Transcript Virtual Network

Hybrid Connections,
an introduction
Sam Vanhoutte
CTO Codit, Integration MVP
Nice to meet you
Sam VANHOUTTE
2012 & 2013
CTO, Codit
Partner of the Year
Integration MVP – BizTalk V-TSP
http://blog.codit.eu
@SamVanhoutte
2000 Belgium
2004 France
2013 Portugal
Award Finalist
Application
Integration
International Focus HQ in BE
Community
Microsoft
Integration
Agenda
FOR THE NEXT HOUR
1)
2)
3)
4)
5)
Azure Hybrid connectivity options
BizTalk Hybrid Connections
Demo time
Architecture
Comparing & when to use what
Questions?
#azureconf
on Twitter
Hybrid Connectivity
in Azure
overview
when to use what
Evolving Enterprise Infrastructure
Corporate Network
Virtual Network
Virtual Networking
IP/SEC VPN-STYLE CONNECTIVITY
• Traditional network level connectivity
• Various options
• Point2Site
• Site2Site
• ExpressRoute
Watch session of Vishwas
Service Bus Messaging
INTEROPERABLE ASYNC COMMUNICATION
• Asynchronous, message based
• Features
• Queues & Topics for distributed messaging
• Event Hubs for scalable event ingestion
• Notification hubs for phone notifications
Watch session of Rick
Service Bus Relay
MAKE INTERNAL SERVICES REACHABLE THROUGH AZURE ENDPOINTS
• Firewall friendly service publishing
• Outbound only ports
• More & more used to avoid DMZ / reverse proxy
• Features
• Load balancing
• Fail over
• WCF / REST bindings available
BizTalk Services
EAI & B2B INTEGRATION
• EAI capabilities
• On premise LOB connectivity (SQL, SAP, Oracle…)
• Transformation & flat file support
• Routing
• EDI capabilities
• Support for EDIFACT & X12
• Trading partner management
• Hybrid connections
• in Free tier of BizTalk Services
Azure Hybrid Connections
positioning & overview
architecture
Goals
Access on-prem w/o
custom code or infra
Keep existing network
configuration
Control & Visibility
Agility & Flexibility
Introducing hybrid connections
part of
BizTalk Services
supported by
in preview
free tier (<5 cnx)
Azure Web Sites
Mobile Services
goal: more to come
BizTalk Services pricing model
FREE
(preview)
DEVELOPER
BASIC
STANDARD
PREMIUM
EAI capabilities
No
Yes
Yes
Yes
Yes
EDI capabilities
No
Yes
Yes
Yes
Yes
1 unit
8 units
8 units
8 units
Scale limit
Scale out
No
No
Yes
Yes
Yes
HyCnx per unit
5
5
10
50
100
HyCnx data transfer / unit
5 GB
5 GB
50 GB
250 GB
500 GB
Connection limits for each Hybrid Connection apply. Additional Hybrid data transfer billed at $1/GB.
DEMO
Key Features
• Access to on-premises resources
• Connect to SQL Server, Web Services or most other resources that use TCP or HTTP connectivity
• Works with most frameworks
• Support for .NET, PHP, Java, Python, Node.js for Websites and Node.js and .NET for Mobile Services
• No need to alter the network perimeter
• Doesn’t require a VPN gateway or Firewall changes to allow incoming traffic
• Applications have access only to the resource that they require
• Maintains IT control over resources
• Support for Group Policy and Event/Audit Logging providing Admins control and visibility
Hybrid Connections
Corporate Network
Microsoft SQL Server
Web Sites
Hybrid Connection
Mobile Services
Hybrid Connection
Manager
Other published
resources
‘As-is’ situation, expense application
Integration Dashboard
BizTalk Server Process
Step 1: lift & shift dashboard web app
Dashboard
frontend
Integration backend
Dashboard
BizTalk Server Process
Step 2: create expense mobile app
Dashboard frontend
Dashboard backend
BizTalk Server Process
Expense mobile svc
Step 3: Expose the expense API
Expense API
Dashboard frontend
Dashboard backend
BizTalk Server Process
Expense mobile svc
Architecture
agent
topologies
automation
The hybrid connection manager
ON PREMISES AGENT SPECIFICS
80
Install from portal
Download here
Windows Service
HybridConnectionMgr
Port 80 required
Outbound only
443
5671
9352
Optional ports
Fallback on 443 - 80
Limits & constraints
• Support for TCP & HTTP
• Recommend using static TCP ports
• Dynamic ports (ie FTP passive mode) are not supported
• No buffering or traffic inspection
• TLS can be negotiated end-end
SQL Server specifics
• SQL Express named instances should use static ports
• TCP should be enabled
• SQL Always on limitations
• MultiSubnetFailover=true is not supported for clustering
or availability groups
• ApplicationIntent=ReadOnly is not supported
• Integrated security not supported
Security
• Shared access signatures
• Secure, simple & familiar
• Separate roles for on-premises connector & apps
• Credentials for the on-premises connector & client apps can be rolled
independently
• Seamless & secure distribution & update of credentials to applications &
Hybrid Connection Manager
• Application authorization is independent
• You can use an authorization mechanism appropriate for the Hybrid
Application
• In practice, depends on End-to-End authorization mechanisms
supported across cloud/on-premises
Reusing connections
Microsoft Azure
Hybrid Connection
On Premises
Hybrid Connection
Manager
Multiple applications can share a Hybrid Connection to access an on-prem resource
Applications on Azure access a resource the same way they would if it was running on-premises
Load-balanced connectors
Hybrid Connection
Hybrid Connection
Manager
Multiple instances of the Hybrid Connection Manager can be used on-premises for resiliency and load-balancing.
DEMO
Throughput
SOME TIPS & GUIDANCE
Performance of
outbound connection
Multiple agents often
increase throughput
No throttling on
connection or agent
BizTalk tier does not
impact performance
Some #devops
POWERSHELL, VISIBILITY & GROUP POLICIES
• Group policy settings to allow/designate resources
• Event & audit logs available
• Agent comes with PowerShell cmdlets
Update-HybridConnection -ConnectionString "<cnxstring>"
Add-HybridConnection -ConnectionString "<cnxstring>"
Remove-HybridConnection –ConnectionString "<cnxstring>"
Set-HybridConnectionManagerConfiguration –ManagementPort 9352
Get-HybridConnection
When to use what
Virtual networking
Hybrid Connections
Service Bus relay
A comparison
wrap-up
Hybrid Connections
THANK YOU !!
For all your follow up questions: @SamVanhoutte
AND STAY TUNED FOR THE
NEXT SESSIONS !!
Get started with a free trial
http://aka.ms/AzureConf2014
Or, use your existing benefits…
http://aka.ms/AzureConf-MemberOffers