SQL Server Secure Access from Azure Data Factory

Question

We have an on-premise instance of SQL Server and we need to access some data from this server through Azure Data Factory (ADF). Since ADF can connect through a large set of IP addresses, there is no way to specify IP based firewall rules on the system where SQL Server is installed. So right now, the system is exposed to the internet.

What would be the best security architecture in this scenario?

I understand that a VPN can be set up but that solution is little too complex for us right now. Any other solution besides this?

Thank you

---

Sohi

Answer 1

Hi Sohi420,

 

>>Since ADF can connect through a large set of IP addresses, there is no way to specify IP based firewall rules on the system where SQL Server is installed.

 

According to your description, my understanding is that you can not use firewalls to secure sql server access. If anything is misunderstood, please tell me.

 

Based on my experience,  it is necessary to secure sql server access by firewalls. For more details, please refer to https://docs.microsoft.com/en-us/sql/database-engine/configure-windows/configure-a-windows-firewall-for-database-engine-access?view=sql-server-2017

 

Hope this could help you .

Best regards,

Dedmon Dai

---

MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com

Answer 2

I solved this by making use of Self-hosted integration runtime on our on-premise network where SQL Server is installed, and linked that integration runtime in the Azure data factory to get access.

Here is the link which describes how to set up the self-hosted integration runtime:
https://docs.microsoft.com/en-us/azure/data-factory/create-self-hosted-integration-runtime

---

Sohi