Hybrid Connections, an introduction Sam Vanhoutte CTO Codit, Integration MVP

Nice to meet you Sam VANHOUTTE CTO, Codit http://blog.codit.eu Integration MVP – BizTalk V-TSP http://blog.codit.eu @SamVanhoutte 2000 Belgium 2004 France 2013 Portugal 2012 & 2013 Partner of the Year Award Finalist Application Integration International Focus - HQ in BE Community Microsoft Integration

Agenda Azure Hybrid connectivity options BizTalk Hybrid Connections For the next hour Azure Hybrid connectivity options BizTalk Hybrid Connections Demo time Architecture Comparing & when to use what

Questions? #azureconf on Twitter

Hybrid Connectivity in Azure overview when to use what

Evolving Enterprise Infrastructure 4/14/2017 Evolving Enterprise Infrastructure Corporate Network Virtual Network © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Virtual Networking Traditional network level connectivity 4/14/2017 Virtual Networking IP/sec VPN-style connectivity Traditional network level connectivity Various options Point2Site Site2Site ExpressRoute Watch session of Vishwas © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Service Bus Messaging Asynchronous, message based Features 4/14/2017 Service Bus Messaging Interoperable Async communication Asynchronous, message based Features Queues & Topics for distributed messaging Event Hubs for scalable event ingestion Notification hubs for phone notifications Watch session of Rick © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Service Bus Relay Firewall friendly service publishing Features 4/14/2017 Service Bus Relay Make internal services reachable through Azure Endpoints Firewall friendly service publishing Outbound only ports More & more used to avoid DMZ / reverse proxy Features Load balancing Fail over WCF / REST bindings available © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

BizTalk Services EAI capabilities EDI capabilities Hybrid connections 4/14/2017 BizTalk Services EAI & B2B integration EAI capabilities On premise LOB connectivity (SQL, SAP, Oracle…) Transformation & flat file support Routing EDI capabilities Support for EDIFACT & X12 Trading partner management Hybrid connections in Free tier of BizTalk Services © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Azure Hybrid Connections positioning & overview architecture

Goals Access on-prem w/o custom code or infra 4/14/2017 Goals Access on-prem w/o custom code or infra Keep existing network configuration Control & Visibility Agility & Flexibility © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Introducing hybrid connections 4/14/2017 Introducing hybrid connections part of supported by BizTalk Services Azure Web Sites Mobile Services in preview free tier (<5 cnx) goal: more to come © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

BizTalk Services pricing model FREE (preview) DEVELOPER BASIC STANDARD PREMIUM EAI capabilities No Yes EDI capabilities Scale limit 1 unit 8 units Scale out HyCnx per unit 5 10 50 100 HyCnx data transfer / unit 5 GB 50 GB 250 GB 500 GB Connection limits for each Hybrid Connection apply. Additional Hybrid data transfer billed at $1/GB.

Provision BizTalk Service DEMO Provision BizTalk Service

Key Features Access to on-premises resources 4/14/2017 Key Features Access to on-premises resources Connect to SQL Server, Web Services or most other resources that use TCP or HTTP connectivity Works with most frameworks Support for .NET, PHP, Java, Python, Node.js for Websites and Node.js and .NET for Mobile Services No need to alter the network perimeter Doesn’t require a VPN gateway or Firewall changes to allow incoming traffic Applications have access only to the resource that they require Maintains IT control over resources Support for Group Policy and Event/Audit Logging providing Admins control and visibility © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Hybrid Connection Manager Hybrid Connections Corporate Network Microsoft SQL Server Web Sites Other published resources Hybrid Connection Hybrid Connection Manager Mobile Services

‘As-is’ situation, expense application Integration Dashboard BizTalk Server Process

Step 1: lift & shift dashboard web app Dashboard frontend Integration Dashboard Dashboard backend BizTalk Server Process

Step 2: create expense mobile app Dashboard frontend Expense mobile svc Dashboard backend BizTalk Server Process

Step 3: Expose the expense API Dashboard frontend Expense mobile svc Dashboard backend BizTalk Server Process

agent topologies automation Architecture agent topologies automation

The hybrid connection manager On premises agent specifics Install from portal Download here Windows Service HybridConnectionMgr Port 80 required Outbound only 80 Optional ports Fallback on 443 - 80 443 5671 9352 80 & 443 (certificate validation & HTTPs) 5671 (connect to Azure), fallback to TCP:443 9352 (push & pull data), fallback to TCP:443

Limits & constraints Support for TCP & HTTP Recommend using static TCP ports Dynamic ports (ie FTP passive mode) are not supported No buffering or traffic inspection TLS can be negotiated end-end

SQL Server specifics SQL Express named instances should use static ports TCP should be enabled SQL Always on limitations MultiSubnetFailover=true is not supported for clustering or availability groups ApplicationIntent=ReadOnly is not supported Integrated security not supported

Security Shared access signatures Secure, simple & familiar Separate roles for on-premises connector & apps Credentials for the on-premises connector & client apps can be rolled independently Seamless & secure distribution & update of credentials to applications & Hybrid Connection Manager Application authorization is independent You can use an authorization mechanism appropriate for the Hybrid Application In practice, depends on End-to-End authorization mechanisms supported across cloud/on-premises

Hybrid Connection Manager Reusing connections Microsoft Azure On Premises Web Site LOB App Mobile Service Hybrid Connection Manager Hybrid Connection Hostname & Port Hostname & Port Multiple applications can share a Hybrid Connection to access an on-prem resource Applications on Azure access a resource the same way they would if it was running on-premises

Load-balanced connectors Microsoft Azure On Premises Web Site LOB Cluster Mobile Service Hybrid Connection Hybrid Connection Manager Cluster name & Port Cluster name & Port Multiple instances of the Hybrid Connection Manager can be used on-premises for resiliency and load-balancing.

DEMO Load balancing agents

Throughput Some tips & guidance Performance of outbound connection Multiple agents often increase throughput No throttling on connection or agent BizTalk tier does not impact performance

Some #devops Group policy settings to allow/designate resources Powershell, visibility & group policies Group policy settings to allow/designate resources Event & audit logs available Agent comes with PowerShell cmdlets Update-HybridConnection -ConnectionString "<cnxstring>" Add-HybridConnection -ConnectionString "<cnxstring>" Remove-HybridConnection –ConnectionString "<cnxstring>" Set-HybridConnectionManagerConfiguration –ManagementPort 9352 Get-HybridConnection

Virtual networking Hybrid Connections Service Bus relay When to use what Virtual networking Hybrid Connections Service Bus relay

A comparison Virtual networking (VPN) Hybrid Connections Service Bus Relay Addressing Host name / IP Public DNS Security Intranet style SharedSecret, SAML, SAS Application connectivity TCP level SOAP / REST Load balancing Complex, traditional Use multiple agents To 20 cnx per endpoint High availability Complex, traditional Use multiple agents To 20 cnx per endpoint Time-based (gateway) Bandwidth (mostly FREE) Per connection Billing model Time to value Complex installation Very fast (outbound ports) IaaS vs PaaS IaaS PaaS (ier) PaaS (iest)

Hybrid Connections wrap-up 4/14/2017 wrap-up Hybrid Connections The fastest way to build hybrid applications. Lift and Shift web workloads to Azure Websites whilst connecting to on-premises data. On-premises data just clicks away from Azure Websites & Mobile Services. © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

THANK YOU !! AND STAY TUNED FOR THE NEXT SESSIONS !! For all your follow up questions: @SamVanhoutte AND STAY TUNED FOR THE NEXT SESSIONS !!

Get started with a free trial http://aka.ms/AzureConf2014 Or, use your existing benefits… http://aka.ms/AzureConf-MemberOffers