``` 4. Deploy the changes of the `/etc/hosts` file to all your VMs. ### Setting up whole VPC networks to use the PSC 1. Open Google Cloud Console and in the _Cloud DNS_ service navigate to the _Create a DNS zone_ page. 2. Create a new _private_ zone with the _zone name_ `.cloud.axoflow.io`, and select the networks you want to use the PSC in. 3. Add the following three _A records_ , all of which targeted to the ``: * `.cloud.axoflow.io` * `kcp..cloud.axoflow.io` * `telemetry..cloud.axoflow.io`