cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Workspace Catalog Connection to 'on-prem' MS SQL Server

MoodyDirk
New Contributor II

Wednesday

Hi, first post/question here ...

I'm trying to add a MS SQL Connection to my workspace (us-west-2) Catalog. Connection type is SQL Server, Host equal the public IP of that Server, port is the default 1433. (Server is a AWS EC2 instance)

All attempts to connect fail with the generic 'TCP?IP connection to the host XXXX, port failed ...'.

Portquery confirms that the Server is listening on the public IP and port. 

I'm pretty sure that the problem is that the workspace's public IP is not 'whitelisted' (EC2 Inbound Security rule) for the SQL Server. I've added all Databricks outbound IPs I could find, but no success.

How can I find my workspaces' outbound IP address?

Thank you for any feedback!

Dirk

 

 

 

 

 

 

 

0 Kudos
4 REPLIES 4

nayan_wylde
Honored Contributor II

Wednesday

Databricks publishes outbound IP ranges per region. For  us-west-2 see the Databricks IP addresses and domains page โ€“ it lists the CIDR blocks used for outbound traffic from the control plane and clusters. You need to whitelist these ranges in your SQL Server security group

BS_THE_ANALYST
Esteemed Contributor

Wednesday

@MoodyDirk also, if you haven't checked out the docs for AWS x Databricks x SQL Server:
https://docs.databricks.com/aws/en/ingestion/lakeflow-connect/sql-server-source-setup 

BS_THE_ANALYST_0-1758127602307.png

All the best,
BS

0 Kudos

szymon_dybczak
Esteemed Contributor III

Wednesday

Hi @MoodyDirk ,

If you whitelist all IPs  used in us-west-2 from the page mentioned by @nayan_wylde  it should work. 

But the proper way from security perspective would be to deploy databricks workspace into customer managed vpc and provide stable outbound IP address (for instance using NAT Gateway).

That way you need to only add single IP address and that address is stable and managed by you. 

Databricks can change addresses they are using at any time.

0 Kudos

MoodyDirk
New Contributor II

Wednesday

Thank You to all responses.

I've added 44.234.192.32/28 and 52.27.216.188/32 as a (for now) All traffic inbound rule.

But no success ...

I'll keep looking and trying.

We're currently evaluating with a Serverless Cloud workspace, but at the end might go the AWS VPC route, installing our own AWS Databricks cluster.

 

Join Us as a Local Community Builder!

Passionate about hosting events and connecting people? Help us grow a vibrant local communityโ€”sign up today to get started!

Sign Up Now
Announcements