You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-managed-network.md
+9-4Lines changed: 9 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -50,7 +50,7 @@ The following diagram shows a managed virtual network configured to __allow only
50
50
51
51
### Azure Machine Learning studio
52
52
53
-
If you have inbound communication with your workspace from clients in an Azure Virtual Network, and those clients will be using Azure Machine Learning studio, create a _private endpoint_ or _service endpoint_ for the default storage account in the virtual network.
53
+
If you want to use the integrated notebook or create datasets in the default storage account from studio, your client needs access to the default storage account. Create a _private endpoint_ or _service endpoint_ for the default storage account in the Azure Virtual Network that the clients use.
54
54
55
55
Part of Azure Machine Learning studio runs locally in the client's web browser, and communicates directly with the default storage for the workspace. Creating a private endpoint or service endpoint for the default storage account in the virtual network ensures that the client can communicate with the storage account.
56
56
@@ -132,7 +132,7 @@ Before following the steps in this article, make sure you have the following pre
132
132
## Configure a managed virtual network to allow internet outbound
133
133
134
134
> [!IMPORTANT]
135
-
> The creation of the managed virtual network is deferred until a compute resource is created or provisioning is manually started. __If you plan to submit serverless spark jobs__, [Manually start provisioning](#configure-for-serverless-spark-jobs).
135
+
> The creation of the managed virtual network is deferred until a compute resource is created or provisioning is manually started. If you want to provision the managed virtual network and private endpoints, use the `az ml workspace provision` command from the Azure CLI. For example, `az ml workspace provision --name ws --resource-group rg`.
136
136
137
137
# [Azure CLI](#tab/azure-cli)
138
138
@@ -880,12 +880,16 @@ __Outbound__ service tag rules:
880
880
__Inbound__ service tag rules:
881
881
* `AzureMachineLearning`
882
882
883
-
## List of recommended outbound rules
883
+
## List of scenario specific outbound rules
884
+
885
+
### Scenario: Access public machine learning packages
884
886
885
887
To allow installation of __Python packages for training and deployment__, add outbound _FQDN_ rules to allow traffic to the following host names:
### Scenario: Use Visual Studio Code desktop or web with compute instance
892
+
889
893
If you plan to use __Visual Studio Code__ with Azure Machine Learning, add outbound _FQDN_ rules to allow traffic to the following hosts:
890
894
891
895
* `*.vscode.dev`
@@ -901,12 +905,13 @@ If you plan to use __Visual Studio Code__ with Azure Machine Learning, add outbo
901
905
* `*.vo.msecnd.net`
902
906
* `marketplace.visualstudio.com`
903
907
908
+
### Scenario: Use batch endpoints
909
+
904
910
If you plan to use __Azure Machine Learning batch endpoints__ for deployment, add outbound _private endpoint_ rules to allow traffic to the following sub resources for the default storage account:
905
911
906
912
* `queue`
907
913
* `table`
908
914
909
-
If you plan to use __Azure AI services__, including __Azure Cognitive Search__, __Content Safety__, and __Azure Open AI__
0 commit comments