You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@@ -72,7 +72,7 @@ The next sections show you how to secure the network scenario described above. T
72
72
73
73
If you want to access the workspace over the public internet while keeping all the associated resources secured in a virtual network, use the following steps:
74
74
75
-
1. Create an [Azure Virtual Networks](../virtual-network/virtual-networks-overview.md) that will contain the resources used by the workspace.
75
+
1. Create an [Azure Virtual Network](../virtual-network/virtual-networks-overview.md) that will contain the resources used by the workspace.
76
76
1. Use __one__ of the following options to create a publicly accessible workspace:
77
77
78
78
* Create an Azure Machine Learning workspace that __does not__ use the virtual network. For more information, see [Manage Azure Machine Learning workspaces](how-to-manage-workspace.md).
@@ -92,8 +92,7 @@ If you want to access the workspace over the public internet while keeping all t
92
92
93
93
Use the following steps to secure your workspace and associated resources. These steps allow your services to communicate in the virtual network.
94
94
95
-
1. Create an [Azure Virtual Networks](../virtual-network/virtual-networks-overview.md) that will contain the workspace and other resources.
96
-
1. Create a [Private Link-enabled workspace](how-to-secure-workspace-vnet.md#secure-the-workspace-with-private-endpoint) to enable communication between your VNet and workspace.
95
+
1. Create an [Azure Virtual Networks](../virtual-network/virtual-networks-overview.md) that will contain the workspace and other resources. Then create a [Private Link-enabled workspace](how-to-secure-workspace-vnet.md#secure-the-workspace-with-private-endpoint) to enable communication between your VNet and workspace.
97
96
1. Add the following services to the virtual network by using _either_ a __service endpoint__ or a __private endpoint__. Also allow trusted Microsoft services to access these services:
98
97
99
98
| Service | Endpoint information | Allow trusted information |
@@ -103,7 +102,7 @@ Use the following steps to secure your workspace and associated resources. These
105
+
:::image type="content" source="./media/how-to-network-security-overview/secure-workspace-resources.svg" alt-text="Diagram showing how the workspace and associated resources communicate inside a VNet.":::
107
106
108
107
For detailed instructions on how to complete these steps, see [Secure an Azure Machine Learning workspace](how-to-secure-workspace-vnet.md).
109
108
@@ -119,9 +118,12 @@ In this section, you learn how to secure the training environment in Azure Machi
119
118
To secure the training environment, use the following steps:
120
119
121
120
1. Create an Azure Machine Learning [compute instance and computer cluster in the virtual network](how-to-secure-training-vnet.md#compute-cluster) to run the training job.
122
-
1.[Allow inbound communication](how-to-secure-training-vnet.md#required-public-internet-access) so that management services can submit jobs to your compute resources.
121
+
1.If your compute cluster or compute instance does not use a public IP address, you must [Allow inbound communication](how-to-secure-training-vnet.md#required-public-internet-access) so that management services can submit jobs to your compute resources.
123
122
124
-
123
+
> [!TIP]
124
+
> Compute cluster and compute instance can be created with or without a public IP address. If created with a public IP address, they communicate with the Azure Batch Services over the public IP. If created without a public IP, they communicate with Azure Batch Services over the private IP. When using a private IP, you need to allow inbound communications from Azure Batch.
125
+
126
+
:::image type="content" source="./media/how-to-network-security-overview/secure-training-environment.svg" alt-text="Diagram showing how to secure managed compute clusters and instances.":::
125
127
126
128
For detailed instructions on how to complete these steps, see [Secure a training environment](how-to-secure-training-vnet.md).
127
129
@@ -135,7 +137,7 @@ In this section, you learn how Azure Machine Learning securely communicates betw
135
137
136
138
1. Azure Batch service receives the job from the workspace. It then submits the training job to the compute environment through the public load balancer for the compute resource.
137
139
138
-
1. The compute resource receive the job and begins training. The compute resources accesses secure storage accounts to download training files and upload output.
140
+
1. The compute resource receives the job and begins training. The compute resource accesses secure storage accounts to download training files and upload output.
139
141
140
142
### Limitations
141
143
@@ -158,7 +160,7 @@ For detailed instructions on how to add default and private clusters, see [Secur
158
160
159
161
The following network diagram shows a secured Azure Machine Learning workspace with a private AKS cluster attached to the virtual network.
160
162
161
-
163
+
:::image type="content" source="./media/how-to-network-security-overview/secure-inferencing-environment.svg" alt-text="Diagram showing an attached private AKS cluster.":::
0 commit comments