Azure Hybrid Connection

5 minute read

Hybrid connection is a component of Azure BizTalk Services. With a Hybrid connection you can easily connect Azure App Services with on-premise services behind a firewall.


Hybrid connection is one of the possible solutions to connect to a on-premise environment. The Hybrid connection has the following advantages:

  • Safely unlock on-premise data.
  • Multiple Azure App Services can use the same hybrid connection.
  • Minimal number of TCP ports needed for access to the locale network.
  • Only access to specific on-premise resources, configured in the Hybrid Connection.
  • Can connect to every on-premise source with a static TCP-port for example: SQL Server, MySQL, HTTP Web API’s and Web Services.

Note:”TCP sources with a dynamic port are not supported at this moment”

  • Hybrid connection can be used with every framework the Azure App Services Supports.
  • Connection properties when Hybrid Connections are in place are exactly the same as when you setup the connection in a on-premise environment.

Reading those advantages make you wonder on how the Hybrid Connection is secured. The connections are secured with a Shared Access Signature (SAS). This will make sure the connection between the Azure application and the on-premise Hybrid Connection Manager are secured.

To setup a Hybrid Connection you do not require to have any inbound ports open. In a situation were you do not open any port the Hybrid Connection will use TCP-port 80 and 443 by default. This configuration is not preferred.

If a preferred configuration is needed you will have to configure the following out bound http-traffic. For Hybrid Connections it is not needed to configure inbound traffic ports in the firewall.

Port Why Outbound
9350-9354 These ports will be used for data traffic. The Service Bus Relays manager uses port 9350 to determine if TCP traffic is available. If it is it will also presume 9352 is available. Data traffic will go over 9352 yes
5671 If port 9352 is used for data traffic port 5671 will be used as control channel. yes
80-443 If port 9352 and 5671 are not available port 80 and 443 will be used for data traffic and control channel.

Note: This is not a preferred configuration.



Setting up a Hybrid Connection

In order to setup a Hybrid Connection you can connect to the Azure Preview portal and navigate to the Azure App Service you would like to configure the Hybrid Connection for.


Select “Settings”, “Networking”, “Configure your hybrid connection endpoint”. A screen will appear on the left side with your current Hybrid Connections. To add a new one click Add on the top of the screen.


Every time the process goes on a new screen will appear at the left side. After selecting the Add button you will get a option to create a new hybrid connection or use a existing hybrid connection.

Because this is the first time we do not have any hybrid connection we will select “New hybrid connection”.

You will now have to fill in the following information:

Name Unique Azure name for the hybrid connection
Hostname The hostname of the on-premise you will connect to. This can also be the FQDN or the IP Address
Port The static TCP-port you will connect to.

After the information is filled in a BizTalk Service needs to be configured that will handle the connection (Service Bus Relay). You will configure a new one with a appropriate name.

By selecting Ok on both the BizTalk Service creation window and the New hybrid connection window the Hybrid Connection will be configured and created.

When this is done the hybrid connection will be shown in the hybrid connections overview of the Azure App Service.


As you can see in the picture the hybrid connection is not yet connected. You can connect the hybrid connection by taking the following steps.

  1. Login to the server were you would like to install the Hybrid Connection Manager.
  2. On the server navigate to the Azure Preview Portal.
  3. Within the Azure Preview Portal navigate to the Azure App Service were you configured  the Hybrid Connection.
  4. Open the Hybrid Connections overview by clicking: “Settings”, “Networking”, “Configure your hybrid connection endpoint”.
  5. Click on the hybrid connection that we created.

In the window that appears you can see that it isn’t configured. To configure the connection click on “Listener Setup”.


Clicking on “Listener Setup” will open a window were you get the option to configure the Hybrid Connection. This can be done manually by using the connection strings or by installing en configuring it directly.

Let’s click “Install and Configure now”. This opens a new tab that will download an installation file.


Run this application and it will make sure that the Hybrid Connection Manager will be installed and configured.


After the installation is finished you will also notice that the configuration is successful within the azure preview portal.


With the Hybrid Connection in place you can connect to your on-premise systems just like you would do when you deploy your service to a on-premise environment.