Databricks Community

Recommended high‑level pattern

1. Design UC by domain, then medallion by schema
• Use domain‑based catalogs (for example, sales, marketing, finance) or environment‑based (sales_dev, sales_prod).
• Within each catalog, create schemas for medallion layers: sales.bronze, sales.silver, sales.gold (or similar).
2. Use managed UC tables for bronze/silver/gold wherever possible
• Databricks strongly recommends Unity Catalog managed tables for all lakehouse data (bronze through gold) and to reserve external tables only when data must stay in specific paths or be shared with non‑Databricks tools.
3. Design external locations at the catalog boundary, not per medallion layer
• Best practice is to create external locations at the highest common path prefix and to align them with catalog or schema boundaries (for example, one external location per catalog).
• Explicitly define managed storage locations at catalog or schema, rather than relying on defaults.
• External locations should be broad (often a whole container or a major sub‑path) and relatively few in number.

How that maps to your three options

Assumption: you’re talking about customer‑managed ADLS Gen2, and you’ll configure UC catalogs/schemas to use that storage via external locations.

Option 1 – Single container per catalog, folders for bronze/silver/gold

• What it looks like
• Storage:
  abfss://<catalog-container>@<account>.dfs.core.windows.net/
  with subfolders like /bronze, /silver, /gold (or just let UC manage layout).
• UC:
• Catalog: sales
• Schemas: sales.bronze, sales.silver, sales.gold
• One external location pointing to the container (or catalog root path) and used as the managed storage location for the catalog.
• When to use
• Most small to mid‑size or single‑domain deployments.
• When you don’t have extreme scale or very strong isolation requirements between bronze/silver/gold.

If you follow UC patterns (domain catalogs + medallion schemas + managed tables), Option 1 is generally the best starting point.

Option 2 – Three containers for layers, catalog stored inside bronze container

• Issue: this mixes UC catalog managed storage with raw bronze landing storage in the same container.
• UC best practices explicitly caution against collapsing everything into a single storage account/container for managed storage and other external locations in storage‑intensive scenarios, and stress using external locations as broad governance boundaries that are not directly used for ad‑hoc access.
• Operationally it also tangles:
• Raw ingestion lifecycle (often broader write/delete rights, external writers).
• Catalog managed storage (where UC should be the primary governor).

I’d avoid Option 2; it creates a confusing mixing of concerns.

Option 3 – Separate containers for catalog, bronze, silver, gold

• What it means
• One container dedicated to UC catalog managed storage (for that domain/env).
• Separate containers for raw/bronze, silver, gold.
• Pros
• Strongest physical isolation (per‑container RBAC, network rules, lifecycle policies).
• Aligns with guidance not to put all storage‑intensive workloads into a single container.
• Cons
• More IAM and operational overhead (more containers, more external locations, more policies).
• Not necessary if medallion is already clearly governed via schemas and UC permissions, which is the recommended pattern.
• When to use
• Very large or regulated environments where you want container‑level isolation:
• Different backup/retention policies per layer.
• Different storage accounts/subscriptions per security domain.
• Still not recommended, do this instead:
• One or more containers per domain/environment (catalog).
• Use bronze/silver/gold as schemas, not as separate containers.

So Option 3 is viable for high‑isolation scenarios, but you can usually simplify it: separate containers per domain/env, not strictly per medallion layer.

Recommendation

Given your description and desire for good scalability and governance:

1. Model
• Pick domain‑or env‑based catalogs (for example, ops, sales_prod, sales_dev).
• In each, create bronze, silver, gold schemas.
2. Storage + external locations (Azure)
• For each domain/env, create one ADLS Gen2 container (Option‑1 style).
• Create one storage credential (Access Connector) and one external location pointing to that container (or a top‑level path) and:
• Use it as the managed storage location for the catalog (and optionally override at schema if needed).
• For your existing Parquet medallion folders, either:
• Define additional external locations at the relevant prefixes (if you must keep those exact paths) and register them as external tables/volumes; or
• Migrate data into UC‑managed Delta tables under the catalog’s managed storage and gradually deprecate the old Parquet layout.
3. When/if to introduce more containers (Option‑3)
• Only if you hit:
• Scale limits on a single storage account/container, or
• Hard isolation requirements (for example, separate subscription/container for PII bronze vs non‑PII).
• In that case, add more containers and corresponding external locations, still aligned to catalogs/domains, not to medallion schemas.

Summary

• Option 1 (single container per catalog + medallion as folders/schemas) – recommended baseline and aligns well with UC architecture guidance when combined with medallion schemas and managed tables.
• Option 2 (catalog inside bronze container) – not recommended; it mixes catalog managed storage with raw bronze, which is poor separation of concerns.
• Option 3 (four containers) – good for strict isolation / very large scale, but usually overkill if medallion is already implemented at the schema level and governed via UC; treat it as an evolution from Option 1 when requirements justify it.