- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2025 06:22 AM
Hi
For the company i work for, I have created an azure openai service instance, with the intention to deploy models and interact with them from a databricks workspace.
The basic properties of my azure openai service are:
- Network: separate vnet for the resource group where ai service resources reside
- subnet: same as above
- allow access: selected networks
- private endpoint: created and enabled
- location: West Europe
Databricks workspace properties:
- plan: premium
- Network: managed virtual network (Has a managed resource group) - so not in the same vnet as openai service
- location: North Europe
From how i interpret the documentation i can not create a private link connection to services outside the databricks workspace, thus rendering selected network access via Private endpoint obsolete.
Is there anyone who can confirm that this is not possible when having a managed virtual network for databricks or have a solution for how to go about it if it is possible? I want to create a secure connection, because of company security policies.
All suggestions will be much appreciated
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2025 06:49 AM
Azure Private Link provides private connectivity from Azure VNets and on-premises networks to Azure services without exposing the traffic to the public network. Specifically, Azure Databricks supports Private Link connections for:
- Front-end Private Link (user to workspace)
- Back-end Private Link (compute plane to control plane)
These connections are limited to the Azure Databricks workspace infrastructure. Therefore, you are correct that you cannot create a Private Link connection to services outside the Databricks workspace using this setup, which means selected network access via Private endpoint to external services is not supported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2025 06:49 AM
Azure Private Link provides private connectivity from Azure VNets and on-premises networks to Azure services without exposing the traffic to the public network. Specifically, Azure Databricks supports Private Link connections for:
- Front-end Private Link (user to workspace)
- Back-end Private Link (compute plane to control plane)
These connections are limited to the Azure Databricks workspace infrastructure. Therefore, you are correct that you cannot create a Private Link connection to services outside the Databricks workspace using this setup, which means selected network access via Private endpoint to external services is not supported.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
01-09-2025 10:23 AM
This sounds like a scenario for the Mosaic AI Gateway, Mosaic AI Gateway | Databricks

