You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/hdinsight/hdinsight-plan-virtual-network-deployment.md
+23-1Lines changed: 23 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,7 +4,7 @@ description: Learn how to plan an Azure Virtual Network deployment to connect HD
4
4
ms.service: azure-hdinsight
5
5
ms.topic: conceptual
6
6
ms.custom: hdinsightactive
7
-
ms.date: 09/19/2024
7
+
ms.date: 07/19/2025
8
8
---
9
9
10
10
# Plan a virtual network for Azure HDInsight
@@ -200,6 +200,28 @@ There are [several outbound connectivity methods](/azure/load-balancer/load-bala
200
200
201
201
Another constraint is that the HDInsight load balancers shouldn't be deleted or modified. **Any changes to the load balancer rules will get overwritten during certain maintenance events such as certificate renewals.** If the load balancers are modified and it affects the cluster functionality, you may need to recreate the cluster.
202
202
203
+
## Azure HDInsight Cluster Creation with Custom VNet: Private Endpoint Requirements and Policy Considerations
204
+
205
+
### Overview
206
+
When you create an Azure HDInsight cluster in a custom virtual network (VNet), the HDInsight Resource Provider (RP) must automatically deploy several networking resources into your VNet’s resource group, for example, load balancers, network interfaces, IP addresses, private endpoints, etc. Azure Storage and Azure SQL Databases (if not provided) will also be created along with the cluster.
207
+
208
+
### Role of Private Endpoints in HDInsight
209
+
Private Endpoints will be used to connect your cluster privately and securely to the Azure services, such as Azure Storage and Azure SQL Databases, over the Microsoft backbone network.
210
+
211
+
### Policy Impact on Private Endpoint Creation
212
+
If your organization has Azure Policies that deny the creation of private endpoints or deny the creation of cross-tenant private endpoint according to the document [Limit cross-tenant private endpoint connections in Azure](/azure/cloud-adoption-framework/ready/azure-best-practices/limit-cross-tenant-private-endpoint-connections)in the resource group, HDInsight cluster creation will fail. This is because:
213
+
214
+
* The HDInsight RP is unable to create the necessary private endpoint resources.
215
+
* The cluster will transition into error state.
216
+
217
+
### Typical Error Scenario
218
+
If private endpoint creation is blocked, you may see errors during cluster provisioning:
219
+
220
+
* FailedToCreateDedicatedStoragePrivateEndpoint
221
+
222
+
### Best Practices and Recommendations
223
+
Create exemption in Azure Policy to allow PE creation in the subscription or resource group where HDInsight cluster resides.
224
+
203
225
## Next steps
204
226
205
227
* For code samples and examples of creating Azure Virtual Networks, see [Create virtual networks for Azure HDInsight clusters](hdinsight-create-virtual-network.md).
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments