Serverless compute plane networking

This guide introduces tools to secure network access between the compute resources in the Databricks serverless compute plane and customer resources. To learn more about the control plane and the serverless compute plane, see Databricks architecture overview.

To learn more about classic compute and serverless compute, see Types of compute.

Note

There are currently no networking charges for serverless features. In a later release, you might be charged. Databricks will provide advance notice for networking pricing changes.

Serverless compute plane networking overview

Serverless compute resources run in the serverless compute plane, which is managed by Databricks. Account admins can configure secure connectivity between the serverless compute plane and their resources. This network connection is labeled as 2 on the diagram below:

Network connectivity overview diagram

Connectivity between the control plane and the serverless compute plane is always over the cloud network backbone and not the public internet. For more information on configuring security features on the other network connections in the diagram, see Networking.

Configure stable project IDs

Preview

This feature is in Private Preview. To join this preview, contact your Databricks account team.

Google Cloud VPC Service Controls (VPC-SC) are used to define service perimeters that creates a security boundary around Google Cloud resources. Stable project IDs for the serverless compute plane enable you to create VPC-SCs between Databricks serverless compute plane and your GCP resources, such as GCS buckets. This ensures that only Databricks serverless SQL compute projects can access your resources. For more information, contact your Databricks account team.

Stable project IDs are only supported from SQL warehouses. They are not supported from other compute resources in the serverless compute plane.