Occasionally I'm getting this error:
Cannot connect to server 'myASCube'. Client with IP Address 'x.x.x.x' is not allowed to
access the server. To enable access, use the Firewall settings in Azure Management Portal.
It may take up to 5 minutes for this change to take effect. More information on configuring
firewall and setting IP address ranges can be found here: https://go.microsoft.com/fwlink/?linkid=2099963
I can go into "Analysis Services" -> "Firewall" and add the IP Address, and then it runs again for a few days, before it fails on a new IP address.
This is the Powershell command I'm running
$AzureCred = Get-AutomationPSCredential -Name "CredForRefreshCube"
Add-AzureAnalysisServicesAccount -RolloutEnvironment 'westeurope.asazure.windows.net' -ServicePrincipal -Credential $AzureCred -TenantId "56cb8dc0-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
Invoke-ProcessASDatabase -server "asazure://westeurope.asazure.windows.net/myASCube" -DatabaseName "mydatabase" -RefreshType Full
I've checked if DbaTools can work with Analysis Services, and searched high and low for solutions. I've found https://www.inovex.de/blog/azure-automation-analysis-services/, where I've copied the Powershell code from.
How to I ensure that the Automation Services does not change IP, or should I just allow all IP address access to my cube?
Best Answer
You have two options here, which I can think of.
You can stick with the current setup of your Automation Account and add to firewall of the Azure Analysis Services instance IPs of the Azure Automation.
There is official links to this list, which you can download from here:
Second option is to go with Hybrid Runbook Worker. You can set up a worker designated to run your PowerShell scripts and then you have to white-list only IP of this particular worker. You can even use a machine from the onpremise infrastructure.