I have an OnPremise (SAP) system which exposes data via RESTful services and remote functions (RFC). How can I access these data from a Node.JS application running on AWS? Which AWS service will be useful in this scenario to connect to the OnPremise VPN to facilitate the connection?
You need to make use of AWS Direct Connect to extend your on premise infrastructure with AWS.
There are two solutions for VPN connections: either a site-to-site VPN, which uses a customer gateway and a virtual private gateway. Alternatively, AWS Direct Connect is an actual physical connection between your on premise data center and an AWS data center.
DirectConnect offers much better performance, but requires third parties to install a physical cable, and so can take several days to implement. If you're looking for a solution that's independent of hardware, then a site-to-site VPN could be a good fit.
Related
I am creating a WebService with C# Core 3.0 that is using MySQL and Redis, but I am not so familiar with Azure so I need advice about configuring everything.
I had MySQL hosted on AWS, but I am transferring it to Azure because I think that performance (speed) will be better on Azure because they will be on same data center. Right?
But, on my MySQL page Host is like '*.mysql.database.azure.com'. That means that every connection will go out of Azure, and than come back? I don't have some local IP for connection? Same question for Redis.
Do I need to configure some local network on Azure and will that impact speed on the app? And, is MySQL a good choice for Azure or should I try with another one?
I am just reading about Azure Virtual Networks. But as I understand it, VN's sole purpose is to isolate elements from the outside network?
You will get better performance if your my-sql instance and your app service are in the same region (basically the same data centre).
The connection string is mysql.database.azure.com, but remember the connection will be a TCP/IP connection, so the DNS lookup will realise that this address mysql.database.azure.com is in the same region (same data center). Then the TCP/IP connection will go to an internal IP.
You could use tcpping in your app service's kudo console to try this and see the result.
The basic rule is that you should group your app and database in the same region for better performance and cheaper cost (as Microsoft doesn't charge traffic within the same region).
Azure Virtual network is for a different purpose. For example, if you have some on premise database servers and you want to call these servers from azure, then VM could be helpful. But for the scenario you described, it is not really needed.
The company I work for has Microsoft azure support included, and if you or your company have support contract with them, you can raise questions directly to them and get really quick responses.
I've made a couple of tests and, as far as I've understood, Azure Relay requires the listener to explicitly connect to the bus. In our scenario, we would like to use it from a VM in Azure (or a different system on Internet) to connect to an existing On-Premise resource that cannot be modified to support Hybrid connections. I've tested also the Hybrid Connection manager and I wasn't able to find any documentation on how to create a client that connects to a Hybrid connection that routes the traffic to the target system by using the Hybrid Connection manager. It works from an Azure Web app, but they are not a viable solution in our scenario.
Is it possible to use the Hybrid connection manager from outside an azure web app?
I've digged two days more to find an answer and from this article, it seems it's not possible:
https://learn.microsoft.com/en-us/azure/biztalk-services/integration-hybrid-connection-overview
Hybrid Connections provide an easy and convenient way to connect the
Web Apps feature in Azure App Service (formerly Websites) and the
Mobile Apps feature in Azure App Service (formerly Mobile Services) to
on-premises resources behind your firewall.
And it sounds correct since they requires some adjustments at network level that are made under the hood by Azure: the mobile app makes a specific dns query and the azure internal dns returns a 'ghosted' ip that offers an entrance to the hybrid connection tunnel at the requested port. The hybrid connection then 'forwards' the tcp stream to the on-premise hybrid connection manager that proxy the request toward the real ip of the service. In this way, hybrid connections does not breaks any SSL connections since the target dns host is the same of the final SSL endpoint.
However, digging a bit more, i've found two examples that offer a pre-elaborate that it's helpful in my scenario:
Hybrid Connections Reverse Proxy
https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/hcreverseproxy
Port Bridge
https://github.com/Azure/azure-relay/tree/master/samples/hybrid-connections/dotnet/portbridge
I am working on Azure Poc . Is it possible to connect to on premise Sybase database from Azure cloud ?
Can I read and write data into Sybase from Azure cloud ?
Yes you can. Look at Azure Relay Hybrid Connections for a code-first approach or Site-to-Site VPN for an infrastructure one. Also since you're on a Linux VM, why not just SSH tunnel your traffic over? - probably the simplest solution to your conundrum.
There's also ExpressRoute which you may want to take a look at if we're talking serious business that needs connectivity, bandwidth and latency guarantees.
AWS Direct Connect allows physical connections and BGP setup to connect AWS cloud with on-premise DC or customer's private cloud. I wonder if there's anything like this in MS Azure cloud. Not VPN based..
Kind-of.
It is announced as a future plan to support, but not yet accessible to customers. I believe this is what you are asking for: http://www.microsoft.com/en-us/news/press/2013/sep13/09-18msattpr.aspx
Hopefully we can see this announcements moving forward in the next year. Offering this solution to regions other than USA will also be interesting development of this solution, but currently nothing can be found on the internet.
As the cloud continues to be embraced by customers and partners around the world we are seeking to help them connect to their off-premise investments. Today, providers such as TW Telecom, AT&T, and Level 3 grant their clients the ability to connect to AWS or Windows Azure with scalable and flexible connectivity. Recently, Level 3 released ExpressRoute; a new service that allows customers to utilize a private connection from an Equinox Data Center to the Windows Azure Cloud. This service is similar in nature to the AWS direct connect service that was released a few years ago, providing a private network route to hosted cloud services that bypasses the public Internet.
ExpressRoute aims to reduce latency, and increase the speed in which clients can access their applications. To achieve this goal, Level 3 provides the client with 1 gigabit or 10 gigabit connection from an Equinox Data Center in San Jose to Windows Azure increasing your network throughput for large workloads. Today, Windows Azure does not offer multiple VPN’s into their cloud. To compensate for this issue, consolidating and connecting to the Azure cloud with a private connection ensures the transfer of your data.
Ref. from http://fastblue.com/cloud-connectivity-aws-direct-connect-and-windows-azure-express-route/
Currently I am designing a solution for connecting Smart devices that are hosted behind a Router using NAT. The Central service etc are hosted on Azure. One idea is to join all devices and the Azure components in a VPN using the Point to Site solution. The smart devices do not have a Windows based operating system. In the portal the configuration for the Windows standard VPN client is available. I now would like to find out if it is posible to Connect to the Azure VPN using other clients and so how to configurate these(Setting the GateWay, attachint the client cetificate etc.)
If your client architecture permit it, you may put in place on the client side a Windows (or Linux) machine having a gateway role. You will either:
connect this machine to Azure via Point-to-Site SSTP VPN and expose a service acting as proxy from the cloud service to the local devices
use Azure IoT Gateway SDK for all this: https://azure.microsoft.com/fr-fr/blog/introducing-the-azure-iot-gateway-sdk-beta/
In any case this architecture is more robust. But works only if it possible from your client architecture point of view.