question

sakuraime avatar image
0 Votes"
sakuraime asked KranthiPakala-MSFT commented

Azure data factory Self hosted IR Network requirement

Hi. Suppose I am having a Azure data factory which set to using Private endpoint
78988-image.png


So the Self-hosted IR machine (on-premises) still have a open firewall outbound like in the following ?

78997-image.png



https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime

azure-data-factory
image.png (7.5 KiB)
image.png (113.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

KranthiPakala-MSFT avatar image
0 Votes"
KranthiPakala-MSFT answered KranthiPakala-MSFT commented

Hi @sakuraime,

Apologizes for the delay in my response.

The communication happens when we configure the DNS after we create the private endpoint. So after this, the DNS protocol will resolve the name of your ADF (say xxxx.westeurope.datafactory.azure.net) to a private endpoint (say 10.0.x.x)

That is why after the creation of the private endpoint + a DNS record, the communication between SHIR and ADF will go via the private endpoint of ADF, not the public one.

Without a DNS record that maps the name of ADF to private endpoint, the SHIR will keep trying to access the ADF via the public IP, raising an error. Here are the options to configure your DNS settings for private endpoints : Azure Private Endpoint DNS configuration

84151-image.png

Hope this helps.



Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.


image.png (42.2 KiB)
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @sakuraime,

Just wanted to check if the above information was helpful? Do let us know if you have further query.

Thanks

0 Votes 0 ·

Are there any IP address list for *.servicebus.windows.net???for firewall setting ??

Actually is it used for data transport ? what if it's blocked from the SELF HOST IR ?

0 Votes 0 ·

Hi @sakuraime,

Sorry for the delay.
You can find Azure IP Rage from here - https://www.microsoft.com/en-us/download/details.aspx?id=56519. This should contain all Public IP ranges for respective service Tags

For SHIR to establish a private endpoint connection to ADF, the DNS has to be setup correctly and ideally it should be resolving to the private IP.

In case if you would want to further deep dive into networking side, please feel free to open a new thread in https://docs.microsoft.com/answers/questions/51930/azure-networking-1.html where we have networking experts who will be happy to provide deeper insights.

Do let me know if you have any further query.

Thanks



0 Votes 0 ·
Show more comments
KranthiPakala-MSFT avatar image
0 Votes"
KranthiPakala-MSFT answered sakuraime commented

Hi @sakuraime ,

Thanks for reaching out. If you enable the PLS for ADF, you don’t need an open outbound for ADF service and traffic will go through Private Endpoint. But you still need outbound configurations for Azure Relay which is not covered in current ADF PLS support.

Hope this info helps.



Please don’t forget to Accept Answer and Up-Vote wherever the information provided helps you, this can be beneficial to other community members.


· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

thanks... how to instruct the Self host IR to go through private endpoint of ADF ?

0 Votes 0 ·

Hi @sakuramie,

Thanks for your response. You can follow the steps in the below doc to enable Private Link Service first and create a Private Endpoint (data factory).

  1. https://docs.microsoft.com/en-us/azure/data-factory/data-factory-private-link

  2. Here is another helpful article related to Azure IR Managed VNet - Securely connect to an External Endpoint from Azure


0 Votes 0 ·

it didn't tell how to instruct SELF HOST IR to got through private endpoint of ADF...

Any extra setup steps required on the SELF HOST IR ?

0 Votes 0 ·