This is a continuation of the posts on Azure Data Platform and discusses the connections to be made for Azure Data Factory to reach on-premises data stores.

Computer networks are what protect hosts from attacks in public networks. They also allow connections to each other so that resources in one network can communicate with resources in another network. Networks can be on-premises or in the cloud, logical or physical and use subnets and CIDR ranges that can result in a similar looking IP address such as 10.x.y.z but are both unique and meaningful only within a network. Gateways are often used to allow other networks to resolve an IP address that does not belong to the current network. While gateways work well for outgoing addresses, endpoints and DNS resolvers serve well for incoming requests.

There are three forms of connectivity that are often re-used patterns across different connectivity requirements. These are:

1.       Point to Point:

These are commonly used to connect one endpoint to another. Endpoints refer to a combination of IP address and port. When a point-to-point connectivity is established, it allows a network flow between the two that can be uniquely identified with a 5-part tuple of source IP address, source port, destination IP address, destination port and protocol. A rule establishing a connectivity between point to point allows bidirectional traffic and must be authored once to reflect on both the resources.

2.       Point to Site:

 

This is established between an endpoint and a network so that it is easy for that endpoint to communicate with any resource in the destination network and for them to revert.

This connection is great for people who require little or no changes to their network but would like to connect with another network. When the point to site involves a virtual private network, the communications are sent through an encrypted tunnel over the IP network such as the internet.

 

3.       Site to Site:

 

These connect different networks. When it involves virtual networks in the same cloud, this form of connectivity is often called peering. Peering doesn’t always connect cloud networks. It can connect virtual networks that are hosted independently in the cloud and on-premises. When the site-to-site involves a virtual private network, the communications are sent through an encrypted tunnel over the IP network such as the internet. In this case, usually the on-premises VPN device is connected to the Azure VPN gateway.

 

Lastly, connectivity can also be outsourced to third-party network providers so that networks say on-premises and in the cloud can be connected via a dedicated network that remains isolated from the public internet. These are also called ExpressRoute connections because they are more reliable, faster, have consistent latencies and higher security than typical connections over the internet. ExpressRoute providers usually have many choices of connectivity models and pricing for their customers.