The Azure Relay Service facilitates your hybrid applications by enabling you to securely expose services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection or require intrusive changes to a corporate network infrastructure.
Hybrid Cloud and On-Premise Connectivity
- Relay facilitates secure connectivity without the requirement of an external VPN
- Data can reside anywhere in any of the on-premise data centers
- Network load balancing is done in round-robin fashion without the requirement of an external appliance.
- Supports both one-way and duplex communications
Connect on-premises applications via the cloud
Azure Relay addresses the technical challenge of communication between on-premise service and the external application which does not reside on the same premise or firewall. It allows on-premise service to expose a public endpoint. External applications which are not in the same premise or firewall can access the on-premise service using these endpoints.
High Availability for On-Premise Services
Azure Relay allows for registering multiple listeners to a single public relay endpoint. This provides a framework for both performance and availability without complex application logic or a costly networking appliance.
A Relay Namespace provides a scoping container for addressing Relay resources within your application. Creating one is necessary to use Relay and will be one of the first steps in getting started. A Relay namespace name can only be between 6-50 characters in length. You can have 10,000 Relay endpoints per service namespace. Relay also supports DNS whitelisting. The Relay client makes connections to the Relay service using fully qualified domain names. This enables customers to add an entry for *.servicebus.windows.net on firewalls that support DNS whitelisting.
You need an Azure account, if you do not have it, you can start a free trial here https://azure.microsoft.com/
Follow the below steps to create the Azure Relay Namespace:
- Login to Azure portal
- Click on ‘+’ sign to create a new Azure Relay Namespace
- Click on Relay
- Fill the Create Namespace form -> Enter Namespace name(should be universally unique), choose the appropriate subscription, select the resource group, select the datacentre location
- Click Create button, this will create the Relay and redirects you to the Relay Namespace overview screen
- You will notice “+ Hybrid Connection” , “+WCF Relay” these are two Relay offerings from Azure Relay.
Azure Relay Services:
- WCF Relays– Uses Windows Communication Foundation (WCF) to enable remote procedure calls. WCF Relay is the legacy Relay offering that many customers may already use with their WCF programming models.
- Hybrid Connections– Uses the open standard web sockets enabling multi-platform scenarios.
Using WCF Relay you can initiate the connection between your on-premises service and the relay service using the WCF relay bindings. In the background, the relay bindings map to new transport binding elements designed to create WCF channel components that integrate with Service Bus in the cloud. It is still a firewall friendly proprietary protocol which is dependent on WCF and .Net platform.
Follow the below steps to create a WCF Relay under Azure Relay Namespace:
- Click on “+ WCF Relay”
- Enter the WCF Relay name and choose the relay type. Here I have opted for NetTcp relay.
- On click Create button a new WCF Relay will be created under the Relay Namespace
Relay Hybrid Connections
Earlier, Service Bus Relay belonged to Azure Service Bus offering, a firewall friendly proprietary protocol which had the dependency on WCF and .Net platform.
Hybrid Connections are a feature of Azure BizTalk Services. Hybrid Connections provide an easy and convenient way to connect the Web Apps feature in Azure App Service and the Mobile Apps feature in Azure App Service to on-premises resources behind your firewall. It has port forwarding per connection and is dependent on a windows agent.
The Azure Relay Hybrid Connections is a secure, open-protocol evolution of the existing Azure Relay features that can be implemented on any platform and in any language that has a basic WebSocket capability, which explicitly includes the WebSocket API in common web browsers. Hybrid Connections is based on HTTP and WebSockets.
It is cross platform and supports .Net Core, Java can be executable on Linux platform as well. It is completely based on Azure Resource manager, so it is only available in the New Azure portal. It does not have any dependency with WCF.
Azure Relay provides network load balancing without the need of additional appliance. As the Relay resides at the cloud environment, we can have multiple listeners and the Network will be load balanced based on round robin fashion and you get a secured connectivity without requiring any external VPN.
Altogether, an interesting thing is that it is hybrid and supports cross platform which can run on Windows, Linux, .Net Platform, Java, node.js etc. You can perform multi cast with Hybrid Connections Relay but the total number of listeners is limited to 25 listeners.
Follow the below steps to create a Hybrid Connection under Azure Relay Namespace:
- Click on “+ Hybrid Connection”
- Enter the Hybrid Connection Relay name.
- On click Create button will create a new Hybrid Connection Relay under the Relay Namespace
The Relay Namespace will have a list of the newly created WCF Relay and Hybrid Connection.
Relay Listener and Limitations
A Relay may have multiple connected listeners and it is considered to be “open” when at least one Relay listener is connected to it. Adding additional listeners to an open Relay will result in additional relay hours.
A Relay must have at least one active listener for any sender to send the message. There can be a maximum of 25 listeners on a single relay.
Message size for NetOnewayRelayBinding and NetEventRelayBinding relays is 64 KB. There is no limitation for the message size for HttpRelayTransportBindingElement and NetTcpRelayBinding relays.
Migrate Relay Namespace Between Subscription
You can use PowerShell commands to move a Relay namespace from one Azure subscription to another. In order to execute the operation, the namespace must already be active. Also, the user executing the commands must be an administrator on both the source and target subscriptions.
The following sequence of commands moves a namespace from one Azure subscription to another. To execute this operation, the namespace must already be active, and the user running the PowerShell commands must be an administrator on both the source and target subscriptions.
<span style="font-size: 14pt;">[powershell]
# Create a new resource group in target subscription
Select-AzureRmSubscription -SubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff'
New-AzureRmResourceGroup -Name 'targetRG' -Location 'East US'
# Move namespace from source subscription to target subscription
Select-AzureRmSubscription -SubscriptionId 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
$res = Find-AzureRmResource -ResourceNameContains mynamespace -ResourceType 'Microsoft.ServiceBus/namespaces'
Move-AzureRmResource -DestinationResourceGroupName 'targetRG' -DestinationSubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff' -ResourceId $res.ResourceId
The introduction of WCF Relay and Hybrid Connection in Azure Relay namespace is a extended capability for the existing Relay. WCF is a firewall friendly proprietary protocol which is dependent on WCF and .Net platform. The Azure Relay Hybrid Connections is a secure, open-protocol evolution of the existing Azure Relay features that can be implemented on any platform and in any language that has a basic WebSocket capability. The introduction of Hybrid Connection Relay focusses on the support of multiple platforms and programming languages.