Skip to content

Commit a6d49ad

Browse files
author
Larry Franks
committed
acrolinx
1 parent 61beaff commit a6d49ad

File tree

1 file changed

+9
-9
lines changed

1 file changed

+9
-9
lines changed

includes/machine-learning-public-internet-access.md

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,7 @@ ms.author: larryfr
1010
ms.custom: include file
1111
---
1212

13-
Azure Machine Learning requires both inbound and outbound access to the public internet. The following tables provide an overview of what access is required and what purpose it serves. For service tags that end in `.region`, replace `region` with the Azure region that contains your workspace. For example, `Storage.westus`:
13+
Azure Machine Learning requires both inbound and outbound access to the public internet. The following tables provide an overview of the required access and what purpose it serves. For service tags that end in `.region`, replace `region` with the Azure region that contains your workspace. For example, `Storage.westus`:
1414

1515
> [!TIP]
1616
> The required tab lists the required inbound and outbound configuration. The situational tab lists optional inbound and outbound configurations required by specific configurations you may want to enable.
@@ -20,11 +20,11 @@ Azure Machine Learning requires both inbound and outbound access to the public i
2020
| Direction | Protocol &<br>ports | Service tag | Purpose |
2121
| ----- |-----| ----- | ----- |
2222
| Outbound | TCP: 80, 443 | `AzureActiveDirectory` | Authentication using Azure AD. |
23-
| Outbound | TCP: 443, 18881<br>UDP: 5831 | `AzureMachineLearning` | Using Azure Machine Learning services.<br>Port 18881 is used for Python intellisense in notebooks.<br>Port 5831 is used to create, update, and delete Azure Machine Learning compute instance. |
23+
| Outbound | TCP: 443, 18881<br>UDP: 5831 | `AzureMachineLearning` | Using Azure Machine Learning services.<br>Python intellisense in notebooks uses port 18881.<br>Creating, updating, and deleting an Azure Machine Learning compute instance uses port 5831. |
2424
| Outbound | ANY: 443 | `BatchNodeManagement.region` | Communication with Azure Batch back-end for Azure Machine Learning compute instances/clusters. |
2525
| Outbound | TCP: 443 | `AzureResourceManager` | Creation of Azure resources with Azure Machine Learning, Azure CLI, and Azure Machine Learning SDK. |
26-
| Outbound | TCP: 443 | `Storage.region` | Access data stored in the Azure Storage Account for compute cluster and compute instance. This outbound can be used to exfiltrate data. For more information, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md). |
27-
| Outbound | TCP: 443 | `AzureFrontDoor.FrontEnd`</br>* Not needed in Azure China. | Global entry point for [Azure Machine Learning studio](https://ml.azure.com). Store images and environments for AutoML. This outbound can be used to exfiltrate data. For more information, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md).|
26+
| Outbound | TCP: 443 | `Storage.region` | Access data stored in the Azure Storage Account for compute cluster and compute instance. For information on preventing data exfiltration over this outbound, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md). |
27+
| Outbound | TCP: 443 | `AzureFrontDoor.FrontEnd`</br>* Not needed in Azure China. | Global entry point for [Azure Machine Learning studio](https://ml.azure.com). Store images and environments for AutoML. For information on preventing data exfiltration over this outbound, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md). |
2828
| Outbound | TCP: 443 | `MicrosoftContainerRegistry.region`</br>**Note** that this tag has a dependency on the `AzureFrontDoor.FirstParty` tag | Access docker images provided by Microsoft. Setup of the Azure Machine Learning router for Azure Kubernetes Service. |
2929

3030
# [Situational](#tab/situational)
@@ -33,9 +33,9 @@ Azure Machine Learning requires both inbound and outbound access to the public i
3333
| ----- |-----| ----- | ----- |
3434
| Inbound | TCP: 44224 | `AzureMachineLearning` | Create, update, and delete of Azure Machine Learning compute instance/cluster. **Required if instance/cluster configured with a Public IP option.**|
3535
| Outbound | TCP: 8787 | `AzureMachineLearning` | Using Azure Machine Learning services.<br> **Port 8787 is required if you use RStudio.** |
36-
| Outbound | TCP: 445 | `Storage.region` | Access data stored in the Azure Storage Account for compute cluster and compute instance. This outbound can be used to exfiltrate data. For more information, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md).<br>**445 is only required if you have a firewall between your virtual network for Azure ML and a private endpoint for your storage accounts.**|
36+
| Outbound | TCP: 445 | `Storage.region` | Access data stored in the Azure Storage Account for compute cluster and compute instance. For information on preventing data exfiltration over this outbound, see [Data exfiltration protection](../articles/machine-learning/how-to-prevent-data-loss-exfiltration.md).<br>**445 is only required if you have a firewall between your virtual network for Azure ML and a private endpoint for your storage accounts.**|
3737
| Outbound | TCP: 443 | `AzureMonitor` | Used to log monitoring and metrics to App Insights and Azure Monitor. Only needed if you haven't [secured Azure Monitor](how-to-secure-workspace-vnet.md#secure-azure-monitor-and-application-insights) for the workspace. |
38-
| Outbound | TCP: 443 | `Keyvault.region` | Access the key vault for the Azure Batch service. Only needed if your workspace was created with the [hbi_workspace](/python/api/azureml-core/azureml.core.workspace%28class%29#create-name--auth-none--subscription-id-none--resource-group-none--location-none--create-resource-group-true--sku--basic---friendly-name-none--storage-account-none--key-vault-none--app-insights-none--container-registry-none--cmk-keyvault-none--resource-cmk-uri-none--hbi-workspace-false--default-cpu-compute-target-none--default-gpu-compute-target-none--exist-ok-false--show-output-true-) flag enabled. |
38+
| Outbound | TCP: 443 | `Keyvault.region` | Access the key vault for the Azure Batch service. Only needed if you enabled the [hbi_workspace](/python/api/azureml-core/azureml.core.workspace%28class%29#create-name--auth-none--subscription-id-none--resource-group-none--location-none--create-resource-group-true--sku--basic---friendly-name-none--storage-account-none--key-vault-none--app-insights-none--container-registry-none--cmk-keyvault-none--resource-cmk-uri-none--hbi-workspace-false--default-cpu-compute-target-none--default-gpu-compute-target-none--exist-ok-false--show-output-true-) flag when creating the workspace. |
3939

4040
-----
4141

@@ -57,9 +57,9 @@ You may also need to allow __outbound__ traffic to Visual Studio Code and non-Mi
5757
| **cloud.r-project.org** | Used when installing CRAN packages for R development. |
5858
| **\*pytorch.org** | Used by some examples based on PyTorch. |
5959
| **\*.tensorflow.org** | Used by some examples based on Tensorflow. |
60-
| **code.visualstudio.com** | Required to download and install VS Code desktop. This is not required for VS Code Web. |
61-
| **update.code.visualstudio.com**</br>**\*.vo.msecnd.net** | Used to retrieve VS Code server bits that are installed on the compute instance through a setup script. |
62-
| **marketplace.visualstudio.com**</br>**vscode.blob.core.windows.net**</br>**\*.gallerycdn.vsassets.io** | Required to download and install VS Code extensions. These enable the remote connection to Compute Instances provided by the Azure ML extension for VS Code, see [Connect to an Azure Machine Learning compute instance in Visual Studio Code](../articles/machine-learning/how-to-set-up-vs-code-remote.md) for more information. |
60+
| **code.visualstudio.com** | Required to download and install Visual Studio Code desktop. This isn't required for Visual Studio Code Web. |
61+
| **update.code.visualstudio.com**</br>**\*.vo.msecnd.net** | Used to retrieve Visual Studio Code server bits that are installed on the compute instance through a setup script. |
62+
| **marketplace.visualstudio.com**</br>**vscode.blob.core.windows.net**</br>**\*.gallerycdn.vsassets.io** | Required to download and install Visual Studio Code extensions. These hosts enable the remote connection to Compute Instances provided by the Azure ML extension for Visual Studio Code. For more information, see [Connect to an Azure Machine Learning compute instance in Visual Studio Code](../articles/machine-learning/how-to-set-up-vs-code-remote.md). |
6363
| **raw.githubusercontent.com/microsoft/vscode-tools-for-ai/master/azureml_remote_websocket_server/\*** | Used to retrieve websocket server bits, which are installed on the compute instance. The websocket server is used to transmit requests from Visual Studio Code client (desktop application) to Visual Studio Code server running on the compute instance.|
6464

6565
> [!NOTE]

0 commit comments

Comments
 (0)