Azure Machine Learning Workspace
Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.
Deployments
42
Made by
Massdriver
Official
Yes
No
Compliance
Clouds
Tags
azure-machine-learning-workspace
Azure Machine Learning is a cloud service for accelerating and managing the machine learning project lifecycle. Machine learning professionals, data scientists, and engineers can use it in their day-to-day workflows: Train and deploy models, and manage MLOps.
Use Cases
Azure Machine Learning is for individuals and teams implementing MLOps within their organization to bring machine learning models into production in a secure and auditable production environment.
Cross-compatible platform tools
Anyone on an ML team can use their preferred tools to get the job done. Whether you’re running rapid experiments, hyperparameter-tuning, building pipelines, or managing inferences, you can use familiar interfaces including:
Train models
In Azure Machine Learning, you can run your training script in the cloud or build a model from scratch. Customers often bring models they’ve built and trained in open-source frameworks, so they can operationalize them in the cloud. Data scientists can use models in Azure Machine Learning that they’ve created in common Python frameworks, such as:
- PyTorch
- TensorFlow
- scikit-learn
- XGBoost
- LightGBM Other languages and frameworks are supported as well, including:
- R
- .NET
Deploy models
To bring a model into production, it’s deployed. Azure Machine Learning’s managed endpoints abstract the required infrastructure for both batch or real-time (online) model scoring (inferencing).
Design
Our bundle includes the following design choices to help simplify your deployment:
Deploy compute with ease
The compute wizard for ML Studio can be cumbersome to use, and it’s not always clear what the best compute type is for your use case. We’ve included a set of compute types that are optimized for the most common use cases. Deploying compute within the bundle is as simple as selecting the compute type you want and clicking “Deploy”.
Automatic service linking
The Azure services that must be deployed alongside the Azure Machine Learning Workspace are automatically deployed and linked to the workspace. This includes:
- Storage
- Key Vault
- Application Insights (monitoring)
- Compute
Best Practices
The bundle includes a number of best practices without needing any additional work on your part.
RBAC role assignments
The Azure Machine Learning Workspace uses a managed identity to communicate with other services. This managed identity is shared among the resources needed for Azure ML to operate, and the identity is granted the appropriate permissions to each of the other services.
Compute configuration
The compute clusters and instances provisioned within this bundle are configured with best practices in mind, such as assigning a managed identity and disabling SSH access.
Security
Data encryption at rest
Azure Machine Learning stores snapshots, output, and logs in the Azure Blob storage account (default storage account) that’s tied to the Azure Machine Learning workspace and your subscription. All the data stored in Azure Blob storage is encrypted at rest with Microsoft-managed keys. All container images in your registry (Azure Container Registry) are encrypted at rest. Azure automatically encrypts an image before storing it and decrypts it when Azure Machine Learning pulls the image. The OS disk for each compute cluster and instance stored in Azure Storage are encrypted with Microsoft-managed keys in Azure Machine Learning storage accounts.
Data encryption in transit
Azure Machine Learning uses TLS to secure internal communication between various Azure Machine Learning microservices. All Azure Storage access also occurs over a secure channel. To secure external calls made to the scoring endpoint, Azure Machine Learning uses TLS.
Credential encryption
Azure Machine Learning uses the Azure Key Vault instance associated with the workspace to store credentials of various kinds:
- The associated storage account connection string
- Passwords to Azure Container Repository instances
- Connection strings to data stores The workspace shares a user-assigned managed identity that has the same name as the workspace. This managed identity has access to all keys, secrets, and certificates in the key vault.
Trade-offs
We do not currently support the following:
- Customer-managed key encryption (every resource in the bundle uses Microsoft-managed keys)
- Using a non-Massdriver managed Azure Container Registry
- RBAC integration with Azure Key Vault
Variable | Type | Description |
---|---|---|
compute.cluster[].idle_duration | string | The Idle time before scaling down the cluster to the minimum node count. |
compute.cluster[].max_nodes | integer | The maximum number of nodes in the compute cluster. |
compute.cluster[].min_nodes | integer | The minimum number of nodes in the compute cluster. |
compute.cluster[].name | string | The name of the compute cluster. Must be unique within the region. |
compute.cluster[].size | string | The size of the compute cluster. |
compute.instance[].name | string | The name of the compute instance. Must be unique within the region. |
compute.instance[].size | string | The size of the compute instance. |
compute.instance[].user | string | Must be a valid Object ID for the Azure AD user. |
workspace.high_business_impact | boolean | If your workspace contains sensitive data, you can enable high business impact features to help protect your data. This controls the amount of data Microsoft collects for diagnostic purposes and enables additional encryption in Microsoft managed environments. This cannot be changed after the workspace is created. |
workspace.location | string | The region of the workspace. This cannot be changed after the workspace is created. |