AzureML workspace: IP addresses of compute instances and clusters

Zhenlong Li 1 Reputation point
2021-11-11T21:32:05+00:00

For the compute instances/clusters in our AzureML studio workspace to communicate with our Snowflake server, we need to provide their IP addresses to Snowflake admin for whitelisting.

  1. When a compute instance is created, it comes with a static IP address, which is random. Is it possible to limit the IP addresses to a pre-defined range so that our snowflake admin can whitelist the range, instead of individual IP address of each compute instance?
  2. When a cluster is created, the IP address changes each time it is scaled up from 0 nodes. This makes it impossible to whitelist. Is it possible to limit the IP address to a pre-defined range as well?
    Our AzureML workspace is currently not behind any virtual network yet. Any suggestions about the direction to secure our workspace and facilitate its outbound communication (especially with snowflake servers) are highly appreciated. Thanks!
Azure Machine Learning
Azure Machine Learning
An Azure machine learning service for building and deploying models.
3,128 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,638 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. romungi-MSFT 48,541 Reputation points Microsoft Employee
    2021-11-12T07:26:26.767+00:00

    @Zhenlong Li You can whitelist the range of IPs based on the list published by Azure. The list can be downloaded from here.
    The compute instance and the Azure ML workspace IP range list will differ from region to region so I would advise to lookup your existing IPs that are whitelisted in this list first and confirm if the IP matches within the range that is published. The range usually does not change so frequently so frequent whitelisting will not be required but having a mechanism or automation around validating the list regularly would help your team to pro-actively whitelist the required IPs to not break your existing applications. I hope this helps.

    If an answer is helpful, please click on 130616-image.png or upvote 130671-image.png which might help other community members reading this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.