This article introduces networking configurations for the deployment and management of Databricks accounts and workspaces.

Databricks architecture overview

Databricks operates out of a control plane and a compute plane.

  • The control plane includes the backend services that Databricks manages in your Databricks account. The web application is in the control plane.

  • The compute plane is where your data is processed. The compute plane’s network (VPC) and its compute resources are part of your organization’s Google Cloud resources.

For additional architecture information, see Databricks architecture overview.

Secure network connectivity

Databricks provides a secure networking environment by default, but if your organization has additional needs, you can configure network connectivity features between the different networking connections shown in the diagram below.

Network connectivity overview diagram
  1. Users and applications to Databricks: You can configure features to control access and provide private connectivity between users and their Databricks workspaces. See Users to Databricks networking.

  2. The control plane and the compute plane: Compute resources, such as clusters, are deployed in are in your Google Cloud resources and connect to the control plane. You can use network connectivity features to deploy compute plane resources in your own virtual private cloud and to enable private connectivity from the clusters to the control plane. See Compute plane networking.

You can configure your GCP storage networking features to secure the connection between the compute plane and Google Cloud storage. For more information, see Networking recommendations for Lakehouse Federation.