In this video, Sharon discusses the Azure Service Bus relay solution—including benefits—explores the options, and wraps up the lesson with a demonstration of the relay service.
- [Instructor] The Azure Service Bus Relay is used to connect your secure services that are within your corporate network to the public cloud and get ready for it, without opening a firewall port. I know, the security folks right now are shaking their heads. The Service Bus Relay will provide bidirectional information, meaning you can pass messages between the sender and the receiver. Whereas, when we're talking queues in topics and subscriptions, it was one-way communication only.
The difference here is that the relay itself will not store the messages, like the queues in topics did, it just passes the messages along to the endpoint. There are several benefits to using the Azure Relay service including, you do not require a VPN or to open up ports on the firewall. This will allow you to meet data sovereignty rules. You may be in a position where your data cannot leave your on-premise environment and using a Relay will allow you to keep that data on-prem, within the borders.
You can use it for hybrid implementation, using either WCF or the WebSocket transport. It also provides high availability for your on-premise services. There are two types of relays. We have a Hybrid Connection Relay and a WCF Relay. The method you choose will be dependent on your requirements, so let's go ahead and take a look at those requirements. If your endpoint only supports WCF, then you're going to be forced to use the WCF Relay.
If it's a ports .NET Framework, you could use either/or. If you're using .NET Core, Java Node Script, or Node.js, Standards-Based Open Protocol, or their Multiple RPC Programming Models, then you can use the Hybrid Connection model. Applications can authenticate to Azure Relay using the shared access signature with explicit rights. The relay also supports unauthorized or anonymous senders, whereas the Service Bus does not support unauthorized or anonymous senders.
The SharedAccessAuthorizationRule contains four components. Those being the KeyName, the PrimaryKey, the SecondaryKey, and Rights, and those Rights will include Listen, Send, and/or Manage, and we'll take a look at that in the demo. Let's take a look at the Relay Workflow. We have our client and we have our Windows system. The Windows system will register with Azure and will open a control channel. The client will then connect and then Azure becomes the bridge passing along the messages between the client and the Windows system.
It will be a little different, depending on whether or not you're using WCF or the hybrid implementation. Let's go ahead and take a look at the two. When we use WCF, we can run applications either on-premise or in Azure, so these could be Web Roles, Worker Roles, or clients, and the on-premise application will have the Windows Communication Foundation service, or WCF, enabled. And we can control who accesses the service, protecting the application, using those shared access signatures we just talked about. And you'll notice here that this will transverse the firewall and NAT.
When we're talking Hybrid Connections, it's very similar, except we can use HTTP and WebSockets or an open protocol that is implemented on any platform and language that supports the basic WebSocket. Let's go ahead, pop into Azure and build our relay. I'm looking at our existing resource groups in Azure, and I'm going to work in the LiLMessaging resource group. This is where we've been creating our topics and queues and our previous Service Bus.
Here we actually need to create another Service Bus. I'm going to go ahead and click Add, and search on relay, and select Relay. The Relay blade will open, providing some information about the service itself. I'm going to go ahead and click Create. All we need to do is provide a name for our relay, you'll notice that it must be a unique name though because we're using .servicebus.windows.net. Perfect, my name is unique, select your subscription, your resource group, and your location.
I'm going to go ahead and click Create, and this will take a few moments to deploy. Our deployment has now succeeded, let's go ahead and close these blades, and I'm going to refresh in our resource group. And scroll over just a little bit, just to center everything for us, and you'll notice that we now have a relay. I'm going to go ahead and open up the blade for that relay. We can set shared access policies for the entire relay if I go ahead and click on Add, and I can set to Send, Listen, or Manage.
I'll go ahead and click Create. You'll also notice that there was a default policy created for us called RootManageSharedAccessKey and this includes the Manage claim, and we pull these keys to input into our application. I'm going to go ahead and close that. Next, we'll quickly just take a look at Hybrid Connections. Here we can go ahead and simply click on a Hybrid Connection. I'm going to go ahead and provide a name, and like I said, we can require client authorization or we can disable that, I'm going to go ahead and disable it and click Create.
Then we could add in our key values there as well, as required. It'll take a moment for the screen to update, and I'll click in Overview, and then you'll notice the Hybrid Connection is there. We don't have any listeners because we haven't set anything up for it, you would do this at the application level, and we could go ahead and configure shared access policies for this specific relay if we wanted to do that as well. Let's go ahead and close that, and then the WCF Relays will be the same procedure.
Go ahead, provide a name, we can choose our Relay Type, NetTcp or HTTP, we can select whether or not we want the client to have authorization or not, as well as transport security. We can enter in the UserMetadata as required and then click Create. That was created, pop back into the Overview, and you'll notice that our two relays are now created. Relays can be used to transverse VPNs and firewalls.
They are bidirectional and remember that the messages do not sit in the relay, the relay just passes it along to the receiver as required.
- Creating compute-intensive applications
- Creating long-running applications
- Implementing messaging systems
- Azure Service Bus relays
- Using Azure Storage queues
- Creating an Azure Event Hub
- Creating Azure WebJobs
- Managing cloud environments with Azure Active Directory Domain Services