Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: amlai-rg

Overview

The resource group amlai-rg is designed for setting up an Azure Machine Learning (AML) environment that includes various integrated Azure services, such as Application Insights for monitoring, Azure Key Vault for secure secrets management, and Azure Storage for data storage. The resources are configured to support machine learning workflows and performance monitoring, thereby providing a robust platform for developing and managing machine learning models.

Resources

1. Application Insights Action Group

  • Type: microsoft.insights/actionGroups
  • Name: Application Insights Smart Detection
  • Details:
    • This action group is used for alerting purposes, specifically for monitoring performance anomalies within the Application Insights component.
    • It includes roles such as Monitoring Contributor and Monitoring Reader with permissions to facilitate monitoring-related actions.
    • Properties: Enabled; uses common alert schema.

2. Application Insights Component

  • Type: microsoft.insights/components
  • Name: laiazuremlwork4585062429
  • Details:
    • Configured for web applications, this component helps monitor performance, track requests, and is integrated with the Azure Machine Learning workspace for logging analytics.
    • Location: East US 2, Retention period is 90 days.

3. Key Vault

  • Type: Microsoft.KeyVault/vaults
  • Name: laiazuremlwork4872192122
  • Details:
    • This Key Vault is used to securely store secrets related to storage account access keys and other sensitive information.
    • Public Network Access: Enabled, which means it can be accessed from the internet.
    • Access Policies: Specifies permissions for keys and secrets.

4. Storage Account

  • Type: Microsoft.Storage/storageAccounts
  • Name: laiazuremlwork2814333697
  • Details:
    • This storage account supports storing blobs, files, queues, and tables.
    • Location: East US 2, Availability settings include encryption for data at rest and TLS 1.0 minimum for access.
    • Network Acls: Default action is set to allow connections from Azure services.
    • Allow Blob Public Access: Disabled.

5. Smart Detector Alert Rules

  • Type: microsoft.alertsmanagement/smartdetectoralertrules
  • Name: failure anomalies - laiazuremlwork4585062429
  • Details:
    • This resource defines rules for detecting anomalies in failure rates, triggering alerts based on certain thresholds.
    • It is linked with the Application Insights Component and uses the previously defined action group for notifications.

6. Datastores for Machine Learning Workspaces

  • Various datastores have been set up, including:
    • Workspace Artifact Store: Azure Blob datastore for storing artifacts related to machine learning runs.
    • Workspace Blob Store & File Store: Additional Azure Blob storage configurations for various data storage purposes.

These datastores are related to the Azure ML workspace and delegate access to storage accounts for data handling.

Data Storage

Data in the amlai-rg is primarily stored in a single Azure Storage Account (laiazuremlwork2814333697), which contains multiple services:

  • Blob Storage: For storing large binary files. Multiple containers within this service are dedicated to different types of data.
  • File Shares: Used for shared file systems in Azure, allowing easier transfer of data between applications.

Specific containers have been created for ML tasks, such as:

  • Blob Container (azureml) for storing machine learning artifacts.
  • Blob Container (azureml-blobstore-16adf541-c86b-4c74-99ad-a7f4bbfddf4e) for additional blob-based storage.
  • File Shares for the Azure configuration files and other operational data.

Networking

Currently, there is no explicit configuration of a Virtual Network (VNet) provided in this ARM template. Thus, the resources default to using public endpoints to allow internet connectivity. It is essential to ensure that sensitive data, especially in storage accounts and Key Vaults, is protected through appropriate access controls and networking configurations.

Security Overview

This resource group includes various security practices:

  • Azure Key Vault: Key Vault is employed to safeguard sensitive information, such as storage account keys.
  • Network Security: The storage account disallows public access to blobs, which is a good practice; however, public access to the Key Vault is enabled potentially exposing sensitive operations.
  • Action Groups: Role-based access controls (RBAC) are applied to manage who can trigger or receive alerts from application monitoring systems.

Recommendations:

  • Private Endpoints: Consider implementing private endpoints for the Key Vault and the storage accounts to limit exposure to the public internet.
  • Access Policies Review: Regularly review and rotate access policies and keys in the Key Vault.
  • Monitoring Alerts: Continuously monitor the alerts generated by the Application Insights action group to preemptively catch issues.

Other Information

  • Cost Management: Using Azure Blob Storage is a cost-effective way to handle large amounts of data. Monitor usage to understand costs related to data storage and transaction rates.
  • Scalability: The configured resources, including the storage account and Azure ML workspace, can be scaled as the data and processing needs grow, but it is essential to assess performance regularly.
  • Integration: All resources are integrated effectively to work together for a seamless machine learning operation, allowing data analysis to occur efficiently.

This documentation provides a comprehensive overview of the amlai-rg resource group and the interdependencies between its components, ensuring a clear understanding of the Azure cloud resources used within the project.

Table of Contents

Updated on October 29, 2024