|
| 1 | +### VS Code Dev Containers |
| 2 | + |
| 3 | +You can run this solution in VS Code Dev Containers, which will open the project in your local VS Code using the [Dev Containers extension](https://marketplace.visualstudio.com/items?itemName=ms-vscode-remote.remote-containers): |
| 4 | + |
| 5 | +1. Open the project: |
| 6 | + |
| 7 | + [](https://vscode.dev/redirect?url=vscode://ms-vscode-remote.remote-containers/cloneInVolume?url=https://github.com/microsoft/Deploy-Your-AI-Application-In-Production) |
| 8 | + |
| 9 | +3. In the VS Code window that opens, once the project files show up (this may take several minutes), open a terminal window. |
| 10 | +4. Continue with the [deploying steps](#steps-to-provision-network-isolated-environment-using-dev-container). |
| 11 | + |
| 12 | +# Steps to Provision Network Isolated environment using Dev Container |
| 13 | + |
| 14 | +1. Log into your Azure subscription: |
| 15 | + |
| 16 | + ```shell |
| 17 | + azd auth login |
| 18 | + ``` |
| 19 | + |
| 20 | +  |
| 21 | + |
| 22 | +  |
| 23 | + |
| 24 | +  |
| 25 | + |
| 26 | +2. Login to azure, run the below command: |
| 27 | + ```shell |
| 28 | + az login |
| 29 | + ``` |
| 30 | + The [Azure CLI](https://learn.microsoft.com/en-us/cli/azure/what-is-azure-cli?view=azure-cli-latest) is used to validate available AI model quota. |
| 31 | + |
| 32 | +  |
| 33 | + |
| 34 | +3. Now start the deployment of the infrastructure by typing the below command: |
| 35 | + ```shell |
| 36 | + azd up |
| 37 | + ``` |
| 38 | + > ⚠️ **Note:** The latest version of the Azure Developer CLI (AZD) is currently limited on prompting for missing parameters. The feature flag parameters in this solution have been temporarily defaulted to `'disabled'` until this limitation is lifted and prompting will resume. |
| 39 | + |
| 40 | + |
| 41 | +  |
| 42 | + |
| 43 | + This step will allow you to choose from the subscriptions you have available, based on the account you logged in with in the login step. Next it will prompt you for the region to deploy the resources into as well as any additional Azure resources to be provisioned and configured. |
| 44 | + |
| 45 | + **Important:** Be sure to remember the vm password. This will be used in a later step. You are still required to log into Azure once you connect through the virtual machine. |
| 46 | + |
| 47 | +6. The automated model quota check will run, and will check if the location selected will have the necessary quota for the AI Models that are listed in the parameters file prior to deploying any resources. |
| 48 | +  |
| 49 | + |
| 50 | + |
| 51 | + If the location selected has sufficient quota for the models you plan to deploy, the provisioning will begin without notification. |
| 52 | + |
| 53 | +  |
| 54 | + |
| 55 | + If the location selected does not have the available quota for the models selected in your parameters, there will be a message back to the user, prior to any provisioning of resources. This will allow the developer to change the location of the provisiong and try again. Note that in our example, Italy North had capacity for gpt-4o but not for text-embedding-ada-002. This terminated the entire provisioning, because both models could not be deployed due to a quota issue. |
| 56 | + |
| 57 | +  |
| 58 | + |
| 59 | +7. After completeing the required paramters that you were prompted for, and a successful model quota validation, the provisioning of resources will run and deploy the Network Isolated AI Foundry development portal and dependent resources in about 20 minutes. |
| 60 | + |
| 61 | + |
| 62 | +# Post Deployment Steps: |
| 63 | +These steps will help to check that the isolated environment was set up correctly. |
| 64 | +Follow these steps to check the creation of the required private endpoints in the environment (when set to networkIsolation = true). |
| 65 | + |
| 66 | +One way to check if the access is private to the hub is to launch the AI Foundry hub from the portal. |
| 67 | + |
| 68 | + |
| 69 | + |
| 70 | +When a user that is not connected through the virtual network via an RDP approved connection will see the following screen in their browser. This is the intended behavior! |
| 71 | + |
| 72 | + |
| 73 | + |
| 74 | +A more thourough check is to look for the networking settings and checking for private end points. |
| 75 | + |
| 76 | +1. Go to the Azure Portal and select your Azure AI hub that was just created. |
| 77 | + |
| 78 | +2. Click on Settings and then Networking. |
| 79 | + |
| 80 | +  |
| 81 | + |
| 82 | +3. Open the Workspace managed outbound access tab. |
| 83 | + |
| 84 | +  |
| 85 | + |
| 86 | + Here, you will find the private endpoints that are connected to the resources within the hub managed virtual network. Ensure that these private endpoints are active. |
| 87 | + The hub should show that Public access is ‘disabled’. |
| 88 | + |
| 89 | +## Connecting to the isolated network via RDP |
| 90 | +1. Navigate to the resource group where the isolated AI Foundry was deployed to and select the virtual machine. |
| 91 | + |
| 92 | +  |
| 93 | + |
| 94 | +2. Be sure that the Virtual Machine is running. If not, start the VM. |
| 95 | + |
| 96 | +  |
| 97 | + |
| 98 | +3. Select “Bastion” under the ‘Connect’ heading in the VM resource. |
| 99 | + |
| 100 | +  |
| 101 | + |
| 102 | +4. Supply the username and the password you created as environment variables and press the connect button. |
| 103 | + |
| 104 | +  |
| 105 | + |
| 106 | +5. Your virtual machine will launch and you will see a different screen. |
| 107 | + |
| 108 | +  |
| 109 | + |
| 110 | +6. Launch Edge browser and navigate to your AI Foundry Hub. https://ai.azure.com Sign in using your credentials. |
| 111 | + |
| 112 | + |
| 113 | +7. You are challenged by MFA to connect. |
| 114 | + |
| 115 | +  |
| 116 | + |
| 117 | +8. You will now be able to view the Foundry Hub which is contained in an isolated network. |
| 118 | + |
| 119 | +  |
| 120 | + |
| 121 | +## Contributing |
| 122 | + |
| 123 | +This project welcomes contributions and suggestions. Most contributions require you to agree to a |
| 124 | +Contributor License Agreement (CLA) declaring that you have the right to, and actually do, grant us |
| 125 | +the rights to use your contribution. For details, visit https://cla.opensource.microsoft.com. |
| 126 | + |
| 127 | +When you submit a pull request, a CLA bot will automatically determine whether you need to provide |
| 128 | +a CLA and decorate the PR appropriately (e.g., status check, comment). Simply follow the instructions |
| 129 | +provided by the bot. You will only need to do this once across all repos using our CLA. |
| 130 | + |
| 131 | +This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). |
| 132 | +For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or |
| 133 | +contact [ [email protected]](mailto: [email protected]) with any additional questions or comments. |
| 134 | + |
| 135 | +## Trademarks |
| 136 | + |
| 137 | +This project may contain trademarks or logos for projects, products, or services. Authorized use of Microsoft |
| 138 | +trademarks or logos is subject to and must follow |
| 139 | +[Microsoft's Trademark & Brand Guidelines](https://www.microsoft.com/en-us/legal/intellectualproperty/trademarks/usage/general). |
| 140 | +Use of Microsoft trademarks or logos in modified versions of this project must not cause confusion or imply Microsoft sponsorship. |
| 141 | +Any use of third-party trademarks or logos are subject to those third-party's policies. |
0 commit comments