Bemærk
Adgang til denne side kræver godkendelse. Du kan prøve at logge på eller ændre mapper.
Adgang til denne side kræver godkendelse. Du kan prøve at ændre mapper.
Databricks provides a secure networking environment by default. You can configure additional networking features to control access to workspaces, secure connectivity between the control plane and compute planes, and protect connections to your data sources. For an overview of the networking architecture, see Networking security architecture.
Note
Azure Databricks charges for networking costs when serverless workloads connect to customer resources. See Understand Databricks serverless networking costs.
Get started
Understand Databricks networking architecture and explore key concepts.
| Topic | Description |
|---|---|
| Networking security architecture | Learn about the control plane and compute plane architecture that forms the foundation of Databricks networking. |
| Azure Private Link | Establish private connections between your network and Databricks using Azure Private Link for enhanced security. |
| Understand data transfer and connectivity costs | Learn about data transfer pricing and optimize costs for network connectivity features. |
Connectivity
Configure secure network connections for inbound access to workspaces and outbound connectivity from compute resources.
| Topic | Description |
|---|---|
| Front-end networking | Configure network access controls for users connecting to Databricks workspaces through the web interface and APIs. |
| Front-end Private Link | Enable private connectivity from your corporate network to Databricks workspaces using Azure Private Link. |
| Serverless compute plane networking | Configure secure network access between serverless compute resources and your data sources and services. |
| Private connectivity to Azure resources | Establish private connections from serverless compute to Azure Storage, SQL Database, and other Azure services. |
| Private connectivity to resources in your VNet | Connect serverless compute to resources running in your own VNet using private endpoints. |
| Manage private endpoint rules | Configure and manage private endpoint rules for serverless compute connectivity. |
| Classic compute plane networking | Learn about networking options for classic compute resources deployed in your virtual network. |
| Deploy Azure Databricks in your VNet | Host Databricks clusters in your own Azure VNet for enhanced network control (VNet injection). |
| Peer virtual networks | Connect your Databricks VNet to other VNets in your Azure subscription to access additional resources. |
| Connect a workspace to an on-premises network | Extend your corporate network to Databricks using VPN or Azure ExpressRoute. |
| Back-end Private Link | Establish private connectivity between classic compute resources and the Databricks control plane. |
| User-defined route settings | Configure user-defined routes (UDR) to control traffic flow from Databricks clusters. |
| Update workspace network configuration | Modify networking configurations for existing workspaces. |
| Secure cluster connectivity | Enable outbound-only connectivity from clusters to the control plane with no open inbound ports. |
Network security
Implement security controls to restrict and monitor network access.
| Topic | Description |
|---|---|
| What is serverless egress control? | Restrict outbound network connections from serverless compute resources to prevent data exfiltration and enforce compliance. |
| Manage network policies for serverless egress control | Create and manage network policies that define allowed egress connections from serverless compute. |
| IP access lists overview | Learn how to use IP access lists to control which IP addresses can access your Databricks workspaces. |
| IP access lists for workspaces | Configure workspace-level IP access controls to restrict access from approved networks. |
| IP access lists for the account console | Set account-level IP restrictions that apply across multiple workspaces for centralized security management. |
| Configure service endpoint policies for storage access | Use Azure service endpoints to secure connectivity between Databricks and Azure Storage accounts. |
| Enable firewall support for your workspace storage account | Configure Azure Storage firewall rules to allow access from Databricks classic compute resources. |
| Configure an Azure Storage firewall for serverless compute access | Use stable service tags to configure Azure Storage firewall rules for serverless compute connectivity. |
| Domain name firewall rules | Configure domain-based firewall rules to allow Databricks services through your network security controls. |
| ARM template for firewall support | Use Azure Resource Manager templates to automate firewall configuration for workspace storage accounts. |