Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
This feature is in Public Preview.
This page describes how Azure Databricks recipients access shares from a provider who has enabled OpenSharing SecureConnect.
If your provider has enabled SecureConnect and you have an egress firewall, you must allowlist Azure Databricks inbound IP addresses to access SecureConnect. You allowlist IPs for the provider's cloud and region, regardless of the cloud you are on.
Important
Azure Databricks recipients on classic compute and open recipients must allowlist Azure Databricks inbound IP addresses.
Azure Databricks recipients on serverless compute do not need to configure their egress firewall to access SecureConnect. Azure Databricks routes serverless traffic to SecureConnect internally.
For an overview of SecureConnect and provider-side setup, see Share data behind a firewall with SecureConnect.
Allowlist Azure Databricks inbound IPs
Select the cloud your provider is on, then allowlist the listed Azure Databricks inbound IP addresses for the provider's region.
AWS
For an AWS provider, allowlist the Azure Databricks inbound IP addresses for "Default storage, OpenSharing SecureConnect, Zerobus Ingestion, and Lakebase (Autoscaling Beta)" corresponding to the provider's region.
See IP addresses and domains for Azure Databricks services and assets.
Azure
For an Azure provider, allowlist the Azure Databricks inbound IP addresses for "Control Plane IPs, including default storage and webapp" corresponding to the provider's region.
See IP addresses and domains for Azure Databricks services and assets.
GCP
For a GCP provider, allowlist the Azure Databricks inbound IP addresses for "Control Plane services, including default storage and webapp" for the provider's region. See IP addresses and domains for Azure Databricks services and assets.
Limitations
The following limitations apply to Azure Databricks recipients accessing SecureConnect-enabled shares:
- mTLS is not enabled for recipients using classic compute.
- mTLS is not enabled for OIDC recipients.
- Serverless Azure Databricks recipients using a Databricks-to-Open credential in the same region as the provider are not supported.