Azure Options for connecting to On-Premise Systems

Post by: syed hussain in All Microsoft Azure

Summary

In this post, I explore various options for connecting to on-premises systems using Azure services. These include Azure VPN, ExpressRoute, Application Proxy, Data Factory Self-hosted Integration Runtime, On-Premise Data Gateway, Hybrid Connections, and Service Bus Relays. Each of these solutions offers distinct advantages depending on the specific requirements of security, latency, data transfer volume, and ease of integration. For instance, Azure VPN and ExpressRoute provide secure and reliable connections, with ExpressRoute being particularly suitable for scenarios requiring high bandwidth and low latency. Meanwhile, services like Azure Application Proxy and Hybrid Connections enable secure access to on-premises applications and resources without the need for complex networking setups.

Connectivity Types covered in this post are:

  1. Azure VPN (Point-to-site, Site-to-Site).
  2. Azure Express Route.
  3. Azure Application Proxy.
  4. Azure Data Factory Self-hosted Integration Runtime.
  5. Azure On-Premise Data Gateway.
  6. Azure Hybrid Connections.
  7. Azure Service Bus Relays.

Azure VPN (Point-to-site, Site-to-Site)

Establish a secure, cross-premises connectivity using Azure VPN Gateway. This creates a virtual network tunnel between your Azure resources and on-premises SQL Server, allowing for real-time data access and transfer. While the VPN Gateway itself doesn’t handle data integration, it provides the necessary secure connection for real-time access to on-premises databases from Azure services.

Azure ExpressRoute

For a more robust and reliable connection, ExpressRoute offers a dedicated private connection between Azure and your on-premises environment. It provides lower latency compared to VPN Gateway, which is crucial for real-time data scenarios. ExpressRoute is particularly suitable for enterprises requiring large amounts of data to be transferred rapidly between Azure and on-premises SQL Server.

To connect your on-premise network to Azure Virtual Network, you must create a Virtual Network Gateway. This requires three steps:

  1. Create a new VNet.
  2. Create a Virtual Network Gateway.
  3. Create and provision an ExpressRoute circuit.

Create a VNet and Virtual Network Gateway

  1. Create an Azure Virtual Network (10.20.0.0/16).
  2. Create a subnet (10.20.0.0/27)
  3. Create a Virtual Network Gateway. A VNet Gateway is used to exchange IP routes between the networks and to route traffic between the networks.
    • Under Gateway Type, select ExpressRoute.
    • For SKU select Standard.
    • For Subnet select the subnet previously created.
  4. Under the Public IP address, create a new IP address.
  5. Select a Public IP address SKU.
  6. Review and create.

Create an ExpressRoute circuit

The ExpressRoute circuit resource is specific to your provider details. Ensure that you configure this resource correctly. For example, in this setting, I have configured it as follows:

  1. Port Type: Provider (Provider or Direct to Microsoft).
  2. Create a new circuit, from the Create or import from classic.
  3. Provider: Name of the ExpressRoute provider.
  4. SKU: Standard or Premium.
  5. Billing Model: Metered/Unlimited.
  6. Allow Classic Operation: NO.

Once created, the Service Key is required. This Service Key is sent to the Provider to complete the provisioning of the ExpressRoute circuit.

Azure Application Proxy

Azure Application Proxy is a service that provides secure remote access to on-premises web applications. By using the Azure Application Proxy, you can enable users to securely access on-premises applications from anywhere, without requiring a VPN. This is particularly useful for scenarios where you need to provide secure access to internal web applications, such as SharePoint, internal CRM systems, or any custom web apps hosted on-premises.

Azure Data Factory Self-hosted Integration Runtime

The Self-hosted Integration Runtime in Azure Data Factory (ADF) allows you to securely connect your on-premises data sources to Azure Data Factory for data movement and transformation activities. This runtime is installed on your local network and acts as a bridge for transferring data between your on-premises SQL Server and Azure. It supports a wide variety of data sources and can be used for both ETL (Extract, Transform, Load) processes and data migrations.

Azure On-Premise Data Gateway

The Azure On-Premise Data Gateway facilitates secure communication between on-premises data sources and Azure services like Power BI, Power Apps, and Logic Apps. It acts as a bridge, securely transmitting data from on-premises SQL Server to Azure, ensuring that your data remains secure in transit. This is particularly useful for scenarios where you need to integrate on-premises data into cloud-based analytics or automation services without moving your data entirely to the cloud.

Azure Hybrid Connections

Azure Hybrid Connections is a feature of Azure App Service that provides a simple and secure way to connect your web apps hosted in Azure to on-premises resources such as SQL Server, without needing to expose those resources to the internet. It allows for bi-directional communication over secure, encrypted channels, enabling your Azure apps to securely access on-premises systems.

Azure Service Bus Relays

Azure Service Bus Relays enable you to securely expose your on-premises services to Azure without needing to open up a firewall port or make any changes to your network security. This is achieved by creating a relay in Azure that listens for incoming connections and forwards them to your on-premises services. It’s particularly useful for scenarios where you need to securely integrate on-premises services with cloud-based applications in real-time.

Pros & Cons (valid in 2022)

Connection MethodProsCons
Azure VPN (Point-to-site, Site-to-Site)– Secure, encrypted connection. – Relatively easy to set up. – Suitable for smaller data transfers.– Higher latency compared to ExpressRoute. – Not ideal for large-scale data transfer.
Azure ExpressRoute– Low latency and high reliability. – Dedicated private connection. – Ideal for large data transfers and critical applications.– More complex and costly to set up. – Requires coordination with a network provider.
Azure Application Proxy– Secure remote access to on-premises web applications. – No need for VPN, reducing complexity. – Easy to manage and scale.– Limited to web applications.
Azure Data Factory Self-hosted Integration Runtime– Enables secure data movement between on-premises and Azure. – Supports a wide range of data sources. – Ideal for ETL processes and data migration.– Requires installation and maintenance of the self-hosted runtime on-premises. – Potential performance bottlenecks if not scaled properly.
Azure On-Premise Data Gateway– Secure data transmission between on-premises data sources and Azure services. – Easy integration with Power BI, Power Apps, and Logic Apps. – No need to move data fully to the cloud.– Requires installation and maintenance on-premises. – Limited to specific Azure services.
Azure Hybrid Connections– Simple, secure connectivity for web apps to on-premises resources. – No need to expose on-premises resources to the internet. – Supports bi-directional communication.– Limited to specific Azure services (e.g., App Service). – Not suitable for high-volume or real-time data transfer.
Azure Service Bus Relays– Securely expose on-premises services without firewall changes. – Enables real-time integration with cloud-based applications. – Useful for scenarios requiring event-driven architectures.– Requires more complex configuration and management. – Potentially higher latency depending on the setup.
Tags:
10 Sep 2022
0