Azure-docs: Do we have to open all service endpoints for data gateway behind firewall or just the Service Bus endpoint?

Created on 7 Feb 2019 · 6Comments · Source: MicrosoftDocs/azure-docs

I suspect that many customers for on-premise data gateway will be coming from State and Local Government (SLG) domain. That means they will be running on MAG.

And at the moment, it is not very straight forward how do we go about connecting to on-premise DB using on-premise data gateway behind firewall for MAG.

First of all there is little to none guidance available for MAG. Because one has to to search through the document to identify the service endpoint in MAG to open those ports for on-premise data gateway config (or get the IP for the regions in MAG). This is not very productive experience for developer community. Can we make it more clear for MAG customers by adding some specific documentation for on-premise data gateway setup in MAG ?

Another issue I have is why should we open all the service endpoint for on-premise data gateway behind firewall if on-premise data gateway only talks to MAC or MAG via Service bus relay channel ?

As stated here, why do we need to white-list all these service endpoints in on-premise firewall instead of only Service Bus endpoint/IP in MAC or MAG?

Document Details

⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.

ID: 0deaa8b2-66a2-b45c-3ecd-7ea2d08503ed
Version Independent ID: 364890ed-d3ba-9e01-c40a-ce78600319f1
Content: Install on-premises data gateway - Azure Logic Apps
Content Source: articles/logic-apps/logic-apps-gateway-install.md
Service: logic-apps
GitHub Login: @ecfan
Microsoft Alias: estfan

assigned-to-author doc-enhancement logic-appsvc triaged

Source

Anand-Moghe

Most helpful comment

@Anand-Moghe Sorry for the long silence but I was able to gather some insights on this. The different domains/ports can be categorized into the following -

ServiceBus URIs – used for all query communication between the Gateway service running on your machine and the cloud service.
Login URIs – so the app can sign in
Management URIs (registration)
Telemetry URIs

I hope that helps a bit.

We are assigning this issue to the content author to further investigate and update the documentation accordingly.

PramodValavala-MSFT on 13 Feb 2019

👍2

All 6 comments

Hi @Anand-Moghe Thank you for your feedback! We will review and update as appropriate.

mike-urnun-msft on 7 Feb 2019

@mike-urnun-msft Thanks. This is highly critical and sensitive topic for MAG and I am seeing lot of confusion and distress among MAG customers. This is highly critical and urgent category issue. I am able to use SQL DB Connector in MAG with on-premise data gateway and my locally hosted SQL Server. But none of the MAG customers I am working with are able to get the setup done - whether in their DMZ or machine behind F/W.

Anand-Moghe on 7 Feb 2019

@Anand-Moghe Given the urgency and sensitivity, it may be best to open a support ticket and work with an Azure engineer 1:1 to remove such blockers in timely manner. Does your subscription carry a support plan? If not, we're able to offer you a one-time ticket. If that is the case, please send us an email at azcommunity at microsoft dotcom and include the URL of this issue as well as your subscription ID.