cancel
Showing results forย 
Search instead forย 
Did you mean:ย 
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Showing results forย 
Search instead forย 
Did you mean:ย 

Azure Databricks DBFS Root, Storage Account Networking

sintsan
New Contributor II

For an Azure Databricks with vnet injection, we would like to change the networking on the default managed Azure Databricks storage account (dbstorage) from Enabled from all networks to Enabled from selected virtual networks and IP addresses.

Can this be done and if not can you point to some docs describing how the managed storage account is secured?

Thanks!

3 REPLIES 3

karthik_p
Esteemed Contributor

@Sander Sintjorissenโ€‹ As far as i know storage config for azure is different from aws. but it looks in azure during workspace configuration encryption is enabled by default for your storage, if you want to have more security you can go with "Double Encryption for DBFS Root"

https://learn.microsoft.com/en-us/azure/databricks/security/keys/double-encryption

karthik.p

sintsan
New Contributor II

@karthik pโ€‹  Thank you for your answer, although it does not really answer my question. Reading this post https://community.databricks.com/s/question/0D53f00001mFBAkCAO/network-security-for-dbfs-storage-acc... I understand the current workaround is to create another Azure SA and then redirect logs, etc to that account.

Is there any descriptive documentation on Azure Databricks as to what the impact of having Allow All in networking on DBFS Root actually is?

Thanks!

karthik_p
Esteemed Contributor

@Sander Sintjorissenโ€‹ usually root storage bucket has below directories present in article

https://learn.microsoft.com/en-us/azure/databricks/dbfs/root-locations

to store logs related to auditing you can create another storage and add that. hope this helps

karthik.p