Many organizations have started using cloud services in varying degrees. But if deploying an entire legacy system in a cloud-based environment is not optimal for your organization, Azure Cloud offer great options for integrating on-premises applications with other cloud-based software.
These options, when used along with those for Migrating On-Premise Apps to Microsoft Azure Cloud, can offer organizations improved efficiency and reduced costs. Let’s look at a couple techniques to integrate on-premises resources to those already in the Azure Cloud:
- Azure Virtual Network (VNet)
- Hybrid Connections
What is Azure VNet?
Azure VNet can integrate on-premises networks through private network connections between the on-premises network and the Azure Cloud Environment.The following graphic and subsequent descriptions explain the different ways to connect an on-premises network with the Azure virtual network: *
- Point-to-site VPN: this type of connectivity helps establish the connection between a single PC and a VNet with changes to the existing network. It can be used to provide encrypted communicaitons betwen a client and the VNet via the internet. Secure Socket Tunneling Protocol (SSTP) is used in establishing encrypted communication for this connectivity. The VPN device is not required to implement point-to-site connectivity, but it requires the Azure VPN gateway at the on-premise side.
- Site-to-site VPN: In this type, the connection is established between the VPN devices and the Azure VPN Gateway. This type of connection provides VNet access to any on-premises resource via the internet. It uses an IPSec VPN to establish secure communication between on-premises resources and the Azure VNet gateway via the internet. A VPN device is required on-premises to establish site-to-site connection.
- Azure ExpressRoute: Unlike point-to-site and site-to-site VPNs where the connection is over the internet, Azure ExpressRoute is used to set up a direct private connection between an on-premises network and a VNet. Compared with similar connectivity options, this type of connectivity is secure, reliable and fast, as the traffic traverses through a private network and not the internet.
- Traffic flows through the internet for point-to-site and site-to-site connections
- With the ExpressRoute method:
- Traffic cannot be intercepted over the public internet due to the dedicated connection
- Latency, if present, can be predicted
- Azure Cloud Services and Virtual Machines (VMs) are connected to an Azure VNet within the defined network boundary, which helps in isolation of Azure services and VMs
- Requires minimal ongoing administration
- Using point-to-site and site-to-site connections, all on-premise devices can communicate with Azure services connected to a VNet, so there’s no need to configure individual connections
- The site-to-site VPN can be configured or used as a secure failover path for ExpressRoute, or used to connect to sites that are not connected through ExpressRoute
- The latency cannot be predicted because the connection traverses via the internet for site-to-site or point-to-site connections
- ExpressRoute requires dedicated router management from a network provider
- The ExpressRoute gateway needs to be created first and then linked to a circuit before adding the site-to-site VPN gateway
What is a hybrid connection?
A hybrid connection is a feature of the Azure App Service. Using this type of connectivity, an encrypted connection can be established between the Azure network and on-premises resources, which may be using static TCP Ports (e.g. SQL Server, MySQL, Custom Web services, etc.) A hybrid connection has two different types:- New hybrid connections, which are available under Azure Relay and can be used as a service
- BizTalk hybrid connections, which are classic hybrid connections in the Azure portal
- An easy and fast way to access on-premises data and services securely
- Does not require a publicly accessible endpoint to establish connections
- Easy to set up and share within resources
- Provides access to multiple networks from a single app
- Lack of support for dynamic ports
- Only use of static TCP ports is recommended