Merge pull request #275755 from Blackmist/ssh-private-ip

Ssh private ip

Author: v-regandowner

articles/ai-studio/how-to/configure-private-link.md

@@ -271,6 +271,8 @@ If you need to configure custom DNS server without DNS forwarding, use the follo
     > * Compute instances can be accessed only from within the virtual network.
     > * The IP address for this FQDN is **not** the IP of the compute instance. Instead, use the private IP address of the workspace private endpoint (the IP of the `*.api.azureml.ms` entries.)
 
+* `<instance-name>.<region>.instances.azureml.ms` - Only used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network. Not needed if you are not using a managed network or SSH connections.
+
 * `<managed online endpoint name>.<region>.inference.ml.azure.com` - Used by managed online endpoints
 
 To find the private IP addresses for your A records, see the [Azure Machine Learning custom DNS](../../machine-learning/how-to-custom-dns.md#find-the-ip-addresses) article.

articles/machine-learning/how-to-access-terminal.md

@@ -37,15 +37,15 @@ To access the terminal:
     :::image type="content" source="media/how-to-use-terminal/open-terminal-window.png" alt-text="Open terminal window":::
 
 1. When a compute instance is running, the terminal window for that compute instance appears.
-1. When no compute instance is running, use the **Compute** section on the right to start or create a compute instance.
+1. When no compute instance is running, use the **Compute** section to start or create a compute instance.
     :::image type="content" source="media/how-to-use-terminal/start-or-create-compute.png" alt-text="Start or create a compute instance":::
 
-In addition to the steps above, you can also access the terminal from:
+In addition to the previous steps, you can also access the terminal from:
 
 * RStudio or Posit Workbench (formerly RStudio Workbench) (See [Add custom applications such as RStudio or Posit Workbench)](how-to-create-compute-instance.md?tabs=python#add-custom-applications-such-as-rstudio-or-posit-workbench)): Select the **Terminal** tab on top left.
 * Jupyter Lab:  Select the **Terminal** tile under the **Other** heading in the Launcher tab.
 * Jupyter:  Select **New>Terminal** on top right in the Files tab.
-* SSH to the machine, if you enabled SSH access when the compute instance was created.
+* SSH to the machine, if you enabled SSH access when the compute instance was created. If the compute instance is in a managed virtual network and doesn't have a public IP address, use the `az ml compute connect-ssh` command to connect to the compute instance.
 
 ## Copy and paste in the terminal
 
@@ -55,7 +55,7 @@ In addition to the steps above, you can also access the terminal from:
 
 ## <a name=git></a> Use files from Git and version files
 
-Access all Git operations from the terminal. All Git files and folders will be stored in your workspace file system. This storage allows you to use these files from any compute instance in your workspace.
+Access all Git operations from the terminal. All Git files and folders are stored in your workspace file system. This storage allows you to use these files from any compute instance in your workspace.
 
 > [!NOTE]
 > Add your files and folders anywhere under the **~/cloudfiles/code/Users** folder so they will be visible in all your Jupyter environments.
@@ -64,7 +64,7 @@ To integrate Git with your Azure Machine Learning workspace, see  [Git integrati
 
 ## Install packages
 
- Install packages from a terminal window. Install packages into the kernel that you want to use to run your notebooks.  The default kernel is **python310-sdkv2**.  
+ Install packages from a terminal window. Install packages into the kernel that you want to use to run your notebooks. The default kernel is **python310-sdkv2**.  
 
 Or you can install packages directly in Jupyter Notebook, RStudio, or Posit Workbench (formerly RStudio Workbench):
 
@@ -81,13 +81,13 @@ Or you can install packages directly in Jupyter Notebook, RStudio, or Posit Work
 
 To add a new Jupyter kernel to the compute instance:
 
-1. Use the terminal window to create a new environment.  For example, the code below creates `newenv`:
+1. Use the terminal window to create a new environment. For example, the following command creates `newenv`:
 
     ```shell
     conda create --name newenv
     ```
 
-1. Activate the environment.  For example, after creating `newenv`:
+1. Activate the environment. For example, after creating `newenv`:
 
     ```shell
     conda activate newenv
@@ -105,13 +105,13 @@ Any of the [available Jupyter Kernels](https://github.com/jupyter/jupyter/wiki/J
 
 To add a new R kernel to the compute instance:
 
-1. Use the terminal window to create a new environment. For example, the code below creates `r_env`:
+1. Use the terminal window to create a new environment. For example, the following command creates `r_env`:
 
     ```shell
     conda create -n r_env r-essentials r-base
     ```
 
-1. Activate the environment.  For example, after creating `r_env`:
+1. Activate the environment. For example, after creating `r_env`:
 
     ```shell
     conda activate r_env
@@ -135,7 +135,7 @@ To add a new R kernel to the compute instance:
     q()
     ```
 
-It will take a few minutes before the new R kernel is ready to use.  If you get an error saying it is invalid, wait and then try again.
+It takes a few minutes before the new R kernel is ready to use. If you get an error saying it's invalid, wait and then try again.
 
 For more information about conda, see [Using R language with Anaconda](https://docs.anaconda.com/free/anaconda/packages/using-r-language/). For more information about IRkernel, see [Native R kernel for Jupyter](https://cran.r-project.org/web/packages/IRkernel/readme/README.html).
 
@@ -144,7 +144,7 @@ For more information about conda, see [Using R language with Anaconda](https://d
 > [!WARNING]
 > While customizing the compute instance, make sure you do not delete conda environments or jupyter kernels that you didn't create.
 
-To remove an added Jupyter kernel from the compute instance, you must remove the kernelspec, and (optionally) the conda environment. You can also choose to keep the conda environment. You must remove the kernelspec, or your kernel will still be selectable and cause unexpected behavior.
+To remove an added Jupyter kernel from the compute instance, you must remove the kernelspec, and (optionally) the conda environment. You can also choose to keep the conda environment. You must remove the kernelspec, or your kernel is still selectable and cause unexpected behavior.
 
 To remove the kernelspec:
 
@@ -174,11 +174,11 @@ To also remove the conda environment:
     conda env remove -n ENV_NAME
     ```
 
-Upon refresh, the kernel list in your notebooks view should reflect the changes you have made.
+Upon refresh, the kernel list in your notebooks view should reflect the changes you made.
 
 ## Manage terminal sessions
 
-Terminal sessions can stay active if terminal tabs are not properly closed. Too many active terminal sessions can impact the performance of your compute instance.
+Terminal sessions can stay active if terminal tabs aren't properly closed. Too many active terminal sessions can impact the performance of your compute instance.
 
 Select **Manage active sessions** in the terminal toolbar to see a list of all active terminal sessions and shut down the sessions you no longer need.
 

articles/machine-learning/how-to-custom-dns.md

@@ -75,20 +75,23 @@ Access to a given Azure Machine Learning workspace via Private Link is done by c
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.api.azureml.ms```
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.cert.api.azureml.ms```
 - ```<compute instance name>.<region the workspace was created in>.instances.azureml.ms```
+- `<compute instance name>-22.<region the workspace was created in>.instances.azureml.ms` - Used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network.
 - ```ml-<workspace-name, truncated>-<region>-<per-workspace globally-unique identifier>.<region>.notebooks.azure.net```
 - ```<managed online endpoint name>.<region>.inference.ml.azure.com``` - Used by managed online endpoints
 
 **Microsoft Azure operated by 21Vianet regions**:
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.api.ml.azure.cn```
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.cert.api.ml.azure.cn```
 - ```<compute instance name>.<region the workspace was created in>.instances.azureml.cn```
+- `<compute instance name>-22.<region the workspace was created in>.instances.azureml.cn` - Used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network.
 - ```ml-<workspace-name, truncated>-<region>-<per-workspace globally-unique identifier>.<region>.notebooks.chinacloudapi.cn```
 - ```<managed online endpoint name>.<region>.inference.ml.azure.cn``` - Used by managed online endpoints
 
 **Azure US Government regions**:
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.api.ml.azure.us```
 - ```<per-workspace globally-unique identifier>.workspace.<region the workspace was created in>.cert.api.ml.azure.us```
 - ```<compute instance name>.<region the workspace was created in>.instances.azureml.us```
+- `<compute instance name>.<region the workspace was created in>.instances.azureml.us` - Used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network.
 - ```ml-<workspace-name, truncated>-<region>-<per-workspace globally-unique identifier>.<region>.notebooks.usgovcloudapi.net```
 - ```<managed online endpoint name>.<region>.inference.ml.azure.us``` - Used by managed online endpoints
 
@@ -134,7 +137,7 @@ The following list contains the fully qualified domain names (FQDNs) used by you
     > [!NOTE]
     > * Compute instances can be accessed only from within the virtual network.
     > * The IP address for this FQDN is **not** the IP of the compute instance. Instead, use the private IP address of the workspace private endpoint (the IP of the `*.api.azureml.ms` entries.)
-
+* `<instance-name>-22.<region>.instances.azureml.ms` - Only used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network. Not needed if you are not using a managed network or SSH connections.
 * `<managed online endpoint name>.<region>.inference.ml.azure.com` - Used by managed online endpoints
 
 #### Microsoft Azure operated by 21Vianet region
@@ -152,6 +155,7 @@ The following FQDNs are for Microsoft Azure operated by 21Vianet regions:
 
    * The IP address for this FQDN is **not** the IP of the compute instance. Instead, use the private IP address of the workspace private endpoint (the IP of the `*.api.azureml.ms` entries.)
 
+* `<instance-name>-22.<region>.instances.azureml.cn` - Only used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network. Not needed if you are not using a managed network or SSH connections.
 * `<managed online endpoint name>.<region>.inference.ml.azure.cn` - Used by managed online endpoints
 
 #### Azure US Government
@@ -167,6 +171,8 @@ The following FQDNs are for Azure US Government regions:
 * `<instance-name>.<region>.instances.azureml.us`
     > * The IP address for this FQDN is **not** the IP of the compute instance. Instead, use the private IP address of the workspace private endpoint (the IP of the `*.api.azureml.ms` entries.)
 
+* `<instance-name>-22.<region>.instances.azureml.us` - Only used by the `az ml compute connect-ssh` command to connect to computes in a managed virtual network. Not needed if you are not using a managed network or SSH connections.
+
 * `<managed online endpoint name>.<region>.inference.ml.azure.us` - Used by managed online endpoints
 
 ### Find the IP addresses

articles/machine-learning/how-to-manage-compute-instance.md

@@ -145,6 +145,10 @@ For each compute instance in a workspace that you created (or that was created f
 
 * Access Jupyter, JupyterLab, RStudio on the compute instance.
 * SSH into compute instance. SSH access is disabled by default but can be enabled at compute instance creation time. SSH access is through public/private key mechanism. The tab gives you details for SSH connection such as IP address, username, and port number. In a virtual network deployment, disabling SSH prevents SSH access from public internet. You can still SSH from within virtual network using private IP address of compute instance node and port 22.
+
+    > [!TIP]
+    > If the compute instances is in a *managed* virtual network and the public IP address is disabled, use the `az ml compute connect-ssh` command to connect to the compute instance.
+
 * Select the compute name to:
     * View details about a specific compute instance such as IP address, and region.
     * Create or modify the schedule for starting and stopping the compute instance. Scroll down to the bottom of the page to edit the schedule.

articles/machine-learning/how-to-managed-network-compute.md

@@ -158,6 +158,7 @@ You can't create a compute cluster or compute instance from the Azure portal. In
 ## Limitations
 
 * Creating a compute cluster in a different region than the workspace isn't supported when using a managed virtual network.
+* If the compute is in a managed network and also configured for no public IP, use the `az ml compute connect-ssh` command to connect to the compute instance over SSH.
 
 ### Migration of compute resources
 

articles/machine-learning/how-to-managed-network.md

@@ -1104,6 +1104,7 @@ The Azure Machine Learning managed VNet feature is free. However, you're charged
 * Creating a compute cluster in a different region than the workspace isn't supported when using a managed VNet.
 * Kubernetes and attached VMs aren't supported in an Azure Machine Learning managed VNet.
 * Using FQDN outbound rules increases the cost of the managed VNet because FQDN rules use Azure Firewall. For more information, see [Pricing](#pricing).
+* If your compute instance is in a managed network and is configured for no public IP, use the `az ml compute connect-ssh` command to connect to it using SSH.
 
 ### Migration of compute resources