In this post I’m going to take a quick look at the Azure Relay service and what it provides.
What Is Azure Relay
Azure Relay is a service that enables communication between applications in different networks, usually public cloud to on-premise but in reality it can be any two networks with internet access. It supports listening for incoming connections as well as outgoing connections without using VPN, special network configuration or opening firewall ports
How Does It Work
Azure Relay service directs requests between different networks using a rendezvous service hosted in Azure. You can read the official documentation here but in short both applications connect to the Service Bus rendezvous namespace and the service then relays communication between the connected parties. The Azure Relay service operates at the application level. You have to write your applications to specifically make use of the Relay WCF connections or Websocket Hybrid Connections. The WCF Relay connections work with .NET only via Nuget packages while Hybrid Connections uses Web Sockets and any language can use it. The service does have some smarts to determine the best way to create connections and will create a direct connection between two parties if possible for example two applications on the same network.
When To Use It
If you require point to point communication between applications on a specific port without using a VPN connection or opening firewall ports Azure Relay is a good candidate. The service is not well suited for real time communication due to the slight delay introduced by the rendezvous service. It is also not well suited for very high volume data transfer or a large number of connections. For example it would not be a good idea to expose a high traffic website hosted on-premise to the internet using the Azure Relay service. If you use the Hybrid Connection integration provided by App Services there is a limit on the number of connections at a time based on your App Service Plan.
Technical Details
Azure Relay service offers 2 connection options:
- New Hybrid Connections using web sockets which is supported by multiple languages, most new applications or cross platform applications will use this type.
- Older WCF Relays using WCF Relay bindings and WCF Relay Rest bindings for .NET only, mostly legacy applications or applications leveraging WCF specific features will use this type.
To use relays in your application you have to develop them using the specific Azure Relay connections in the form of WCF Relay bindings or HybridConnectionClient and HybridConnectionListeners from the Microsoft Azure Relay Nuget package. When using Hybrid Connections in your application you will be listening for requests and sending requests. In the case of WCF Relays most of the heavy lifting is done for you by the WCF Relay bindings. When using WebApp Hybrid Connections integration or PortBridge your application is not directly responsible for the relay communication but you will be configuring selected ports that will be forwarded to the relay.
The connections are encrypted using TLS and access to the Azure Relay Namespace is protected with access keys.
Generic Point To Point Connections With PortBridge
The PortBridge sample application uses Azure Hybrid Relay to tunnel communications between two TCP ports without modifying the applications sending or receiving the requests. It uses a server side application to forward requests from a specific port to the Azure Hybrid Relay and a client side application that responds back to the relay. This is handy for applications where you don’t have control over the source code or if you just need a quick way for Azure to reach a service on-premise.
Azure WebApp Integration
Hybrid connections are exposed directly to Azure WebApps. You can access it under the Networking tab.
To use WebApp Hybrid Connections you have to install a connection manager on-premise. The download link for the connection manager is on the Hybrid Connections blade.
