|
| 1 | +--- |
| 2 | +title: Vulnerability management |
| 3 | +titleSuffix: Azure AI Studio |
| 4 | +description: Learn how Azure AI Studio manages vulnerabilities in images that the service provides, and how you can get the latest security updates for the components that you manage. |
| 5 | +manager: scottpolly |
| 6 | +ms.author: larryfr |
| 7 | +author: Blackmist |
| 8 | +ms.reviewer: deeikele |
| 9 | +ms.date: 02/22/2024 |
| 10 | +ms.topic: conceptual |
| 11 | +ms.service: azure-ai-studio |
| 12 | +--- |
| 13 | + |
| 14 | +# Vulnerability management for Azure AI Studio |
| 15 | + |
| 16 | +[!INCLUDE [Azure AI Studio preview](../includes/preview-ai-studio.md)] |
| 17 | + |
| 18 | +Vulnerability management involves detecting, assessing, mitigating, and reporting on any security vulnerabilities that exist in an organization's systems and software. Vulnerability management is a shared responsibility between you and Microsoft. |
| 19 | + |
| 20 | +This article discusses these responsibilities and outlines the vulnerability management controls that Azure AI Studio provides. You learn how to keep your service instance and applications up to date with the latest security updates, and how to minimize the window of opportunity for attackers. |
| 21 | + |
| 22 | +## Microsoft-managed VM images |
| 23 | + |
| 24 | +Azure AI Studio manages host OS virtual machine (VM) images for compute instances and serverless compute clusters. The update frequency is monthly and includes the following details: |
| 25 | + |
| 26 | +* For each new VM image version, the latest updates are sourced from the original publisher of the OS. Using the latest updates helps ensure that you get all applicable OS-related patches. For Azure AI Studio, the publisher is Canonical for all the Ubuntu images. |
| 27 | + |
| 28 | +* VM images are updated monthly. |
| 29 | + |
| 30 | +* In addition to patches that the original publisher applies, Azure AI Studio updates system packages when updates are available. |
| 31 | + |
| 32 | +* Azure AI Studio checks and validates any machine learning packages that might require an upgrade. In most circumstances, new VM images contain the latest package versions. |
| 33 | + |
| 34 | +* All VM images are built on secure subscriptions that run vulnerability scanning regularly. Azure AI Studio flags any unaddressed vulnerabilities and fixes them within the next release. |
| 35 | + |
| 36 | +* The frequency is a monthly interval for most images. For compute instances, the image release is aligned with the release cadence of the Azure AI Studio SDK that's preinstalled in the environment. |
| 37 | + |
| 38 | +In addition to the regular release cadence, Azure AI Studio applies hotfixes if vulnerabilities surface. Microsoft rolls out hotfixes within 72 hours for serverless compute clusters and within a week for compute instances. |
| 39 | + |
| 40 | +> [!NOTE] |
| 41 | +> The host OS is not the OS version that you might specify for an environment when you're training or deploying a model. Environments run inside Docker. Docker runs on the host OS. |
| 42 | +
|
| 43 | +## Microsoft-managed container images |
| 44 | + |
| 45 | +[Base docker images](https://github.com/Azure/AzureML-Containers) that Azure AI Studio maintains get security patches frequently to address newly discovered vulnerabilities. |
| 46 | + |
| 47 | +Azure AI Studio releases updates for supported images every two weeks to address vulnerabilities. As a commitment, we aim to have no vulnerabilities older than 30 days in the latest version of supported images. |
| 48 | + |
| 49 | +Patched images are released under a new immutable tag and an updated `:latest` tag. Using the `:latest` tag or pinning to a particular image version might be a tradeoff between security and environment reproducibility for your machine learning job. |
| 50 | + |
| 51 | +## Managing environments and container images |
| 52 | + |
| 53 | +In Azure AI Studio, Docker images are used to provide a runtime environment for [prompt flow deployments](../how-to/flow-deploy.md). The images are built from a base image that Azure AI Studio provides. |
| 54 | + |
| 55 | +Although Azure AI Studio patches base images with each release, whether you use the latest image might be tradeoff between reproducibility and vulnerability management. It's your responsibility to choose the environment version that you use for your jobs or model deployments. |
| 56 | + |
| 57 | +By default, dependencies are layered on top of base images when you're building an image. After you install more dependencies on top of the Microsoft-provided images, vulnerability management becomes your responsibility. |
| 58 | + |
| 59 | +Associated with your AI hub resource is an Azure Container Registry instance that functions as a cache for container images. Any image that materializes is pushed to the container registry. The workspace uses it when deployment is triggered for the corresponding environment. |
| 60 | + |
| 61 | +The AI hub doesn't delete any image from your container registry. You're responsible for evaluating the need for an image over time. To monitor and maintain environment hygiene, you can use [Microsoft Defender for Container Registry](/azure/defender-for-cloud/defender-for-container-registries-usage) to help scan your images for vulnerabilities. To automate your processes based on triggers from Microsoft Defender, see [Automate remediation responses](/azure/defender-for-cloud/workflow-automation). |
| 62 | + |
| 63 | + |
| 64 | +## Vulnerability management on compute hosts |
| 65 | + |
| 66 | +Managed compute nodes in Azure AI Studio use Microsoft-managed OS VM images. When you provision a node, it pulls the latest updated VM image. This behavior applies to compute instance, serverless compute cluster, and managed inference compute options. |
| 67 | + |
| 68 | +Although OS VM images are regularly patched, Azure AI Studio doesn't actively scan compute nodes for vulnerabilities while they're in use. For an extra layer of protection, consider network isolation of your computes. |
| 69 | + |
| 70 | +Ensuring that your environment is up to date and that compute nodes use the latest OS version is a shared responsibility between you and Microsoft. Nodes that aren't idle can't be updated to the latest VM image. Considerations are slightly different for each compute type, as listed in the following sections. |
| 71 | + |
| 72 | +### Compute instance |
| 73 | + |
| 74 | +Compute instances get the latest VM images at the time of provisioning. Microsoft releases new VM images on a monthly basis. After you deploy a compute instance, it isn't actively updated. To keep current with the latest software updates and security patches, you can use one of these methods: |
| 75 | + |
| 76 | +* Re-create a compute instance to get the latest OS image (recommended). |
| 77 | + |
| 78 | + If you use this method, you'll lose data and customizations (such as installed packages) that are stored on the instance's OS and temporary disks. |
| 79 | + |
| 80 | + For more information about image releases, see the [Azure Machine Learning compute instance image release notes](/azure/machine-learning/azure-machine-learning-ci-image-release-notes). |
| 81 | + |
| 82 | +* Regularly update OS and Python packages. |
| 83 | + |
| 84 | + * Use Linux package management tools to update the package list with the latest versions: |
| 85 | + |
| 86 | + ```bash |
| 87 | + sudo apt-get update |
| 88 | + ``` |
| 89 | + |
| 90 | + * Use Linux package management tools to upgrade packages to the latest versions. Package conflicts might occur when you use this approach. |
| 91 | + |
| 92 | + ```bash |
| 93 | + sudo apt-get upgrade |
| 94 | + ``` |
| 95 | + |
| 96 | + * Use Python package management tools to upgrade packages and check for updates: |
| 97 | + |
| 98 | + ```bash |
| 99 | + pip list --outdated |
| 100 | + ``` |
| 101 | + |
| 102 | +You can install and run additional scanning software on the compute instance to scan for security issues: |
| 103 | + |
| 104 | +* Use [Trivy](https://github.com/aquasecurity/trivy) to discover OS and Python package-level vulnerabilities. |
| 105 | +* Use [ClamAV](https://www.clamav.net/) to discover malware. It comes preinstalled on compute instances. |
| 106 | + |
| 107 | +Microsoft Defender for Servers agent installation is currently not supported. |
| 108 | + |
| 109 | +### Endpoints |
| 110 | + |
| 111 | +Endpoints automatically receive OS host image updates that include vulnerability fixes. The update frequency of images is at least once a month. |
| 112 | + |
| 113 | +Compute nodes are automatically upgraded to the latest VM image version when that version is released. You don't need to take any action. |
| 114 | +
|
| 115 | +## Next steps |
| 116 | +
|
| 117 | +* [Azure AI hub resources](ai-resources.md) |
| 118 | +* [Create and manage compute instances](../how-to/create-manage-compute.md) |
0 commit comments