VNet and subnets

When registering an Azure environment in CDP, you will be asked to select a VNet and one or more subnets.

You have two options:

  • Use your existing VNet and subnets for provisioning CDP resources.
  • Have CDP create a new VNet and subnets. All CDP resources will be provisioned into this new VNet and subnets.

Existing VNet and subnets

If you would like to use your own VNet, it needs to fulfill the following requirements:

Verify the limits of the VNet and subnets available in your Azure subscription to ensure that you have enough resources to create clusters in CDP.

VNets can be created and managed from the Azure Portal > Virtual Networks. For detailed instructions on how to create a new VNet on Azure, refer to Create a virtual network using the Azure portal in Azure documentation.  

Egress connectivity for existing VNets and subnets

When you deploy an environment with an existing network of your own configuration, it is your responsibility to create egress connectivity for the required subnets in your VNet. Egress connectivity can be accomplished through a NAT gateway setup or user-defined routing. Alternatively you can create a secondary load balancer for public egress. See Azure Load Balancers in Data Lake and Data Hub for more information.

New VNet and subnets

If you would like CDP to create a new VNet, you will need to specify a valid CIDR in IPv4 range that will be used to define the range of private IPs for VM instances provisioned into these subnets. Default is Consider changing the IP range to correspond to corporate policies for standardized IP address ranges. The CIDR must match the <network mask>/16 pattern.

By default CDP creates more than 30 subnets and divides the address space as follows:

  • 3 x /24 public subnets for Data Lake and Data Hub
  • 3 x /19 private subnets for Data Warehouse
  • 32 x /24 private subnets for Machine Learning, Data Engineering, and DataFlow
  • 3 x /19 private subnets reserved for future use

You can disable creating private subnets, in which case only 3 public subnets will be created.

If you would like to use Flexible Server in private service mode then you should delegate a subnet to it, as described in Private setup for Azure Flexible Server. CDP does not create the delegated subnet for you.

For more information about VNet and subnets, refer to the following VNet and subnet planning documentation.

Egress connectivity for new VNets and subnets

If you are creating a new network during environment registration, CDP ensures that egress connectivity is available. If the "Create Public IPs" option and Public Endpoint Access Gateway are disabled in your network, a separate load balancer is created for egress, though this load balancer requires certain public IP permissions that are granted as part of the required Azure permissions. If either "Create Public IPs" or Public Endpoint Access Gateway is enabled, then a public load balancer is created to handle both public ingress to port 443 and public egress.

Azure Load Balancers in Data Lake and Data Hub for more information.