Explore Azure ML configuration options and requirements for closed VNet setup

[christoferlof]

We need to deploy AzureML running within the context of an AzTRE workspace so that we can deploy InnerEye and adhere to these requirements:

• Deployed to VNet and adheres to the TRE workspace egress rules.
• Only accessible from the Virtual Desktop service in the same workspace.
• Azure AD authentication
• Ability to manage AML clusters and compute instances within the TRE workspace and not outside of the TRE workspace.
• AML storage provisioned in the TRE workspace.
• No public endpoints.
• Configuration on which services within AML should be enabled and accessible. e.g. Interactive Notebooks on/off.
• Ability to connect to AML compute from Virtual Machines within the same TRE workspace.

We need to explore and document the requirements and our options and potential trade-off for having as many features as possible of AML running within the context of an AzTRE workspace.

Please see #19 for additional detail on requirements

• Create initial private AML deployment
• Research restriction of FQDNs for base AML deployment
• Test out simple AML model deployment
• Document exceptions and findings

After this task is completed there should be:

• A PoC AML deployment with maximum possible set of restrictions (minimum egress, no ingress from outside of VNET)
• A dataset available within AML
• A deployed model that has been trained and registered
• A document describing implementation details, restrictions and exceptions, including a network architecture diagram

[marrobi]

@TessFerrandez @deniscep you mind find this a good start: https://clemenssiebler.com/azure-machine-learning-deployment-using-terraform/

Terraform to deploy Azure ML in a VNET.

[christoferlof]

@deniscep I belive we can close this one, given that the outcomes of this work is documented in the feature branch.
Please give this issue a final review and then close it.