Component description

This section includes an overview of the VNet, subnets, gateways and route tables, and security groups required for CDP Public Cloud for Azure.

VNet
An Azure Virtual Network (VNet) is needed for deploying CDP workloads into the customer’s cloud account. VNet is similar to a traditional network that you would operate in your own data center, but brings with it additional benefits of Azure's infrastructure such as scale, availability, and isolation.
Subnets
A subnet is a partition of the virtual network in which CDP workloads are launched.
Gateways and route tables
This topic covers recommended gateway and route table configurations for CDP Public Cloud for Azure.
Private endpoints
CDP workloads can be configured to access the Azure resources over a private IP (which is called a private endpoint) or over a public IP (which is called a service endpoint).
Security groups
During the specification of a VNet to CDP, the CDP admin specifies security groups that will be associated with all the CDP workloads launched within that VNet. These security groups will be used in allowing the incoming traffic to the hosts.
Security groups for Data Lakes
During the specification of a VNet to CDP, the CDP admin can either let CDP create the required security groups, taking a list of IP address CIDRs as input; or create them in Azure and then provide them to CDP.
Additional rules for AKS-based workloads
At the time of enabling a CDP data service, the CDP admin can specify a list of CIDR ranges that will be used in allowing the incoming traffic to the workload Load Balancer.
Outbound connectivity requirements
Outbound traffic from the worker nodes is unrestricted and is targeted at other Azure services and CDP services. The comprehensive list of services that get accessed from a CDP environment can be found in Azure outbound network access destinations.
Domain names for the endpoints
The previous sections dealt with how connectivity is established to the workload infrastructure. This section deals with “addressability”.
DNS
Azure-provided DNS is recommended for the VNet. This is required to enable private AKS clusters and private access to Postgres databases among others, as described in Private endpoints above.

Parent topic: Network architecture