Thursday, 9 January 2020

Fixed IP addresses for ADF Integration Runtimes

Case
I want to give my Integration Runtime access to my sources via a firewall rule and block other machines or services. How do I arrange that?
Firewall exceptions for SSIS IR






















Solution
Good news! Microsoft published a list of IP addresses per Azure region for the Integration Runtimes in Azure Data Factory. This means you can narrow down the list of machines accessing your sources. Now only Integration Runtimes from a specific Region (like West Europe) can access it. Perhaps not enough for everybody, but it is better then giving ALL Azure services access to for example your Azure SQL Database.






Note 1: The IP addresses are listed as CIDR. For some firewalls you have to convert those to a IP range. You can use a CIDR to IPv4 calculater to convert them. For example:
40.74.26.0/23 => 40.74.26.0 to 40.74.27.255 (512 hosts in total)

Note 2: Not sure how often this list of IP addresses changes. So you might want to put the URL of the list in your documentation for error handling.

Note 3: Azure Data Factory Data Flows does not use the same IP addresses. A list of all Azure IP addresses can be downloaded as a JSON file. This JSON file gets updated on weekly basis.




Credits Geerten de Kruijf