User Defined Route

Question

User Defined Route

Upendra Dwivedi 20

Hi All,

I have created S2S connection to my on-prem network i want to communicate to my on-prem ssms using databricks injectd in same VNET. Do i need to use UDRs here or azure will take care of routing?

I am reading online but wanted to confirm.

Upendra Dwivedi 20 Reputation points

2025-03-24T06:51:16.57+00:00

Thankyou Deepanshu for your answer. I have one question, I just started and don't have lot of knowledge in this topic so as i don't need any UDRs as of now but do i need to configure NSG and Firewall setting also or they are optional? I am asking because i was reading a documentation and didn't find this these steps.

Thanks,

Upendra
Deepanshu katara 16,720 Reputation points MVP Moderator

2025-03-24T07:09:10.8166667+00:00

Even though UDRs are not needed, NSGs (Network Security Groups) and firewall rules are still required to allow the communication flow. Without them, traffic may be blocked even though the routing is in place.

To restrict and allow access to resources in a site-to-site VPN connection in Azure, you can use network security groups (NSGs). NSGs are a type of firewall that allow you to filter network traffic to and from Azure resources. You can use NSGs to create rules that allow or deny traffic based on source and destination IP addresses, ports, and protocols.

Once you have created an NSG, you can add inbound and outbound security rules to it. Inbound rules control traffic coming into Azure resources, while outbound rules control traffic going out of Azure resources.

For more information on how to create and manage NSGs, you can refer to the Azure documentation on network security groups
Upendra Dwivedi 20 Reputation points

2025-03-24T10:24:12.71+00:00

Thankyou so Deepanshu, will follow the steps and i will reach out in case i am stuck somewhere.
Deepanshu katara 16,720 Reputation points MVP Moderator

2025-03-24T12:53:03.3833333+00:00

Sure, Upendra!

Feel free to accept the answer if you find it helpful. Also, don't hesitate to reach out with any questions later on.

Accepted answer

1 additional answer

Your answer

Upendra Dwivedi 20 Reputation points

2025-03-24T06:51:16.57+00:00

Thankyou Deepanshu for your answer. I have one question, I just started and don't have lot of knowledge in this topic so as i don't need any UDRs as of now but do i need to configure NSG and Firewall setting also or they are optional? I am asking because i was reading a documentation and didn't find this these steps.

Thanks,

Upendra
Deepanshu katara 16,720 Reputation points MVP Moderator

2025-03-24T07:09:10.8166667+00:00

Even though UDRs are not needed, NSGs (Network Security Groups) and firewall rules are still required to allow the communication flow. Without them, traffic may be blocked even though the routing is in place.

To restrict and allow access to resources in a site-to-site VPN connection in Azure, you can use network security groups (NSGs). NSGs are a type of firewall that allow you to filter network traffic to and from Azure resources. You can use NSGs to create rules that allow or deny traffic based on source and destination IP addresses, ports, and protocols.

Once you have created an NSG, you can add inbound and outbound security rules to it. Inbound rules control traffic coming into Azure resources, while outbound rules control traffic going out of Azure resources.

For more information on how to create and manage NSGs, you can refer to the Azure documentation on network security groups
Upendra Dwivedi 20 Reputation points

2025-03-24T10:24:12.71+00:00

Thankyou so Deepanshu, will follow the steps and i will reach out in case i am stuck somewhere.
Deepanshu katara 16,720 Reputation points MVP Moderator

2025-03-24T12:53:03.3833333+00:00

Sure, Upendra!

Feel free to accept the answer if you find it helpful. Also, don't hesitate to reach out with any questions later on.

Answer 1

Hello Upendra, Welcome to MS Q&A
To enable communication between your on-premises SQL Server Management Studio (SSMS) and Azure Databricks within the same Virtual Network (VNet), you need to ensure proper routing. Since you have established a Site-to-Site (S2S) VPN connection, Azure will handle the routing between your on-premises network and the Azure VNet by default. However, if you have specific routing requirements or need to direct traffic through specific network paths, you might need to configure User-Defined Routes (UDRs).

Here are some considerations:

Default Routing: Azure automatically routes traffic between your on-premises network and the Azure VNet over the S2S VPN connection. This should suffice for most scenarios unless you have specific routing needs.

User-Defined Routes (UDRs): If you need to control the traffic flow or have specific routing requirements (e.g., directing traffic through a Network Virtual Appliance), you can create UDRs. UDRs allow you to override Azure's default routing.

Network Security Groups (NSGs): Ensure that NSGs are configured to allow traffic between Azure Databricks and your on-premises SSMS. NSGs can control inbound and outbound traffic at the subnet or network interface level.

Firewall Rules: Check any firewalls between your on-premises network and Azure to ensure they allow the necessary traffic.

DNS Configuration: Ensure that DNS is configured correctly so that Azure Databricks can resolve the on-premises SSMS server name.

By default, Azure's routing should handle the communication without the need for UDRs unless you have specific requirements.

Pls let me know f any specific questions

Kindly accept answer if it helps

Thanks

Deepanshu

Praveen Bandaru 5,520 Reputation points Microsoft External Staff Moderator

2025-03-28T08:10:36.8266667+00:00

Hello Upendra Dwivedi

Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back. I have converted comment into an answer please accept it as it will be helpful for other community members.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.
Praveen Bandaru 5,520 Reputation points Microsoft External Staff Moderator

2025-03-31T10:07:00.3166667+00:00

Hello Upendra Dwivedi

Just checking in to see if above information was helpful. If you have any further updates on this issue, please feel free to post back. I have converted comment into an answer please accept it as it will be helpful for other community members.

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you

Answer 2

Hello Upendra Dwivedi

In your scenario, Azure typically manages routing between resources within the same VNet, such as your Databricks workspace and on-premises SQL Server. However, if you have specific routing needs or need to control traffic flow, you might consider implementing User Defined Routes (UDRs). Routing in Azure with Databricks and On-Premises SQL Server.

Azure handles routing for resources within the same Virtual Network (VNet) automatically. Therefore, if your Databricks workspace and on-premises SQL Server are in the same VNet, Azure will manage the routing without any extra configuration needed.
If you have specific routing requirements, such as directing traffic through a certain network appliance or controlling the traffic path, you can create UDRs. This is beneficial for enforcing security policies or managing traffic flow in a more detailed manner.
Make sure the UDRs do not conflict with Azure's default routing. After implementing the UDRs, test the connectivity to confirm that traffic flows as expected.
Regardless of routing, make sure your network security groups (NSGs) permit traffic on the necessary ports between Databricks and you're on-premises SQL Server.

Check the document User-defined route

Configuring Network Security Groups (NSGs) and firewall settings for Azure Databricks will help you efficiently manage traffic flow and enhance security, safeguarding your resources from unauthorized access.

Network Security Groups (NSGs) are used to filter network traffic to and from Azure resources within a Virtual Network. They enable you to set rules that determine which inbound and outbound traffic is allowed or blocked. Azure Firewall offers a centralized solution for managing and controlling network traffic, with the ability to filter traffic using application and network rules.

Reference document

Network security groups

Azure Firewall Policy's

Please do not forget to "Accept the answer” and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

If you have any other questions or are still running into more issues, let me know in the "comments" and I would be happy to help you.

Share via

User Defined Route

1 additional answer

Your answer