Two Authentication Methods for Registering Azure Blob Storage as a Data Store in ML Workspace
Question
Your company gathers a lot of data from distributed sensors via an Internet of Things network.
Raw data is accumulated in an Azure Blob Storage container.
You are going to use this data in your machine learning experiments, therefore you need to register the storage as a data store in your ML workspace.
Which two authentication methods can you choose?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer: A and D.
Option A is CORRECT because one of the authentication methods for Storage Account is using the account key (found on the Settings pane of the SA).
Option B is incorrect because service principal is not a valid way of authenticating to a Storage Account.
It can be used in the case of Azure Data Lake storage or Azure SQL.
Option C is incorrect because SQL authentication can be used for accessing SQL databases.
It is not applicable for blob storages.
Option D is CORRECT because for granting access to Storage Account, Shared Access Keys (SAS) can also be used (found on the Settings pane of the SA).
Reference:
When registering Azure Blob Storage as a data store in an ML workspace, there are a few authentication methods to choose from. The two authentication methods that can be used in this scenario are:
A. Account Key: This authentication method uses an account access key to access the Blob Storage container. The account key is essentially a long string of characters that serves as a password for the storage account. Using the account key to authenticate is a simple and straightforward method, but it does require that the key is kept secure as it provides full access to the storage account.
D. SAS Token: This authentication method uses a Shared Access Signature (SAS) token to access the Blob Storage container. A SAS token is a string of characters that is generated based on the access policies set on the storage account. SAS tokens can be created with specific permissions and time limits, providing a level of granularity in access control. This method is more secure than using the account key as it allows for more fine-grained access control and avoids the need to share the account key.
B. Service Principal: Service Principal is not an authentication method for Azure Blob Storage, it is actually an authentication method for Azure Active Directory, which is a directory service provided by Microsoft. Service principals can be used to authenticate to various Azure resources, including storage accounts. This method is typically used when deploying applications to Azure or when accessing Azure resources programmatically.
C. SQL Authentication: SQL Authentication is also not an authentication method for Azure Blob Storage, it is used for authenticating to SQL Server databases. Therefore, this option is not applicable to this scenario.
In summary, the two authentication methods that can be used when registering Azure Blob Storage as a data store in an ML workspace are Account Key and SAS Token. The Account Key method is simple but requires that the key is kept secure, while the SAS Token method is more secure and provides more fine-grained access control.
