We are opening additional ports for Azure Databric... - Databricks Community

Comment

Contributor

Hello,

Of what I understand from the original communication:
"We'll open the new ports on your behalf, and most customers won’t need to take any action"

That's indeed what I observed in one of our deployment without back-end private link. We use a simple "azurerm_network_security_group" terraform resource (as recommended for VNet injection) and the additional ports have been added for the outbound security rule with "AzureDatabricks" as destination.

See below:
Screenshot 2024-09-20 at 14.55.59.png

So, it is indeed weird you don't have those ports for a fresh creation. In my case, we didn't change anything in our IaC.

Additional note for those using back-end private link : in this case, the rule with "AzureDatabricks" as destination will not exist at all in the NSG (in other words, this rule won't be added in the NSG by the VNet Injection).
See in: https://www.databricks.com/blog/data-exfiltration-protection-with-azure-databricks

==> AzureDatabricks service tag will not be added to the NSG rules if back end private link is enabled.

Regards,

Loïc