cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Azure Databricks Classic Compute Plane Firewall

Jim-Shady
New Contributor II

โ€Ž10-16-2024 12:31 AM

Iโ€™m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs donโ€™t typically make use of Azure Firewalls (in my experience). From what Iโ€™ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?

Keen to hear from Databricks and other customers too ๐Ÿ™‚

1 REPLY 1

michael569gardn
New Contributor III

โ€Ž10-16-2024 03:30 AM

@Jim-Shady wrote:

Iโ€™m designing a compute plane configuration that will align our data platform with internal policies from a security perspective. As part of this exercise I'm documenting how the permissible traffic inbound and outbound is controlled using NSG rules, which made me question why Compute Plane VNETs donโ€™t typically make use of Azure Firewalls (in my experience). From what Iโ€™ve read they seem to provide a far more sophisticated suite of capabilities for limiting, monitoring, and scanning inbound and outbound traffic, but their use isn't advised anywhere in the documentation. Have I misunderstood their intended purpose, or would it be too expensive to implement?

Keen to hear from Databricks and other customers too ๐Ÿ™‚

Hello,
Azure Firewalls offer advanced features like deep packet inspection and threat intelligence, but they can be more expensive than NSGsNSGs are simpler and more cost-effective for basic traffic filtering within VNetsYour choice depends on your specific security needs and budget.

Best Regards,
Michael Gardner

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you wonโ€™t want to miss the chance to attend and share knowledge.

If there isnโ€™t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements