I want to enable my Azure Analysis Services Cube to process with data from Synapse. But I want to disable the 'Allow all Azure Services' option on the firewall.
So now I'm thinking about adding an action to my Data Factory Pipeline (self hosted runtime because of the disabled option) which will enable a connection to the cube that must be processed (lets say a GET on the active refreshes). This will be blocked because of the IP is not whitelisted. Then I want to catch the IP-address where AAS is connecting with and then I want to whitelist this specific IP, process the cube and deactive the whitelisting of this IP.
Is this something that could work you think? Or am I missing something?
My other questions for this case are:
- How to check the IP which is denied? Can I just ping the server and believe this IP will be active for the next few seconds? Or at least believe it won't change very much and build in a retry for when the IP has just changed in that moment
- Can I assume that the IP which answers the GET refresh is the same as where the process will be sent to? I do believe that because of what I've seen, but I was assuming at first that the process is taking place at a lower level server, while the refresh is send to a load balancer or something.
- Any other (better?) suggestions for this case? I just want to process AAS cube based on a SQL Synapse DW, without whitelisting all Azure Services, that's it...