Databricks Community

NielsMH · 9 hours ago

Hi

For the company i work for, I have created an azure openai service instance, with the intention to deploy models and interact with them from a databricks workspace.

The basic properties of my azure openai service are:

Network: separate vnet for the resource group where ai service resources reside
subnet: same as above
allow access: selected networks
private endpoint: created and enabled
location: West Europe

Databricks workspace properties:

plan: premium
Network: managed virtual network (Has a managed resource group) - so not in the same vnet as openai service
location: North Europe

From how i interpret the documentation i can not create a private link connection to services outside the databricks workspace, thus rendering selected network access via Private endpoint obsolete.

Is there anyone who can confirm that this is not possible when having a managed virtual network for databricks or have a solution for how to go about it if it is possible? I want to create a secure connection, because of company security policies.

All suggestions will be much appreciated

Walter_C · 9 hours ago

Azure Private Link provides private connectivity from Azure VNets and on-premises networks to Azure services without exposing the traffic to the public network. Specifically, Azure Databricks supports Private Link connections for:

Front-end Private Link (user to workspace)
Back-end Private Link (compute plane to control plane)

These connections are limited to the Azure Databricks workspace infrastructure. Therefore, you are correct that you cannot create a Private Link connection to services outside the Databricks workspace using this setup, which means selected network access via Private endpoint to external services is not supported.