Training
Certification
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
This guide introduces tools to secure network access between the compute resources in the Azure Databricks serverless compute plane and customer resources. To learn more about the control plane and the serverless compute plane, see Azure Databricks architecture overview.
To learn more about classic compute and serverless compute, see Types of compute.
Important
Effective December 4, 2024, Azure Databricks began charging for networking costs associated with serverless workloads connecting to customer resources. You are currently billed for private endpoint per-hour charges to your resources. Data processing charges for Private Link connections are waived indefinitely. Billing for other networking costs will be rolled out gradually, including:
Charges will not be applied retroactively.
Serverless compute resources run in the serverless compute plane, which is managed by Azure Databricks. Account admins can configure secure connectivity between the serverless compute plane and their resources. This network connection is labeled as 2 on the diagram below:
Connectivity between the control plane and the serverless compute plane is always over the cloud network backbone and not the public internet. For more information on configuring security features on the other network connections in the diagram, see Networking.
Serverless egress control allows you to manage outbound network connections from your serverless compute resources.
Using network policies, you can:
See What is serverless egress control?
Serverless network connectivity is managed with network connectivity configurations (NCC). NCCs are account-level regional constructs that are used to manage private endpoints creation and firewall enablement at scale.
Account admins create NCCs in the account console and an NCC can be attached to one or more workspaces. An NCC enables firewalls and private endpoints:
Note
Databricks uses service endpoints, private IPs, and public IPs to connect to resources based on their location and type. These connectivity methods are generally available unless explicitly stated otherwise.
Training
Certification
Microsoft Certified: Azure Network Engineer Associate - Certifications
Demonstrate the design, implementation, and maintenance of Azure networking infrastructure, load balancing traffic, network routing, and more.