Use managed compute in a managed virtual network

Learn how to configure compute clusters or compute instances in an Azure Machine Learning managed virtual network.

When you use a managed network, compute resources managed by Azure Machine Learning can participate in the virtual network. Azure Machine Learning compute clusters, compute instances, and managed online endpoints are created in the managed network.

This article focuses on configuring compute clusters and compute instances in a managed network. For information on managed online endpoints, see secure online endpoints with network isolation.

Important

If you plan on using serverless Spark jobs, see the managed virtual network article for configuration information. These steps must be followed when configuring the managed virtual network.

Prerequisites

Before following the steps in this article, make sure you have the following prerequisites:

  • An Azure Machine Learning workspace configured to use a managed virtual network.

  • The Azure CLI and the ml extension to the Azure CLI. For more information, see Install, set up, and use the CLI (v2).

    Tip

    Azure Machine Learning managed virtual network was introduced on May 23rd, 2023. If you have an older version of the ml extension, you might need to update it for the examples in this article work. To update the extension, use the following Azure CLI command:

    az extension update -n ml
    
  • The CLI examples in this article assume that you're using the Bash (or compatible) shell. For example, from a Linux system or Windows Subsystem for Linux.

  • The Azure CLI examples in this article use ws to represent the name of the workspace, and rg to represent the name of the resource group. Change these values as needed when using the commands with your Azure subscription.

Configure compute resources

Use the following tabs to learn how to configure compute clusters and compute instances in a managed virtual network:

Tip

When using a managed virtual network, compute clusters and compute instances are automatically created in the managed network. The following steps focus on configuring the compute resources to not use a public IP address.

To create a compute cluster with no public IP, use the following command:

az ml compute create --name cpu-cluster --resource-group rg --workspace-name ws --type AmlCompute --set enable_node_public_ip=False

To create a compute instance with no public IP, use the following command:

az ml compute create --name myci --resource-group rg --workspace-name ws --type ComputeInstance --set enable_node_public_ip=False

Limitations

  • Creating a compute cluster in a different region than the workspace isn't supported when using a managed virtual network.
  • If the compute is in a managed network and also configured for no public IP, use the az ml compute connect-ssh command to connect to the compute instance over SSH.

Migration of compute resources

If you have an existing workspace and want to enable managed virtual network for it, there's currently no supported migration path for existing manged compute resources. You'll need to delete all existing managed compute resources and recreate them after enabling the managed virtual network. The following list contains the compute resources that must be deleted and recreated:

  • Compute cluster
  • Compute instance
  • Managed online endpoints

Next steps