microsoft / vscode-tools-for-ai

Azure Machine Learning for Visual Studio Code, previously called Visual Studio Code Tools for AI, is an extension to easily build, train, and deploy machine learning models to the cloud or the edge with Azure Machine Learning service.
Other
325 stars 95 forks source link

Is there a way to host the remote web socket server privately? #2469

Open zachgalvin opened 3 days ago

zachgalvin commented 3 days ago

In order to get the ML VSCode extension to work in a locked down network, you have to allow the following endpoint:

https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/*

According to this documentation:

https://learn.microsoft.com/en-us/azure/machine-learning/how-to-access-azureml-behind-firewall?view=azureml-api-2&tabs=ipaddress%2Cpublic#scenario-visual-studio-code

But in order to limit to just that path, you have to have some proxy or firewall that decrypts traffic so that it can check the path. Is there a way to host the web socket server instead so that you don’t have to do any of that?

Siglud commented 2 days ago

So, the problem is the extension need to download this server binary from https://github.com/microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/. This is a URL from GitHub with TLS, you cannot decode the HTTP request the limit the server access only when remote host equals github.com and the path match the /microsoft/vscode-tools-for-ai/tree/master/azureml_remote_websocket_server/. Right?

I think the only way is SSL decrypt. Or maybe we move those binary files to the other site belongs to Microsoft can help you easier this work?

zachgalvin commented 2 days ago

Thanks for the response @Siglud! Yes, that is the problem I’m hitting, and I think those are the two potential solutions, but I’m curious about if we can host the binary files internally because I think that would be easier for me.

I know I could just download all the files at that path and then host them, but how would I tell VSCode to look at my self hosted location rather than trying to go to GitHub? And are there any other caveats with that approach?

zachgalvin commented 4 hours ago

@Siglud and @JerryYangKai any thoughts on if that is an option?