topic Azure Databricks Classic Compute Plane Firewall in Administration & Architecture https://community.databricks.com/t5/administration-architecture/azure-databricks-classic-compute-plane-firewall/m-p/94251#M2081 <P>I’m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs don’t typically make use of Azure Firewalls (in my experience). From what I’ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?</P><P>Keen to hear from Databricks and other customers too <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 16 Oct 2024 07:31:37 GMT Jim-Shady 2024-10-16T07:31:37Z Azure Databricks Classic Compute Plane Firewall https://community.databricks.com/t5/administration-architecture/azure-databricks-classic-compute-plane-firewall/m-p/94251#M2081 <P>I’m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs don’t typically make use of Azure Firewalls (in my experience). From what I’ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?</P><P>Keen to hear from Databricks and other customers too <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P> Wed, 16 Oct 2024 07:31:37 GMT https://community.databricks.com/t5/administration-architecture/azure-databricks-classic-compute-plane-firewall/m-p/94251#M2081 Jim-Shady 2024-10-16T07:31:37Z Re: Azure Databricks Classic Compute Plane Firewall https://community.databricks.com/t5/administration-architecture/azure-databricks-classic-compute-plane-firewall/m-p/94270#M2083 <BLOCKQUOTE><HR /><a href="https://community.databricks.com/t5/user/viewprofilepage/user-id/127302">@Jim-Shady</a>&nbsp;wrote:<BR /><P>I’m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs don’t typically make use of Azure Firewalls (in my experience). From what I’ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?</P><P>Keen to hear from Databricks and other customers too <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><HR /></BLOCKQUOTE><P><SPAN>Hello,<BR />Azure&nbsp;</SPAN><SPAN>Firewalls&nbsp;</SPAN><SPAN>offer&nbsp;</SPAN><SPAN>advanced&nbsp;</SPAN><SPAN>features&nbsp;</SPAN><SPAN>like&nbsp;</SPAN><SPAN>deep&nbsp;</SPAN><SPAN>packet&nbsp;</SPAN><SPAN>inspection&nbsp;</SPAN><SPAN>and&nbsp;</SPAN><SPAN>threat&nbsp;</SPAN><SPAN>intelligence,&nbsp;</SPAN><SPAN>but&nbsp;</SPAN><SPAN>they&nbsp;</SPAN><SPAN>can&nbsp;</SPAN><SPAN>be&nbsp;</SPAN><SPAN>more&nbsp;</SPAN><SPAN>expensive&nbsp;</SPAN><SPAN>than&nbsp;</SPAN><SPAN>NSGs</SPAN><SPAN>.&nbsp;</SPAN><SPAN>NSGs&nbsp;</SPAN><SPAN>are&nbsp;</SPAN><SPAN>simpler&nbsp;</SPAN><SPAN>and&nbsp;</SPAN><SPAN>more&nbsp;</SPAN><SPAN>cost-effective&nbsp;</SPAN><SPAN>for&nbsp;</SPAN><SPAN>basic&nbsp;</SPAN><SPAN>traffic&nbsp;</SPAN><SPAN>filtering&nbsp;</SPAN><SPAN>within&nbsp;</SPAN><SPAN>VNets</SPAN><SPAN>.&nbsp;</SPAN><SPAN>Your&nbsp;</SPAN><SPAN>choice&nbsp;</SPAN><SPAN>depends&nbsp;</SPAN><SPAN>on&nbsp;</SPAN><SPAN>your&nbsp;</SPAN><SPAN>specific&nbsp;</SPAN><SPAN>security&nbsp;</SPAN><SPAN>needs&nbsp;</SPAN><SPAN>and&nbsp;</SPAN><SPAN>budget.<BR /><BR />Best Regards,<BR />Michael Gardner</SPAN></P> Wed, 16 Oct 2024 10:30:16 GMT https://community.databricks.com/t5/administration-architecture/azure-databricks-classic-compute-plane-firewall/m-p/94270#M2083 michael569gardn 2024-10-16T10:30:16Z