Enabling an AWS PrivateLink between ThoughtSpot Cloud and your Databricks data warehouse

Learn how to deploy an AWS PrivateLink between your Databricks data warehouse and the ThoughtSpot Cloud tenant.

Your data’s security is important. ThoughtSpot encrypts all your data by default. For an additional layer of security and network reliability, you can use an AWS PrivateLink. This option is currently available for your Amazon Redshift, Databricks, Dremio, Oracle, SAP HANA, Snowflake, Starburst, or Teradata data warehouse connections.

This article details how to enable a PrivateLink for Databricks; to enable it for other data warehouses, refer to:

You can only enable one PrivateLink for each cluster.

To deploy an AWS PrivateLink, you must work with ThoughtSpot Support and follow the procedure in this article.

Prerequisites

  • You must have a Databricks Enterprise account.

  • The ThoughtSpot cluster must be in the same AWS region as your Databricks account.

  • You must have Databricks Account Admin credentials.

    The Databricks Account admin is different from the Workspace Admin. The Account admin is able to log into https://accounts.cloud.databricks.com/.
  • You must obtain the VPC Endpoint ID from ThoughtSpot Support. This is required before you can complete Step 1: Register the VPC Endpoint.

To deploy an AWS PrivateLink between your Databricks data warehouse and the ThoughtSpot Cloud tenant, follow these steps.

Step 1: Register the VPC Endpoint with the Databricks Account API

After completing the prerequisites, you must configure the register the VPC Endpoint. Follow these steps:

  1. Obtain the VPC Endpoint ID from ThoughtSpot Support, if you did not do so in the prerequisites.

  2. Complete Step 3: Register your VPC endpoint IDs with the Account API in the Databricks AWS PrivateLink documentation. You need the VPC Endpoint ID from ThoughtSpot Support to complete this step.

Step 4: Create or update the Databricks workspace

  1. Complete Step 7: Create or update a workspace with PrivateLink configurations using the Account API in the Databricks AWS PrivateLink documentation.

  2. Make a note of your Databricks Workspace URL. You must send it to ThoughtSpot Support in the next step. This URL is in the format https://xxx.cloud.databricks.com/.

Step 5: Contact ThoughtSpot Support

After you complete steps 1-4 in this document, contact ThoughtSpot Support. They must finish the PrivateLink configuration.

Make sure you send ThoughtSpot Support your Databricks Workspace URL. This URL is in the format https://xxx.cloud.databricks.com/.

After ThoughtSpot Support finishes the configuration, they will contact you, and you can move on to Step 6: Configure Connections.

Step 6: Configure Connections