Transitioning from Azure default outbound access
Microsoft is planning to retire the default outbound access connectivity for virtual machines in Azure. You must transition your Cloudera environment on Azure to use an explicit method for outbound internet connectivity while creating any new virtual machines. This ensures enhanced security, predictability, and reliability for your clusters.
In Microsoft Azure (Azure), virtual machines that are created in a virtual network without a defined explicit outbound method were assigned a default implicit outbound public IP address. This IP address enabled outbound connectivity from the resources to the internet. If you have deployed a virtual machine in Azure without explicit outbound connectivity, a default outbound access IP was assigned to the virtual machine.
As previously communicated in Cloudera Customer Advisory-866, the default outbound access connectivity for virtual machines in Azure is retired on 30 September, 2025. After this date, all new virtual machines (new clusters as well as repaired/upgraded cluster nodes) need to use explicit outbound connectivity methods, such as Azure NAT Gateway, Azure Load Balancer outbound rules, or a directly attached Azure public IP address.
- Existing virtual machines that use the default outbound access will continue to work after the retirement date. However, certain operations, such as operating system upgrade, repair, and recover, will break your cluster.
- New virtual machines created after September 30, 2025, even if deployed into existing VNets and subnets, will not receive default outbound access. These virtual machines must be configured with an explicit outbound method to access the internet.
- Associate a NAT Gateway with the subnet hosting your Cloudera environment. This is the preferred and most scalable option.
- Add a Firewall or Network Virtual Appliance (NVA) to your virtual network, and point traffic to the virtual machine using a User Defined Route (UDR).
> Suppress Outbound Warning.
