Skip to content

Latest commit

 

History

History
63 lines (48 loc) · 2.97 KB

deploy_private.md

File metadata and controls

63 lines (48 loc) · 2.97 KB
Raw

RAG chat: Deploying with private access

The azure-search-openai-demo project can set up a full RAG chat app on Azure AI Search and OpenAI so that you can chat on custom data, like internal enterprise data or domain-specific knowledge sets. For full instructions on setting up the project, consult the main README, and then return here for detailed instructions on configuring private endpoints.

⚠️ This feature is not yet compatible with Azure Container Apps, so you will need to deploy to Azure App Service instead.

If you want to disable public access when deploying the Chat App, you can do so by setting azd environment values.

Before you begin

Deploying with public access disabled adds additional cost to your deployment. Please see pricing for the following products:

  1. Private Endpoints
    1. The exact number of private endpoints created depends on the optional features used.
  2. Private DNS Zones

Environment variables controlling private access

  1. AZURE_PUBLIC_NETWORK_ACCESS: Controls the value of public network access on supported Azure resources. Valid values are 'Enabled' or 'Disabled'.
    1. When public network access is 'Enabled', Azure resources are open to the internet.
    2. When public network access is 'Disabled', Azure resources are only accessible over a virtual network.
  2. AZURE_USE_PRIVATE_ENDPOINT: Controls deployment of private endpoints which connect Azure resources to the virtual network.
    1. When set to 'true', ensures private endpoints are deployed for connectivity even when AZURE_PUBLIC_NETWORK_ACCESS is 'Disabled'.
    2. Note that private endpoints do not make the chat app accessible from the internet. Connections must be initiated from inside the virtual network.

Recommended deployment strategy for private access

  1. Deploy the app with private endpoints enabled and public access enabled.
azd env set AZURE_USE_PRIVATE_ENDPOINT true
azd env set AZURE_PUBLIC_NETWORK_ACCESS Enabled
azd up
  1. Validate that you can connect to the chat app and it's working as expected from the internet.
  2. Re-provision the app with public access disabled.
azd env set AZURE_PUBLIC_NETWORK_ACCESS Disabled
azd provision
  1. Log into your network using a tool like Azure VPN Gateway and validate that you can connect to the chat app from inside the network.