1 00:00:00,940 --> 00:00:04,740 Azure Relay, formally called Azure Service Bus Relay, 2 00:00:04,740 --> 00:00:08,070 connects on‑premises services and cloud applications 3 00:00:08,070 --> 00:00:09,620 through a single‑port connection, 4 00:00:09,620 --> 00:00:14,630 so it's a secure hybrid connection that's scoped to a single application. 5 00:00:14,630 --> 00:00:19,240 It is the functional equivalent of least‑privilege authorization, 6 00:00:19,240 --> 00:00:22,780 what you might do with role‑based access control in Azure 7 00:00:22,780 --> 00:00:26,220 where you give identities only enough permissions to do 8 00:00:26,220 --> 00:00:28,560 the work that they need to do, but no more. 9 00:00:28,560 --> 00:00:31,120 Similarly, instead of setting up, say, 10 00:00:31,120 --> 00:00:35,070 a Site‑to‑Site VPN that operates at the entire network scope, 11 00:00:35,070 --> 00:00:38,600 you can create connections between individual hosts in 12 00:00:38,600 --> 00:00:41,100 Azure services on a single port. 13 00:00:41,100 --> 00:00:45,840 So note that this is a different use case from Azure AD Application Proxy. 14 00:00:45,840 --> 00:00:50,920 The specific sub‑feature in Azure Relay is called Hybrid Connections, 15 00:00:50,920 --> 00:00:53,880 and this can work with two development stacks, 16 00:00:53,880 --> 00:00:58,250 .NET and Node, and it covers both WebSockets and HTTP. 17 00:00:58,250 --> 00:01:02,950 Now the demo I'm going to do is how you can use Hybrid Connections to 18 00:01:02,950 --> 00:01:07,050 establish a connection between an Azure App Service web app and a 19 00:01:07,050 --> 00:01:10,060 back‑end server that may be in your local datacenter. 20 00:01:10,060 --> 00:01:13,090 So under the hood to all of this hybrid connectivity, 21 00:01:13,090 --> 00:01:17,140 the Azure AD Application Proxy, the Azure Relay resource, 22 00:01:17,140 --> 00:01:20,250 this is all using Azure Service Bus under the hood, 23 00:01:20,250 --> 00:01:24,940 which is the main communications architecture underneath Azure Resource Manager. 24 00:01:24,940 --> 00:01:26,100 And for that matter, 25 00:01:26,100 --> 00:01:32,000 there's the Azure Service Bus resource that is an enterprise‑class messaging architecture.