You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/ai-studio/how-to/create-secure-ai-hub.md
+63-4Lines changed: 63 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,17 +1,25 @@
1
1
---
2
-
title: Create a secure AI hub and project with a managed virtual network
3
-
titleSuffix: titleSuffix: Azure AI Studio
4
-
description: Create an Azure AI hub and required Azure services inside a managed virtual network.
2
+
title: Create a secure AI hub and project
3
+
titleSuffix: Azure AI Studio
4
+
description: Create an Azure AI hub inside a managed virtual network. The managed virtual network secures access to managed resources such as computes.
5
5
ms.service: azure-ai-studio
6
6
ms.reviewer: jhirono
7
7
ms.author: larryfr
8
8
author: Blackmist
9
9
ms.date: 08/11/2023
10
10
ms.topic: how-to
11
+
# Customer intent: As an administrator, I want to create a secure AI hub and project with a managed virtual network so that I can secure access to the AI hub and project resources.
11
12
---
12
13
13
14
# How to create a secure AI hub and project with a managed virtual network
14
15
16
+
You can secure your AI hub, AI projects, and managed resources in a managed virtual network. Using a private endpoint, resources in the managed virtual network can securely access other Azure resources such as your Azure Storage Account.
17
+
18
+
With a managed virtual network, inbound access is only allowed through an private endpoint for your AI hub resource. Outbound access can be configured to allow either all outbound access, or only allowed outbound that you specify. For more information, see [Managed virtual network](configure-managed-network.md).
19
+
20
+
> [!IMPORTANT]
21
+
> The managed virtual network doesn't provide inbound connectivity for your clients. For more information, see the [Connect to the AI hub](#connect-to-the-ai-hub) section.
22
+
15
23
## Prerequisites
16
24
17
25
- An Azure subscription. If you don't have an Azure subscription, create a [free account](https://azure.microsoft.com/free) before you begin.
@@ -34,7 +42,58 @@ ms.topic: how-to
34
42
35
43
:::image type="content" source="../media/how-to/resource-create-networking.png" alt-text="Screenshot of the Create an Azure AI hub resource with the option to set network isolation information." lightbox="../media/how-to/resource-create-networking.png":::
36
44
37
-
1.
45
+
1. To allow your clients to connect through your Azure Virtual Network to the AI hub, use the following steps to add a private endpoint.
46
+
47
+
1. Select **+ Add** from the **Workspace inbound access** section of the **Networking** tab. This opens the **Create private endpoint** form.
48
+
1. Enter a unique value in the **Name** field. Select the **Virtual network** that your clients connect to. Select the **Subnet** that the private endpoint connects to.
49
+
1. Select **Ok** to save the endpoint configuration.
38
50
39
51
1. Select **Review + create**
40
52
53
+
## Create an AI project
54
+
55
+
When you create an AI project from the AI hub, the project is automatically secured by the managed virtual network. No special configuration is required. For more information on creating an AI project, see [Create an Azure AI project](create-projects.md).
56
+
57
+
> [!TIP]
58
+
> After the AI project is created, AI Studio display an error message if your client can't resolve the DNS name of the AI project. For more information, see the [DNS resolution](#dns-resolution) section.
59
+
60
+
## Create a compute instance
61
+
62
+
To create a new compute instance, use the following steps:
63
+
64
+
1. From Azure AI Studio, select **Manage**, the **AI hub** created in the previous section, and then select **Compute instances**.
65
+
1. Select **+ New** to create a new compute instance. Provide a **Compute name**, then continue through the creation process accepting the default values.
66
+
1. From the **Review** page, select **Create**. The managed virtual network is created when the compute instance is created.
67
+
68
+
## Connect to the secured resources
69
+
70
+
The managed virtual network doesn't directly provide access to your clients. Instead, your clients will connect to an Azure Virtual Network that *you* manage. There are multiple methods that you might use to connect clients to the Azure Virtual Network. The following table lists the common ways that clients connect to an Azure Virtual Network:
71
+
72
+
| Method | Description |
73
+
| ----- | ----- |
74
+
|[Azure VPN gateway](/azure/vpn-gateway/vpn-gateway-about-vpngateways.md)| Connects on-premises networks to an Azure Virtual Network over a private connection. Connection is made over the public internet. |
75
+
|[ExpressRoute](https://azure.microsoft.com/services/expressroute/)| Connects on-premises networks into the cloud over a private connection. Connection is made using a connectivity provider. |
76
+
|[Azure Bastion](/azure/bastion/bastion-overview)| Connects to a virtual machine inside the Azure Virtual Network using your web browser. |
77
+
78
+
> [!TIP]
79
+
> When connecting using Azure VPN gateway or ExpressRoute, you may need to use a to enable name resolution for your clients. For more information, see the [DNS resolution](#dns-resolution) section.
80
+
81
+
### Creating a private endpoint
82
+
83
+
To connect your Azure Virtual Network to the AI hub, add a private endpoint to the AI hub. You can do this when creating the AI hub (as described in [Create an AI hub](#create-an-ai-hub) section,) or afterwards by following these steps:
84
+
85
+
1. From the [Azure portal](https://portal.azure.com), navigate to the AI hub that you want to create a private endpoint for.
86
+
1. Select **Networking**, **Private endpoint connections**, and then select **+ Private endpoint**.
87
+
1. From the **Basics** page, provide a **Name** and **Network interface name** for the new endpoint. Select the appropriate **Subscription**, **Resource group**, and **Region**.
88
+
1. From the **Virtual Network** tab, select the **Virtual network** and **Subnet** that the private endpoint connects to. You can also select whether the IP is dynamically or statically allocated.
89
+
1. Continue through the steps and select **Create** to create the private endpoint.
90
+
91
+
### DNS resolution
92
+
93
+
Depending on your network configuration, you may need to configure DNS resolution before your clients can connect to the AI hub, AI project, or compute instances.
94
+
95
+
> [!TIP]
96
+
> Your clients do not directly connect to the managed virtual network. Instead, they connect to an Azure Virtual Network that you manage. The private endpoint for your AI hub surfaces IP addresses and FQDNs for the AI hub, AI project, and managed compute resources in your Azure Virtual Network.
97
+
98
+
For more information, see the [custom DNS] article.
0 commit comments