You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/machine-learning/how-to-network-isolation-planning.md
+5-5Lines changed: 5 additions & 5 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,7 +40,7 @@ In this diagram, you have a hub and spoke network architecture. The spoke VNet h
40
40
41
41
### DNS resolution of private link resources and application on compute instance
42
42
43
-
If you have your own DNS server hosted in Azure or on-premises, you need to create a conditional forwarder in your DNS server. The conditional forwarder sends DNS requests to the Azure DNS for all private link enabled PaaS services. For more information, see the [DNS configuration scenarios](../private-link/private-endpoint-dns.md#dns-configuration-scenarios) and [Azure Machine Learning specific DNS configuration](how-to-custom-dns.md) articles.
43
+
If you have your own DNS server hosted in Azure or on-premises, you need to create a conditional forwarder in your DNS server. The conditional forwarder sends DNS requests to the Azure DNS for all private link enabled PaaS services. For more information, see the [DNS configuration scenarios](/azure/private-link/private-endpoint-dns#dns-configuration-scenarios) and [Azure Machine Learning specific DNS configuration](how-to-custom-dns.md) articles.
44
44
45
45
### Data exfiltration protection
46
46
@@ -52,7 +52,7 @@ You can mitigate this data exfiltration risk using [our data exfiltration preven
52
52
53
53
In this diagram, the compute instance and cluster need to access Azure Machine Learning managed storage accounts to get set-up scripts. Instead of opening the outbound to storage, you can use service endpoint policy with Azure Machine Learning alias to allow the storage access only to Azure Machine Learning storage accounts.
54
54
55
-
The following tables list the required outbound [Azure Service Tags](../virtual-network/service-tags-overview.md) and fully qualified domain names (FQDN) with data exfiltration protection setting:
55
+
The following tables list the required outbound [Azure Service Tags](/azure/virtual-network/service-tags-overview) and fully qualified domain names (FQDN) with data exfiltration protection setting:
56
56
57
57
| Outbound service tag | Protocol | Port |
58
58
| ---- | ---- | ---- |
@@ -121,7 +121,7 @@ You can automate this environments creation using [a template](tutorial-create-s
121
121
122
122
### Removing firewall requirement
123
123
124
-
If you want to remove the firewall requirement, you can use network security groups and [Azure virtual network NAT](../virtual-network/nat-gateway/nat-overview.md) to allow internet outbound from your private computing resources.
124
+
If you want to remove the firewall requirement, you can use network security groups and [Azure virtual network NAT](/azure/virtual-network/nat-gateway/nat-overview) to allow internet outbound from your private computing resources.
125
125
126
126
:::image type="content" source="media/how-to-network-isolation-planning/recommended-network-diagram-no-firewall.png" alt-text="Diagram of the recommended network architecture without a firewall.":::
127
127
@@ -143,7 +143,7 @@ This diagram shows the recommended architecture to make all resources private an
143
143
144
144
:::image type="content" source="media/how-to-network-isolation-planning/recommended-network-data-exfiltration.png" alt-text="Diagram of recommended network with data exfiltration protection configuration.":::
145
145
146
-
The following tables list the required outbound [Azure Service Tags](../virtual-network/service-tags-overview.md) and fully qualified domain names (FQDN) with data exfiltration protection setting:
146
+
The following tables list the required outbound [Azure Service Tags](/azure/virtual-network/service-tags-overview) and fully qualified domain names (FQDN) with data exfiltration protection setting:
147
147
148
148
| Outbound service tag | Protocol | Port |
149
149
| ---- | ----- | ---- |
@@ -171,4 +171,4 @@ You can use the public workspace if you're OK with Azure AD authentication and a
171
171
*[Secure the inference environment](how-to-secure-inferencing-vnet.md)
172
172
*[Enable studio functionality](how-to-enable-studio-virtual-network.md)
173
173
*[Configure inbound and outbound network traffic](how-to-access-azureml-behind-firewall.md)
0 commit comments