Skip to content

Machine Learning

Machine Learning consists of the configuration required to integrate IFS Cloud with Machine Learning.

Note! Machine Learning in IFS Cloud is only supported with the Cloud Deployment Model. Read more about Deployment Models.

Contents

1.0 About IFS Machine Learning Service

The IFS.ai platform is a multi-tenant platform powering the Industrial AI use cases in IFS Cloud. The IFS Machine Learning (ML) Service is one of the services on the IFS.ai Platform.

This infrastructure enables rapid customer onboarding and eliminates the need for separate deployments. Designed for agility, it supports scalable ML solutions and seamlessly integrates with third-party AI tools *.

Unlike self-service platforms, the IFS ML Service operates as an embedded infrastructure, providing tailored AI/ML support for specific use cases identified by Product Groups and stakeholders. IFS’s approach to automation through ML and AI focuses on delivering AI/ML models that simplify and enhance customer processes. ML Services are designed to avoid bias and unfair discrimination, ensuring that AI outcomes are equitable for all users.

The ML Service supports three (3) main types of models:

  1. Pre-trained Models
  2. Trainable Models
  3. Large Language Models (Generative AI)

1.1 Pre-trained Models

Pre-trained models are trained using a diverse dataset. These models are robust and can alleviate the problem of not having a customer's own historical data to train a model on, making them an easy way for customers to utilize the power of machine learning. As of 24R2, there are three (3) Azure pre-built models utilized by the ML services. (privacy policies are stated in security section)

# Azure Pre-built Model
1 Azure Pre-built Invoice Model
2 Azure Pre-built Business Card Model
2 Azure Pre-built Expense Receipt Model

All the above-mentioned Azure Pre-built models are embedded within ML services itself, customers don’t need to subscribe on Azure.

1.2 Trainable Models

Many scenarios require a machine learning model trained and validated on its own data to capture the complexities and nuances of decisions that are unique to a business. This requirement is appropriately met by the ML service, which provides the ability to train models that are custom-tailored with the customer's own data. Furthermore, no customer data/personal data (PII) is stored, or is accessible by another customer, once the model is trained (can only be accessed using the customer’s access token which has a unique “Customer ID” in it).

1.2.1 Trainable Model Categories by ML Services

Customers trained models are trained with their own data to capture the complexities and nuances of decisions that are unique to their businesses. In order to facilitate model training for different AI use cases, ML service utilizes two (2) types of machine learning techniques:

  • Classification
  • Regression

1.3 Large Language Models (Generative AI)

The power of Generative AI infused with LLM-based models has revolutionized the industry, showcasing the extensive capabilities of AI. IFS do not train its own LLMs. It utilizes existing Large Language Models which are versatile and can be applied across various functions within the application, including AI-based chat assistants, text enhancements, text extraction, text classification, summarization, and many more. No customer data is utilized to train, re-train, or fine-tune any third-party large language models used within the IFS.ai platform.

1.3.1 LLM Task Use Case Categories

This category includes use cases where the LLMs are given a specific task to carry out. As of 24R2 IFS provides four (4) LLM task use case categories to infuse features with AI.

# LLM Task Use Case Categories
1 Text-based entity extraction
2 Summarization
2 Content Validation/Enhancement
4 Categorization

1.3.1 IFS.ai Copilot

Another use case category where LLMs are used is IFS.ai Copilot. There are number of use cases for specific business application areas within IFS Cloud.

For more information on IFS.ai Copilot:

2.0 How to Enable Machine Learning Service

Customers connected to the IFS.ai platform can gain access to the ML Service once they obtain the IFS.ai subscription. Once users obtain the IFS.ai subscription they can access the AI use cases utilizing the ML Service within their already obtained core components. (Example: - to use IFS Quick Expense Reporter, customer must own Expense Management Component - TRVEXP).

Once the IFS.ai subscription and components are obtained, access to the ML service is automatically enabled. As shown in the images above list of model names will be already populated. No other additional steps are required.

3.0 How Does Machine Learning Service Operate

The ML Service within the IFS.ai platform runs zero-trust architecture to ensure maximum security for all components covered in. Once the customer authenticates to the IFS.ai platform, the ML Services can be accessed through the ML gateway.

Once the customer request reaches the ML Gateway it will route to relevant component to complete the request. The customer data that the ML service processed will not be stored after processing. Customers will have customer tenant specific Azure AI search and an Azure Data Lake ensuring customer data/models safety.

ML Services Architecture

mlservicessimplifiedarchitecture

The following example will demonstrate how data flows within the ML Service.

Under trainable models' page in IFS Cloud, customers are able to train a model utilizing their specific data to capture the complexities and nuances of decisions that are unique to their business.

Once the customer sends the training request to the ML gateway it will access trainable models feature and customer data will be fetched from the IFS Cloud instance of the respective customer. Customer tenant entitlement to that use case will be validated utilizing the Tenant Information Service within IFS.ai Platform.

Once the entitlement is validated the tenant customer data will be used to train the model specific to that customer. The ML Service provides the ability to view the status of the model training in the Machine Learning Models page in the IFS Cloud. The ML service will store the trained model which will only be used by the respective customer tenant (will not be shared with other customer’s tenants).

Once training status changes to “Trained” and progress completes the ML Services will no longer contain customer data. The data utilized to train the model will be deleted from the service (note: Customer data in the IFS Cloud still remain the same).

3.1 How IFS.ai ML Service is Secured

The IFS.ai platform is built with a robust security framework, ensuring that customers can confidently use its features without concerns about data or model security. By implementing a Zero Trust Architecture, the platform continuously validates requests, even between internal components, using signed artifacts and secure API calls. This approach eliminates implicit trust and ensures that every interaction is authenticated and authorized, significantly reducing potential security risks. In the transit of data strong encryption protocols been used as well (AES-256 Encryption, TLS 1.3). Additionally, the ML services undergo regular penetration testing with every release, proactively identifying and mitigating vulnerabilities to maintain the highest security standards.

To further enhance security, the IFS.ai platform integrates a highly secure software supply chain, ensuring authenticity and rigorous validation within its environment where ML services lie within. Globally available, centrally managed security policies are enforced across both the infrastructure and services to provide consistent protection. The platform adheres to industry-leading compliance standards, including ISO 27001, SOC 1/2, and GDPR, ensuring data privacy, integrity, and regulatory compliance for businesses worldwide. Hence customers utilizing ML services features will be covered within the compliances. The ML Service utilizes the following third-party Microsoft services. Below is the list of those services along with their privacy policies to ensure data security and concerns of customers.

Third-Party Service Policies
- Azure Pre-built Invoice Model
- Azure Pre-built Business Card Model
- Azure Pre-built Expense Receipt Model
- Data processed by Azure Pre-built Invoice Model deleted after processing (Do not store the customer data)
- All the transmitting data encrypted with HTTPS/TLS and rest of the data protected by Azure managed keys.
- While utilizing over trainable models the training data and model are stored securely in the associated Azure resource. (Do not share data or model with other customers)
- Microsoft do not utilize customer data to improve pre-built models
- Support regional data residency (IFS managed)
- Compliances with ISO 27001, SOC 1/2/3, HIPAA, GDPR, Adhere to Microsoft responsible AI principles, FedRAMP (Federal Risk and Authorization Management Program)
Azure OpenAI Service - LLM Model - Data processed by Azure Open AI Service - LLM models (GPT 4o Omni) deleted after request completes (Do not store the customer data)
- All the transmitting data encrypted with HTTPS/TLS and rest of the data protected by Azure managed keys or custom keys generated with Azure key vault.
- Access control through Azure Active Directory & Role Base Access Control.
- Data entered into GPT 4o Omni model is not used by Microsoft to improve/retrain the LLM.
- The models are pre-trained on publicly available data and are not influenced by customer-specific inputs or outputs.
- Support regional data residency (IFS managed)
- Compliances with ISO 27001, SOC 1/2/3, HIPAA, GDPR, Adhere to Microsoft responsible AI principles, FedRAMP (Federal Risk and Authorization Management Program)
Azure Maps - Azure Maps does not retain customer-submitted data (geolocation, routing queries) after processing the requests.
- Any geolocation data provided (coordinates, addresses) is not logged or stored by the service after the operation.
- Azure Maps relies on licensed data from third-party providers like TomTom, and customer queries are subject to those providers' terms of use for specific operations (routing, geocoding)
- All the transmitting data encrypted with HTTPS/TLS.
- Access control through Azure Active Directory & Role Base Access Control.
- Microsoft does not use customer data or geolocation queries to train or improve Azure Maps services or algorithms.
- Support regional data residency (IFS managed)
- Compliances with ISO 27001, SOC 1/2/3, HIPAA, GDPR, Adhere to Microsoft responsible AI principles, FedRAMP (Federal Risk and Authorization Management Program)

4.0 References