Azure Hybrid Connection

Hybrid connection is a component of Azure BizTalk Services. With a Hybrid connection you can easily connect Azure App Services with on-premise services behind a firewall.

clip_image002

Hybrid connection is one of the possible solutions to connect to a on-premise environment. The Hybrid connection has the following advantages:

  • Safely unlock on-premise data.
  • Multiple Azure App Services can use the same hybrid connection.
  • Minimal number of TCP ports needed for access to the locale network.
  • Only access to specific on-premise resources, configured in the Hybrid Connection.
  • Can connect to every on-premise source with a static TCP-port for example: SQL Server, MySQL, HTTP Web API’s and Web Services.

Note:”TCP sources with a dynamic port are not supported at this moment”

  • Hybrid connection can be used with every framework the Azure App Services Supports.
  • Connection properties when Hybrid Connections are in place are exactly the same as when you setup the connection in a on-premise environment.

Reading those advantages make you wonder on how the Hybrid Connection is secured. The connections are secured with a Shared Access Signature (SAS). This will make sure the connection between the Azure application and the on-premise Hybrid Connection Manager are secured.

To setup a Hybrid Connection you do not require to have any inbound ports open. In a situation were you do not open any port the Hybrid Connection will use TCP-port 80 and 443 by default. This configuration is not preferred.

If a preferred configuration is needed you will have to configure the following out bound http-traffic. For Hybrid Connections it is not needed to configure inbound traffic ports in the firewall.

Port Why Outbound
9350-9354 These ports will be used for data traffic. The Service Bus Relays manager uses port 9350 to determine if TCP traffic is available. If it is it will also presume 9352 is available. Data traffic will go over 9352 yes
5671 If port 9352 is used for data traffic port 5671 will be used as control channel. yes
80-443 If port 9352 and 5671 are not available port 80 and 443 will be used for data traffic and control channel.

Note: This is not a preferred configuration.

yes

 

Setting up a Hybrid Connection

In order to setup a Hybrid Connection you can connect to the Azure Preview portal and navigate to the Azure App Service you would like to configure the Hybrid Connection for.

image

Select “Settings”, “Networking”, “Configure your hybrid connection endpoint”. A screen will appear on the left side with your current Hybrid Connections. To add a new one click Add on the top of the screen.

image

Every time the process goes on a new screen will appear at the left side. After selecting the Add button you will get a option to create a new hybrid connection or use a existing hybrid connection.

Because this is the first time we do not have any hybrid connection we will select “New hybrid connection”.

You will now have to fill in the following information:

Name Unique Azure name for the hybrid connection
Hostname The hostname of the on-premise you will connect to. This can also be the FQDN or the IP Address
Port The static TCP-port you will connect to.

After the information is filled in a BizTalk Service needs to be configured that will handle the connection (Service Bus Relay). You will configure a new one with a appropriate name.

By selecting Ok on both the BizTalk Service creation window and the New hybrid connection window the Hybrid Connection will be configured and created.

When this is done the hybrid connection will be shown in the hybrid connections overview of the Azure App Service.

image

As you can see in the picture the hybrid connection is not yet connected. You can connect the hybrid connection by taking the following steps.

  1. Login to the server were you would like to install the Hybrid Connection Manager.
  2. On the server navigate to the Azure Preview Portal.
  3. Within the Azure Preview Portal navigate to the Azure App Service were you configured  the Hybrid Connection.
  4. Open the Hybrid Connections overview by clicking: “Settings”, “Networking”, “Configure your hybrid connection endpoint”.
  5. Click on the hybrid connection that we created.

In the window that appears you can see that it isn’t configured. To configure the connection click on “Listener Setup”.

image

Clicking on “Listener Setup” will open a window were you get the option to configure the Hybrid Connection. This can be done manually by using the connection strings or by installing en configuring it directly.

Let’s click “Install and Configure now”. This opens a new tab that will download an installation file.

image

Run this application and it will make sure that the Hybrid Connection Manager will be installed and configured.

image

After the installation is finished you will also notice that the configuration is successful within the azure preview portal.

image

With the Hybrid Connection in place you can connect to your on-premise systems just like you would do when you deploy your service to a on-premise environment.

Related Posts

Azure Managed Service Identity and Local Development Instead of storing user credentials of an external system in a configuration file, you should store them in the Azure Key Vault. Before MSI (Managed S...
The securitydata Azure resource group Most of the times companies have rules in place for managing their Azure environment. The main rules that should be in place are “Azure Policies” and ...
Point to Site VPN Client won’t install To connect an Azure App Service to a on-premise database you can make use of different solutions. Two of those solutions are: Hybrid Connection ...
Invoke Azure Function in your Visual Studio Team Services CI/CD pipeline A utility task is available for Visual Studio Team Services (VSTS) to invoke an http triggered Azure function. The ability to invoke a Function from y...
VSTS Extension for Azure Role Based Access Control Today I published an extension for Visual Studio Team Services (VSTS) that gives you the ability to add and remove role based access assignments in Az...
Listing Azure Services within a CSV file In some situations you will look into a current Azure Environment and the setup/governance of it and need to migrate or move resources around. The ...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.