Data Sources

Data sources available for use by the ICS community

Platforms

ICS supported platforms.

Teams

ICS Teams


Menu Button Menu Button

Resource Group: wusm-prod-rg-main

Overview

The resource group wusm-prod-rg-main hosts various Microsoft Cognitive Services accounts and configurations tailored for AI models and content moderation. Its primary purpose is to harness AI capabilities for applications in healthcare, such as radiology, anesthesiology, emergency medicine, and secure chat services. The resource group is designed to ensure operational efficiency while adhering to necessary compliance and security standards.

Resources

1. Microsoft Cognitive Services Accounts

The template contains numerous instances of the Cognitive Services account type, each with a set of dependent Defender for AI settings and deployments.

a. Defender for AI Settings

  • Type: Microsoft.CognitiveServices/accounts/defenderForAISettings
  • Names: Various names are derived from parameters (e.g., accounts_open_ai_bgr_name, accounts_ahha_open_ai_name).
  • Purpose: These settings are primarily configured to be in a Disabled state, indicating that security monitoring features may need to be explicitly activated.
  • Relationships: Each Defender setting has a dependency on its respective Cognitive Services account, ensuring that AI protection can appropriately monitor activities linked to each model or deployment under the account.

b. Deployments

  • Type: Microsoft.CognitiveServices/accounts/deployments
  • Names: Several deployment names corresponding to the model types, such as gpt-35-turbo, text-embedding-ada-002, etc.
  • Purpose: These deployments reference specific AI models for various tasks, such as text generation, embeddings, and conversational AI.
  • Properties:
    • Current Capacity: Each deployment has a defined capacity (e.g., 120, 60, etc.) indicating the processing scale it can handle.
    • Model Specifications: Each uses different OpenAI models with versioning details (e.g., gpt-35-turbo-16k, text-embedding-ada-002).
    • Version Upgrade Options: Some deployments allow for upgrades once new default versions are available.
  • Relationships: Each deployment is directly dependent on its respective Cognitive Services account.

2. Content Moderation Policies

  • Type: Microsoft.CognitiveServices/accounts/raiPolicies
  • Names: Numerous policies such as WayneCarlsonNSF-NoContent, EmergencyMedContentFilter, etc.
  • Purpose: These policies define content filtering strategies for deployments, employing various filters to block or monitor specific content types, like hate speech or violence.
  • Security Consideration: Several policies are set to "Blocking," ensuring proactive engagement in preventing harmful interactions.

Data Storage

Data is primarily involved where the Cognitive Services accounts interact with AI models. However, the template does not specify traditional data storage resources like Azure Storage accounts or databases. Cognitive Services handle data transactions transiently, meaning data does not persist in conventional storage unless explicitly managed by the application making requests to these models.

Networking

The configuration does not explicitly detail networking setups such as virtual networks, IP addresses, or specific subnet configurations within the provided ARM template. Each Cognitive Services account typically operates within Azure’s infrastructure without public IP addresses unless accessing services externally via endpoints, which are needed for inter-communication between deployed models.

Security Overview

Security in this resource group is primarily enforced through:

  • Defender for AI Settings: Even though many of these are set to disabled, they are foundational if the organization wishes to deploy AI solutions that guard against misuse or abuse of the AI technology, particularly in sensitive fields like healthcare.
  • Content Filtering Policies:
    • The presence of blocking policies helps mitigate risks associated with AI-generated content.
    • It’s essential to review and adjust these policies regularly to respond to evolving threats.

Recommendations:

  1. Enable Defender for AI Settings: Activate defender settings across all accounts to provide an additional layer of security.
  2. Regularly Audit RAI Policies: Ensure that the policies align with organizational needs and compliance requirements.
  3. Implement Monitoring: Set up logging and monitoring to capture any anomalous activity around model deployments for rapid incident response.

Other Information

Cost Management

  • Cognitive Services can incur costs based on the number of API calls, deployment capacity, and the types of models deployed. It’s important to analyze usage metrics periodically to manage and optimize costs effectively.

Scalability

  • The resource group is built to scale based on model usage. The defined capacities provide an ability to enable more instances as per demand, aiding in accommodating peak loads without degradation in performance.

Unique Configuration

  • Use of AI deployment versions signifies adaptability; staying updated with AI model releases ensures leveraging improvements and innovations in the AI capabilities over time.

In conclusion, this documentation provides an essential overview of the wusm-prod-rg-main resource group, illustrating its resources, data handling, network configuration, security posture, and operational insights necessary for effective management.

Note: This document was generated using the Azure Assistants script and an LLM

Table of Contents

Updated on October 30, 2024