Enabling an AWS PrivateLink between ThoughtSpot Cloud and your Databricks data warehouse

Learn how to deploy an AWS PrivateLink between your Databricks data warehouse and the ThoughtSpot Cloud tenant.

AWS PrivateLink is only available to Enterprise Edition users.

Your data’s security is important. ThoughtSpot encrypts all your data by default. For an additional layer of security and network reliability, you can use an AWS PrivateLink. This option is currently available for your Amazon Aurora MySQL, Amazon Aurora PostgreSQL, Amazon RDS MySQL, Amazon RDS PostgreSQL, Amazon Redshift, Databricks, Denodo, Dremio, Oracle, PostgreSQL, SAP HANA, Snowflake, SQL Server, Starburst, or Teradata data warehouse connections.

ThoughtSpot supports a maximum of five PrivateLinks in your environment, in any combination of supported cloud data warehouses. For example, you could have a PrivateLink for Denodo, one for Databricks, and one for Starburst in the same environment.

This article details how to enable a PrivateLink for Databricks; to enable it for other data warehouses, refer to:

You can enable a maximum of five PrivateLinks in your environment.

To deploy an AWS PrivateLink, you must work with ThoughtSpot support and follow the procedure in this article.

Prerequisites

  • You must have a Databricks Enterprise account.

  • You must have a Databricks workspace URL.

  • Your Databricks workspace must be customer-managed, not Databricks-managed.

  • The ThoughtSpot instance must be in the same AWS region as your Databricks account.

  • You must have Databricks Account Admin credentials.

    The Databricks Account admin is different from the Workspace Admin. The Account admin is able to sign in to https://accounts.cloud.databricks.com/.

Enable an AWS PrivateLink for Databricks

To deploy an AWS PrivateLink between your Databricks data warehouse and the ThoughtSpot Cloud tenant, follow these steps.

  1. Contact ThoughtSpot support to create VPC endpoint

  2. Register PrivateLink objects in Databricks

  3. Update the Databricks workspace with PrivateLink configuration

  4. Configure Connections

Step 1: Contact ThoughtSpot support to create VPC endpoint

After completing the prerequisites, share the Databricks workspace URL with ThoughtSpot support and request PrivateLink configuration. The URL is in the format https://xxx.cloud.databricks.com/. After ThoughtSpot support finishes the configuration, they will share the VPC endpoint with you.

Step 2: Register PrivateLink objects in Databricks

Follow these steps to register the VPC endpoint:

  1. Obtain the VPC endpoint ID from the previous step.

  2. Complete the steps to register PrivateLInk objects in the Databricks AWS PrivateLink documentation. The documentation includes steps for:

    1. VPC endpoint registration.

    2. Network configurations.

    3. Private access configurations.

Step 3: Update the Databricks workspace with PrivateLink configuration

Update workspace with PrivateLink configurations using the Account API, with further references in the Databricks AWS PrivateLink documentation.

Step 4: Configure Connections

Create a Databricks connection. Note that Databricks connections use the same host name regardless of whether they are created through PrivateLink. When PrivateLink is configured, ThoughtSpot switches the internal DNS resolution for the hostname to point to the PrivateLink endpoint IP. For example, if your customer Databricks account is https://myaccount.cloud.databricks.com, you would use the same name when configuring a connection that uses PrivateLink.

Related information

Was this page helpful?
×