Product: StreamSets Data Collector on Azure Marketplace
Issue:
When attempting to run a pipeline that uses the Snowflake Connector on the Azure Marketplace SDC image, a failure similar to the following occurs:
net.snowflake.client.jdbc.SnowflakeSQLException: JDBC driver encountered communication error.
Message: Exception encountered for HTTP request: Remote host closed connection during handshake.Symptoms:
-Running the SDC image obtained from the Azure Marketplace.
-An Azure Firewall rule is configured for the SDC VM that rejects any request without an SNI header.
-Running an SDC pipeline that makes use of the Snowflake Connector's destination stage.
Solution:
Due to a bug within Java 8's JDK 1], utilizing a custom 'HostnameVerifier' disables the SNI extension. As a result, the SNI header is not included in any outbound requests, like the TLS/SSL handshake (client 'hello') in the exception above. The Snowflake Connector utilizes Snowflake's JDBC driver which contains a custom HostnameVerifier (net.snowflake.client.jdbc.internal.apache.http.conn.ssl.DefaultHostnameVerifier), causing the SNI extension to be disabled for requests outbound from SDC via Snowflake's JDBC driver.
While the issue is caused by a bug in the underlying JDK, the above exception is the result of an Azure Firewall configuration requiring that all network traffic contains an SNI header.
StreamSets recommends not implementing a firewall rule that requires the SNI header in order to avoid communication failures between SDC and Snowflake.