cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Access storage account with private endpoint

Go to solution
icyflame92
New Contributor II

โ€Ž11-27-2023 04:50 AM

Hi, I need guidance on connecting Databricks (not VNET injected) to a storage account with Private Endpoint.

We have a client who created Databricks with (public ip and not VNET Injected). Itโ€™s using a managed VNET in the Databricks managed resource group and expose with public IP. Weโ€™re wondering if we still can make it connect to blob storage/ ADLS Gen2 over private endpoints. 

We want use Oauth2 with Service Principal with Storage Blob Data Contributor as role set on the blob storage/ ADLS Gen2 and want to mount in Workspace with Service Principal credentials. In customer Workspace, UC is not activated, no possibility via UC access connector.

So can we use this workspace setup (public ip and not VNET Injected) to access storage with private endpoint use mounting?

Thanks in advance!

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
rudyevers
New Contributor III

โ€Ž11-27-2023 06:19 AM

 No this is not possible because the workspace is not part of the virtual network and since than can not access the storage over it's private endpoint. It is all mentioned in de documentation:

https://www.databricks.com/blog/2020/02/28/securely-accessing-azure-data-sources-from-azure-databric...

So, if you are not able to integrate the workspace in to you vnet there are some workarounds. You can add a storage account to a application gateway, so it is protected from the internet but still publicly available. BUT, if you don't have an application gateway it's an expensive solution. My advice is to follow the best practices and integrated databricks into the virtual network.

View solution in original post

4 REPLIES 4

Go to solution
rudyevers
New Contributor III

โ€Ž11-27-2023 06:19 AM

 No this is not possible because the workspace is not part of the virtual network and since than can not access the storage over it's private endpoint. It is all mentioned in de documentation:

https://www.databricks.com/blog/2020/02/28/securely-accessing-azure-data-sources-from-azure-databric...

So, if you are not able to integrate the workspace in to you vnet there are some workarounds. You can add a storage account to a application gateway, so it is protected from the internet but still publicly available. BUT, if you don't have an application gateway it's an expensive solution. My advice is to follow the best practices and integrated databricks into the virtual network.

Go to solution
icyflame92
New Contributor II
In response to rudyevers

โ€Ž11-27-2023 08:13 AM

From our point of view, it is definitely worth it best practice to follow instead of starting workarounds. Also the infra is not in our hands, hence is no justification to start a workaround with Application Gateway. Thank you @rudyevers 

0 Kudos

Go to solution
Kaniz
Community Manager
Community Manager

โ€Ž11-27-2023 07:54 AM

Hi @icyflame92, Thank you for posting your question in our community! We are happy to assist you.

To help us provide you with the most accurate information, could you please take a moment to review the responses and select the one that best answers your question?

This will also help other community members who may have similar questions in the future. Thank you for your participation and let us know if you need any further assistance! 
 

Go to solution
Kaniz
Community Manager
Community Manager

โ€Ž11-27-2023 08:47 AM

I want to express my gratitude for your effort in selecting the most suitable solution. It's great to hear that your query has been successfully resolved. Thank you for your contribution.




 

Announcements
Welcome to Databricks Community: Lets learn, network and celebrate together

Join our fast-growing data practitioner and expert community of 80K+ members, ready to discover, help and collaborate together while making meaningful connections. 

Click here to register and join today! 

Engage in exciting technical discussions, join a group with your peers and meet our Featured Members.