MicrosoftDocs
diff --git a/‎articles/ai-studio/concepts/ai-resources.md
Lines changed: 16 additions & 7 deletions b/‎articles/ai-studio/concepts/ai-resources.md
Lines changed: 16 additions & 7 deletions
diff --git a/‎articles/ai-studio/concepts/architecture.md
Lines changed: 37 additions & 30 deletions b/‎articles/ai-studio/concepts/architecture.md
Lines changed: 37 additions & 30 deletions
diff --git a/‎articles/ai-studio/how-to/model-catalog-overview.md
Lines changed: 1 addition & 1 deletion b/‎articles/ai-studio/how-to/model-catalog-overview.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎articles/ai-studio/media/concepts/connected-resources-spog.png
278 KB b/‎articles/ai-studio/media/concepts/connected-resources-spog.png
278 KB
diff --git a/‎articles/ai-studio/toc.yml
Lines changed: 26 additions & 24 deletions b/‎articles/ai-studio/toc.yml
Lines changed: 26 additions & 24 deletions
diff --git a/‎articles/aks/TOC.yml
Lines changed: 3 additions & 0 deletions b/‎articles/aks/TOC.yml
Lines changed: 3 additions & 0 deletions
@@ -18,18 +18,27 @@ author: Blackmist
 
 [!INCLUDE [Feature preview](~/reusable-content/ce-skilling/azure/includes/ai-studio/includes/feature-preview.md)]
 
-The Azure AI Studio hub is the top-level Azure resource for AI Studio and provides the working environment for a team to build and manage AI applications. In Azure, resources enable access to Azure services for individuals and teams. Resources also provide a container for billing, security configuration, and monitoring. The hub also connects to Azure and third party resources, bringing the resources you need together in Azure AI Studio.
+Hubs are the primary top-level Azure resource for AI studio and provide a central way for a team to govern security, connectivity, and computing resources across playgrounds and projects. Once a hub is created, it is enables developers to self-service create projects and access shared company resources without needing an IT administrator's repeated help.
+
+Project workspaces that are created using a hub inherit the same security settings and shared resource access. Teams can create project workspaces as needed to organize their work, isolate data, and/or restrict access. 
 
 In this article, you learn more about hub capabilities, and how to set up a hub for your organization. You can see the resources created in the [Azure portal](https://portal.azure.com/) and in [Azure AI Studio](https://ai.azure.com).
 
-## Collaboration environment for a team
+## Rapid AI use case exploration without IT bottlenecks
+
+Successful AI applications and models typically start as prototypes, with developers testing the feasibility of an idea or assessing the quality of data or a model for a particular task. This is a steppingstone towards project funding or a full-scale implementation.
+
+The transition from proving the feasibility of an idea to a funded project is where many organizations encounter a bottleneck in productivity, because a single platform team is responsible for the setup of cloud resources. Such a team may be the only one authorized to configure security, connectivity or other resources that may incur costs. This can cause a huge backlog, resulting in development teams getting blocked on innovating with a new idea. In Azure AI Studio, hubs help mitigate this bottleneck. IT can set up a pre-configured, reusable environment, or hub, for a team one time, and a team can use that hub to create their own projects for prototyping, building, and operating AI applications.
+
+## Set up and secure a hub for your team
+
+Get started by [creating your first hub in Azure AI Studio](../how-to/create-azure-ai-resource.md), or use [Azure Portal](../how-to/create-secure-ai-hub.md) or [templates](../how-to/create-azure-ai-hub-template.md) for advanced configuration options. You can customize networking, identity, encryption, monitoring or tags, to meet compliance with your organization’s requirements.
 
-The hub provides the collaboration environment for a team to build and manage AI applications, catering to two personas:
+Often, projects in a business domain require access to the same company resources such as vector indices, model endpoints or repos. As a team lead, you can pre-configure connectivity with these resources within a hub, so developers can access them from any new project workspace without delay on IT.
 
-* To AI developers, the hub provides the working environment for building AI applications granting access to various tools for AI model building. Tools can be used together, and lets you use and produce shareable components including datasets, indexes, models. A hub allows you to configure connections to external resources, provide compute resources used by tools and [endpoints, and access keys to prebuilt AI models](#azure-ai-services-api-access-keys). When you use an Azure AI Studio project to customize AI capabilities, a hub hosts the project and can access the same shared resources.
-* To IT administrators, team leads and risk officers, the hub provides a single pane of glass on projects created by a team. The team can audit connections that are in use to external resources and other governance controls to help meet cost and compliance requirements. Security settings are configured on the hub, and once set up apply to all projects created under it, allowing administrators to enable developers to self-serve create projects to organize work.
+[Connections](connections.md) let you access objects in AI Studio that are managed outside of your hub. For example, uploaded data on an Azure storage account, or model deployments on an existing Azure OpenAI resource. A connection can be shared with every project or made accessible to one specific project, with the option to configure key-based access or EntraID-passthrough to authorize access to users on the connected resource. Plus, as an administrator, you can track, audit, and manage connections across projects using your hub.
 
-## Central setup and management concepts
+## Shared Azure resources and configurations
 
 Various management concepts are available on hubs to support team leads and admins to centrally manage a team's environment. 
 
@@ -98,7 +107,7 @@ When you create a new hub, a set of dependent Azure resources are required to st
 
 ## Managing cost
 
-Azure AI costs accrue by [various Azure resources](#central-setup-and-management-concepts). 
+Azure AI costs accrue by [various Azure resources](#azure-ai-dependencies). 
 
 In general, a hub and project don't have a fixed monthly cost, and you're only charged for usage in terms of compute hours and tokens used. Azure Key Vault, Storage, and Application Insights charge transaction and volume-based, dependent on the amount of data stored with your projects. 
 
 
@@ -13,52 +13,44 @@ ms.author: larryfr
 author: Blackmist
 ---
 
-# Azure AI Studio architecture
-
-[!INCLUDE [Feature preview](~/reusable-content/ce-skilling/azure/includes/ai-studio/includes/feature-preview.md)]
+# Azure AI Studio architecture 
 
 AI Studio provides a unified experience for AI developers and data scientists to build, evaluate, and deploy AI models through a web portal, SDK, or CLI. It's built on capabilities and services provided by other Azure services.
 
-The top level AI Studio resources (hub and project) are based on Azure Machine Learning. Other resources, such as Azure OpenAI, Azure AI services, and Azure AI Search, are used by the hub and project.
-
-- **AI Studio hub**: The hub is the top-level resource in AI Studio. The Azure resource provider for a hub is `Microsoft.MachineLearningServices/workspaces`, and the kind of resource is `Hub`. It provides the following features:
-    - Data upload and artifact storage.
-    - Hub-scoped connections to Azure services such as Azure OpenAI, Azure AI services, and Azure AI Search.
-    - Base model endpoints for Azure OpenAI, Speech, and Vision.
-    - Compute resources.
-    - Security and governance.
-- **AI Studio project**: A project is a child resource of the hub. The Azure resource provider for a project is `Microsoft.MachineLearningServices/workspaces`, and the kind of resource is `Project`. It inherits the hub's connections, and compute resources. When a new project is created from the hub, the security settings of the hub are applied to it. The project provides the following features:
-    - Groups of components such as datasets, models, and indexes.
-    - An isolated data container (within the storage inherited from the hub).
-    - Project-scoped connections. For example, a project might need access to data stored in a separate Azure Storage account.
+The top level AI Studio resources (hub and project) are based on Azure Machine Learning. Connected resources, such as Azure OpenAI, Azure AI services, and Azure AI Search, are used by the hub and project in reference, but follow their own resource management lifecycle.
+
+- **AI hub**: The hub is the top-level resource in AI Studio. The Azure resource provider for a hub is `Microsoft.MachineLearningServices/workspaces`, and the kind of resource is `Hub`. It provides the following features:
+    - Security configuration including a managed network that spans projects and model endpoints.
+    - Compute resources for interactive development, finetuning, open source and serverless model deployments.
+    - Connections to other Azure services such as Azure OpenAI, Azure AI services, and Azure AI Search. Hub-scoped connections are shared can be used by all projects.
+    - Project management. A hub can have multiple child projects.
+    - An associated Azure storage account for data upload and artifact storage.
+- **AI project**: A project is a child resource of the hub. The Azure resource provider for a project is `Microsoft.MachineLearningServices/workspaces`, and the kind of resource is `Project`. The project provides the following features:
+    - Access to development tools for building and customizing AI applications.   
+    - Reusable components including datasets, models, and indexes.
+    - An isolated container to upload data to (within the storage inherited from the hub).
+    - Project-scoped connections. For example, project members might need private access to data stored in an Azure Storage account without giving that same access to other projects.
     - Open source model deployments from catalog and fine-tuned model endpoints.
 
-A hub can have multiple child projects. Each project can have its own set of project-scoped connections.
-
 :::image type="content" source="../media/concepts/resource-provider-connected-resources.svg" alt-text="Diagram of the relationship between AI Studio resources." :::
 
-### Microsoft-hosted resources
+### Centrally setup and govern using hubs
 
-While most of the resources used by Azure AI Studio live in your Azure subscription, some resources are in an Azure subscription managed by Microsoft. This subscription provides some of the services used by Azure AI Studio. The following resources are in the Microsoft-managed Azure subscription, and don't appear in your Azure subscription:
+Hubs provide a central way for a team to govern security, connectivity, and computing resources across playgrounds and projects. Projects that are created using a hub inherit the same security settings and shared resource access. Teams can create as many projects as needed to organize work, isolate data, and/or restrict access.
 
-- **Managed compute resources**: Provided by Azure Batch resources in the Microsoft subscription.
-- **Managed virtual network**: Provided by Azure Virtual Network resources in the Microsoft subscription. If FQDN rules are enabled, an Azure Firewall (standard) is added and charged to your subscription. For more information, see [Configure a managed virtual network for Azure AI Studio](../how-to/configure-managed-network.md).
-- **Metadata storage**: Provided by Azure Cosmos DB, Azure AI Search, and Azure Storage Account in the Microsoft subscription. 
+Often, projects in a business domain require access to the same company resources such as vector indices, model endpoints or repos. As a team lead, you can pre-configure connectivity with these resources within a hub, so developers can access them from any new project workspace without delay on IT.
 
-    > [!NOTE]
-    > If you use customer-managed keys, the metadata storage resources are created in your subscription. For more information, see [Customer-managed keys](../../ai-services/encryption/cognitive-services-encryption-keys-portal.md?context=/azure/ai-studio/context/context).
+[Connections](connections.md) let you access objects in AI Studio that are managed outside of your hub. For example, uploaded data on an Azure storage account, or model deployments on an existing Azure OpenAI resource. A connection can be shared with every project or made accessible to one specific project, with the option to configure key-based access or EntraID-passthrough to authorize access to users on the connected resource. As an administrator, you can  track, audit, and manage connections across the organization from a single view in AI Studio.
 
-Managed compute resources and managed virtual networks exist in the Microsoft subscription, but are managed by you. For example, you control which VM sizes are used for compute resources, and which outbound rules are configured for the managed virtual network.
+:::image type="content" source="../media/concepts/connected-resources-spog.png" alt-text="Screenshot of AI Studio showing an audit view of all connected resources across a hub and its projects." :::
 
-Managed compute resources also require vulnerability management. This is a shared responsibility between you and Microsoft. For more information, see [vulnerability management](vulnerability-management.md).
- 
-## Azure resource providers
+## Azure resource types and providers
 
-Since Azure AI Studio is built from other Azure services, the resource providers for these services must be registered in your Azure subscription. The following table lists the resource, provider, and resource provider kinds:
+Azure AI Studio is built on the Azure Machine Learning resource provider, and takes a dependency on a number of other Azure services. The resource providers for these services must be registered in your Azure subscription. The following table lists the resource types, provider, and kind:
 
 [!INCLUDE [Resource provider kinds](../includes/resource-provider-kinds.md)]
 
-When you create a new hub, a set of dependent Azure resources are required to store data, manage security, and provide compute resources. The following table lists the dependent Azure resources and their resource providers:
+When you create a new hub, a set of dependent Azure resources are required to store data, get access to models, and provide compute resources for AI customization. The following table lists the dependent Azure resources and their resource providers:
 
 > [!TIP]
 > If you don't provide a dependent resource when creating a hub, and it's a required dependency, AI Studio creates the resource for you.
@@ -67,6 +59,21 @@ When you create a new hub, a set of dependent Azure resources are required to st
 
 For information on registering resource providers, see [Register an Azure resource provider](/azure/azure-resource-manager/management/resource-providers-and-types#register-resource-provider).
 
+### Microsoft-hosted resources
+
+While most of the resources used by Azure AI Studio live in your Azure subscription, some resources are in an Azure subscription managed by Microsoft. The cost for these managed resources shows on your Azure bill as a line item under the Azure Machine Learning resource provider. The following resources are in the Microsoft-managed Azure subscription, and don't appear in your Azure subscription:
+
+- **Managed compute resources**: Provided by Azure Batch resources in the Microsoft subscription.
+- **Managed virtual network**: Provided by Azure Virtual Network resources in the Microsoft subscription. If FQDN rules are enabled, an Azure Firewall (standard) is added and charged to your subscription. For more information, see [Configure a managed virtual network for Azure AI Studio](../how-to/configure-managed-network.md).
+- **Metadata storage**: Provided by Azure Storage resources in the Microsoft subscription.  
+
+    > [!NOTE]
+    > If you use customer-managed keys, the metadata storage resources are created in your subscription. For more information, see [Customer-managed keys](../../ai-services/encryption/cognitive-services-encryption-keys-portal.md?context=/azure/ai-studio/context/context).
+
+Managed compute resources and managed virtual networks exist in the Microsoft subscription, but are managed by you. For example, you control which VM sizes are used for compute resources, and which outbound rules are configured for the managed virtual network.
+
+Managed compute resources also require vulnerability management. This is a shared responsibility between you and Microsoft. For more information, see [vulnerability management](vulnerability-management.md).
+
 ## Role-based access control and control plane proxy
 
 Azure AI services including Azure OpenAI provide control plane endpoints for operations such as listing model deployments. These endpoints are secured using a separate Azure role-based access control (RBAC) configuration than the one used for a hub. 
 
@@ -82,7 +82,7 @@ The models are made available through [Azure Machine Learning registries](../../
 
 * Supports enterprise security requirements as limiting access to models with Azure Policy and secure deployment with managed virtual networks. 
 
-### Deploy models for inference with managed compute 
+### Deploy models for inference with Managed compute 
 
 Models available for deployment to a Managed compute can be deployed to Azure Machine Learning Online Endpoints for real-time inference. Deploying to managed compute requires you to have Virtual Machine quota in your Azure Subscription for the specific SKUs needed to optimally run the model.  Some models allow you to deploy to [temporarily shared quota for testing the model](deploy-models-open.md). Learn more about deploying models: 
 
 
@@ -37,6 +37,32 @@ items:
 - name: How-to
   expanded: true
   items:
+  - name: Create hubs and projects
+    items:
+    - name: Hubs and projects overview
+      href: concepts/ai-resources.md
+    - name: Create your first hub
+      href: how-to/create-azure-ai-resource.md
+    - name: Create a hub with custom security
+      items:
+      - name: Create a hub in the Azure portal
+        href: how-to/create-secure-ai-hub.md
+      - name: Create a hub from template
+        href: how-to/create-azure-ai-hub-template.md      
+    - name: Create a project
+      href: how-to/create-projects.md
+    - name: Create a hub and project using the Azure Machine Learning SDK
+      href: how-to/develop/create-hub-project-sdk.md
+    - name: Create and manage compute
+      href: how-to/create-manage-compute.md
+    - name: Connect to external resources
+      items:
+      - name: Connections overview
+        href: concepts/connections.md
+      - name: Create a connection
+        href: how-to/connections-add.md
+      - name: Create a connection using the Azure Machine Learning SDK
+        href: how-to/develop/connections-add-sdk.md
   - name: Select and deploy AI models
     items:
     - name: Model catalog
@@ -90,30 +116,6 @@ items:
     - name: Deploy open models
       href: how-to/deploy-models-open.md
       displayName: oss, open source
-  - name: Create AI Studio projects and resources
-    items:
-    - name: AI Studio hubs and projects overview
-      href: concepts/ai-resources.md
-    - name: Create a project
-      href: how-to/create-projects.md
-    - name: Create and manage a hub
-      href: how-to/create-azure-ai-resource.md
-    - name: Create a secure hub
-      href: how-to/create-secure-ai-hub.md
-    - name: Create a hub and project using the AzureML SDK
-      href: how-to/develop/create-hub-project-sdk.md
-    - name: Create a hub from template
-      href: how-to/create-azure-ai-hub-template.md
-    - name: Create and manage compute
-      href: how-to/create-manage-compute.md
-    - name: Connections
-      items:
-      - name: Connections overview
-        href: concepts/connections.md
-      - name: Create a connection
-        href: how-to/connections-add.md
-      - name: Create a connection using the AzureML SDK
-        href: how-to/develop/connections-add-sdk.md
   - name: Data for your generative AI app
     items:
     - name: Overview of retrieval augmented generation (RAG)
 
@@ -357,11 +357,14 @@
         - name: Node autoprovision
           href: node-autoprovision.md
         - name: Availability zones
+          href: availability-zones.md
           items:
             - name: Availability zones overview
               href: availability-zones-overview.md
             - name: Create a cluster with availability zones
               href: availability-zones.md
+        - name: Zone resiliency
+          href: aks-zone-resiliency.md
         - name: Propagate Kubernetes resources across multiple clusters
           href: ../kubernetes-fleet/resource-propagation.md?toc=/azure/aks/toc.json&bc=/azure/aks/breadcrumb/toc.json
     - name: Cluster management