Databricks Community

Ashley1 · ‎05-11-2022

Hi All,

I think I might be missing something in regard to No Pubic IP Clusters. I have set this option on a workspace (Azure) and setup the appropriate subnets. To my surprise, when I went to setup a JDBC connection to the cluster the JDBC connection string uses the workspace dns which resolves to a public IP address. The connection is successful.

I would have thought to access the databricks JDBC endpoint in this configuration I would need to access via the private network. Isn't this the point of No Public Cluster? If this is the only option, to allow JDBC into the cluster via the public workspace IP, how can I limit what can access this endpoint?

Regards,

Ashley

User16764241763 · ‎06-05-2022

Hello @Ashley Betts

No Public IP means that the nodes/instances used in the cluster do not have a public address binding, rather only Private IP addresses. All traffic between Azure Data Plane and Databricks Control Plane will be routed through a secure ngrok relay which would otherwise require public internet access.

But the Webapp can still be accessible using public IP in this case

You have a couple of options to restrict such access

Create a Private Link Workspace where only your on-prem/servers allowed to access Databricks will be allowed to connect.
- You may have to talk to the Databricks accounts team to help onboard
Use IPAccessLists
- The IP Access List API enables Azure Databricks admins to configure IP allow lists and block lists for a workspace.
- https://docs.microsoft.com/en-us/azure/databricks/security/network/ip-access-list

View solution in original post

User16764241763 · ‎06-05-2022

Hello @Ashley Betts

No Public IP means that the nodes/instances used in the cluster do not have a public address binding, rather only Private IP addresses. All traffic between Azure Data Plane and Databricks Control Plane will be routed through a secure ngrok relay which would otherwise require public internet access.

But the Webapp can still be accessible using public IP in this case

You have a couple of options to restrict such access

Create a Private Link Workspace where only your on-prem/servers allowed to access Databricks will be allowed to connect.
- You may have to talk to the Databricks accounts team to help onboard
Use IPAccessLists
- The IP Access List API enables Azure Databricks admins to configure IP allow lists and block lists for a workspace.
- https://docs.microsoft.com/en-us/azure/databricks/security/network/ip-access-list

Anonymous · ‎07-07-2022

Hey there @Ashley Betts

Hope you are well. Just wanted to see if you were able to find an answer to your question and would you like to mark an answer as best? It would be really helpful for the other members too.

Cheers!

Databricks Community

JDBC Connectivity via workspace url when No Public IP selected.

Connect with Databricks Users in Your Area

Introducing an exclusively Databricks-hosted Assistant

How to present and share your Notebook insights in AI/BI Dashboards

Meet the Databricks MVPs

Now Hiring: Databricks Community Technical Moderator

Insights from a global survey of 1,100 technologists and interviews with 28 CIOs