You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/data-factory/data-access-strategies.md
+9-7Lines changed: 9 additions & 7 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -7,14 +7,14 @@ author: nabhishek
7
7
ms.service: data-factory
8
8
ms.workload: data-services
9
9
ms.topic: conceptual
10
-
ms.date: 05/08/2020
10
+
ms.date: 05/11/2020
11
11
---
12
12
13
13
# Data access strategies
14
14
15
15
A vital security goal of an organization is to protect their data stores from random access over the internet, may it be an on-premise or a Cloud/ SaaS data store.
16
16
17
-
Typically a cloud data store control access using the below mechanisms:
17
+
Typically a cloud data store controls access using the below mechanisms:
18
18
* Firewall rules that limit connectivity by IP address
19
19
* Authentication mechanisms that require users to prove their identity
20
20
* Authorization mechanisms that restrict users to specific actions and data
@@ -25,7 +25,7 @@ Typically a cloud data store control access using the below mechanisms:
25
25
> [!NOTE]
26
26
> The IP address ranges are blocked for Azure integration runtime and is currently only used for Data Movement, pipeline and external activities. Dataflows now do not use these IP ranges.
27
27
28
-
Though this should work in many scenarios, we do understand that a unique Static IP address per integration runtime would be desirable, but this wouldn't be possible using Azure Integration Runtime currently, which is serverless. If necessary, you can always set up a Self-hosted Integration Runtime and use your Static IP with it.
28
+
This should work in many scenarios, and we do understand that a unique Static IP address per integration runtime would be desirable, but this wouldn't be possible using Azure Integration Runtime currently, which is serverless. If necessary, you can always set up a Self-hosted Integration Runtime and use your Static IP with it.
29
29
30
30
## Data access strategies through Azure Data Factory
31
31
@@ -34,7 +34,9 @@ Though this should work in many scenarios, we do understand that a unique Static
34
34
***[Static IP range](https://docs.microsoft.com/azure/data-factory/azure-integration-runtime-ip-addresses)** - You can use Azure Integration Runtime's IP addresses to allow list it in your storage (say S3, Salesforce, etc.). It certainly restricts IP addresses that can connect to the data stores but also relies on Authentication/ Authorization rules.
35
35
***[Service Tag](https://docs.microsoft.com/azure/virtual-network/service-tags-overview)** - A service tag represents a group of IP address prefixes from a given Azure service (like Azure Data Factory). Microsoft manages the address prefixes encompassed by the service tag and automatically updates the service tag as addresses change, minimizing the complexity of frequent updates to network security rules. It is useful when whitelisting data access on IaaS hosted data stores in Virtual Network.
36
36
***Allow Azure Services** - Some services lets you allow all Azure services to connect to it in case you choose this option.
37
-
***Azure Integration Runtime**
37
+
38
+
For more information about supported network security mechanisms on data stores in Azure Integration Runtime and Self-hosted Integration Runtime, see below two tables.
39
+
***Azure Integration Runtime**
38
40
39
41
| Data Stores | Supported Network Security Mechanism on Data Stores | Trusted Service | Static IP range | Service Tags | Allow Azure Services |
0 commit comments