cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
Help
Administration & Architecture
Explore discussions on Databricks administration, deployment strategies, and architectural best practices. Connect with administrators and architects to optimize your Databricks environment for performance, scalability, and security.
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

PrivateLink Validation Error - When trying to access to Workspace

ambigus9
Contributor

‎11-19-2024 09:46 AM

We have a workspace that had been deployed on AWS customer architecture using Terraform privatelink: https://registry.terraform.io/providers/databricks/databricks/latest/docs/guides/aws-private-link-wo...

The fact is when we disable the Public Access:

ambigus9_0-1732035784493.png

We are getting "login.html?error=private-link-validation-error"

ambigus9_1-1732035847145.png

We have the security group of Data Plane and Workspace configured as follows:

Data Plane Security Group - Inbound Rules:

ambigus9_2-1732037994364.png

Data Plane Security Group - Outbound Rules:ambigus9_3-1732038098998.png

Workspaces Security Group - Inbound Rules:ambigus9_4-1732038186707.png

Workspaces Security Group - Outbound Rules:

ambigus9_5-1732038251073.png

Any help will be appreciated

 

 

 

 

 

 

8 REPLIES 8

Walter_C
Databricks Employee
Databricks Employee

‎11-19-2024 11:15 AM

If you create a VM inside the same VPC of your workspace are you able to access the workspace? Also have you granted access to all the ports as provided in docs https://docs.databricks.com/en/security/network/classic/privatelink.html#step-1-configure-aws-networ... 

 

ambigus9
Contributor
In response to Walter_C

‎11-21-2024 06:21 AM - edited ‎11-21-2024 06:34 AM

We created a Windows VM inside the same VPC and we can access to the workspace. But, testing with the On-premise of our client network doesn't work.

The ports are configured as docs:

ambigus9_0-1732198461143.png

We validated for the Network ACLs and we have this configuration:

ambigus9_0-1732199573945.png

ambigus9_1-1732199611839.png

 

 

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-21-2024 07:05 AM

Have you created the Direct Connect set up for the on prem network:

ambigus9
Contributor
In response to Walter_C

‎11-21-2024 02:57 PM

We created a record A on AWS Route53 an the redirection works, However, now we have a warning due to SSL certificates. We configure as follows:

Record typeRecord NameValue
Adatabricks.my_website.com10.0.0.1,10.0.0.2

Aditionally, How we can register a CNAME using the cloud.databricks.com domain?

According to the docs we must setup as follows: 

Record typeRecord NameValue
CNAMEdbc-01abcd23-4b0e.cloud.databricks.comdatabricks.my_website.com

However, we only can take the hosted zone on Route53:

Record typeRecord NameValue
CNAMEdbc-01abcd23-4b0e.my_website.comdatabricks.my_website.com

Thanks for your help!

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-22-2024 11:22 AM

Do you have capability to submit a support ticket so we can assist further on the validations?

0 Kudos

ambigus9
Contributor
In response to Walter_C

‎11-22-2024 12:48 PM

Currently I can't make a submit of a support ticket, I trying to submit

ambigus9_1-1732308454011.png

But I can't:

ambigus9_0-1732308403418.png

 

0 Kudos

Walter_C
Databricks Employee
Databricks Employee

‎11-25-2024 03:44 PM

Can you share your workspace id so I can do a validation?

 

0 Kudos

ambigus9
Contributor
In response to Walter_C

‎01-03-2025 05:48 AM

Thanks for you help! Finally the solution was adjusting CNAME on ON-premise network.

0 Kudos

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local community—sign up today to get started!

Sign Up Now
Announcements
Top