# Azure Machine Learning

Azure Machine Learning Studio is the top-level resource for Machine Learning. This capability provides a centralized place for data scientists and developers to work with all the artifacts for building, training, and deploying machine learning models.

OvalEdge uses the API to connect to the Azure Machine Learning schema source, which allows the user to crawl (Workspaces, Datasets, Environments, Models, etc).

<figure><img src="https://content.gitbook.com/content/hTnkoJQml0pok9awFDhx/blobs/SFLPJdqwdI2moInoE5yH/ML.png" alt=""><figcaption></figcaption></figure>

## **Connector Capabilities**

The following is the list of objects supported by the Azure Machine Learning connector.

| **Functionality** | **Supported Objects**                                                                                          |
| ----------------- | -------------------------------------------------------------------------------------------------------------- |
| Crawling          | <ul><li><p>Workspaces</p><ul><li>Datasets</li><li>Environments</li><li>Models</li><li>Jobs</li></ul></li></ul> |

## **Prerequisites**

The following are the prerequisites required for establishing a connection between the connector and the OvalEdge application.

### **Connectivity via API**

The connectivity to Azure Machine Learning is via APIs, which are included in the platform.&#x20;

### **Version**

The connector currently supports the following versions of Azure Machine Learning:

| **API Version** | **Support** |
| --------------- | ----------- |
| 2018-11-19      | Supported   |

### **Configuring Environment Variables**

Configuring environment names enables you to select the appropriate environment from the drop-down list when adding a connector. This allows for consistent crawling of schemas across different environments, such as production (PROD), staging (STG), or temporary environments. It also facilitates schema comparisons and assists in application upgrades by providing a temporary environment that can be later deleted if needed.

Before establishing a connection, it is important to configure the environment names for the specific connector. If your environments have been configured, skip this step.

#### **Steps to Configure the Environment**

1. Log into the OvalEdge application.
2. Navigate to **Administration** >  **System Settings**.
3. Select the Connector tab.
4. Find the key name “connector.environment”.
5. Enter the desired environment values (PROD, STG) in the **Value** column.
6. Click ✔ to Save.

### **Service Account with Minimum Permissions**

The minimum privileges required for a service account are listed below:

<table data-header-hidden><thead><tr><th width="195.25"></th><th width="242.25"></th><th></th></tr></thead><tbody><tr><td><strong>Operation</strong> </td><td><strong>Minimum Access Permission</strong></td><td><strong>Remarks</strong></td></tr><tr><td>Connection validate</td><td>Read</td><td>-</td></tr><tr><td>Crawl Metadata</td><td>Read</td><td>Need REST API permissions and need data scientist role for the account to crawl the metadata from REST APIs.</td></tr><tr><td>Crawl Codes</td><td>Read</td><td>Need REST API permissions and need data scientist role for the account to crawl the metadata from REST APIs.</td></tr></tbody></table>

## **Establish a Connection**

To establish a connection, complete the following steps:

1. Log into the OvalEdge application, navigate to the Administration module, and click on Connectors.
2. Click on the + icon (New Connector ) and the Add Connector pop-up is displayed.
3. Search/click on the desired connector and the Add Connector pop-up with the selected connector details is displayed.

{% hint style="success" %}
***Note**: \* (asterisk) indicates the mandatory field required to establish a connection. Once all the parameters are entered, the user can validate the details and save the connection that will be displayed on the Connector Home page.*
{% endhint %}

<table data-header-hidden><thead><tr><th width="220.25"></th><th></th></tr></thead><tbody><tr><td><strong>Field Name</strong></td><td><strong>Description</strong></td></tr><tr><td>Connector Type</td><td><p>By default, the selected connection type is displayed as the AzureML.</p><p>If required, the drop-down list allows the user to change the connector type and based on the selection of the connection type, the fields associated with the selected connection type are displayed.</p></td></tr><tr><td>Connector Name*</td><td><p>Select a connection name for Azure Machine Learning. You can specify a connection name to identify the Azure Machine Learning connection in OvalEdge.</p><p><strong>Example:</strong> AzureML_test</p></td></tr><tr><td>Credential Manager*</td><td><p>The purpose of a credential manager is to enhance the security that stores the API keys, passwords, certificates, and other sensitive data securely and helps to manage access, rotates, and audit secrets. </p><p><strong>OE Credential Manager</strong>: Azure Machine Learning connection is configured with the basic Username and Password of the service account in real-time when OvalEdge establishes a connection to the Azure Machine Learning database. Users need to add the credentials manually if the OE Credential Manager option is selected.</p><p><strong>HashiCorp</strong>: The credentials are stored in the HashiCorp database server and fetched from HashiCorp to OvalEdge.</p><p><strong>AWS Secrets Manager</strong>: The credentials are stored in the AWS Secrets Manager database server and fetched from the AWS Secrets Manager to OvalEdge.</p><p><strong>Azure Key Vault</strong>: Azure Key Vault allows for secure storage and strict access mechanisms of sensitive information such as tokens, passwords, certificates, API keys, and other confidential data.</p><p>Click <a href="https://support.ovaledge.com/azurekeyvaultintegration">here</a> for more information.</p><p>For more information on Credential Manager, refer to <a href="https://support.ovaledge.com/credential-manager">Credential Manager</a>.</p></td></tr><tr><td>License Add-Ons</td><td>All the connectors will have a <strong>Base Connector</strong> License by default that allows you to crawl and profile to obtain the metadata and statistical information from a data source. </td></tr><tr><td>Credential Manager ConnId</td><td>When you have more than one Credential Manager ID, pick the specific ID you want in the Credential Manager ConnId field.</td></tr><tr><td>Client Id*</td><td><p>After registering your application, you'll see the application ID (or client ID) under</p><ol><li><a href="https://portal.azure.com/">Login to your Azure account</a>.</li><li>Select the Microsoft Entra ID (previously, Azure Active Directory) in the left sidebar.</li><li>Click Enterprise applications.</li><li>Click All applications.</li><li>Select the application that you have created. Click Properties and copy the Application ID.</li></ol></td></tr><tr><td>Connector Environment</td><td><p>The environment drop-down list allows you to select the environment configured for the connector from the drop-down list. </p><p>For example, PROD, or STG (based on the configured items in the OvalEdge configuration for the connector.environment).</p><p>The purpose of the environment field is to help you identify which connector is connecting what type of system environment (Production, STG, or QA).  </p><p><strong>Note:</strong> The steps to set up environment variables are explained in the <a href="https://support.ovaledge.com/azure_machinelearning_connector#Prerequisites">prerequisite</a> section.</p></td></tr><tr><td>Client Secret*</td><td><p>The application needs a client secret to prove its identity when requesting a token. For security reasons, Microsoft limits the creation of client secrets longer than 24 months and strongly recommends that you set this to a value less than 12 months.</p><ol><li><a href="https://portal.azure.com/">Login to your azure account</a>.</li><li>Select the Microsoft Entra ID (previously, Azure Active Directory) in the left sidebar.</li><li>Click App registrations.</li><li>Select the application which you have created.</li><li>Click on All settings.</li><li>Click on Keys.</li><li>Type the Key description and select the Duration.</li><li>Click Save.</li><li>Copy and store the key value. You won't be able to retrieve it after you leave this page.</li></ol></td></tr><tr><td>Tenant Id*</td><td><p>The tenant ID identifies the Microsoft Entra ID (previously, Azure AD) tenant to use for authentication. It is also referred to as the directory ID</p><ol><li><a href="https://portal.azure.com/">Login to your azure account</a>.</li><li>Select the Microsoft Entra ID (previously, Azure Active Directory) in the left sidebar.</li><li>Click properties.</li><li>Copy the directory ID.</li></ol></td></tr><tr><td>Subscriber Id*</td><td><p>The subscription ID is a GUID that uniquely identifies your subscription to use Azure services.</p><ol><li><a href="https://portal.azure.com/">Login to your azure account</a>.</li><li>Select Subscriptions in the left sidebar.</li><li>Select whichever subscription is needed.</li><li>Click on overview.</li><li>Copy the Subscription ID.</li></ol></td></tr><tr><td>Resource Group Name*</td><td>Select the resource group based on the need.</td></tr><tr><td>API Version*</td><td>Currently supporting 2018-11-19</td></tr><tr><td>Default Governance Roles*</td><td><p>Users can select a specific user or a  team from the governance roles (Steward, Custodian, Owner) that get assigned for managing the data asset. </p><p><em>Note: The drop-down list displays all the configurable roles (single user or a team) as per the configurations made in the OvalEdge Security | Governance Roles section.</em>  </p></td></tr><tr><td>Admin Roles*</td><td><p>Select the required admin roles for this connector.</p><ul><li>To add Integration Admin Roles, search for or select one or more roles from the Integration Admin options, then click the <strong>Apply</strong> button.<br>The responsibility of the Integration Admin includes configuring crawling and profiling settings for the connector, as well as deleting connectors, schemas, or data objects.</li><li><p>To add Security and Governance Admin roles, search for or select one or more roles from the list, then click the Apply button.<br>The security and Governance Admin is responsible for:</p><ul><li>Configure role permissions for the connector and its associated data objects.</li><li>Add admins to set permissions for the connector's roles and associated data objects.</li><li>Update governance roles.</li><li>Create custom fields.</li><li>Develop Service Request templates for the connector.</li><li>Create Approval workflows for the templates.</li></ul></li></ul></td></tr><tr><td>Select Bridge*</td><td><p>A solution is required to circumnavigate the customer firewall when OvalEdge is deployed as a SaaS application. That solution is OvalEdge Bridge. A bridge is a type of firewall that operates at the network layer. </p><ul><li>When a bridge has been set up, it will be displayed here in a dropdown menu. Users can select the required Bridge ID.</li><li>The user can select "NO BRIDGE" when it is not configured.</li></ul><p>For more information, refer to <a href="https://support.ovaledge.com/bridge-overview">Bridge Overview</a></p></td></tr></tbody></table>

4. Click on the **Validate** button to validate the connection details.
5. Click on the **Save** button to save the connection. Alternatively, the user can also directly click on the **Save & Configure** button that displays the **Connection Settings** pop-up window to configure the settings for the selected Connector. The Save & Configure button is displayed only for the Connectors for which the settings configuration is required.

{% hint style="success" %}
***Note:** It is up to the user's wish, you can save the connection details first, or you can validate the connection first and then save it.*
{% endhint %}

### **Connection Validation Errors**

| **Error Messages**                                                                              | **Description**                                 |
| ----------------------------------------------------------------------------------------------- | ----------------------------------------------- |
| Failed to establish a connection, Please check the credentials(Client id, Client secret, etc.,) | In case of an invalid Client id, Client secret. |

{% hint style="success" %}
***Note:** If you have any issues creating a connection, please contact your assigned OvalEdge GCS team.*
{% endhint %}

## **The Crawling of Schema(s)**

You can use the **Crawl/Profile** option, which allows you to select the specific schemas for the Crawl and Schedule operations: For any scheduled crawlers, the defined run date and time are displayed to set.

1. Navigate to the Connectors page, and click on the **Crawl/Profile** option.
2. By default, we are showing all the related objects by Datasets, Environments,  Models, and Jobs under one schema which is AML\_Schema.
3. Click on the **Run** button that gathers all metadata from the connected source into the OvalEdge Data Catalog.

***

Copyright © 2025, OvalEdge LLC, Peachtree Corners GA USA