Skip to main content
After activating your subscription, establish a secure network connection between Entegrata and your data sources. This connection enables Entegrata’s collectors to access your systems for data collection while maintaining security and network isolation.
After onboarding, network connections can be managed through Network Connections in your instance settings.

Connection Type Selection

You have two options for establishing network connectivity:

VNet Peering

Best for Azure-based resources. Uses cross-tenant Virtual Network peering for direct, private connectivity.

Site-to-Site (S2S) VPN

Best for on-premises or hybrid environments. Creates an encrypted VPN tunnel between networks.

When to Use VNet Peering

Choose VNet Peering if:
  • Your data sources are hosted in Azure
  • You want the lowest latency and highest bandwidth
  • You prefer a simpler network configuration
  • You have existing Azure Virtual Networks

Configuration Steps

This section is only shown for self-hosted instances.Configure your Databricks workspace connection details.Required fields:
  • Databricks SPN Application ID - The Application (Client) ID of your Databricks Service Principal. Found in Azure Portal under Enterprise Applications.
  • Databricks SPN Object ID - The Object (Principal) ID of your Databricks Service Principal. Found in Azure Portal under Enterprise Applications.
  • Databricks Account ID - Your Databricks Account ID (UUID format). Found in the Databricks Account Console.
These fields will be disabled after the external configuration is complete and cannot be modified later.

2. CIDR Ranges

Specify three non-overlapping /23 CIDR ranges reserved exclusively for Entegrata.Required fields:
  • CIDR Range 1 - First /23 CIDR block (e.g., 10.0.0.0/23)
  • CIDR Range 2 - Second /23 CIDR block (e.g., 10.0.2.0/23)
  • CIDR Range 3 - Third /23 CIDR block (e.g., 10.0.4.0/23) CIDR ranges section
CIDR ranges must not overlap with each other or with your existing network. Once saved, they cannot be changed.
Before proceeding, gather the following information from your Azure environment:
  1. Navigate to the Azure Portal
  2. Go to Virtual Networks → Select your VNet
  3. In the Properties section, copy the Resource ID
The Resource ID format should be:
/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.Network/virtualNetworks/{vnet-name}
You’ll need this in the next section.

4. Entegrata Peering Setup

Configure the peering connection from Entegrata to your Virtual Network.Required field:
  • Virtual Network Resource ID - The full Azure Resource ID of your Virtual Network Virtual Network Resource ID input field
Example format:
/subscriptions/12345678-1234-1234-1234-123456789012/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVNet
After submitting, Entegrata will initiate the peering connection. You’ll need to accept it on your side in the next step.
After Entegrata initiates the peering, you need to accept it in your Azure environment.For Self-Hosted Instances:To allow Entegrata to establish a virtual network peering to your Azure environment, you need to grant the Network Contributor role to the managed identity created for your subscription. The managed identity name will be dynamically generated and resides within the Entegrata subscription in a corresponding resource group.Steps to grant Network Contributor role:
  1. Sign in to the Azure Portal
  2. Navigate to Subscriptions or Resource Groups, depending on where you want to assign the role. Make sure the virtual network you want to peer is within the source group or subscription:
    • For the entire subscription, select Subscriptions > Your subscription
    • For a specific resource group, select Resource Groups > Your resource group
  3. In the left-hand menu, click Access control (IAM)
  4. Click + Add > Add role assignment
  5. In the Role dropdown, select Network Contributor
  6. In the Assign access to section, choose Managed identity
  7. Click Select members, then search for and select the managed identity (the name will be displayed in the interface)
  8. Click Select, then Review + assign to complete the role assignment
  9. Verify the assignment by checking the role assignments tab in the Access control (IAM) section
For Managed Instances:To allow Entegrata to establish a virtual network peering to your Azure environment, you need to download and apply a Lighthouse template that grants the necessary permissions.Customer peering setup instructionsSteps to apply the Lighthouse template:
  1. Download the Lighthouse template provided in the interface
  2. Follow the instructions shown in the interface for where to apply this template in your Azure portal
  3. The template will automatically configure the necessary permissions for the peering connection
The peering connection will show as “Connected” once both sides have completed configuration.

Validation

After configuration, Entegrata will automatically:
  • Verify the peering connection is established
  • Test network connectivity
  • Validate routing configuration
  • Confirm DNS resolution

Troubleshooting

This appears when: The VNet Resource ID format is incorrectSolutions:
  • Ensure the ID starts with /subscriptions/
  • Verify all required path segments are present
  • Check for typos in the resource group or VNet name
  • Copy the exact Resource ID from Azure Portal → Virtual Networks → Properties
This appears when: CIDR ranges don’t meet requirementsSolutions:
  • Ensure all three ranges use /23 subnet mask (not /24, /22, etc.)
  • Format must be X.X.X.X/23 (e.g., 10.0.0.0/23)
  • Check for typos in IP addresses
  • Verify ranges don’t overlap with your existing networks
This appears when: You’ve entered the same CIDR range twiceSolutions:
  • Use three different /23 ranges
  • Example: 10.0.0.0/23, 10.0.2.0/23, 10.0.4.0/23
  • Ranges must not overlap or be identical
This means: The peering hasn’t been established yetNext steps:
  • Check Azure Portal for pending peering request
  • Accept the peering on your VNet side
  • Verify Network Security Group rules
  • Wait a few minutes for propagation, then refresh the status

Security Considerations

Regardless of connection type, Entegrata implements multiple security layers:All traffic is encrypted in transit - Network isolation between customers - Regular security audits and compliance certifications - Azure-native security features (NSG, Azure Firewall)

Save Configuration

Once you’ve entered all required information for your chosen connection type, click the Save button to apply your configuration. The system will validate your settings and begin establishing the network connection.
Network configuration changes can take 5-15 minutes to fully propagate. The system will display a loading screen during this process.

Next Steps

Back to Step 1

Return to Subscription Activation

Continue to Step 3

Proceed to Additional Settings