Merge pull request #112046 from markingmyname/adfssismove

v-albemi · web-flow · commit 87e7137ae89c · 2020-04-21T07:17:57.000-07:00
[ADF] Added 2 new files from the SQL repo and updated TOC
diff --git a/articles/data-factory/TOC.yml b/articles/data-factory/TOC.yml
@@ -595,6 +595,10 @@
       href: self-hosted-integration-runtime-proxy-ssis.md
     - name: Enable Azure AD authentication for Azure-SSIS IR
       href: enable-aad-authentication-azure-ssis-ir.md
+    - name: Connect to data with Windows Authentication
+      href: ssis-azure-connect-with-windows-auth.md
+    - name: Save files and connect to file shares
+      href: ssis-azure-files-file-shares.md
     - name: Provision Enterprise Edition for Azure-SSIS IR
       href: how-to-configure-azure-ssis-ir-enterprise-edition.md
     - name: Customize setup for Azure-SSIS IR
diff --git a/articles/data-factory/ssis-azure-connect-with-windows-auth.md b/articles/data-factory/ssis-azure-connect-with-windows-auth.md
@@ -0,0 +1,166 @@
+---
+title: Access data stores and file shares with Windows authentication
+description: Learn how to configure SSIS catalog in Azure SQL Database and Azure-SSIS Integration Runtime in Azure Data Factory to run packages that access data stores and file shares with Windows authentication.
+ms.date: "3/22/2018"
+ms.topic: conceptual
+ms.prod: sql
+ms.prod_service: "integration-services"
+ms.custom: ""
+ms.technology: integration-services
+author: swinarko
+ms.author: sawinark
+ms.reviewer: maghan
+---
+
+# Access data stores and file shares with Windows authentication from SSIS packages in Azure
+
+You can use Windows authentication to access data stores, such as SQL Servers, file shares, Azure Files, etc. from SSIS packages running on your Azure-SSIS Integration Runtime (IR) in Azure Data Factory (ADF). Your data stores can be on premises, hosted on Azure Virtual Machines (VMs), or running in Azure as managed services. If they are on premises, you need to join your Azure-SSIS IR to a Virtual Network (Microsoft Azure Virtual Network) connected to your on-premises network, see [Join Azure-SSIS IR to a Microsoft Azure Virtual Network](https://docs.microsoft.com/azure/data-factory/join-azure-ssis-integration-runtime-virtual-network). There are four methods to access data stores with Windows authentication from SSIS packages running on your Azure-SSIS IR:
+
+| Connection method | Effective scope | Setup step | Access method in packages | Number of credential sets and connected resources | Type of connected resources | 
+|---|---|---|---|---|---|
+| Setting up an activity-level execution context | Per Execute SSIS Package activity | Configure the **Windows authentication** property to set up an "Execution/Run as" context when running SSIS packages as Execute SSIS Package activities in ADF pipelines.<br/><br/> For more info, see [Configure Execute SSIS Package activity](https://docs.microsoft.com/azure/data-factory/how-to-invoke-ssis-package-ssis-activity). | Access resources directly in packages via UNC path, for example, if you use file shares or Azure Files: `\\YourFileShareServerName\YourFolderName` or `\\YourAzureStorageAccountName.file.core.windows.net\YourFolderName` | Support only one credential set for all connected resources | - File shares on premises/Azure VMs<br/><br/> - Azure Files, see [Use an Azure file share](https://docs.microsoft.com/azure/storage/files/storage-how-to-use-files-windows) <br/><br/> - SQL Servers on premises/Azure VMs with Windows authentication<br/><br/> - Other resources with Windows authentication |
+| Setting up a catalog-level execution context | Per Azure-SSIS IR, but is overridden when setting up an activity-level execution context (see above) | Execute SSISDB `catalog.set_execution_credential` stored procedure to set up an "Execution/Run as" context.<br/><br/> For more info, see the rest of this article below. | Access resources directly in packages via UNC path, for example, if you use file shares or Azure Files: `\\YourFileShareServerName\YourFolderName` or `\\YourAzureStorageAccountName.file.core.windows.net\YourFolderName` | Support only one credential set for all connected resources | - File shares on premises/Azure VMs<br/><br/> - Azure Files, see [Use an Azure file share](https://docs.microsoft.com/azure/storage/files/storage-how-to-use-files-windows) <br/><br/> - SQL Servers on premises/Azure VMs with Windows authentication<br/><br/> - Other resources with Windows authentication |
+| Persisting credentials via `cmdkey` command | Per Azure-SSIS IR, but is overridden when setting up an activity/catalog -level execution context (see above) | Execute `cmdkey` command in a custom setup script (`main.cmd`) when provisioning your Azure-SSIS IR, e.g.,  if you use file shares or Azure Files: `cmdkey /add:YourFileShareServerName /user:YourDomainName\YourUsername /pass:YourPassword` or `cmdkey /add:YourAzureStorageAccountName.file.core.windows.net /user:azure\YourAzureStorageAccountName /pass:YourAccessKey`.<br/><br/> For more info, see [Customize setup for Azure-SSIS IR](https://docs.microsoft.com/azure/data-factory/how-to-configure-azure-ssis-ir-custom-setup). | Access resources directly in packages via UNC path, for example, if you use file shares or Azure Files: `\\YourFileShareServerName\YourFolderName` or `\\YourAzureStorageAccountName.file.core.windows.net\YourFolderName` | Support multiple credential sets for different connected resources | - File shares on premises/Azure VMs<br/><br/> - Azure Files, see [Use an Azure file share](https://docs.microsoft.com/azure/storage/files/storage-how-to-use-files-windows) <br/><br/> - SQL Servers on premises/Azure VMs with Windows authentication<br/><br/> - Other resources with Windows authentication |
+| Mounting drives at package execution time (non-persistent) | Per package | Execute `net use` command in Execute Process Task that is added at the beginning of control flow in your packages, for example, `net use D: \\YourFileShareServerName\YourFolderName` | Access file shares via mapped drives | Support multiple drives for different file shares | - File shares on premises/Azure VMs<br/><br/> - Azure Files, see [Use an Azure file share](https://docs.microsoft.com/azure/storage/files/storage-how-to-use-files-windows) |
+|||||||
+
+> [!WARNING]
+> If you do not use any of the above methods to access data stores with Windows authentication, your packages that depend on Windows authentication are not able to access them and fail at run time. 
+
+The rest of this article describes how to configure SSIS catalog (SSISDB) hosted in Azure SQL Database server/Managed Instance to run packages on Azure-SSIS IR that use Windows authentication to access data stores. 
+
+## You can only use one set of credentials
+
+When you use Windows authentication in an SSIS package, you can only use one set of credentials. The domain credentials that you provide when you follow the steps in this article apply to all package executions - interactive or scheduled - on your Azure-SSIS IR until you change or remove them. If your package has to connect to multiple data stores with different sets of credentials, you should consider the above alternative methods.
+
+## Provide domain credentials for Windows authentication
+
+To provide domain credentials that let packages use Windows authentication to access data stores on premises, do the following things:
+
+1. With SQL Server Management Studio (SSMS) or another tool, connect to Azure SQL Database server/Managed Instance that hosts SSISDB. For more info, see [Connect to SSISDB in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database).
+
+2. With SSISDB as the current database, open a query window.
+
+3. Run the following stored procedure and provide the appropriate domain credentials:
+
+   ```sql
+   catalog.set_execution_credential @user='<your user name>', @domain='<your domain name>', @password='<your password>'
+   ```
+
+4. Run your SSIS packages. The packages use the credentials that you provided to access data stores on premises with Windows authentication.
+
+### View domain credentials
+
+To view the active domain credentials, do the following things:
+
+1. With SSMS or another tool, connect to Azure SQL Database server/Managed Instance that hosts SSISDB. For more info, see [Connect to SSISDB in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database).
+
+2. With SSISDB as the current database, open a query window.
+
+3. Run the following stored procedure and check the output:
+
+   ```sql
+   SELECT * 
+   FROM catalog.master_properties
+   WHERE property_name = 'EXECUTION_DOMAIN' OR property_name = 'EXECUTION_USER'
+   ```
+
+### Clear domain credentials
+To clear and remove the credentials that you provided as described in this article, do the following things:
+
+1. With SSMS or another tool, connect to Azure SQL Database server/Managed Instance that hosts SSISDB. For more info, see [Connect to SSISDB in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database).
+
+2. With SSISDB as the current database, open a query window.
+
+3. Run the following stored procedure:
+
+   ```sql
+   catalog.set_execution_credential @user='', @domain='', @password=''
+   ```
+
+## Connect to a SQL Server on premises
+
+To check whether you can connect to a SQL Server on premises, do the following things:
+
+1. To run this test, find a non-domain-joined computer.
+
+2. On the non-domain-joined computer, run the following command to start SSMS with the domain credentials that you want to use:
+
+   ```cmd
+   runas.exe /netonly /user:<domain>\<username> SSMS.exe
+   ```
+
+3. From SSMS, check whether you can connect to the SQL Server on premises.
+
+### Prerequisites
+
+To access a SQL Server on premises from packages running in Azure, do the following things:
+
+1.  In SQL Server Configuration Manager, enable TCP/IP protocol.
+
+2. Allow access through Windows firewall. For more info, see [Configure Windows firewall to access SQL Server](https://docs.microsoft.com/sql/sql-server/install/configure-the-windows-firewall-to-allow-sql-server-access).
+
+3. Join your Azure-SSIS IR to a Microsoft Azure Virtual Network that is connected to the SQL Server on premises.  For more info, see [Join Azure-SSIS IR to a Microsoft Azure Virtual Network](https://docs.microsoft.com/azure/data-factory/join-azure-ssis-integration-runtime-virtual-network).
+
+4. Use SSISDB `catalog.set_execution_credential` stored procedure to provide credentials as described in this article.
+
+## Connect to a file share on premises
+
+To check whether you can connect to a file share on premises, do the following things:
+
+1. To run this test, find a non-domain-joined computer.
+
+2. On the non-domain-joined computer, run the following commands. These commands open a command prompt window with the domain credentials that you want to use and then test connectivity to the file share on premises by getting a directory listing.
+
+   ```cmd
+   runas.exe /netonly /user:<domain>\<username> cmd.exe
+   dir \\fileshare
+   ```
+
+3. Check whether the directory listing is returned for the file share on premises.
+
+### Prerequisites
+
+To access a file share on premises from packages running in Azure, do the following things:
+
+1. Allow access through Windows firewall.
+
+2. Join your Azure-SSIS IR to a Microsoft Azure Virtual Network that is connected to the file share on premises.  For more info, see [Join Azure-SSIS IR to a Microsoft Azure Virtual Network](https://docs.microsoft.com/azure/data-factory/join-azure-ssis-integration-runtime-virtual-network).
+
+3. Use SSISDB `catalog.set_execution_credential` stored procedure to provide credentials as described in this article.
+
+## Connect to a file share on Azure VM
+
+To access a file share on Azure VM from packages running in Azure, do the following things:
+
+1. With SSMS or another tool, connect to Azure SQL Database server/Managed Instance that hosts SSISDB. For more info, see [Connect to SSISDB in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database).
+
+2. With SSISDB as the current database, open a query window.
+
+3. Run the following stored procedure and provide the appropriate domain credentials:
+
+   ```sql
+   catalog.set_execution_credential @domain = N'.', @user = N'username of local account on Azure virtual machine', @password = N'password'
+   ```
+
+## Connect to a file share in Azure Files
+
+For more info about Azure Files, see [Azure Files](https://azure.microsoft.com/services/storage/files/).
+
+To access a file share in Azure Files from packages running in Azure, do the following things:
+
+1. With SSMS or another tool, connect to Azure SQL Database server/Managed Instance that hosts SSISDB. For more info, see [Connect to SSISDB in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-connect-to-catalog-database).
+
+2. With SSISDB as the current database, open a query window.
+
+3. Run the following stored procedure and provide the appropriate domain credentials:
+
+   ```sql
+   catalog.set_execution_credential @domain = N'Azure', @user = N'<storage-account-name>', @password = N'<storage-account-key>'
+   ```
+
+## Next steps
+
+- Deploy your packages. For more info, see [Deploy an SSIS project to Azure with SSMS](https://docs.microsoft.com/sql/integration-services/ssis-quickstart-deploy-ssms).
+- Run your packages. For more info, see [Run SSIS packages in Azure with SSMS](https://docs.microsoft.com/sql/integration-services/ssis-quickstart-run-ssms).
+- Schedule your packages. For more info, see [Schedule SSIS packages in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-schedule-packages-ssms?view=sql-server-ver15).
diff --git a/articles/data-factory/ssis-azure-files-file-shares.md b/articles/data-factory/ssis-azure-files-file-shares.md
@@ -0,0 +1,49 @@
+---
+title: Open and save files with SSIS packages deployed in Azure
+description: Learn how to open and save files on premises and in Azure when you lift and shift SSIS packages that use local file systems into SSIS in Azure
+ms.date: "06/27/2018"
+ms.topic: conceptual
+ms.prod: sql  
+ms.technology: integration-services
+author: swinarko
+ms.author: sawinark
+ms.reviewer: maghan
+---
+
+# Open and save files on premises and in Azure with SSIS packages deployed in Azure
+
+This article describes how to open and save files on premises and in Azure when you lift and shift SSIS packages that use local file systems into SSIS in Azure.
+
+## Save temporary files
+
+If you need to store and process temporary files during a single package execution, packages can use the current working directory (`.`) or temporary folder (`%TEMP%`) of your Azure-SSIS Integration Runtime nodes.
+
+## Use on-premises file shares
+
+To continue to use **on-premises file shares** when you lift and shift packages that use local file systems into SSIS in Azure, do the following things:
+
+1. Transfer files from local file systems to on-premises file shares.
+
+2. Join the on-premises file shares to an Azure virtual network.
+
+3. Join your Azure-SSIS IR to the same virtual network. For more info, see [Join an Azure-SSIS integration runtime to a virtual network](https://docs.microsoft.com/azure/data-factory/join-azure-ssis-integration-runtime-virtual-network).
+
+4. Connect your Azure-SSIS IR to the on-premises file shares inside the same virtual network by setting up access credentials that use Windows authentication. For more info, see [Connect to data and file shares with Windows Authentication](ssis-azure-connect-with-windows-auth.md).
+
+5. Update local file paths in your packages to UNC paths pointing to on-premises file shares. For example, update `C:\abc.txt` to `\\<on-prem-server-name>\<share-name>\abc.txt`.
+
+## Use Azure file shares
+
+To use **Azure Files** when you lift and shift packages that use local file systems into SSIS in Azure, do the following things:
+
+1. Transfer files from local file systems to Azure Files. For more info, see [Azure Files](https://azure.microsoft.com/services/storage/files/).
+
+2. Connect your Azure-SSIS IR to Azure Files by setting up access credentials that use Windows authentication. For more info, see [Connect to data and file shares with Windows Authentication](ssis-azure-connect-with-windows-auth.md).
+
+3. Update local file paths in your packages to UNC paths pointing to Azure Files. For example, update `C:\abc.txt` to `\\<storage-account-name>.file.core.windows.net\<share-name>\abc.txt`.
+
+## Next steps
+
+- Deploy your packages. For more info, see [Deploy an SSIS project to Azure with SSMS](https://docs.microsoft.com/sql/integration-services/ssis-quickstart-deploy-ssms).
+- Run your packages. For more info, see [Run SSIS packages in Azure with SSMS](https://docs.microsoft.com/sql/integration-services/ssis-quickstart-run-ssms).
+- Schedule your packages. For more info, see [Schedule SSIS packages in Azure](https://docs.microsoft.com/sql/integration-services/lift-shift/ssis-azure-schedule-packages-ssms?view=sql-server-ver15).
