There is often a question that I hear while on engagements with customers…

Customer: Yes we definitely want the availability of the the cloud for our web front end applications but we don’t feel comfortable having our data stored in the cloud.  What can we do to run our app in the cloud but keep the data here local?

This is a very common scenario and now with a clever use of pre-existing technology it is possible to easily setup your on-premesis database to feed your Azure WebApp.

The answer to this often asked about use case is Hybrid Connections.  Hybrid Connections is both a service in Azure as well as a feature in the Azure App Service. As a service it has use and capabilities beyond those that are leveraged in the Azure App Service. To learn more about Hybrid Connections and their usage outside of the Azure App Service you can start here, Azure Relay Hybrid Connections.

The hybrid connections feature consists of two outbound calls to Service Bus Relay. There is a connection from a library on the host where your app is running in the app service and then there is a connection from the Hybrid Connection Manager(HCM) to Service Bus relay. The HCM is a relay service that you deploy within the network hosting

Through the two joined connections your app has a TCP tunnel to a fixed host:port combination on the other side of the HCM. The connection uses TLS 1.2 for security and SAS keys for authentication/authorization.

App Service hybrid connection benefits

  • quick and easy setup
  • each hybrid connection maps to a single host:port which is perfect for security
  • connections are outbound from the client so normally firewall rules are not necessary
  • Apps can securely access on premises systems and services securely
  • the feature does not require an internet accessible endpoint
  • because the feature is network level that also means that it is agnostic to the language used by your app and the technology used by the endpoint
  • it can be used to provide access in multiple networks from a single app

There are a few minor things that hybrid connections can’t do:

  • mounting a drive
  • using UDP
  • accessing TCP based services that use dynamic ports such as FTP Passive Mode or Extended Passive Mode
  • LDAP support, as it sometimes requires UDP
  • Active Directory support

The next questions is … what is this going to cost me?

Hybrid Connections and App Service Plans

Hybrid connections are  available in Basic, Standard, Premium and Isolated pricing SKUs. There are limits tied to the pricing plan.

Pricing Plan Number of hybrid connections usable in the plan
Basic 5
Standard 25
Premium 200
Isolated 200

There is an additional cost to hybrid connections beyond being only usable in a Basic, Standard, Premium or Isolated SKU. For details on hybrid connection pricing please go here: Service Bus pricing.

If this seems like a good solution for you and your environment, the next step in Azure is always the same.  Try it out 🙂

Here is a link to the instructions to Setup a new Hybrid Connection:

If you would like any further guidance on the best practices for Hybrid Connections or have any questions… Please reach out to us Contact US