cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Azure Databricks Classic Compute Plane Firewall

Jim-Shady
New Contributor II

Iā€™m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs donā€™t typically make use of Azure Firewalls (in my experience). From what Iā€™ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?

Keen to hear from Databricks and other customers too šŸ™‚

1 REPLY 1

michael569gardn
New Contributor III

@Jim-Shady wrote:

Iā€™m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs donā€™t typically make use of Azure Firewalls (in my experience). From what Iā€™ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?

Keen to hear from Databricks and other customers too šŸ™‚


Hello,
Azure 
Firewalls offer advanced features like deep packet inspection and threat intelligence, but they can be more expensive than NSGsNSGs are simpler and more cost-effective for basic traffic filtering within VNetsYour choice depends on your specific security needs and budget.

Best Regards,
Michael Gardner

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonā€™t want to miss the chance to attend and share knowledge.

If there isnā€™t a group near you, start one and help create a community that brings people together.

Request a New Group