Transitioning from Azure default outbound access
On March 31, 2026, Microsoft will retire default outbound access for virtual machines in Azure. This change primarily affects newly created virtual networks. Because CDP does not support creating a new Azure Virtual Network during environment registration, this update specifically affects the infrastructure you prepare in Azure before deploying Cloudera.
When registering an Azure environment, you must provide an existing VNet and subnets.
- If you use a VNet created before March 31, 2026, default outbound access will continue to function as a legacy feature.
- If you create a new VNet in Azure after March 31, 2026, to host a new Cloudera environment, the new VNet will have no default Internet access.
Recommended Outbound Methods
To ensure Cloudera clusters can communicate with the Cloudera Control Plane and Azure
services (like ADLS Gen2 or Key Vault) in new networking environments, you must implement
one of the following Microsoft-recommended options, in order of
preference:
- Azure NAT Gateway (Recommended)
- Best option for most CDP workloads. It provides a static outbound IP and prevents SNAT port exhaustion during high-concurrency tasks like cluster scaling or heavy data processing.
- Azure Firewall / Network Virtual Appliance (NVA)
- A necessary option for environments requiring FQDN filtering. Ensure that all Cloudera outbound network access destinations are whitelisted.
Required Actions
- For Existing Environments
- You are not required to make any changes, but we recommend transitioning to a NAT Gateway for IP stability.
- For New Infrastructure
- When creating new VNets in Azure for future CDP environments, you must explicitly attach a NAT Gateway or Firewall to the
subnets intended for the Data Lake and Data Hubs.
Ensure that your existing subnets allow traffic to Cloudera’s management endpoints before registering the environment in the Cloudera Management Console.
For additional information on Azure's connectivity changes, refer to the Microsoft official announcement.
