Selective access to/from workspace by external services

[TonyWildish-BH]

Description

We have two use-cases that require selective access through the workspace firewall:

• one use-case requires outbound connectivity to a single, fixed IP
• several use-cases require inbound access from an Azure Data Factory to push data into a MySQL service within the workspace. In most cases, that access will be one-off, at project setup. In others, it may be required for periodic refreshes of data.

Before I go hacking around myself, I'd like to know if there are any guidelines on how I can do this cleanly, such that it can be turned on/off on a per-workspace basis. Do I need to customise templates, or is 'manually' modifying the w/s network the best way to go?

Thanks in advance for any suggestions.

[tim-allen-ck]

Hi @TonyWildish-BH, for TRE wide settings you could perform an update on the firewall service and add the required app or network rules. Or modify the workspace template to add those rules on creation of that workspace, similar to how the nexus amends the firewall on its creation.