...
| Note |
|---|
There are 2 favorite solutions : One using the AzCopy Utility because the extraction of data from the on-premise server is totally free. But, if we want to automate the process, then the utility could be questionable. The second one is ADF (Azure Data Factory) which is not normally the appropriate solution because of the following reason : the extraction from ADF is never free. In our situation, the use of ADF won’t be expensive. |
...
Azure Storage - Key Vault
Azure Key Vault is a cloud service for securely storing and accessing secrets. It contains :
1 TOKEN for Azure Data Factory (ADF) : ADF accesses Key Vault via RBAC Permissions (Role-Based Access Control)
OR 1 SAS TOKEN for AzCopy Utility : PowerShell accesses Key Vault via a Service Principal
...
Retrieve Token from Azure Key Vault :
ADF via Key Vault Reader & Key Vault Secrets User permissions can retrieve the Token
PowerShell via the Service Pirncipal can retrieve the SAS Token
Access the Storage Account (Blob Storage) :
ADF using the Token can access the Blob Storage
AzCopy (triggered by PowerShell) using the SAS Token can access the Blob Storage without permissions (RBAC)
Retrieve the documents :
ADF via Integration Runtime with the synchronized authentication key can access the storage in the on-premise server
The connectivity between the on-premise servers is already set, no need to use a key
Azure Web Apps - SSO
Users can log into the Web App via SSO (Authentication Method allowing users to sign in using one set set of credentials to multiple software systems) - What is single sign-on? - Microsoft Entra ID | Microsoft Learn
Azure AI Search - Key filter
XXXX
Azure AI Search - Key filter (document-level security) & Key Vault for encrypted objects & information, API Keys & RBAC for Service Ppal
...