Azure-docs: ambiguous requirements for virtual networking and azure machine learning

Created on 25 Jun 2020  Â·  12Comments  Â·  Source: MicrosoftDocs/azure-docs

if you consider this supported scenario for the enterprise SKU:

Workspace and any other resource with Private Link

under https://docs.microsoft.com/nl-nl/azure/machine-learning/how-to-enable-virtual-network#private-endpoints the page states

The virtual network must be in the same subscription and region as the Azure Machine Learning workspace

whereas under https://docs.microsoft.com/nl-nl/azure/machine-learning/how-to-enable-virtual-network#use-azure-container-instances-aci it states

To use Azure Container Instances inside the virtual network, the Azure Container Registry (ACR) for your workspace cannot also be in the virtual network.

what does this last sentence even mean? it can't be in the same virtual network or it can't be in any virtual network.

when running through the mnist tutorial with our setup i run into the following problem.

python aciconfig = AciWebservice.deploy_configuration(cpu_cores=1, memory_gb=1, vnet_name="vnetname", subnet_name="subnetwithdelegation", tags={"data": "MNIST", "method" : "sklearn"}, description='Predict MNIST with sklearn')

there is no way to define the resource group of the virtual network in the deploy_configuration method and it defaults to the resource group of the machine learning services workspace. This is not obvious from the mentioned sections above and this limitatiion can't be found in the docs. i am hoping there is a way to express this more clearly?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

Pri2 assigned-to-author corsubsvc doc-bug machine-learninsvc triaged
Source
picture dgcaron

All 12 comments

@dgcaron we will review your feedback and get back to you shortly. Thanks.

GiftA-MSFT picture GiftA-MSFT on 26 Jun 2020

@aashishb can you help clarify the following?
image

GiftA-MSFT picture GiftA-MSFT on 26 Jun 2020

This means if ACR is behind the VNet then ACI cannot pull images from the ACR so ACR cannot be behind the VNet in order for ACI to work.

aashishb picture aashishb on 26 Jun 2020

@aashishb thanks for clarifying and updating the doc accordingly.
@dgcaron hope the above response clarifies your question. Will now proceed to close the thread.

GiftA-MSFT picture GiftA-MSFT on 26 Jun 2020

it doesn't really.. the documentation is missing the mention that the virtual network needs to be in the same resource group as the AML instance. you can specify resource group names for the virtual network for compute clusters etc but not for the ACI instances. so IMHO the docs are lacking this warning (that they need to be in the same RG) and the service is lacking a way to specify the resource group name f the vnet for ACI.

dgcaron picture dgcaron on 29 Jun 2020

@aashishb please review above recent feedback for doc enhancement. Thanks.

GiftA-MSFT picture GiftA-MSFT on 29 Jun 2020

I agree this should be called out in the docs. @Blackmist to help

aashishb picture aashishb on 6 Jul 2020

Thanks @dgcaron and @aashishb I've updated the note in the doc to call out the requirement for the virtual network to be in the same resource group as the Azure ML workspace when using Azure Container Instances in a virtual network. This update will go live later today.

Blackmist picture Blackmist on 6 Jul 2020
👍1

do we need to raise an issue with the azure ml python sdk to lift that restriction or is that something that is being worked on?

dgcaron picture dgcaron on 7 Jul 2020

Hi @dgcaron, this GitHub repo is only for reporting and tracking documentation issues. While @aashishb and I can let the engineering team know about this functionality change you are asking for, we would not be able to track and report back on status.

A better way to file a feature request is to use https://feedback.azure.com/forums/257792-machine-learning. This lets other customers vote for the change, which helps the engineering team prioritize feedback like this.

If your company has a contract with Microsoft, and have a contact such as a technical account manager, you should contact them also. They are there to act as an advocate for your company for things like this.

Blackmist picture Blackmist on 7 Jul 2020
1

Thank you for your post. We will now proceed to close this thread. #please-close

j-martens picture j-martens on 9 Jul 2020

thanks! i posted the requested change on the feedback forum:
ref: https://feedback.azure.com/forums/257792-machine-learning/suggestions/40868161-allow-specifying-the-resource-group-of-a-virtual-n

dgcaron picture dgcaron on 9 Jul 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

bdcoder2 picture bdcoder2  Â·  3Comments
mrdfuse picture mrdfuse  Â·  3Comments
monteledwards picture monteledwards  Â·  3Comments
DeepPuddles picture DeepPuddles  Â·  3Comments
JamesDLD picture JamesDLD  Â·  3Comments