Loading
Salesforce now sends email only from verified domains. Read More
Help Agent Performance DegradationRead More
About Salesforce Data 360
Table of Contents
Filter by (0)Add
Select Filters

          No results
          No results
          Here are some search tips

          Check the spelling of your keywords.
          Use more general search terms.
          Select fewer filters to broaden your search.

            Search all of Salesforce Help
            Search all of Salesforce Help
            Add a Private Network Route for Snowflake on Azure

            You are here:

            1. Salesforce Help
            2. Docs
            3. Data 360

            Add a Private Network Route for Snowflake on Azure

            Connect your Snowflake instance and Data 360 tenant to a dedicated network route with Private Connect for Data 360. Create a single route to a specific instance even if you have multiple Data 360 instances. Before you set up a Snowflake federation connection or data share, establish a Private Network Route (PNR).

            Required Editions

            Available in: Editions that support Data 360. See Data 360 edition availability
            User Permissions Needed
            To create a Snowflake network route Data Cloud Architect and Manage External Connections or Customize App permission
            To administer a Snowflake environment Snowflake admin

            Limitations

            • The maximum number of private network routes (PNRs) for a Snowflake URL is one per Data 360 functional domain (not per Data 360 org).
            • The VPC endpoint ID must be added to your organizations allow list in order to connect Data 360 to your Snowflake instance.
              • You can get the VPC ID from the details page of an existing Private Network Route.
              • Alternatively, add the internal IP address range 10.0.0.0/8 to your Snowflake network policy's allowlist. Only private networks use this reserved address range. For more information, see Controlling network traffic with network policies in the Snowflake documentation.

            This topic covers only the Salesforce steps. To complete the end-to-end procedure across all sources, see the Private Connect Implementation Reference Guide for Snowflake on Azure.

            Prerequisites:

            • Use consumption-based Data 360.

            • You have the Virtual Private Cloud (VPC) endpoint service name for the Java Database Connectivity (JDBC) and Azure Blob endpoints. Information about this configuration is in the Implementation Guide.

            • You’ve configured the Data 360 Principal ID for this PNR as an allowed principal in AWS. Information about this configuration is in the Implementation Guide.
            1. From the App Launcher, select Data Cloud.
            2. From Setup, select Data Cloud Setup.
            3. From Data Cloud Setup, expand Admin Tools and select Private Connect.
            4. Select New.

              When you've exceeded the maximum number of licensed private network routes, the New button doesn’t appear. To get more private network routes, speak with your Salesforce account representative.

            5. On the Add Private Network Route page, select the Snowflake tile.
            6. In the Select a network panel, select Azure, and then Add Private Network Route.
            7. On the Configure Snowflake Private Network Route page, enter these values.
              1. Route Name: This name identifies the route.
              2. Route API Name: Data 360 autopopulates this field based on the route name.
              3. Description: Enter a description of the connection.
            8. Go to Step 3: Account and complete these steps.
              1. In the Snowflake Account URL field, enter the URL for your Snowflake account.
              2. In the Virtual Private Cloud Endpoint Service Name field, enter the AWS VPC endpoint that you created earlier. For example: com.amazonaws.vpce.
            9. Go to Step 4: Internal Stage and complete these steps.
              1. In the Azure Blob URL field, add your Azure account URL. For example: https://.blob.core.windows.net//.
              2. In the Virtual Private Cloud (VPC) Endpoint Service Name field, enter the AWS VPC endpoint. For example: com.amazonaws.vpce.
            10. Save your changes and keep this browser open. Provisioning your network route takes several minutes. The next step is to confirm your connection request in Amazon Virtual Private Cloud.
            11. Access the Amazon Virtual Private Cloud console.
            12. Go to the endpoint service for both Snowflake and the Snowflake internal stage.
            13. On the Endpoint connections tab, go to your pending connection request for Snowflake and the Snowflake internal stage. Then complete these steps.
              1. Check the box next to the Snowflake endpoint.
              2. Click the Actions dropdown.
              3. Click Accept Endpoint Connection Request. If you don’t see the request, make sure that you added the Principal ID as an allowed principal. Repeat these steps for the Snowflake internal stage.
                Wait for 30 seconds before you proceed to the next step.
            14. Return to Salesforce and go to Data Cloud Setup.
            15. To refresh the configuration until it’s ready to use, click Data Cloud Setup Refresh.
              Refreshing the browser has no effect.
            16. To verify the setup, go to Data Cloud Setup and click Private Connect. The dashboard shows the status of Snowflake and the Snowflake internal stage. Verify that both PNRs display as connected. You can click the individual PNR record to see its details.

            The Private Connect setup is complete. To create a Snowflake connection in Data 360, set up a Snowflake data federation connection and turn on the toggle to use a Private Network Route (PNR). Select the PNR that you created from the Network Route dropdown.

            Note
            Note When the network provisioning is complete, create a federated connection or data share for Snowflake. There can be a brief delay before you can proceed to create a federated connection or data share due to Domain Name Server (DNS) configuration.

            See Also

             
            Loading
            Salesforce Help | Article