Remediation
Redeploy Azure Databricks into a Custom VNet with NSGsβ
This requires recreating the Databricks workspace using VNet injection.
Azure CLIβ
-
Create an NSG
az network nsg create \
--resource-group {{resource-group}} \
--name {{nsg-name}} \
--location {{location}} -
Create a custom Virtual Network and subnets
az network vnet create \
--resource-group {{resource-group}} \
--name {{vnet-name}} \
--address-prefix {{10.0.0.0/16}} \
--subnets "[{name:{{private-subnet-name}},address-prefix:{{subnet-prefix}}},{name:{{public-subnet-name}},address-prefix:{{subnet-prefix}} }]" \
--nsg {{nsg-name}} -
Deploy a new Databricks workspace using VNet injection
az databricks workspace create \
--resource-group {{resource-group}} \
--name {{workspace-name}} \
--location {{location}} \
--sku {{premium}} \
--vnet {{vnet-name}} \
--public-subnet {{public-subnet-name}} \
--private-subnet {{private-subnet-name}}
Notesβ
- This remediation may require downtime and workload migration.
- Subnet address ranges must meet Azure Databricks sizing requirements.