Hybrid Connections,

an introductionSam Vanhoutte

CTO Codit, Integration MVP

Nice to meet youSam VANHOUTTECTO, CoditIntegration MVP – BizTalk V-TSP

http://blog.codit.eu@SamVanhoutte

International Focus - HQ in BE

2000 Belgium2004 France2013 Portugal

Microsoft Integration

2012 & 2013

Partner of the Year

Award FinalistApplication Integration

Community

Agenda

1) Azure Hybrid connectivity options

2) BizTalk Hybrid Connections

3) Demo time

4) Architecture

5) Comparing & when to use what

FOR THE NEXT HOUR

Questions?#azureconf

on Twitter

Hybrid Connectivityin Azure

overviewwhen to use what

Evolving Enterprise Infrastructure

Corporate Network

Virtual Network

Virtual Networking

•Traditional network level connectivity•Various options• Point2Site• Site2Site• ExpressRoute

IP/SEC VPN-STYLE CONNECTIVITY

Watch session of Vishwas

Service Bus Messaging

•Asynchronous, message based•Features•Queues & Topics for distributed messaging• Event Hubs for scalable event ingestion•Notification hubs for phone notifications

INTEROPERABLE ASYNC COMMUNICATION

Watch session of Rick

Service Bus Relay

•Firewall friendly service publishing•Outbound only ports•More & more used to avoid DMZ / reverse proxy

•Features• Load balancing• Fail over•WCF / REST bindings available

MAKE INTERNAL SERVICES REACHABLE THROUGH AZURE ENDPOINTS

BizTalk Services

• EAI capabilities• On premise LOB connectivity (SQL, SAP, Oracle…)

• Transformation & flat file support

• Routing

• EDI capabilities• Support for EDIFACT & X12

• Trading partner management

• Hybrid connections • in Free tier of BizTalk Services

EAI & B2B INTEGRATION

Azure Hybrid Connectionspositioning & overview

architecture

Goals

Keep existing network configuration

Access on-prem w/o custom code or infra Control & Visibility Agility & Flexibility

Introducing hybrid connections

Azure Web Sites Mobile Services

BizTalk Services goal: more to come

part of supported by

in previewfree tier (<5 cnx)

FREE (preview)

DEVELOPER

BASIC STANDARD PREMIUM

EAI capabilities No Yes Yes Yes Yes

EDI capabilities No Yes Yes Yes Yes

Scale limit 1 unit 8 units 8 units 8 units

Scale out No No Yes Yes Yes

HyCnx per unit 5 5 10 50 100

HyCnx data transfer / unit

5 GB 5 GB 50 GB 250 GB 500 GB

BizTalk Services pricing model

Connection limits for each Hybrid Connection apply. Additional Hybrid data transfer billed at $1/GB.

DEMO

Provision BizTalk Service

Key Features• Access to on-premises resources• Connect to SQL Server, Web Services or most other resources that use TCP or HTTP

connectivity

• Works with most frameworks• Support for .NET, PHP, Java, Python, Node.js for Websites and Node.js and .NET for Mobile

Services

• No need to alter the network perimeter• Doesn’t require a VPN gateway or Firewall changes to allow incoming traffic• Applications have access only to the resource that they require

• Maintains IT control over resources• Support for Group Policy and Event/Audit Logging providing Admins control and visibility

Hybrid Connections

Web Sites

Mobile Services

Corporate Network

Microsoft SQL Server

Hybrid ConnectionOther published resourcesHybrid Connection

Manager

Integration Dashboard

‘As-is’ situation, expense application

BizTalk Server Process

Integration DashboardDashboard frontend

Step 1: lift & shift dashboard web app

BizTalk Server Process

Dashboard backend

Dashboard backend

Dashboard frontend

Step 2: create expense mobile app

BizTalk Server Process

Expense mobile svc

Dashboard backend

Dashboard frontend

Step 3: Expose the expense API

BizTalk Server Process

Expense mobile svcExpense API

Architectureagenttopologiesautomation

The hybrid connection managerON PREMISES AGENT SPECIFICS

Install from portalDownload here

Windows ServiceHybridConnectionMgr

Port 80 required Outbound only

80Optional portsFallback on 443 - 80

44356719352

Limits & constraints

•Support for TCP & HTTP• Recommend using static TCP ports•Dynamic ports (ie FTP passive mode) are not supported

•No buffering or traffic inspection• TLS can be negotiated end-end

SQL Server specifics

•SQL Express named instances should use static ports•TCP should be enabled •SQL Always on limitations•MultiSubnetFailover=true is not supported for clustering or availability groups• ApplicationIntent=ReadOnly is not supported

• Integrated security not supported

• Shared access signatures• Secure, simple & familiar

• Separate roles for on-premises connector & apps• Credentials for the on-premises connector & client apps can be rolled

independently• Seamless & secure distribution & update of credentials to applications &

Hybrid Connection Manager

• Application authorization is independent• You can use an authorization mechanism appropriate for the Hybrid

Application• In practice, depends on End-to-End authorization mechanisms supported

across cloud/on-premises

Security

Reusing connectionsOn Premises

LOB App

Web Site

Mobile Service

Microsoft Azure

Multiple applications can share a Hybrid Connection to access an on-prem resourceApplications on Azure access a resource the same way they would if it was running on-premises

Hybrid ConnectionHybrid Connection

Manager

Hostname & Port

Hostname & Port

Load-balanced connectorsOn Premises

LOB Cluster

Web Site

Mobile Service

Microsoft Azure

Multiple instances of the Hybrid Connection Manager can be used on-premises for resiliency and load-balancing.

Hybrid Connection

Hybrid Connection Manager

Cluster name & Port

Cluster name &

Port

DEMO

Load balancing agents

ThroughputSOME TIPS & GUIDANCE

Performance of outbound connection

Multiple agents often increase throughput

No throttling on connection or agent

BizTalk tier does not impact performance

Some #devops

•Group policy settings to allow/designate resources•Event & audit logs available•Agent comes with PowerShell cmdlets

POWERSHELL, VISIBILITY & GROUP POLICIES

Update-HybridConnection -ConnectionString "<cnxstring>"Add-HybridConnection -ConnectionString "<cnxstring>"Remove-HybridConnection –ConnectionString "<cnxstring>"Set-HybridConnectionManagerConfiguration –ManagementPort 9352Get-HybridConnection

When to use whatVirtual networkingHybrid ConnectionsService Bus relay

A comparisonVirtual networking (VPN)

Hybrid Connections

Service Bus Relay

High availability Complex, traditional Use multiple agents To 20 cnx per endpoint

Load balancing Complex, traditional Use multiple agents To 20 cnx per endpoint

Addressing Host name / IP Host name / IP Public DNS

Application connectivity

TCP level TCP level SOAP / REST

Security Intranet style Intranet style SharedSecret, SAML, SAS

Time-based (gateway)

Bandwidth (mostly FREE)

Per connectionBilling model

Time to value Complex installation Very fast (outbound ports)

Very fast (outbound ports)

IaaS vs PaaS IaaS PaaS (ier) PaaS (iest)

Hybrid Connections

The fastest way to build hybrid applications.

Lift and Shift web workloads to Azure Websites whilst connecting to on-premises data.

On-premises data just clicks away from Azure Websites & Mobile Services.

wrap-up

THANK YOU !!

AND STAY TUNED FOR THE NEXT SESSIONS !!

For all your follow up questions: @SamVanhoutte

Get started with a free trial

Or, use your existing benefits…

http://aka.ms/AzureConf2014

http://aka.ms/AzureConf-MemberOffers

© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.