1 00:00:01,540 --> 00:00:04,730 All right, so let's go right on to the next part of this demo, 2 00:00:04,730 --> 00:00:07,100 which is about relay and hybrid connections. 3 00:00:07,100 --> 00:00:08,230 So let's go to relays, 4 00:00:08,230 --> 00:00:13,060 and let me just show you the basic mechanics of the relay service itself. 5 00:00:13,060 --> 00:00:14,410 We create a relay, 6 00:00:14,410 --> 00:00:18,500 and it shares a lot of the same nomenclature and user interface, 7 00:00:18,500 --> 00:00:22,610 actually, as Service Bus and as Event Hubs do, 8 00:00:22,610 --> 00:00:22,890 actually. 9 00:00:22,890 --> 00:00:25,680 They're all using Service Bus under the hood here. 10 00:00:25,680 --> 00:00:29,180 So I'm going to put this in my az800 resource group. 11 00:00:29,180 --> 00:00:32,110 I'll give it a name, twaz800relay1, 12 00:00:32,110 --> 00:00:35,060 and notice that that needs to be a globally unique 13 00:00:35,060 --> 00:00:37,670 name on servicebus.windows.net. 14 00:00:37,670 --> 00:00:41,340 My home region is actually East US, so I'll select that, 15 00:00:41,340 --> 00:00:43,130 and then we create the resource. 16 00:00:43,130 --> 00:00:44,430 The validation succeeded, 17 00:00:44,430 --> 00:00:47,680 so we'll click Create to initialize and submit that deployment. 18 00:00:47,680 --> 00:00:50,820 Now while that's cooking, let me go to another browser tab, 19 00:00:50,820 --> 00:00:53,820 and let's open the portal in another browser because I want 20 00:00:53,820 --> 00:00:56,500 to do a specific implementation of relay. 21 00:00:56,500 --> 00:01:01,200 I have an Azure App Service node app, a sample app running here, 22 00:01:01,200 --> 00:01:04,660 called twaz800webapp1. 23 00:01:04,660 --> 00:01:07,150 Let's give that a click, and if I click Browse, 24 00:01:07,150 --> 00:01:10,060 just to show you what it looks like, it's just a sample, 25 00:01:10,060 --> 00:01:14,170 no‑jazz application running as a hosted app service here in Azure. 26 00:01:14,170 --> 00:01:18,170 But what I want to show you is if we come down under Networking, 27 00:01:18,170 --> 00:01:20,330 there are a number of ways you can customize 28 00:01:20,330 --> 00:01:22,410 networking for a hosted app service. 29 00:01:22,410 --> 00:01:27,470 And in this case, for the relay, that's going to be an outbound traffic control, 30 00:01:27,470 --> 00:01:29,750 as you can see, called Hybrid connections. 31 00:01:29,750 --> 00:01:31,180 So let's say, for example, 32 00:01:31,180 --> 00:01:34,570 that we're migrating from on‑prem into Azure in stages, 33 00:01:34,570 --> 00:01:35,180 and right, 34 00:01:35,180 --> 00:01:38,820 now the front end of our app is running successfully as an app service. 35 00:01:38,820 --> 00:01:42,440 But now we still have a dependency where this app service needs 36 00:01:42,440 --> 00:01:44,620 to communicate with an API that's running, 37 00:01:44,620 --> 00:01:45,120 let's say, 38 00:01:45,120 --> 00:01:50,100 on this local Hyper‑V server on‑prem that doesn't have a public IP address, 39 00:01:50,100 --> 00:01:52,470 we want to protect this machine, etc., etc. 40 00:01:52,470 --> 00:01:55,740 This is a good case for Azure Relay Hybrid Connections. 41 00:01:55,740 --> 00:01:58,310 Let's go to Hybrid connections and turn it on. 42 00:01:58,310 --> 00:02:00,750 You get a quota, it looks like, of 25. 43 00:02:00,750 --> 00:02:03,840 I will imagine that quota number goes up if you're using 44 00:02:03,840 --> 00:02:05,800 a more expensive App Service plan, 45 00:02:05,800 --> 00:02:10,470 but each connection is a single TCP endpoint that is using just 46 00:02:10,470 --> 00:02:13,930 TLS encryption and TCP 443 over the internet. 47 00:02:13,930 --> 00:02:17,660 So there's no dependency in terms of VPN or ExpressRoute, 48 00:02:17,660 --> 00:02:20,100 and you shouldn't have too much trouble with firewalls. 49 00:02:20,100 --> 00:02:23,590 So we have to download the Connection Manager agent to the 50 00:02:23,590 --> 00:02:25,820 other side of the hybrid connection. 51 00:02:25,820 --> 00:02:27,910 So this is going to be my local server. 52 00:02:27,910 --> 00:02:31,540 So let's run this HybridConnectionManager.msi. 53 00:02:31,540 --> 00:02:36,060 Unfortunately, it's Windows only, so if your endpoint is Linux or macOS, 54 00:02:36,060 --> 00:02:37,510 you've got to be more creative, 55 00:02:37,510 --> 00:02:41,240 and what this is going to do here in a moment is it's got a little UI 56 00:02:41,240 --> 00:02:45,160 to it called the Hybrid Connection Manager UI. It has a little UI, so 57 00:02:45,160 --> 00:02:48,610 let's start the UI, and then let's go back to the portal, and let's 58 00:02:48,610 --> 00:02:50,410 add a hybrid connection here. 59 00:02:50,410 --> 00:02:52,880 We'll click Create new hybrid connection. 60 00:02:52,880 --> 00:02:57,350 I'm going to call this localhyperv1. The endpoint host is 61 00:02:57,350 --> 00:03:04,450 localhyperv1.contosolocal.int. Let's say that the service on the server, 62 00:03:04,450 --> 00:03:08,900 the on‑premises server, is 443. So the hybrid connection is going to be 63 00:03:08,900 --> 00:03:14,760 constrained to a single TCP port, and this has a dependency on Service Bus, as 64 00:03:14,760 --> 00:03:18,980 you can see here. And we can either create one or use an existing, and we 65 00:03:18,980 --> 00:03:23,790 created a relay so we can use that as our Service Bus namespace, and let's 66 00:03:23,790 --> 00:03:28,060 click OK to finish that configuration in the cloud, and then we'll finish the 67 00:03:28,060 --> 00:03:30,700 configuration on the remote server. 68 00:03:30,700 --> 00:03:34,690 Let's wait for the notification to finish, which it just did. 69 00:03:34,690 --> 00:03:38,640 So let's come back to our Hybrid Connection Manager UI and click Add 70 00:03:38,640 --> 00:03:41,210 a new Hybrid Connection. Now I already signed in, 71 00:03:41,210 --> 00:03:42,160 and once you've signed in, 72 00:03:42,160 --> 00:03:45,240 you'll have your subscriptions that you have access to. And 73 00:03:45,240 --> 00:03:49,480 here is my localhyperv. Let me select that and click Save. And 74 00:03:49,480 --> 00:03:52,950 you can see the endpoint on TCP 443. 75 00:03:52,950 --> 00:03:57,560 The Azure status is not connected yet. Hmmm. I may have a bit of 76 00:03:57,560 --> 00:04:02,540 troubleshooting to do there, as usual. After consulting Stack Overflow, 77 00:04:02,540 --> 00:04:05,890 somebody mentioned that we can open the service control manager 78 00:04:05,890 --> 00:04:09,890 application on the server and restart the appropriate service, 79 00:04:09,890 --> 00:04:13,680 which is called Azure Hybrid Connection Manager Service. Let's 80 00:04:13,680 --> 00:04:17,870 right‑click and restart, and they also mentioned restarting the UI, 81 00:04:17,870 --> 00:04:19,330 so let's try that next. 82 00:04:19,330 --> 00:04:20,570 There we go, connected. 83 00:04:20,570 --> 00:04:25,150 So now any connection strings or whatever in our app service will 84 00:04:25,150 --> 00:04:30,170 resolve correctly and go on that secure TCP channel into our 85 00:04:30,170 --> 00:04:31,900 remote server, and pretty cool, huh? 86 00:04:31,900 --> 00:04:34,110 So here is the relay itself. 87 00:04:34,110 --> 00:04:37,700 Let's go to the resource, and if you've worked with Service Bus and Event 88 00:04:37,700 --> 00:04:43,210 Hub, you authenticate and authorize access with these shared access policies, 89 00:04:43,210 --> 00:04:47,510 as you can see here, and each of those access policies would have some basic 90 00:04:47,510 --> 00:04:51,760 permissions. Manage would incorporate both send and receive, and then you've 91 00:04:51,760 --> 00:04:55,590 got your connection string here, primary and secondary, that you would use in 92 00:04:55,590 --> 00:04:56,490 your source code. 93 00:04:56,490 --> 00:04:58,730 And then if we go to Hybrid Connections, 94 00:04:58,730 --> 00:05:01,630 we've got the one that we created. Then we can deploy 95 00:05:01,630 --> 00:05:08,000 additional standalone hybrid connections to connect our Azure application to an on‑premises machine.