In the rapidly evolving landscape of artificial intelligence, having a unified and efficient platform is crucial for developers and data scientists. Enter Azure AI Foundry, a powerful platform designed to empower innovation and shape the future with AI in a secure and responsible manner. Azure AI Foundry provides a streamlined experience for building, evaluating, and deploying AI models through a web portal, SDK, or CLI. This platform brings together various Azure AI capabilities that were previously available as standalone services, making it easier to create sophisticated AI applications.
Key Takeaways
Azure AI Foundry is a unified platform for building, evaluating, and deploying AI models, accessible via a web portal, SDK, or CLI.
It offers access to key resources, including Azure OpenAI, a Management Center, Hubs, and Projects.
Azure OpenAI can be used with or without a project. Using it without a project is best for features specific to Azure OpenAI.
The Management Center streamlines governance and management of resources.
Hubs are top-level resources that provide security configurations, computing, and connections to other Azure services. They can also contain multiple projects.
Projects, child resources of a hub, are used for building and customizing AI applications with isolated containers for data.
Connections allow hubs and projects to access external resources like Azure Storage and Azure AI services.
Azure AI Foundry is built on the Azure Machine Learning resource provider and other Azure services.
Some resources are managed by Microsoft.
Hubs provide central governance, and projects inherit the hub's security settings.
RBAC and ABAC are used for security, with a control plane proxy simplifying RBAC management.
Data storage utilizes prefixed containers within a default storage account for each project.
Encryption is used for data protection, with an option for customer-managed keys.
Virtual networks secure communication between the hub, projects, and managed resources.
Azure Monitor and Azure Log Analytics provide monitoring.
The Azure AI Foundry SDK simplifies AI application development.
Projects are the best way to use the Azure AI Foundry SDK and connect data, assets, and services.
Azure AI Foundry projects are available in several Azure regions, but feature availability may vary.
The Azure AI Foundry portal integrates with Azure OpenAI Studio.
Key Benefits
Unified Platform: Azure AI Foundry offers a single environment to access a wide range of models, services, and capabilities, making it easier to manage your entire AI development lifecycle.
Collaboration: The platform facilitates team collaboration for the full lifecycle of application development, ensuring that projects can be developed and managed effectively.
Scalability: It enables the transformation of proof of concepts into full-fledged production applications, ensuring continuous monitoring and refinement for long-term success.
Responsible AI: Azure AI Foundry grounds its features and tools in responsible AI practices, promoting the ethical development and deployment of AI solutions.
Azure AI Foundry is ideal for AI developers and data scientists who need a robust, versatile, and collaborative platform to develop and deploy cutting-edge AI applications.
Core Components of the Azure AI Foundry Platform
Azure AI Foundry is composed of several key components that work together to provide a seamless AI development experience.
Azure OpenAI Integration
One of the most significant features of Azure AI Foundry is its seamless integration with Azure OpenAI. This integration allows you to access the latest OpenAI models, deploy them securely, and experiment with them using playgrounds. You can also fine-tune models, implement content filters, and run batch jobs. This integration provides direct access to Azure OpenAI without a project or through a project.
Management Center
The Management Center streamlines the governance and management of Azure AI Foundry resources such as hubs, projects, connected resources, and deployments. It allows you to manage resource utilization and quotas and govern access and permissions across multiple hubs and Azure subscriptions.
Azure AI Foundry Hub
The hub is the top-level resource in the Azure AI Foundry portal, based on the Azure Machine Learning service. It offers several features:
Security configurations with a managed network that spans across projects and model endpoints.
Compute resources for interactive development, fine-tuning, open-source, and serverless model deployments.
Connections to other Azure services, like Azure OpenAI, Azure AI services, and Azure AI Search.
Project management allows for the creation of multiple child projects within a hub.
An associated Azure storage account for data upload and artifact storage.
Azure AI Foundry Project
A project is a child resource of the hub. It provides:
Access to development tools for building and customizing AI applications.
Reusable components, such as datasets, models, and indexes.
An isolated container to upload data within the storage inherited from the hub.
Project-scoped connections, allowing for private access to data stored in an Azure Storage account without granting access to other projects.
Open-source model deployments from the catalog and fine-tuned model endpoints.
Connections
Hubs and projects use connections to access resources from other services, including data in Azure Storage Accounts, Azure OpenAI, and other Azure AI services. These connections can be shared across projects or made specific to one. Connections can use key-based access or Microsoft Entra ID passthrough for authorization.
Azure AI Services
Azure AI Foundry enables the integration of various Azure AI services, providing a wide range of functionalities. These include speech capabilities, content safety, and agent services, enriching the development possibilities within the platform.
Azure Resources and Providers
Azure AI Foundry is built on the Azure Machine Learning resource provider, and it depends on other Azure services.
Resource Providers
The resource providers for these services must be registered in your Azure subscription.
Key Resource Types
Hub: The Azure resource provider is Microsoft.MachineLearningServices/workspaces and the kind of resource is the hub.
Project: The Azure resource provider is Microsoft.MachineLearningServices/workspaces and the kind of resource projects.
Azure AI Services or Azure OpenAI Service: The Azure resource provider is Microsoft.CognitiveServices/account and the kind of resource is AIServices or OpenAI.
Dependent Azure Resources
When a new hub is created, Azure AI Foundry needs to store data, access models, and provide compute resources for AI customization. Dependent resources include:
Azure AI Search: Offers search capabilities for projects.
Azure Storage account: Stores project artifacts such as flows and evaluations.
Azure Key Vault: Stores secrets like connection strings for resource connections.
Azure Container Registry: Stores docker images created when using custom runtime for prompt flow.
Azure Application Insights & Log Analytics Workspace: Used for log storage when you opt in for application-level logging for deployed prompt flows. If you don’t provide these resources when creating a hub, Azure AI Foundry creates them for you.
Microsoft-Hosted Resources and Management
While most resources used by Azure AI Foundry are in your Azure subscription, some are managed by Microsoft.
Managed Resources
These include managed compute resources provided by Azure Batch, a managed virtual network provided by Azure Virtual Network, and metadata storage provided by Azure Storage. The cost for these managed resources appears on your Azure bill under the Azure Machine Learning resource provider.
Customer-Managed Keys
If you use customer-managed keys, the metadata storage resources are created in your subscription.
User Management
You have control over managed compute resources, such as VM sizes, and the configuration of outbound rules for the managed virtual network. Vulnerability management is a responsibility shared by Microsoft and you.
Centralized Governance and Security with Hubs
Hubs provide a central way for teams to govern security, connectivity, and computing resources across playgrounds and projects.
Centralized Control
Hubs allow for the central management of security, connectivity, and resources. Projects created within a hub inherit the same security settings and shared resource access.
Preconfigured Connections
Connections to company resources can be preconfigured within a hub so developers can access them from new project workspaces without delay.
Control Plane Proxy
To simplify Azure RBAC management, Azure AI Foundry provides a control plane proxy. This allows users to perform operations on connected Azure AI services and Azure OpenAI resources with permissions on the hub.
Attribute-Based Access Control (ABAC)
Azure AI Foundry uses both Azure RBAC and Azure ABAC to secure the shared storage account. Each project has a service principal, a unique workspace ID, and a set of containers in the storage account. Azure ABAC ensures each project can only access its own containers.
Storage and Data Management in Azure AI Foundry
Each hub has a default storage account, which is inherited by its child projects.
Storage Containers
Each project gets a set of containers in the storage account, each with a prefix that corresponds to the project's workspace ID.
{workspace-ID}-azureml: Storage for assets such as metrics, models, and components.
{workspace-ID}-blobstore: Storage for data upload, job code snapshots, and pipeline data cache.
{workspace-ID}-code: Storage for notebooks, compute instances, and prompt flow.
{workspace-ID}-file: An alternative container for data upload.
Data Encryption
Azure AI Foundry uses encryption to protect data at rest and in transit. By default, Microsoft-managed keys are used, but you can also use your own encryption keys.
Virtual Networks in Azure AI Foundry
A hub can be configured to use a managed virtual network to secure communications between the hub, projects, and managed resources.
Managed Virtual Network
If dependency services have public access disabled, a private endpoint is created for each service to ensure secure communication.
Customer-Managed Virtual Network
If you want to secure communications between your clients and the hub or project, you need to use an Azure Virtual Network that you create and manage, such as an Azure Virtual Network using a VPN or ExpressRoute connection to your on-premises network.
Monitoring and Logging
Azure Monitor and Azure Log Analytics provide monitoring and logging for the underlying resources used by Azure AI Foundry. You can monitor Azure Machine Learning, Azure OpenAI, Azure AI services, and Azure AI Search using specific articles.
Leveraging the Azure AI Foundry SDK
The Azure AI Foundry SDK is a comprehensive toolchain designed to simplify AI application development on Azure.
Key Functions:
Accessing models from various providers through a single interface.
Combining models, data, and AI services to build AI-powered applications.
Evaluating, debugging, and improving application quality and safety across development, testing, and production environments.
Project Client: The AI project client allows you to access project components from your code using a single connection string.
Azure OpenAI Integration: If you have code using the OpenAI SDK, you can easily use the project client to create an AzureOpenAI client using your project’s Azure OpenAI connection.
Model Inference Service: The Azure AI model inference service allows you to use a ChatCompletionsClient or EmbeddingsClient to access models from providers like OpenAI, Microsoft, and Meta.
Prompt Templates: The SDK supports creating prompt messages from templates, allowing for dynamic prompt generation.
Azure AI Search: You can use the project client to create an Azure AI Search client if your project has an Azure AI Search resource connected.
Azure AI Agent Service: This managed service allows developers to build, deploy, and scale AI agents.
Evaluation: You can connect to the Azure AI evaluation service and the models needed to run evaluators using the project client.
Tracing: You can enable tracing and log to Application Insights by enabling instrumentation of the Azure AI Inference SDK.
Regional Availability and Feature Considerations
Azure AI Foundry is available in many Azure regions.
Project Creation: You can create projects in the Azure AI Foundry portal in various regions.
Feature Variations: Feature availability may vary by region.
Model Availability: Some models may not be available within the Azure AI Foundry model catalog.
Speech Capabilities: Azure AI Speech capabilities, including custom neural voice, vary in regional availability.
Serverless API deployments: Some models in the model catalog can be deployed as a serverless API with pay-as-you-go billing.
Limitations: Azure AI Foundry is not currently available in Azure Government regions or air-gap regions.
Working with Azure OpenAI in Azure AI Foundry
Azure OpenAI Studio is integrated into the Azure AI Foundry portal.
Direct Access: You can directly access Azure OpenAI models using the "Let's go" button or through https://ai.azure.com/resource.
Project Context: You can access Azure OpenAI within or outside of a project.
Key Differences:
Working outside a project focuses on Azure OpenAI's models and functionalities, allowing users to deploy, fine-tune, and manage these models.
Working within a project allows for a broader platform for building generative AI applications, integrating multiple AI services, and models from various providers.
If you require features specific to Azure OpenAI, such as batch jobs, Azure OpenAI Evaluation, and vector stores, it is best to work outside of a project.
Management Center: A Closer Look
The Management Center is a part of the Azure AI Foundry portal that streamlines governance and management activities.
Management Activities: You can manage Azure AI Foundry hubs, projects, resources, and settings in the management center.
Hub and Project Management: You can create and configure hubs and projects.
Resource Utilization: You can view and manage quotas and usage metrics across multiple hubs and Azure subscriptions.
Governance: You can assign roles, manage users, and ensure compliance with organizational standards.
Development Workflow in Azure AI Foundry
Development in Azure AI Foundry typically involves several stages.
Define and Explore: Define your project goals and explore models and services.
Build and Customize: Build applications using selected models, tools, and capabilities, which includes fine-tuning and grounding in data.
Assess and Improve: Improve your application's performance using tools like tracing and evaluations.
Pricing, Access, and Getting Started
Azure AI Foundry is monetized through individual products that customers access and consume, including APIs, models, AI toolchains, and production-scale products.
Platform Access: The platform is free to use and explore. Pricing occurs at the deployment level.
Underlying Services: Using Azure AI Foundry also incurs costs associated with the underlying services.
Azure Account: To access the full functionality of Azure AI Foundry, you need an Azure account.
Getting Started: You can explore the Azure AI Foundry portal without signing in, and you can create a hub using the portal, Azure portal, or a Bicep template.
Conclusion
Azure AI Foundry is a powerful and versatile platform for building, evaluating, and deploying AI applications. Its unified environment, robust features, and support for various Azure services make it an excellent choice for developers and data scientists looking to innovate with AI. By understanding the core components, security features, and development workflows, you can harness the full potential of Azure AI Foundry and create innovative AI solutions. Start exploring the platform today and embark on your AI-driven journey
Comments