Category: News
Scvmm iscsi dell storage
Hello all,
I have one unity xt 380 that i want to connect to scvmm. The unity has iscsi interfaces 192.168.x.x and management at different subnet.
I cannot connect to the iscsi through smi-s from scvmm. Can you please help.
Hello all,I have one unity xt 380 that i want to connect to scvmm. The unity has iscsi interfaces 192.168.x.x and management at different subnet. I cannot connect to the iscsi through smi-s from scvmm. Can you please help. Read More
Configuration Manager technical preview version 2401
Automated diagnostic Dashboard for Software Update Issues
A new dashboard is added to the console under monitoring workspace which shows the diagnosis of the software update issues in your environment. You can fix software update issues based on CM troubleshooting documentation.
Introducing Centralized Search box: Effortlessly Find What You Need in the Console!
Users can now use the global search box in CM console which streamlines the search experience and centralizes access to information. This enhances the overall usability, productivity and effectiveness of CM. Users no longer need to navigate through multiple nodes or sections/ folders to find information they require, saving valuable time and effort.
Microsoft Azure Active Directory rebranded to Microsoft Entra ID
Starting Configuration Manager version 2403, Microsoft Azure Active Directory is renamed to Microsoft Entra ID within Configuration Manager.
Enhancement in Deploying Software Packages with Dynamic Variables
With the introduction of retry count in UI administrators while deploying the “Install Software Package” via Dynamic variable with “Continue on error” unchecked to clients, won’t be notified with task sequence failures even if package versions on the distribution point are updated.
Enabling Auto-Image Patching for CMG Virtual Machine Scale Set
With this version of CM Configuration Manager Cloud Management Gateway (CMG) Virtual Machine Scale introduces enabling of Auto-Image Patching for seamless and automated updates to ensure your environment stays current and secure with this efficient solution.
Window 11 Readiness dashboard to support Windows 23H2
With this version of Configuration Manager, the Windows 11 readiness dashboard will show charts for Windows 23H2.
HTTPS or Enhanced HTTP should be enabled for client communication from this version of Configuration Manager
HTTP-only communication is deprecated, and support is removed from this version of Configuration Manager. Please enable HTTPS or Enhanced HTTP for client communication.
Upgrade to CM 2403 is blocked if CMG V1 is running as a cloud service (classic)
The option to upgrade Configuration Manager 2403 is blocked if you’re running cloud management gateway V1 (CMG) as a cloud service (classic).All CMG deployments should use a virtual machine scale set.
Windows Server 2012/2012 R2 operating system site system roles aren’t supported from this version of Configuration Manager
Starting 2403, Windows Server 2012/2012 R2 operating system site system roles aren’t supported in any CB releases.
Improvements to Bitlocker
This release includes the following improvements to Bitlocker:
Based on your feedback, this feature ensures proper verification of key escrow and prevents message drops. We now validate whether the key is successfully escrowed to the database, and only on successful escrow we add the key protector.
This feature prevents a potential data loss scenario where BitLocker is protecting the volumes with keys that are never backed up to the database, in any failures to escrow happens.
Update 2401 for Technical Preview Branch is available in the Microsoft Configuration Manager Technical Preview console. For new installations, the 2401 baseline version of Microsoft Configuration Manager Technical Preview Branch is available on the link: CM2401TP-Baseline or from Eval center
Technical Preview Branch releases give you an opportunity to try out new Configuration Manager features in a test environment before they are made generally available.
We would love to hear your thoughts about the latest Technical Preview! Send us feedback directly from the console.
Thanks,
The Configuration Manager team
Configuration Manager Resources:
Documentation for Configuration Manager Technical Previews
Try the Configuration Manager Technical Preview Branch
Documentation for Configuration Manager
Microsoft Tech Community – Latest Blogs –Read More
Partner Blog | What’s new for Microsoft Partners: January 2024 edition
Written by Andrew Smith, General Manager, Partner Program Management
AI and other emerging technologies continue to revolutionize our industry, pushing the boundaries of what is possible and surfacing new customer priorities. As you strategize for the year ahead, membership in the Microsoft AI Cloud Partner Program connects you to tools, resources, and potential collaborators to advance your business in the direction of your goals. Stay up to date on the latest program offerings with this summary of the top stories from the past few months:
Continue reading here
Microsoft Tech Community – Latest Blogs –Read More
Customer review: AnnounceBot connects teams by celebrating birthday and work anniversary events
AnnounceBot Automated and Personalized Greetings, a solution published to Microsoft AppSource, helps companies celebrate special occasions like birthdays, work anniversaries, and welcoming new hires. With minimal setup and no calendars or manual work, AnnounceBot increases engagement, collaboration, and retention.
Microsoft interviewed Stephen Cornell, Service Director, Protected Trust, to learn what he had to say about the app.
What do you like best about AnnounceBot?
We absolutely love how easy AnnounceBot is to use! It is user-friendly, and setting it up was quick. Before using AnnounceBot, social media was our only way to track birthdays, which means some folks got left out. And work anniversaries were out of the picture. Since we started using AnnounceBot, we have never missed a birthday or work anniversary. It’s all automatic now.
How has AnnounceBot helped your organization?
Keeping the team engaged became challenging when we transitioned into working remotely. AnnounceBot helped us rebuild team connections by providing a centralized system to celebrate special events. Now, everyone engages in birthday and work anniversary posts, makes jokes, and tells stories about times we were all together in an office. It is a small gesture that has made a big difference in our company culture.
How is customer service and support?
I wanted to know how to check birthdays that are getting tracked. The support team responded within an hour and provided the information I needed.
Any recommendations or insights for other users considering AnnounceBot?
My suggestion would be to set it up in a small team first, just to get the hang of it. Test it out there before you go big and use it for the whole organization.
On a scale from 1 to 5 (5 being the highest), what is your overall rating for this AnnounceBot?
I would give AnnounceBot a 4.5 only because I think they should support Microsoft Entra ID (formerly Azure Active Directory) integration to make birthdate and joining date collection even smoother.
Microsoft Tech Community – Latest Blogs –Read More
MAC address assignment strategies for tenant VMs running on Stack-HCI environment
Azure Stack HCI is a hyperconverged infrastructure (HCI) cluster solution consists of windows servers (Hyper-V), Storage Spaces Direct, and Azure-inspired SDN. All clustered servers share common configurations and resources by leveraging the Windows Server Failover Clustering feature. A Windows Failover Cluster consists of multiple windows servers running in a cluster to provide high availability i.e. If one server node goes down, then another node takes over. We can create multiple VMs on the failover cluster. VMs can be connected to different tenant networks. In this case we need to make sure VM connected on network ‘A’ with static ip should persist same network configuration even if it gets migrated from one node to another within a cluster. This is possible by assigning static MAC/static IP for the VM. But how to get free and unique MAC to assign to VM, there are different ways to solve this problem. In this article we will discuss some of them with pros and cons. (Note: solutions discussed in this article are just to suggestions, can not be considered optimal solutions)
Before this, lets understand first things required to create a tenant VM. To create tenant VM connected to tenant network in stack-hci following steps are performed.
1. Create a new VM with vm network adapter having static MAC assigned
2. Create a new network interface on network controller service(running on SDN) having same MAC and static IP assigned.
3. Associate created network adapter with network interface controller, to make vm gets tenant network connection.
Following powershell commands perform above steps logically.
# 1. vm creation with static MAC
New-VM -Generation 2 -Name “MyVM” -Path “C:VMsMyVM” -MemoryStartupBytes 4GB -VHDPath “C:VMsMyVMVirtual Hard DisksWindowsServer2016.vhdx” -SwitchName “SDNvSwitch”
Set-VM -Name “MyVM” -ProcessorCount 4
# Setting static MAC
Set-VMNetworkAdapter -VMName “MyVM” -StaticMacAddress “00-11-22-33-44-55”
# Creating network interface on networkcontroller with same mac/static IP
$vnet = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId “Contoso_WebTier”
$vmnicproperties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceProperties
$vmnicproperties.PrivateMacAddress = “001122334455”
$vmnicproperties.PrivateMacAllocationMethod = “Static”
$vmnicproperties.IsPrimary = $true
$vmnicproperties.DnsSettings = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceDnsSettings
$vmnicproperties.DnsSettings.DnsServers = @(“24.30.1.11”, “24.30.1.12”)
$ipconfiguration = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfiguration
$ipconfiguration.resourceid = “MyVM_IP1”
$ipconfiguration.properties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfigurationProperties
$ipconfiguration.properties.PrivateIPAddress = “24.30.1.101”
$ipconfiguration.properties.PrivateIPAllocationMethod = “Static”
$ipconfiguration.properties.Subnet = New-Object Microsoft.Windows.NetworkController.Subnet
$ipconfiguration.properties.subnet.ResourceRef = $vnet.Properties.Subnets[0].ResourceRef
$vmnicproperties.IpConfigurations = @($ipconfiguration)
New-NetworkControllerNetworkInterface –ResourceID “MyVM_Ethernet1” –Properties $vmnicproperties –ConnectionUri $uri
$nic = Get-NetworkControllerNetworkInterface -ConnectionUri $uri -ResourceId “MyVM_Ethernet1”
#Do not change the hardcoded IDs in this section, because they are fixed values and must not change.
# 3. Finally make association of vm network adapter with nic created in last step
$FeatureId = “9940cd46-8b06-43bb-b9d5-93d50381fd56”
$vmNics = Get-VMNetworkAdapter -VMName “MyVM”
$CurrentFeature = Get-VMSwitchExtensionPortFeature -FeatureId $FeatureId -VMNetworkAdapter $vmNics
if ($CurrentFeature -eq $null) {
$Feature = Get-VMSystemSwitchExtensionPortFeature -FeatureId $FeatureId
$Feature.SettingData.ProfileId = “{$($nic.InstanceId)}”
$Feature.SettingData.NetCfgInstanceId = “{56785678-a0e5-4a26-bc9b-c0cba27311a3}”
$Feature.SettingData.CdnLabelString = “TestCdn”
$Feature.SettingData.CdnLabelId = 1111
$Feature.SettingData.ProfileName = “Testprofile”
$Feature.SettingData.VendorId = “{1FA41B39-B444-4E43-B35A-E1F7985FD548}”
$Feature.SettingData.VendorName = “NetworkController”
$Feature.SettingData.ProfileData = 1
Add-VMSwitchExtensionPortFeature -VMSwitchExtensionFeature $Feature -VMNetworkAdapter $vmNics
} else {
$CurrentFeature.SettingData.ProfileId = “{$($nic.InstanceId)}”
$CurrentFeature.SettingData.ProfileData = 1
Set-VMSwitchExtensionPortFeature -VMSwitchExtensionFeature $CurrentFeature -VMNetworkAdapter $vmNics
}
Get-VM -Name “MyVM” | Start-VM
To make sure VMs works fine even after migration in windows failover cluster, we need to assign static MAC and static IP. To get available and unique MAC is challenge here. We will see following ways to solve this problem with pros and cons.
Generating random MAC on node
Assign dedicated unique MAC address range for every Node in cluster and Generating free MAC from Node from pool of MAC address range.
Get free MAC from Network controller service and use same on VM
Lets discuss each approach in detailed-
1. Generating random MAC on node
This is very simple approach, where we will generate random MAC and same will be used. It includes below steps:
Generate valid MAC on node, where we need to create VM(or new network interface).
Set same MAC on vm network adapter as static
Set same MAC on network interface along with static IP
Following is powershell script performs same above logical steps:
New-VM -Name $vm_name -MemoryStartupBytes $vm_memory -BootDevice VHD -VHDPath $image_path -Path $vm_data_path -Generation $vm_generation -SwitchName $switch_name
Add-ClusterVirtualMachineRole -vmname $vm_name -Name $vm_name
Start-Sleep -Seconds 3
############## Random MAC address generation and assignment
# script block for mac address assingment kept in retry block
$mac_address = Retry-Command -ScriptBlock {
# do something
# found used in az-auto-setup
#$mac_address=(“{0:D12}” -f ( Get-Random -Minimum 0 -Maximum 99999 ))
$mac_address = (0..5 | ForEach-Object { ‘{0:x}{1:x}’ -f (Get-Random -Minimum 0 -Maximum 15), (Get-Random -Minimum 0 -Maximum 15) }) -join ‘-‘
write-host “Tring to set : $mac_address”
Set-VMNetworkAdapter -VMName $vm_name -StaticMacAddress “$mac_address”
write-host “Mac set succssfully: $mac_address”
Start-Sleep -Milliseconds 500
Write-host $( Get-VMNetworkAdapter -VMName $vm_name ).MacAddress
return $mac_address
}
write-host “Mac set succssfully: $mac_address”
Write-host ‘VM created..’
##########################################################################
# network configuration starts here..
# you can refer for more info: https://learn.microsoft.com/en-us/windows-server/networking/sdn/manage/create-a-tenant-vm#prerequisites
$vnet = Get-NetworkControllerVirtualNetwork -ConnectionUri $uri -ResourceId $vnet_name
$vmnicproperties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceProperties
# give same mac address below as created before..
$mac = -join($mac_address.split(“-“)).toupper()
$vmnicproperties.PrivateMacAddress = $mac
Write-host $mac
$vmnicproperties.PrivateMacAllocationMethod = “Static”
$vmnicproperties.IsPrimary = $true
$vmnicproperties.DnsSettings = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceDnsSettings
#$vmnicproperties.DnsSettings.DnsServers = @(“192.168.1.254”, “8.8.8.8”)
$vmnicproperties.DnsSettings.DnsServers = $dns_server
$ipconfiguration = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfiguration
$ipconfiguration.resourceid = $vm_name + “_IP1”
$ipconfiguration.properties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfigurationProperties
$ipconfiguration.properties.PrivateIPAddress = $ip_address
$ipconfiguration.properties.PrivateIPAllocationMethod = “Static”
$ipconfiguration.properties.Subnet = New-Object Microsoft.Windows.NetworkController.Subnet
# do: programatically decide subnet full ref, or form path directly
# $ipconfiguration.properties.subnet.ResourceRef = $vnet.Properties.Subnets[0].ResourceRef
$ipconfiguration.properties.subnet.ResourceRef = “/virtualNetworks/” + $vnet_name + “/subnets/” + $subnet_name
$vmnicproperties.IpConfigurations = @($ipconfiguration)
$NIC_name = $vm_name + “_Eth1”
New-NetworkControllerNetworkInterface -ResourceID $NIC_name -Properties $vmnicproperties -ConnectionUri $uri -Confirm:$false -force
Write-host ‘NIC config created..’
Start-Sleep -Seconds 8
$nic = Get-NetworkControllerNetworkInterface -ConnectionUri $uri -ResourceId $NIC_name
#########################################################################
#Do not change the hardcoded IDs in this section, because they are fixed values and must not change.
$FeatureId = “9940cd46-8b06-43bb-b9d5-93d50381fd56”
$vmNics = Get-VMNetworkAdapter -VMName $vm_name
$CurrentFeature = Get-VMSwitchExtensionPortFeature -FeatureId $FeatureId -VMNetworkAdapter $vmNics
if ($CurrentFeature -eq $null)
{
$Feature = Get-VMSystemSwitchExtensionPortFeature -FeatureId $FeatureId
$Feature.SettingData.ProfileId = “{$( $nic.InstanceId )}”
$Feature.SettingData.NetCfgInstanceId = “{56785678-a0e5-4a26-bc9b-c0cba27311a3}”
$Feature.SettingData.CdnLabelString = “TestCdn”
$Feature.SettingData.CdnLabelId = 1111
$Feature.SettingData.ProfileName = “Testprofile”
$Feature.SettingData.VendorId = “{1FA41B39-B444-4E43-B35A-E1F7985FD548}”
$Feature.SettingData.VendorName = “NetworkController”
$Feature.SettingData.ProfileData = 1
Add-VMSwitchExtensionPortFeature -VMSwitchExtensionFeature $Feature -VMNetworkAdapter $vmNics
}
else
{
$CurrentFeature.SettingData.ProfileId = “{$( $nic.InstanceId )}”
$CurrentFeature.SettingData.ProfileData = 1
Set-VMSwitchExtensionPortFeature -VMSwitchExtensionFeature $CurrentFeature -VMNetworkAdapter $vmNics
}
Write-host ‘finally applying setting..’
Start-Sleep -Seconds 5
Get-VM -Name $vm_name | Start-VM
But this approach has following problems :
There is possibility that two vms running on same cluster may got same MAC and it may create MAC conflict issue after migration.
Some specific MAC range is not allowed to be assigned, in this case we need to keep retrying random generation, which is not good.
Very difficult to keep track of used MAC addresses.
So this method is not reliable and not recommended.
2. Assign dedicated unique MAC address pool range for every Node in cluster and Generating free MAC from Node’s MAC address range pool.
We can preassign unique dedicated MAC address pool range to every node(hyper-v) in cluster, so whenever we need to create new network interface we will first get free MAC from the pool of node where vm will be running. Same MAC will be made static on vm network adapter and network interface followed by static ip. Following are logical steps need to perform:
1. Get free MAC from Node’s MAC pool range.
2. Assign same static MAC on VM network adapter
3. Set same MAC on network interface along with static IP
Following is an example of MAC pool range distribution plan for 255 clusters, 16 hosts each:
00-15-5D-[c1][c2]-[h1][v1]-[v2][v3]
field c1, c2: will indicate a cluster. 00 to FF : Max 255 clusters can be created.
field h1 – will be for host/node identification in a cluster. 0 to F = max 16 hosts in a cluster.
field v1,v2,v3 will be used for vms. 000 to FFF = 16*16*16 = total 4096 possible vms/network interfaces per node can be created.
But main challenge here is there is no api or command available to get free MAC from node pool. There is a workaround that to get MAC assigned from the pool, we need to create dummy network adapter with dynamic configuration and start vm for a moment to get free dynamic MAC assigned from node pool range. Then we need to stop vm and revert the change and using same MAC we need to create static one and same steps need to be followed. This is not good approach since this is just a workaround, where dummy resource need to create.
# creating new network adapter with dynamic MAC
Add-VMNetworkAdapter -VMName $vm_name -SwitchName $switch_name -Name $adapter_name
# starting and stopping vm to get free MAC from node pool
Start-VM -VMName $vm_name; Stop-VM -VMName $vm_name -Force
# reading assigned dynamic MAC
$mac_address = (Get-VMNetworkAdapter -VMName $vm_name -Name $adapter_name).MacAddress
# make same MAC as static
Set-VMNetworkAdapter -VMName $vm_name -Name $adapter_name -StaticMacAddress $mac_address
# rest steps are same for network interface creation
3. Get free MAC from Network controller service and use same on VM network adapter.
There is a dedicated centralized network controller service on every Stack-hci cluster, where we can setup global MAC address range pool at network controller service. When we create new network interface on network controller service with dynamic configuration, then it assign free MAC from the global free pool. It is very reliable solution since it is a centralized service. In this, we will follow below steps
Create a Network interface in Network controller service with dynamic MAC assignment config, to get assigned free MAC from global MAC range.
Read assigned MAC on network interface
Assign same MAC address to vm network adapter as static.
The following powershell commands perform above steps (Note: please use appropriate values in place of parameters):
# Creating network interface with dynamic MAC config on network controller
$vmnicproperties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceProperties
$vmnicproperties.PrivateMacAllocationMethod = “Dynamic“
$vmnicproperties.IsPrimary = $true
$vmnicproperties.DnsSettings = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceDnsSettings
$vmnicproperties.DnsSettings.DnsServers = $dns_server
$ipconfiguration = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfiguration
$ipconfiguration.resourceid = $vm_name + “_IP1”
$ipconfiguration.properties = New-Object Microsoft.Windows.NetworkController.NetworkInterfaceIpConfigurationProperties
$ipconfiguration.properties.PrivateIPAddress = $ip_address
$ipconfiguration.properties.PrivateIPAllocationMethod = “Static”
$ipconfiguration.properties.Subnet = New-Object Microsoft.Windows.NetworkController.Subnet
$ipconfiguration.properties.subnet.ResourceRef = “/virtualNetworks/” + $vnet_name + “/subnets/” + $subnet_name
$vmnicproperties.IpConfigurations = @($ipconfiguration)
$NIC_name = $vm_name + “_Eth1”
New-NetworkControllerNetworkInterface -ResourceID $NIC_name -Properties $vmnicproperties -ConnectionUri $uri -Confirm:$false -force
Write-host ‘NIC config created..’
Start-Sleep -Seconds 8
$nic = Get-NetworkControllerNetworkInterface -ConnectionUri $uri -ResourceId $NIC_name
# Read obtained free MAC from global pool
$mac_address = $nic.Properties.PrivateMacAddress -replace ‘..(?!$)’, ‘$&-‘
###### Vm creation flow starts from here. We will set static MAC here
New-VM -Name $vm_name -MemoryStartupBytes $vm_memory -BootDevice VHD -VHDPath $image_path -Path $vm_data_path -Generation $vm_generation -SwitchName $switch_name
Add-ClusterVirtualMachineRole -vmname $vm_name -Name $vm_name
Set-VMNetworkAdapter -VMName $vm_name -StaticMacAddress “$mac_address“
write-host “Mac set succssfully: $mac_address“
Conclusion:
The third/last approach discussed in this article seems to be easy and more reliable, since we are consuming MAC from centralized network controller service. We will never face problem of MAC conflicts incase VMs get migrated from one node to another.
Microsoft Tech Community – Latest Blogs –Read More
Secure Your Machine Learning Workspace with Virtual Network
Introduction
Machine learning (ML) is a branch of artificial intelligence that enables computers to learn from data and make predictions or decisions. ML applications often require access to large amounts of data, compute resources, and external services. To ensure the security and privacy of these resources, it is essential to isolate the ML workspace from unauthorized or malicious access. One way to achieve this is by using a virtual network (VNet).
What is a Virtual Network?
A virtual network is a logical representation of a network that is isolated from other networks. A VNet can have its own IP address space, subnets, routing tables, firewalls, and network security groups. A VNet can also connect to other VNets, on-premises networks, or the internet, depending on the configuration and permissions. A VNet allows the user to control the network traffic and access policies for the resources within the VNet.
Why Use a Virtual Network for Machine Learning?
Using a VNet for machine learning has several advantages, such as:
Enhanced security: A VNet can protect the ML workspace and its associated resources from unauthorized or malicious access. For instance, a VNet can restrict the access to the data sources, compute targets, and web services that are used by the ML workspace. A VNet can also prevent the leakage of sensitive data or intellectual property from the ML workspace to the internet or other networks.
Improved performance: A VNet can improve the performance of the ML workspace by reducing the latency and bandwidth consumption of the network traffic. For instance, a VNet can enable the ML workspace to access the data sources and compute targets within the same region or data centre, avoiding the cross-region or cross-premises network overhead. A VNet can also optimize the network routing and traffic management for the ML workspace.
Increased flexibility: A VNet can increase the flexibility of the ML workspace by allowing the user to customize the network configuration and policies. For instance, a VNet can enable the user to choose the IP address range, subnet size, firewall rules, and network security groups for the ML workspace. A VNet can also enable the user to integrate the ML workspace with other VNets, on-premises networks, or the internet, depending on the business needs and compliance requirements.
What is a Microsoft Managed Virtual Network Workspace?
A Microsoft managed virtual network workspace is a type of ML workspace that is created and managed by Microsoft on behalf of the user. A Microsoft managed virtual network workspace uses an isolated and dedicated VNet that is automatically configured and secured by Microsoft. A Microsoft managed virtual network workspace provides the following benefits:
Simplified setup: A Microsoft managed virtual network workspace does not require the user to create or manage the VNet, subnets, routing tables, firewalls, or network security groups. The user only needs to provide the name and region of the ML workspace, and Microsoft will create and manage the VNet for the ML workspace.
Optimized security: A Microsoft managed virtual network workspace uses a VNet that is isolated from other networks and has strict access policies. The VNet only allows the ML workspace and its associated resources to communicate with each other and blocks any external or internal access. The VNet also encrypts the network traffic and data within the VNet.
Seamless integration: A Microsoft managed virtual network workspace supports the integration with other VNets, on-premises networks, or the internet, using the Azure Private Link service. The Azure Private Link service enables the user to securely connect the ML workspace and its associated resources with other resources, without exposing them to the public internet or other networks.
Reduced Dependency: A Microsoft managed virtual network workspace reduces the dependency on the customer to provide an IP address range for the VNet for the workspace. This is because the VNet is automatically configured and secured by Microsoft, which simplifies the setup process and reduces the burden on the customer. As a result, the customer can focus on their machine learning tasks without worrying about the complexities of VNet configuration.
Conclusion
A VNet can provide enhanced security, improved performance, and increased flexibility for the ML workspace and its components. The user can opt for a Microsoft managed virtual network workspace, which simplifies the setup, optimizes the security, and enables the seamless integration of the ML workspace with a VNet.
Microsoft Tech Community – Latest Blogs –Read More
How to Secure Your Machine Learning Workspace with Virtual Network
Introduction
Machine learning (ML) is a branch of artificial intelligence that enables computers to learn from data and make predictions or decisions. ML applications often require access to large amounts of data, compute resources, and external services. To ensure the security and privacy of these resources, it is essential to isolate the ML workspace from unauthorized or malicious access. One way to achieve this is by using a virtual network (VNet).
What is a Virtual Network?
A virtual network is a logical representation of a network that is isolated from other networks. A VNet can have its own IP address space, subnets, routing tables, firewalls, and network security groups. A VNet can also connect to other VNets, on-premises networks, or the internet, depending on the configuration and permissions. A VNet allows the user to control the network traffic and access policies for the resources within the VNet.
Why Use a Virtual Network for Machine Learning?
Using a VNet for machine learning has several advantages, such as:
Enhanced security: A VNet can protect the ML workspace and its associated resources from unauthorized or malicious access. For instance, a VNet can restrict the access to the data sources, compute targets, and web services that are used by the ML workspace. A VNet can also prevent the leakage of sensitive data or intellectual property from the ML workspace to the internet or other networks.
Improved performance: A VNet can improve the performance of the ML workspace by reducing the latency and bandwidth consumption of the network traffic. For instance, a VNet can enable the ML workspace to access the data sources and compute targets within the same region or data centre, avoiding the cross-region or cross-premises network overhead. A VNet can also optimize the network routing and traffic management for the ML workspace.
Increased flexibility: A VNet can increase the flexibility of the ML workspace by allowing the user to customize the network configuration and policies. For instance, a VNet can enable the user to choose the IP address range, subnet size, firewall rules, and network security groups for the ML workspace. A VNet can also enable the user to integrate the ML workspace with other VNets, on-premises networks, or the internet, depending on the business needs and compliance requirements.
What is a Microsoft Managed Virtual Network Workspace?
A Microsoft managed virtual network workspace is a type of ML workspace that is created and managed by Microsoft on behalf of the user. A Microsoft managed virtual network workspace uses an isolated and dedicated VNet that is automatically configured and secured by Microsoft. A Microsoft managed virtual network workspace provides the following benefits:
Simplified setup: A Microsoft managed virtual network workspace does not require the user to create or manage the VNet, subnets, routing tables, firewalls, or network security groups. The user only needs to provide the name and region of the ML workspace, and Microsoft will create and manage the VNet for the ML workspace.
Optimized security: A Microsoft managed virtual network workspace uses a VNet that is isolated from other networks and has strict access policies. The VNet only allows the ML workspace and its associated resources to communicate with each other and blocks any external or internal access. The VNet also encrypts the network traffic and data within the VNet.
Seamless integration: A Microsoft managed virtual network workspace supports the integration with other VNets, on-premises networks, or the internet, using the Azure Private Link service. The Azure Private Link service enables the user to securely connect the ML workspace and its associated resources with other resources, without exposing them to the public internet or other networks.
Reduced Dependency: A Microsoft managed virtual network workspace reduces the dependency on the customer to provide an IP address range for the VNet for the workspace. This is because the VNet is automatically configured and secured by Microsoft, which simplifies the setup process and reduces the burden on the customer. As a result, the customer can focus on their machine learning tasks without worrying about the complexities of VNet configuration.
Conclusion
Using a VNet for machine learning is a trade-off between security, performance, flexibility, complexity, cost, and compatibility. A VNet can provide enhanced security, improved performance, and increased flexibility for the ML workspace and its components, but it can also introduce increased complexity, additional cost, and potential compatibility issues. Therefore, the user should carefully evaluate the advantages and drawbacks of using a VNet for machine learning and choose the best option for their specific scenario and needs. Alternatively, the user can opt for a Microsoft managed virtual network workspace, which simplifies the setup, optimizes the security, and enables the seamless integration of the ML workspace with a VNet.
Microsoft Tech Community – Latest Blogs –Read More