Site icon Rajeev Singh | Coder, Blogger, YouTuber

Seamless On-Premises Database Integration: A Practical Guide to Azure App Service Hybrid Connectivity

Rajeev Singh

Overview:

Azure App Service Hybrid Connections is a feature within Azure App Service and a service in Azure Relay that enables apps to securely access on-premises resources. It allows for the integration of Azure App Services with existing on-premises systems without the need for complex network infrastructure like VPNs or open internet-accessible endpoints.

How it Works:

Hybrid Connections uses a relay agent, known as the Hybrid Connection Manager (HCM), which establishes outbound calls to Azure Relay over port 4431.

The web app connects to Azure Relay, which then allows access to the desired TCP endpoint using TLS 1.2 for security and shared access signature (SAS) keys for authentication.

The feature is agnostic to the application language and the technology used by the endpoint, providing flexibility in accessing resources across different operating systems and platforms.

Benefits:

Secure Access: Apps can securely access on-premises systems and services without exposing them to the internet.

Ease of Setup: The setup process is straightforward and does not require gateways or firewall holes, as all connections are outbound over standard web ports.

Network Agnostic: Since Hybrid Connections is network-level, it works regardless of the app’s language or the endpoint’s technology.

Limitations:

Hybrid Connections cannot be used to mount drives, use UDP, or access TCP-based services that use dynamic ports, such as FTP Passive Mode.

Use Cases:

Connecting Azure App Services to on-premises databases like Oracle or SQL Server without moving these databases to the cloud.

Enabling Azure App Services to communicate with on-premises resources when there is no Azure ExpressRoute or direct connection from Azure to on-premises.

To check more details on Hybrid Integration, refer this link: Hybrid Integration: Connect On prem SQL with Azure Web Apps

Azure App Service Hybrid Connections.

Recommended method is to use an Azure App Service Hybrid Connections.

To do this, you need to add and create Hybrid Connections in your app. You will download and install an agent (the Hybrid Connection Manager) in the database server or another server which is in the same network as the on-premise database.

You configure a logical connection on your app service or web app.

A small agent, the Hybrid Connection Manager, is downloaded and installed on a Windows Server (2012 or later) running in the remote network (on-premises or anywhere) that you need to communicate with.

You log into your Azure subscription in the Hybrid Connection manager and select the logical connection in your app service.

The Hybrid Connection Manager will initiate a secure tunnel out (TCP 80/443) to your app service in Azure.

Your app service can now communicate with TCP-based services, on Windows or Linux, in the remote network via the Hybrid Connection Manager.

You could get more details on how to Connect Azure Web Apps To On-Premises.

Demo:

Create and deploy ASP.net app to Azure App Service

Use the link below and deploy ASP.net app to azure. Get the sample code, it uses Azure SQL.

 We will use On prem SQL Server in this example.

If you run this app, it works, click on Create new and it saves the data.

Tutorial: ASP.NET app with Azure SQL Database – Azure App Service | Microsoft Learn

How does it works in the beginning?

The app uses a database context to connect with the database.

In this sample, the database context uses a connection string named MyDbConnection.

The connection string is set in the Web.config file and referenced in the Models/MyDatabaseContext.cs file.

The connection string name is used later in the tutorial to connect the Azure app to an Azure SQL Database.

  <add name="MyDbConnection" connectionString="Data Source=(localdb)\MSSQLLocalDB; Integrated Security=True; MultipleActiveResultSets=True; AttachDbFilename=|DataDirectory|MyDatabaseContext-12.mdf" providerName="System.Data.SqlClient" />
</connectionStrings>

Models/MyDatabaseContext.cs 

Configure your On prem SQL server to configure Windows + SQL Auth?

Enable sa:

Note: In case you don’t have SQL Server Studio, install it.

System.Data.SqlClient.SqlException: ‘A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.)’

Win32Exception: The certificate chain was issued by an authority that is not trusted

set TrustServerCertificate=true

Trust Server Certificate: In your connection string, you can set TrustServerCertificate=true; to accept the self-signed certificate1.

Disable Encryption: Alternatively, you can set Encrypt=false; in your connection string to use an unencrypted connection1.

Use a Signed Certificate: The recommended way is to provide a proper certificate for your SQL Server from a trusted Certificate Authority (CA). You can install a certificate for a single SQL Server instance through SQL Server Configuration Manager1.

Please note that while setting TrustServerCertificate=True or Encrypt=false is a quick fix, it’s not the most secure solution. Using a properly signed certificate is the best practice1

Create a WebApp with a Hybrid Connection

Create a Hybrid connection

Select Web site and click on Hybrid connection.

Click -> Next Goes to below page.

The Hybrid Connections feature requires a relay agent in the network that hosts your Hybrid Connection endpoint.

That relay agent is called the Hybrid Connection Manager (what you downloaded earlier).

After installing the Hybrid Connection Manager, you can run HybridConnectionManagerUi.exe to use the UI for the tool.

This file is in the Hybrid Connection Manager installation directory. In Windows 10, you can also just search for Hybrid Connection Manager UI in your search box.

Install Hybrid Connection Manager

Configure Hybrid Connection Manager

Once this is installed, open Hybrid Connection Manager.

OR Do it manually !

Endpoint=sb://hybridconn-serbus.servicebus.windows.net/;SharedAccessKeyName=defaultListener;SharedAccessKey=unOT2yDXJU54VrWuZ1StVt+QtkWkxG5uk+ARmMOQt5A=;EntityPath=mysql-hybridconn

Conclusion

Azure App Service Hybrid Connections is a powerful tool for organizations looking to modernize their applications by moving to Azure while still maintaining access to on-premises resources.

Its ability to create secure, direct connections to TCP endpoints without the need for internet-exposed endpoints or complex network configurations makes it an attractive option for developers and IT professionals.

By leveraging Hybrid Connections, businesses can enjoy the benefits of the cloud while ensuring seamless integration with their existing on-premises infrastructure.

References:

https://learn.microsoft.com/en-us/azure/app-service/app-service-web-tutorial-dotnet-sqldatabase

https://azure.github.io/AppService/2021/10/15/How-to-create-a-web-app-with-a-hybrid-connection.html

https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections#troubleshooting

Exit mobile version