Creating OpenAI resource

This user guide will help you to create an OpenAI resource, configure it and restrict access to it to the data network of the University of Vienna.

Requirements

You have:

Creating resource

  1. Open the Azure portal.
  2. Enter the term OpenAI in the search bar at the top.
  3. Select the Azure OpenAI service under Services in the search results.

Screenshot opening Azure OpenAI service


Click + Create to the right of the search field.

Screenshot click create

Configuring resource

As OpenAI is now activated, no error message appears and you can configure the resource:

  1. Select the subscription and the resource group in which the resource is to be created.
  2. Select the region, i.e. the Azure data centre in which the resource is to be created.
    Due to data protection and data security measures, only some European Azure regions are available within the Azure environment of the University of Vienna. Depending on the selected region, the available models in Azure OpenAI vary. If you use the latest models such as ChatGPT4, the ZID currently recommends the Sweden Central region. Available models per Azure region
  3. Select a name and a pricing tier. Only the Standard S0 option is currently available in the Pricing tier drop-down menu. Current pricing – as an employee of the University of Vienna, you receive a 15 per cent discount on these prices.

Screenshot basic settings


Then click on Next. This takes you to the network settings of the OpenAI resource. These include 3 options:

  • accessible via the public internet
  • accessible via the public internet, but only for restricted IP address ranges
  • not accessible via the public internet; connection is only possible via a Private Endpoint that must be created within the Azure network

The ZID recommends restricting access from the public internet for your resource. Select the first option for the time being. Once you have created the resource, continue with the Restricting access section.

Screenshot network settings


You can skip the Tags section in the configuration.

You will then receive a summary of the selected configuration. Click on Create to finalise the creation of the resource.

Screenshot summary of configuration


After a few seconds, a notification appears that the resource has been created correctly.

Screenshot notification resource created

As a next step you can:

 

Restricting access

You can restrict access to your OpenAI resource to the IP address ranges of the University of Vienna’s data network. You then have to be connected via

to the data network in order to access OpenAI in Azure.


The ZID recommends setting this up to protect your resource from unauthorised access.

  1. Open the Azure portal and select your OpenAI resource under Resources.
  2. Click on Networking in the menu on the left.

Screenshot choosing OpenAI resource

 

  1. Under Allow access from, select the option Selected Networks and Private Endpoints.
  2. You can now add the IP address ranges of the University of Vienna’s data network in the Firewall section. These are as follows:
    77.80.0.0/17
    78.104.0.0/19
    131.130.0.0/16
  3. Click Save when you have added all ranges.

Screenshot entering IP address ranges

You can now only access the OpenAI resource via the selected IP address ranges.
 

 Note

For VPN users: To ensure smooth access, use the VPN of the University of Vienna in full tunnel mode. To do this, select the option vpn.univie.ac.at (Full tunnel) under Change server in the VPN software.