This repository enables the automated creation of a private Azure Machine Learning (AML) workspace, Blob Storage, Container Registry, Secrets Manager, and Azure OpenAI Service - all configured to operate within an Azure Virtual Network (VNet), ensuring data privacy and secure API interactions.
To provision workspaces for secure AI solutions, particularly using Language Learning Models (LLMs) for question-answering on sensitive, domain-specific client data. Azure OpenAI service offers safety against data leakage to OpenAI, but developing solutions with it securely is non-trivial. The aim here is to create an AML workspace that restricts public outbound network traffic, but will allow traffic between private Azure services like OpenAI, assuring clients of data integrity. Automating this proces can accelerate the development speed of LLM solutions in privacy-critical applications.
- Private Networking: Isolate all services within a VNet.
- Firewall: Allow traffic to whitelisted domains.
- Azure Machine Learning Workspace: Run and manage ML tasks.
- Azure OpenAI Service: Leverage OpenAI capabilities within the same VNet.
- Blob Storage: Storage for AML, project development, and client data.
- API Security: Use private endpoints for AML-OpenAI communication.
- Manage Azure Machine Learning workspaces in the portal or with the Python SDK (v2)
- Workspace managed network isolation
- Secure Azure Machine Learning workspace resources using virtual networks (VNets)
Follow the step-by-step guide using Azure's Python SDK to configure and deploy the services.
- Python installed
- Azure CLI installed
- VS Code (optional)
-
Authenticate CLI with Azure (Optional)
- Run 'az login' and follow on-screen instructions
- Enables Azure interavtivity, using personal account
- May require restart, to be added to system path
-
Create a Service Principal in Azure and create
config.yaml
file- Create a service principal with the the
contributer
role - take note of its
client id
,tenant id
, and obtain asecret key
from it. - take note of the
subscription id
for the azure directory you wish to work in. - add these to the
config_template.yaml
file and rename it toconfig.yaml
- Create a service principal with the the
-
Clone this repo
-
Setup Python Virtual Environment & Install Requirements (Windows)
- 4.1 Open project folder In VS Code
- 4.2 Go to
Terminal
-->New Terminal
- 4.3 Type
.\setup.bat
and hitreturn
- Alternatively, do this from regular command line
-
Execute the
create-worspace
notebook- Connected to the
py_env
virtual environment - Easiest to run in VS Code
- Connected to the