How can we improve Microsoft Azure Data Factory?

Identify IP Address of Data Factory

It is not currently possible to identify the IP Address of the DF, which you need for firewall rules, including Azure SQL Server firewall....

264 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Douglas James Boyd shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    11 comments

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Pavel Leonau commented  ·   ·  Flag as inappropriate

        Would be great to have an opportunity to get the IP address of a Data Factory service (or the white list if available) in order to use the process on production server.

      • Andy Ball commented  ·   ·  Flag as inappropriate

        Would like this to . We have a INFOSec requirement to limit access to HDInsight using on Prem Addresses only - ie block access to people outside the company. If we do this via a NSG , it breaks Data Factory connecvity to HDInsight which is used to run a python script as part of transform .

        So at present the only way I can see to fix this , is to change the NSG to allow traffic on Port 443 to the whole Azure IP range which is very open / and has to be checked / refreshed weekly.

      • Reuben Cabrera (GMO) commented  ·   ·  Flag as inappropriate

        Our use case: External data providers whitelist our IPs for SFTP access. We would like to use Data Factory to ingest data from our external data providers.

      • Erik commented  ·   ·  Flag as inappropriate

        +1 for us as well. We need this feature or at least a tag in SQL Database/ ADLS where we can identify "Allow our subscription services" or better yet where you can specify allowing specific instances of ADF.

        Others may not be aware that when you enable Azure services in your SQL Database firewall, you open up your server to connection from anyone's VM anywhere in Azure. This is a significant risk for us.

      • Remus Vlasie commented  ·   ·  Flag as inappropriate

        Having services to rely only on user/password protection is not good enough. Still having open access to Azure services that you own might moderate the risk. But having All the Azure services able to access your service is not acceptable.

      • Josh Noe commented  ·   ·  Flag as inappropriate

        In addition to the obvious fact that nobody is going to want to open their DBs to all of Azure, this restriction means that non-Azure DBs can't be used as data sources. Without an IP, I cannot open the firewalls on these external DBs to my Data Factory.

      • Mike Webber commented  ·   ·  Flag as inappropriate

        It's not reasonable to expect enterprises who are trying to secure their data in an Azure SQL Database to open the firewall to allow all of Azure to connect. Until this feature is available, Data Factory is not a viable option.

      Feedback and Knowledge Base