You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-manage-workspace.md
+61-1Lines changed: 61 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -47,7 +47,7 @@ To create a workspace, you need an Azure subscription. If you don't have an Azur
47
47
48
48
49
49
50
-
1. When you're finished configuring the workspace, select **Review + Create**.
50
+
1. When you're finished configuring the workspace, select **Review + Create**. Optionally, use the [Networking](#networking) and [Advanced](#advanced) sections to configure more settings for the workspace.
51
51
2. Review the settings and make any additional changes or corrections. When you're satisfied with the settings, select **Create**.
52
52
53
53
> [!Warning]
@@ -67,6 +67,66 @@ To create a workspace, you need an Azure subscription. If you don't have an Azur
67
67
68
68
Place the file into the directory structure with your Python scripts or Jupyter Notebooks. It can be in the same directory, a subdirectory named *.azureml*, or in a parent directory. When you create a compute instance, this file is added to the correct directory on the VM for you.
69
69
70
+
## Networking
71
+
72
+
> [!IMPORTANT]
73
+
> For more information on using a private endpoint and virtual network with your workspace, see [Network isolation and privacy](how-to-enable-virtual-network.md).
74
+
75
+
1. The default network configuration is to use a __Public endpoint__, which is accessible on the public internet. To limit access to your workspace to an Azure Virtual Network you have created, you can instead select __Private endpoint__ (preview) as the __Connectivity method__, and then use __+ Add__ to configure the endpoint.
76
+
77
+
> [!IMPORTANT]
78
+
> Using a private endpoint with Azure Machine Learning workspace is currently in public preview. This preview is provided without a service level agreement, and it's not recommended for production workloads. Certain features might not be supported or might have constrained capabilities.
79
+
> For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
1. On the __Create private endpoint__ form, set the location, name, and virtual network to use. If you'd like to use the endpoint with a Private DNS Zone, select __Integrate with private DNS zone__ and select the zone using the __Private DNS Zone__ field. Select __OK__ to create the endpoint.
1. When you are finished configuring networking, you can select __Review + Create__, or advance to the optional __Advanced__ configuration.
88
+
89
+
> [!WARNING]
90
+
> When you create a private endpoint, a new Private DNS Zone named __privatelink.api.azureml.ms__ is created. This contains a link to the virtual network. If you create multiple workspaces with private endpoints in the same resource group, only the virtual network for the first private endpoint may be added to the DNS zone. To add entries for the virtual networks used by the additional workspaces/private endpoints, use the following steps:
91
+
>
92
+
> 1. In the [Azure portal](https://portal.azure.com), select the resource group that contains the workspace. Then select the Private DNS Zone resource named __privatelink.api.azureml.ms__.
93
+
> 2. In the __Settings__, select __Virtual network links__.
94
+
> 3. Select __Add__. From the __Add virtual network link__ page, provide a unique __Link name__, and then select the __Virtual network__ to be added. Select __OK__ to add the network link.
95
+
>
96
+
> For more information, see [Azure Private Endpoint DNS configuration](/azure/private-link/private-endpoint-dns).
97
+
98
+
## Advanced
99
+
100
+
By default, metrics and metadata for the workspace is stored in an Azure Cosmos DB instance that Microsoft maintains. This data is encrypted using Microsoft-managed keys.
101
+
102
+
To limit the data that Microsoft collects on your workspace, select __High business impact workspace__.
103
+
104
+
> [!IMPORTANT]
105
+
> Selecting high business impact can only be done when creating a workspace. You cannot change this setting after workspace creation.
106
+
107
+
If you are using the __Enterprise__ version of Azure Machine Learning, you can instead provide your own key. Doing so creates the Azure Cosmos DB instance that stores metrics and metadata in your Azure subscription. Use the following steps to use your own key:
108
+
109
+
> [!IMPORTANT]
110
+
> Before following these steps, you must first perform the following actions:
111
+
>
112
+
> 1. Authorize the __Machine Learning App__ (in Identity and Access Management) with contributor permissions on your subscription.
113
+
> 1. Follow the steps in [Configure customer-managed keys](/azure/cosmos-db/how-to-setup-cmk) to:
114
+
> * Register the Azure Cosmos DB provider
115
+
> * Create and configure an Azure Key Vault
116
+
> * Generate a key
117
+
>
118
+
> You do not need to manually create the Azure Cosmos DB instance, one will be created for you during workspace creation. This Azure Cosmos DB instance will be created in a separate resource group using a name based on this pattern: `<your-resource-group-name>_<GUID>`.
119
+
>
120
+
> You cannot change this setting after workspace creation. If you delete the Azure Cosmos DB used by your workspace, you must also delete the workspace that is using it.
121
+
122
+
1. Select __Customer-managed keys__, and then select __Click to select key__.
1. On the __Select key from Azure Key Vault__ form, select an existing Azure Key Vault, a key that it contains, and the version of the key. This key is used to encrypt the data stored in Azure Cosmos DB. Finally, use the __Select__ button to use this key.
127
+
128
+
:::image type="content" source="media/how-to-manage-workspace/select-key-vault.png" alt-text="Select the key":::
129
+
70
130
## <aname="upgrade"></a>Upgrade to Enterprise edition
71
131
72
132
You can upgrade your workspace from Basic edition to Enterprise edition to take advantage of the enhanced features such as low-code experiences and enhanced security features.
0 commit comments