Container support in Azure Cognitive Services

Container support in Azure Cognitive Services allows developers to use the same rich APIs that are available in Azure, and enables flexibility in where to deploy and host the services that come with Docker containers. Container support is currently available in preview for a subset of Azure Cognitive Services, including parts of:

Containerization is an approach to software distribution in which an application or service, including its dependencies & configuration, is packaged together as a container image. With little or no modification, a container image can be deployed on a container host. Containers are isolated from each other and the underlying operating system, with a smaller footprint than a virtual machine. Containers can be instantiated from container images for short-term tasks, and removed when no longer needed.

Cognitive Services resources are available on Microsoft Azure. Sign into the Azure portal to create and explore Azure resources for these services.

Features and benefits

  • Control over data: Allow customers to choose where these Cognitive Services process their data. This is essential for customers that cannot send data to the cloud but need access to Cognitive Services technology. Support consistency in hybrid environments – across data, management, identity, and security.
  • Control over model updates: Provide customers flexibility in versioning and updating of models deployed in their solutions.
  • Portable architecture: Enable the creation of a portable application architecture that can be deployed on Azure, on-premises and the edge. Containers can be deployed directly to Azure Kubernetes Service, Azure Container Instances, or to a Kubernetes cluster deployed to Azure Stack. For more information, see Deploy Kubernetes to Azure Stack.
  • High throughput / low latency: Provide customers the ability to scale for high throughput and low latency requirements by enabling Cognitive Services to run physically close to their application logic and data. Containers do not cap transactions per second (TPS) and can be made to scale both up and out to handle demand if you provide the necessary hardware resources.

Containers in Azure Cognitive Services

Azure Cognitive Services containers provide the following set of Docker containers, each of which contains a subset of functionality from services in Azure Cognitive Services:

Service Supported Pricing Tier Container Description
Anomaly detector F0, S0 Anomaly-Detector The Anomaly Detector API enables you to monitor and detect abnormalities in your time series data with machine learning.
Request access
Computer Vision F0, S1 Read Extracts printed text from images of various objects with different surfaces and backgrounds, such as receipts, posters, and business cards. The Read container also detects handwritten text in images and provides PDF/TIFF/multi-page support.

Important: The Read container currently works only with English.
Request access
Computer Vision F0, S1 Recognize Text Extracts printed text from images of various objects with different surfaces and backgrounds, such as receipts, posters, and business cards.

Important: The Recognize Text container currently works only with English.
Request access
Face F0, S0 Face Detects human faces in images, and identifies attributes, including face landmarks (such as noses and eyes), gender, age, and other machine-predicted facial features. In addition to detection, Face can check if two faces in the same image or different images are the same by using a confidence score, or compare faces against a database to see if a similar-looking or identical face already exists. It can also organize similar faces into groups, using shared visual traits.
Request access
Form recognizer F0, S0 Form Recognizer Form Understanding applies machine learning technology to identify and extract key-value pairs and tables from forms.
Request access
LUIS F0, S0 LUIS (image) Loads a trained or published Language Understanding model, also known as a LUIS app, into a docker container and provides access to the query predictions from the container's API endpoints. You can collect query logs from the container and upload these back to the LUIS portal to improve the app's prediction accuracy.
Speech Service API F0, S0 Speech-to-text Transcribes continuous real-time speech into text.
Request access
Speech Service API F0, S0 Text-to-speech Converts text to natural-sounding speech.
Request access
Text Analytics F0, S Key Phrase Extraction (image) Extracts key phrases to identify the main points. For example, for the input text "The food was delicious and there were wonderful staff", the API returns the main talking points: "food" and "wonderful staff".
Text Analytics F0, S Language Detection (image) For up to 120 languages, detects which language the input text is written in and report a single language code for every document submitted on the request. The language code is paired with a score indicating the strength of the score.
Text Analytics F0, S Sentiment Analysis (image) Analyzes raw text for clues about positive or negative sentiment. This API returns a sentiment score between 0 and 1 for each document, where 1 is the most positive. The analysis models are pre-trained using an extensive body of text and natural language technologies from Microsoft. For selected languages, the API can analyze and score any raw text that you provide, directly returning results to the calling application.

In addition, some containers are supported in Cognitive Services All-In-One offering resource keys. You can create one single Cognitive Services All-In-One resource and use the same billing key across supported services for the following services:

  • Computer Vision
  • Face
  • LUIS
  • Text Analytics

Container availability in Azure Cognitive Services

Azure Cognitive Services containers are publicly available through your Azure subscription, and Docker container images can be pulled from either the Microsoft Container Registry or Docker Hub. You can use the docker pull command to download a container image from the appropriate registry.

Important

Currently, you must complete a sign-up process to access the following containers, in which you fill out and submit a questionnaire with questions about you, your company, and the use case for which you want to implement the containers. Once you're granted access and provided credentials, you can then pull the container images from a private container registry hosted by Azure Container Registry.

Container repositories and images

The tables below are a comprehensive listing of the available container images offered by Azure Cognitive Services.

Public "Ungated" (container registry: mcr.microsoft.com)

The Microsoft Container Registry hosts all of the publicly available "ungated" containers for Cognitive Services.

Service Container Container Registry / Repository / Image Name
LUIS LUIS mcr.microsoft.com/azure-cognitive-services/luis
Text Analytics Key Phrase Extraction mcr.microsoft.com/azure-cognitive-services/keyphrase
Text Analytics Language Detection mcr.microsoft.com/azure-cognitive-services/language
Text Analytics Sentiment Analysis mcr.microsoft.com/azure-cognitive-services/sentiment

Public "Gated" Preview (container registry: containerpreview.azurecr.io)

The Container Preview registry hosts all of the publicly available "gated" containers for Cognitive Services. These containers require a formal request for access in order to consume them.

Service Container Container Registry / Repository / Image Name
Anomaly detector Anomaly Detector containerpreview.azurecr.io/microsoft/cognitive-services-anomaly-detector
Computer Vision Recognize Text containerpreview.azurecr.io/microsoft/cognitive-services-recognize-text
Computer Vision Read containerpreview.azurecr.io/microsoft/cognitive-services-read
Face Face containerpreview.azurecr.io/microsoft/cognitive-services-face
Form recognizer Form Recognizer containerpreview.azurecr.io/microsoft/cognitive-services-form-recognizer
Speech Service API Speech-to-text containerpreview.azurecr.io/microsoft/cognitive-services-speech-to-text
Speech Service API Text-to-speech containerpreview.azurecr.io/microsoft/cognitive-services-text-to-speech

Prerequisites

You must satisfy the following prerequisites before using Azure Cognitive Services containers:

Docker Engine: You must have Docker Engine installed locally. Docker provides packages that configure the Docker environment on macOS, Linux, and Windows. On Windows, Docker must be configured to support Linux containers. Docker containers can also be deployed directly to Azure Kubernetes Service or Azure Container Instances.

Docker must be configured to allow the containers to connect with and send billing data to Azure.

Familiarity with Microsoft Container Registry and Docker: You should have a basic understanding of both Microsoft Container Registry and Docker concepts, like registries, repositories, containers, and container images, as well as knowledge of basic docker commands.

For a primer on Docker and container basics, see the Docker overview.

Individual containers can have their own requirements, as well, including server and memory allocation requirements.

Azure Cognitive Services container security

Security should be a primary focus whenever you're developing applications. The importance of security is a metric for success. When you're architecting a software solution that includes Cognitive Services containers, it's vital to understand the limitations and capabilities available to you. For more information, see Azure Security.

Important

By default there is no security on the Cognitive Services container API. The reason for this is that most often the container will run as part of a pod which is protected from the outside by a network bridge. However, it is possible to enable authentication which works identically to the authentication used when accessing the cloud-based Cognitive Services.

The diagram below illustrates the default and insecure approach:

Container security

As an alternative and secure approach, consumers of Cognitive Services containers could augment a container with a front-facing component, keeping the container endpoint private. Let's consider a scenario where we use Istio as an ingress gateway. Istio supports HTTPS/SSL and client-certificate authentication. In this scenario, the Istio frontend exposes the container access, presenting the client certificate that is whitelisted beforehand with Istio.

Nginx is another popular choice in the same category. Both Istio and Nginx act as a service mesh and offer additional features including things like load-balancing, routing, and rate-control.

Container networking

The Cognitive Services containers are required to submit metering information for billing purposes. The only exception, is Offline containers as they follow a different billing methodology. Failure to allow list various network channels that the Cognitive Services containers rely on will prevent the container from working.

Allow list Cognitive Services domains and ports

The host should allow list port 443 and the following domains:

  • *.cognitive.microsoft.com
  • *.cognitiveservices.azure.com

Disable deep packet inspection

Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and usually takes action by blocking, re-routing, or logging it accordingly.

Disable DPI on the secure channels that the Cognitive Services containers create to Microsoft servers. Failure to do so will prevent the container from functioning correctly.

Blog posts

Developer samples

Developer samples are available at our GitHub repository.

View webinar

Join the webinar to learn about:

  • How to deploy Cognitive Services to any machine using Docker
  • How to deploy Cognitive Services to AKS

Next steps

Learn about container recipes you can use with the Cognitive Services.

Install and explore the functionality provided by containers in Azure Cognitive Services: