配置域名防火墙规则Configure domain name firewall rules

如果企业防火墙根据域名来阻止流量,你必须允许 HTTPS 和 WebSocket 流量访问 Azure Databricks 域名,以确保访问 Azure Databricks 资源。If your corporate firewall blocks traffic based on domain names, you must allow HTTPS and WebSocket traffic to Azure Databricks domain names to ensure access to Azure Databricks resources. 你可以在两个选项之间进行选择,一个选项在权限方面更宽松但更易于配置,另一个选项特定于你的工作区域。You can choose between two options, one more permissive but easier to configure, the other specific to your workspace domains.

选项 1:允许流量流向 *.databricks.azure.cnOption 1: Allow traffic to *.databricks.azure.cn

更新防火墙规则,使之允许 HTTPS 和 WebSocket 流量流向 *.databricks.azure.cnUpdate your firewall rules to allow HTTPS and WebSocket traffic to *.databricks.azure.cn. 此选项在权限方面比选项 2 更宽松,但它省去了为帐户中的每个 Azure Databricks 工作区更新防火墙规则的工作量。This is more permissive than option 2, but it saves you the effort of updating firewall rules for each Azure Databricks workspace in your account.

选项 2:仅允许流量流向 Azure Databricks 工作区Option 2: Allow traffic to your Azure Databricks workspaces only

如果选择为帐户中的每个工作区配置防火墙规则,则必须:If you choose to configure firewall rules for each workspace in your account, you must:

  1. 确定工作区的域。Identify your workspace domains.

    每个 Azure Databricks 资源有两个唯一的域名。Every Azure Databricks resource has two unique domain names. 可以通过转到 Azure 门户中的 Azure Databricks 资源来找到第一个域名。You can find the first by going to the Azure Databricks resource in the Azure Portal.

    工作区 URLWorkspace URL

    URL 字段以 https://adb-<digits>.<digits>.databricks.azure.cn 格式显示 URL,例如 https://adb-1666506161514800.0.databricks.azure.cnThe URL field displays a URL in the format https://adb-<digits>.<digits>.databricks.azure.cn, for example https://adb-1666506161514800.0.databricks.azure.cn. 删除 https:// 以获取第一个域名。Remove https:// to get the first domain name.

    第二个域名与第一个域名完全相同,只不过它具有 adb-dp- 前缀而不是 adb-The second domain name is exactly the same as the first, except that it has an adb-dp- prefix instead of adb-. 例如,如果第一个域名为 adb-1666506161514800.0.databricks.azure.cn,则第二个域名为 adb-dp-1666506161514800.0.databricks.azure.cnFor example, if your first domain name is adb-1666506161514800.0.databricks.azure.cn, the second domain name is adb-dp-1666506161514800.0.databricks.azure.cn.

  2. 更新防火墙规则。Update your firewall rules.

    更新防火墙规则以允许 HTTPS 和 WebSocket 流量流向步骤 1 中确定的两个域。Update your firewall rules to allow HTTPS and WebSocket traffic to the two domains identified in step 1.