Secure Multi-Node Compute Cluster for Machine Learning on Azure
Question
For your machine learning experiments, you need to set up a multi node compute cluster for your training runs.
Youneed to access your compute cluster from several resources, with the same access privileges.
Which is the most convenient and secure way you should choose?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: B.
Option A is incorrect because embedding credentials in any code must be avoided in all cases.
Azure provides several ways of managing credentials, permissions without exposing them.
Option B is CORRECT because Azure provides the managed identities feature to eliminate the need for managing credentials manually.
You can either select system-assigned or user-assigned type, but only the user-assigned managed entities provide the reusability with the least administration.
A user-assigned managed identity needs to be created as a separate entity in the Azure ADand can be attached to the compute cluster via the Advanced settings.
Option C is incorrect because a system-assigned managed entity is linked directly to a single resource, in this case to a single compute cluster and cannot be used for accessing multiple resources.
Its life-cycle starts when the resource is created and it ends when it is deleted.
Option D is incorrect because only user-assigned managed entities serve your purpose.
System-assigned managed entities are dedicated to a single resource and cannot be reused.
Reference:
The most convenient and secure way to access a multi-node compute cluster for machine learning experiments from several resources with the same access privileges is to attach a user-assigned managed identity to the compute resource.
Managed identities provide a secure and convenient way to authenticate to Azure services. They eliminate the need for developers to manage and securely store credentials within code or configuration files, and instead allow Azure to manage credentials automatically.
A managed identity is an automatically generated identity in Azure Active Directory (Azure AD) that is assigned to a specific Azure resource, such as a compute target. There are two types of managed identities: system-assigned managed identities and user-assigned managed identities.
A system-assigned managed identity is automatically created and assigned to a resource at the time of creation, and is deleted when the resource is deleted. A user-assigned managed identity, on the other hand, is created as a standalone Azure resource, and can be assigned to one or more Azure resources.
Attaching a user-assigned managed identity to a compute resource allows multiple resources to access the compute cluster with the same access privileges, without having to store credentials or pass them between resources. This approach is more secure than including credentials in code, which could be accidentally exposed or compromised.
In summary, attaching a user-assigned managed identity to a compute resource is the most convenient and secure way to access a multi-node compute cluster for machine learning experiments from several resources with the same access privileges.
