Reputation: 85
How do I connect an Azure self-hosted Integration Runtime to a Data Factory private endpoint?
I have set up a self-hosted Integration Runtime on an on-premises Windows server and have successfully connected it to a data factory instance using Public endpoint (found in Networking option in the DF). However, when I try to connect it to a DF with a Private endpoint option, I get the error message: "Integration Runtime (self-hosted) Node is not registered". It is definitely not an issue with the authentication key as it works using the Public endpoint for the DF.
Can anybody please point me in the direction of the steps needed to allow the on-premises IR to connect to the private endpoint in DF? I cannot find an adequate detailed description online so any pointers will be appreciated.
Here’s my current setup:
- 1 vnet, 2 subnets
- 1 private endpoint to df, 1 private endpoint to storage
- 1 private DNS link to core windows, 1 private DNS link to data factory
- I have NOT created a virtual network gateway as don’t think it’s required
I’m fairly new to Azure and have only basic knowledge of networking principals.
Upvotes: 2
Views: 9380
Answers (1)
Reputation: 28274
I believe that connecting on-premises Windows server from your Azure virtual network absolutely needs set up an Internet Protocol security (IPsec) VPN (site-to-site) connection or an Azure ExpressRoute (private peering) connection.
Technically, by using Azure Private Link, you can connect to various platforms as a service (PaaS) deployments in Azure via a private endpoint. A private endpoint is a private IP address within a specific virtual network and subnet. This allows us to access the self-hosted Integration Runtime in our Azure VNets by using a private endpoint without a virtual network gateway. Here are detailed steps for the description of this scenario that securing Azure Data Services is using a VNET and Private Endpoints.
However, we need a VPN connection to secure the connection between the on-premise network and Azure VNet because a private IP address cannot be routed through the public Internet.
From official document:
You can also connect an on-premises network to your virtual network by setting up an Internet Protocol security (IPsec) VPN (site-to-site) connection or an Azure ExpressRoute (private peering) connection.
Upvotes: 3
Related Questions
- Linked Service with self-hosted integration runtime is not supported in data flow in Azure Data Factory
- Self-Hosted Integration Runtime could not connect to Azure data factory
- Even after setting up the connect via private endpoint, Azure Data Factory remains accessible over the Internet?
- Azure DataFactory self hosted integration runtime is now shown in portal
- Create linked self-hosted integration runtime via .NET SDK
- Azure Data Factory: Can self-hosted Integration Runtime be configured to use Sql Integrated Security
- Azure DataFactory Integration Runtime
- Azure self-hosted integration runtime on a standalone machine
- API access from Azure Data Factory
- Ms Integration Runtime data factory