On-Premise SDK Usage

Arize SDK with Private VPC Deployment (On-Premise)

Using a private endpoint

When deploying Arize within a private VPC, you must specify the Arize receiver endpoint using the 'uri' parameter when initializing the SDK client.

URI = "https://<arize-private-receiver-endpoint>/v1"
arize_client = Client(space_key=SPACE_KEY, api_key=API_KEY, uri=URI)

Using a self-signed certificate

If encountering a CERTIFICATE_VERIFY_FAILED error while logging data to Arize, it's likely that the endpoint is using a self-signed certificate. To verify this, temporarily disable certificate validation by setting the request_verify parameter to false.

arize_client = Client(space_key=SPACE_KEY, api_key=API_KEY, uri=URI, request_verify=False)

The best practice is to provide the SDK with the private root certificate that was used to sign the endpoint certificate. This root certificate is typically managed by the security team and is common across environments. Use the request_verify parameter to specify the file path to the root certificate.

arize_client = Client(space_key=SPACE_KEY, api_key=API_KEY, uri=URI, request_verify="cert.pem")

If providing the root certificate doesn't resolve the issue or is not an option, an alternative approach is to extract the certificate directly from the endpoint and create the cert.pem file.

echo | openssl s_client -showcerts -state -connect <arize-private-receiver-endpoint>:443 -prexit > cert.pem

Arize OTEL SDK with Private VPC Deployment (On-Premise)

Using a private endpoint

When deploying Arize within a private VPC, you must specify the Arize OTLP endpoint using the 'endpoint' parameter when registering the trace provider.

tracer_provider = register(
    endpoint = "https://<arize-private-otlp-endpoint>/v1",
    space_id = SPACE_ID,
    ...
)

Using a self-signed certificate

If encountering a CERTIFICATE_VERIFY_FAILED error while logging traces to Arize, it's likely that the endpoint is using a self-signed certificate. To resolve this, provide the private root certificate that was used to sign the endpoint certificate. This root certificate is typically managed by the security team and is common across environments. Use the OTEL_EXPORTER_OTLP_CERTIFICATE environment variable to specify the file path to the root certificate in python.

os.environ["OTEL_EXPORTER_OTLP_CERTIFICATE"]="cert.pem"

If providing the root certificate doesn't resolve the issue or is not an option, an alternative approach is to extract the certificate directly from the endpoint and create the cert.pem file.

echo | openssl s_client -showcerts -state -connect <arize-private-receiver-endpoint>:443 -prexit > cert.pem

Arize FlightServer with Private VPC Deployment (On-Premise)

Using a private endpoint

When deploying Arize within a private VPC, you must specify the Arize Flight Server endpoint using the 'host' parameter when creating the exporter client. Do not include 'http://' or 'https://' in the host parameter.

client = ArizeExportClient(host='<arize-private-flight-endpoint>', ...)

# OR 

client = ArizeDatasetsClient(host='<arize-private-flight-endpoint>',...)

Using a self-signed certificate

If encountering a "certificate verify failed" error while exporting or importing data to Arize, it's likely that the endpoint is using a self-signed certificate. To resolve this, provide the private root certificate that was used to sign the endpoint certificate. This root certificate is typically managed by the security team and is common across environments. Use the GRPC_DEFAULT_SSL_ROOTS_FILE_PATH environment variable to specify the file path to the root certificate in python.

os.environ["GRPC_DEFAULT_SSL_ROOTS_FILE_PATH"]="cert.pem"

If providing the root certificate doesn't resolve the issue or is not an option, an alternative approach is to extract the certificate directly from the endpoint and create the cert.pem file.

echo | openssl s_client -showcerts -state -connect <arize-private-flight-endpoint>:443 -prexit > cert.pem