Azure Machine Learning Studio - Create Environment with private ACR is blocked by Firewall

Joerg 1 Reputation point
2022-09-22T15:17:03.703+00:00

We have a Azure Machine Learning Studio, which is connected to a private ACR. The ACR sits behind a Firewall and has a private endpoint to our VNET.

In Machine Learning Studio, when using the feature "Environments" -> "Custom Environments" -> "Create" -> "Use existing docker image with conda" and "imagePathInOurPrivateRegistry", we get the error "Logging in to registry: ourregistry.azurecr.io
failed to login, ran out of retries: failed to set docker credentials: Error response from daemon: Get "https://ourregistry.azurecr.io/v2/": denied: client with IP '20.50.200.109' is not allowed access.". A manual approach to fix this, was to whitelist the mentioned IP address in the Firewall Settings of our ACR.

I know there is a public list of IP adresses, which are used by AzureML. But these are way over 300 and I don't think it is a proper solution to whitelist all of them.

What would be the best solution to fix this?

  • This article ( https://learn.microsoft.com/en-us/azure/machine-learning/how-to-secure-workspace-vnet?tabs=pe%2Ccli#azure-container-registry-1) states an environment has to be created from one of our Compute Instances, which can be placed in our VNET. Is there an article describing how to create a custom environment via Compute Instance? This seems to me a rather complicated way for a feature, which is directly included in Azure ML. Do I miss something here?
  • Is there a way to get the IP Address of our current Azure ML Studio?
  • When creating this environment, what hardware or compute instance is used? Our ML workspace currently has only one Compute Cluster, which is integrated in our VNET. There is no compute instance.

Thanks in advance and kind regards!

Azure Container Registry
Azure Container Registry
An Azure service that provides a registry of Docker and Open Container Initiative images.
367 questions
Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
2,482 questions
{count} votes