locked
How do we disable ADF V2 on premise? RRS feed

  • Question

  • If a customer decides to end their relationship with us, is there a method available for us to ensure that the ADF V2 Pipe is completely disabled at their end? Not just blocked at our end, but completely de-activated, on-site, so that it can no longer be used to send data of any kind? Our concern is that a "hostile" entity might use this conduit to attempt a DOS type attack that looks like normal ADF traffic. Or, a less tech savvy customer might simply leave it up and running inadvertently... in either case it could be a problem.
    Friday, January 4, 2019 6:34 PM

Answers

  • Hi again Ashok,

       thanks for running with this!  I tested this scenario this weekend and found that data is only transferred when a Trigger is activated from the Azure side. So, the Integration Run Time Manager installed On Premise will not try to "Phone Home" after the associated Trigger is disabled (or ever). Also, once the Hosted Integration Run Time is deleted from Azure, the Key that was entered in the On-Premise system is rendered invalid.  So, I think our concerns have been proven to be unfounded. 


    Dhodgson

    Monday, January 7, 2019 8:44 PM

All replies

  • When you delete an activity, there is no way you can receive the data from the same pipeline. If you have configured self-hosted integration run time, you can revoke the access easily.

    For more details, refer to Security considerations for data movement in Azure Data Factory.

    Monday, January 7, 2019 10:54 AM
  •    Thanks for the reply Ashok. Yes, I am using a Self Hosted Integration Run time, and I am aware that I can delete the activity in the Azure Portal. Let me rephrase my question... How does deleting the integration run time in the Azure portal affect the On-Premise Agent? Will it continue to attempt to connect to Azure after the Run Time has been deleted, even if it can't actually connect? Or, will the agent somehow get disabled after a series of time-outs? 

    Dhodgson

    Monday, January 7, 2019 2:12 PM
  • Hi again Ashok,

       thanks for running with this!  I tested this scenario this weekend and found that data is only transferred when a Trigger is activated from the Azure side. So, the Integration Run Time Manager installed On Premise will not try to "Phone Home" after the associated Trigger is disabled (or ever). Also, once the Hosted Integration Run Time is deleted from Azure, the Key that was entered in the On-Premise system is rendered invalid.  So, I think our concerns have been proven to be unfounded. 


    Dhodgson

    Monday, January 7, 2019 8:44 PM
  • Your understanding is correct. Appreciate for sharing the detailed information, this would certainly benefit other community members.

    Tuesday, January 8, 2019 4:50 AM