Azure SSIS Integration Runtime Won't Start

Copper Contributor

I have an Azure SQL Managed Instance with a public endpoint. I've been struggling getting the SSIS Integration runtime to start using Standard injection. Our goal is to try out the Lift and Shift method to bring existing local packages to run Azure Data Factory.

 

Found this table and highlighted outbound NSG rules that seem to not work if I use AzureCloud as the service destination but it works if I use DataFactoryManagement which the site says is only needed for Express injection. Can anyone clarify this and explain why with standard injection it fails unless I open 443/TCP/DataFactoryManagement in my NSG?

 

HSBHSB_0-1709813891996.png

 

Here's the NSG outbound for AzureCloud that does not help start the integration runtime:

HSBHSB_0-1709814057616.png

 

If I add the following, the IR will start:

HSBHSB_1-1709814105766.png

 

 

3 Replies

@HSBHSB the distinction between standard and express virtual network injection methods lies in the deployment approach for the SSIS Integration Runtime (IR), which serves as the computational engine for executing SSIS packages in Azure SQL Managed Instance (SQL MI). Unlike the traditional model where SSIS packages run directly on the SQL Server instance, in SQL MI, they are executed through the SSIS IR.

 

For virtual network injection, the SSIS IR is integrated into the subnet of the SQL MI virtual network (vNET). In the case of standard injection, communication between the SSIS IR and Azure services, including Azure Data Factory (ADF), is established through the DataFactoryManagement service tag. This requires opening port 443 for TCP traffic specifically designated for DataFactoryManagement.

 

So, to facilitate the proper functioning of the SSIS IR with standard injection, it is crucial to have port 443 open for TCP traffic with the destination set to the DataFactoryManagement service tag.

 

This allows seamless communication between the SSIS IR and Azure services, enabling the execution of SSIS packages within the Azure Data Factory environment during the Lift and Shift process.

 

You can read more on Standard virtual network injection method and

how to create an Azure-SSIS integration runtime

 

Mor also, see Afzal Muhammad Blog post: Run your SSIS packages using Azure SQL Server Managed Instance

 

If this post is helpful, please mark it as the solution to help others find it easily. Also, if my answers contribute to a solution, show your appreciation by giving it a thumbs up

 

Thanks

@BabatundeDallas Your very first link https://learn.microsoft.com/en-us/azure/data-factory/azure-ssis-integration-runtime-standard-virtual... says to use 443, TCP and AzureCloud for standard injection.  

 

This is where my confusion comes in because it was working yesterday only if I had DataFactoryManagement set.

@HSBHSB If it was working with the DataFactoryManagement rule set, it’s likely that you were using express injection. The express injection doesn’t need the same level of outbound communication as standard injection. However, if you switch to standard injection, you must ensure that the necessary NSG rules are in place.

 

Kindly double-check your SSIS IR configuration to confirm that you are using a standard injection. Then verify that the NSG rules allow outbound traffic to AzureCloud on port 443.

 

If you encounter issues, check the Azure portal logs or diagnostic information for any specific error messages. Kindly screenshot or send the error message for further debugging.

 

Note:  The choice between standard and express injection depends on your requirements. Standard injection is the way to go if you need to communicate with Azure services like ADF. The express injection might be more suitable if you prioritize speed and simplicity.

----

If this post is helpful, please mark it as the solution to help others find it easily. Also, if my answers contribute to a solution, show your appreciation by giving it a thumbs up

 

Thanks