This is a continuation of the posts on Azure Data Platform and discusses the connections to be made for Azure Data Factory to reach on-premises data stores.
Computer networks are what protect hosts from attacks in
public networks. They also allow connections to each other so that resources in
one network can communicate with resources in another network. Networks can be
on-premises or in the cloud, logical or physical and use subnets and CIDR
ranges that can result in a similar looking IP address such as 10.x.y.z but are
both unique and meaningful only within a network. Gateways are often used to
allow other networks to resolve an IP address that does not belong to the
current network. While gateways work well for outgoing addresses, endpoints and
DNS resolvers serve well for incoming requests.
There are three forms of connectivity that are often re-used
patterns across different connectivity requirements. These are:
1.
Point to Point:
These are commonly used to connect
one endpoint to another. Endpoints refer to a combination of IP address and
port. When a point-to-point connectivity is established, it allows a network
flow between the two that can be uniquely identified with a 5-part tuple of
source IP address, source port, destination IP address, destination port and
protocol. A rule establishing a connectivity between point to point allows
bidirectional traffic and must be authored once to reflect on both the
resources.
2.
Point to Site:
This is established between an endpoint and
a network so that it is easy for that endpoint to communicate with any resource
in the destination network and for them to revert.
This connection is great for people who
require little or no changes to their network but would like to connect with
another network. When the point to site involves a virtual private network, the
communications are sent through an encrypted tunnel over the IP network such as
the internet.
3.
Site to Site:
These connect different networks. When it
involves virtual networks in the same cloud, this form of connectivity is often
called peering. Peering doesn’t always connect cloud networks. It can connect
virtual networks that are hosted independently in the cloud and on-premises.
When the site-to-site involves a virtual private network, the communications
are sent through an encrypted tunnel over the IP network such as the internet.
In this case, usually the on-premises VPN device is connected to the Azure VPN
gateway.
Lastly, connectivity can also be outsourced to third-party
network providers so that networks say on-premises and in the cloud can be
connected via a dedicated network that remains isolated from the public
internet. These are also called ExpressRoute connections because they are more
reliable, faster, have consistent latencies and higher security than typical
connections over the internet. ExpressRoute providers usually have many choices
of connectivity models and pricing for their customers.
No comments:
Post a Comment