I organized the delivery methods for Vertex AI Search Engine
This page has been translated by machine translation. View original
Provision Methods
The provision methods for Vertex AI Search engines are broadly divided into the following three categories:
Google Service Integration
Using the engine through Google services such as Gemini Enterprise and Google Chat.
| Provision Method | Authentication | Development Scale |
|---|---|---|
| Sharing with Gemini Enterprise | Google account authentication | None |
| Google Chat (Workspace addon) | Google account authentication | Small |
Widget
Embedding the search UI in a website.
| Provision Method | Authentication | Development Scale |
|---|---|---|
| Widget (Public) | None | Small |
| Widget (Authenticated) | OAuth or JWT | Medium |
Integration
Integrating search functionality into your own application using API or MCP.
| Provision Method | Authentication | Development Scale |
|---|---|---|
| API (Discovery Engine) | Service account | Medium-Large |
| MCP (Model Context Protocol) | Service account | Medium-Large |
Let's look at each process.
Sharing with Gemini Enterprise
This is a method to share your Vertex AI Search engine with Gemini Enterprise. Shared users can directly use the agent on the Gemini Enterprise web application. No development work is required, making this the simplest provision method.
Gemini Enterprise is a Google Cloud platform independent of Google Workspace that allows centralized management of agent publishing and governance.
Features
- No additional infrastructure setup or development required
- Available in Gemini Enterprise Business / Standard / Plus editions
- Administrator can control access permissions to agents
- Limited UI customization options
Google Chat (Workspace Addon)
This method provides Vertex AI Search functionality as a Google Chat addon. Apps Script acts as an intermediary to call the Vertex AI Search backend.
The backend can be called in various ways depending on implementation - directly calling the Discovery Engine API, through ADK agent, via MCP, etc. - depending on requirements.
Features
- Available on Workspace plans that support addons
- Requires some development work to build the Apps Script addon
- Access restrictions for company accounts are automatically applied as it relies on Google Workspace authentication
- Can be extended to other Workspace services, such as Gmail sidebars
Widget Provision
Vertex AI Search provides a Widget feature that allows embedding search UI as a web component in websites. There are two patterns based on authentication method: public (no authentication) and OAuth/JWT authentication.
Public (No Authentication)
This is the easiest method. It works by simply pasting the generated code snippet into your HTML.
While convenient, there are some cautions:
- The Widget JavaScript code is exposed to the browser, allowing external access by those with knowledge
- You can restrict domains allowed to use the Widget in VAIS settings, but this is not complete protection
- Not suitable for data stores containing sensitive information
This is fine for public FAQs or demo purposes, but consider authenticated methods for handling confidential data.
OAuth / JWT Authentication
Using Widget with authentication requires a server to issue tokens. The choice between OAuth and JWT depends on whether a service account can be used in your environment.
- OAuth: For environments like Cloud Run where service accounts can be used. Tokens are issued with service account permissions.
- JWT: For environments where service accounts cannot be used directly. JWT is signed and issued using service account credentials (private key).
The token handover process is common to both methods.
Configuration Points
- Deploy Token API to Cloud Run, etc., and issue tokens only to authenticated users
- With JWT method, service account credentials need to be managed securely
Note that static sites like Google Sites cannot make authenticated access to the token API, so using authenticated Widget requires a site capable of dynamic server-side processing.
Integration
Methods to incorporate engine functionality into your own application instead of using Widget.
API (Discovery Engine)
This method directly calls the Discovery Engine API. It allows fine control of search parameters and custom formatting of search results, offering the highest degree of flexibility. While you can call Vertex AI Search as a tool from ADK (Agent Development Kit), ADK is a general framework for building agents, so this section focuses on direct API calls.
Features
- Fine control over search parameters (number of results, extractive answers, summary language, etc.)
- Freedom to customize chat UI and search result formats
MCP (Model Context Protocol)
This method uses Vertex AI Search functionality via the MCP server (discoveryengine.googleapis.com/mcp). Using ADK's McpToolset, you can incorporate MCP-based search as a tool for agents. (This is a preview feature at the time of writing.)
search and conversational_search are provided as MCP tools, allowing use of search functionality without directly handling the Discovery Engine API.
Features
- Easy integration as an agent tool using ADK's
McpToolset - Direct search is also possible from MCP-compatible clients like Gemini CLI and Claude Code
Summary
I've organized the provision methods for Vertex AI Search engines. Though it's simple when summarized, Vertex AI Search is integrated with various Google platforms, and I had to spend considerable time studying documentation to investigate Widget authentication methods and secure application provision.
Incidentally, there is also a method to reference data stores from Vertex AI's Agent Builder, but as it's currently limited to data store-level references and doesn't support engines (apps), I've omitted it from this article.
I hope this article proves useful.