My company has several RESTful services that are behind a firewall. I would like to be able to access these services from the Azure cloud with a client app as if the service is located in Azure.
For example, if I have an on-premises url like:
https://onpremiseservice/Customers/1
I would like to be able to access it from Azure like
https://mycompany.azurewebsite.net/Customers/1.
Is this possible? Can I do some kind of URL forwarding?
Updated 26th September 2022
You have many options, here they are in order of ease of configuration vs performance (ExpressRoute being the hardest to configure but with the best performance).
Use Azure API Management it was designed for this use case.
Configure the on prem firewall so that your Azure web app outbound IP's can connect to the on prem API. Then create a Web API in the Azure web app that proxies calls using HttpClient to your on perm API.
Use a Hybrid Connection
Use Point-to-Site VPN
Use Site-to-Site VPN
Use ExpressRoute
More information on your options in depth
It is possible. Use Azure Service Bus Relays.
Related
We have some dedicated LOB application on-premise applications. Access to these apps is through the public Internet. Active Directory Domain Services is used to authenticate users.
In Azure, there are multiple ways to create high-availability; is there something similar for on-premise apps using Azure? By this I mean if one on-premise system is down, traffic is routed to another app.
I know there are some options such as Application Gateway, Traffic manager and Front-door including Azure LB, my question is - are these the right services we should use in an on-premise setting?
For your on premise environment, you can use Network Load balancing(NLB) feature of Windows Server. See details here, it has an Azure inspired feature too.
We need to develop integration between ERP (Dynamics Nav) and cloud-based telephony provider.
The provider needs to have an endpoint published and accessible from internet but for security reasons it is not possible for us to allow inbound connections to our network. I think it should be possible to solve this by hosting small application in Azure which will serve as endpoint for telephony provider and to which ERP will connect as outbound persistent connection. The app will just forward requests to ERP.
Since I'm new to Azure the question is what of azure capabilities I could use to solve the task aside from hosting actual VM with application there?
I've just implemented the same using Azure Service Bus.
The VOIP system is putting a small JSON with call details after the end of the call and I'll get the messages from the Service Bus Queue from NAV.
The code is not complicated at all the whole solution is simple and cheap!
Let me know if you want to know more (= you need the code).
Cheers!
Azure AD has the concept of an "application proxy" that will open internal applications up using a connector that runs on prem. This doesn't require inbound ports and is protected by Azure AD authentication.
It's intended more as a user-facing way to get access to Legacy applications, although I don't see why it couldn't be used for integration as well.
https://learn.microsoft.com/en-us/azure/active-directory/application-proxy-publish-azure-portal
Otherwise, you could link an Azure Site to Site VPN up and use a service like API gateway to manage connections though this is more complicated.
I am using Microsoft Azure. Specifcially I have API Management Set up as a public gateway. Internally we have a VNet (Its actualy hosting in Azure Environment Service, so its basicallyan isolated App Service inside). I want to connect to the App Service inside the VNet from my API Management service (i.e. route calls from Api Management to backend services in my App Services in the VNet).
I know i can use the network connection to connect as an external API Management to my VNet , but this requires the Premium service level of API Management which is super expensive. Is there a way to route traffic from API management standard Version (which does have a Static IP) through to a service inside a VNet/Subnet though some configuration (other than network connection from the API Management blade).
Thanks in advance.
If you want to use API Management in the VNET then you are limited to Premium or Developer. However, the App Service Environment can have an external interface and API Management can talk to that.
You would need to add some additional security to your external interface to ensure only API Management has access. This could just be an IP filter rule.
I'm looking at ways to host our web site in Azure. The Web application consumes on-premise web services and send/receive messages from ActiveMQ hosted on-premise. Is this possible? Any pointers will be helpful.
Short Answer: Yes, it's possible. Mixing Azure and On-Prem resources is what's called the Hybrid Cloud.
Long Answer:
You can use Azure App Service Environment to setup a Virtual Network with an Azure Web App that will allow for a VPN connection to be setup between your on-premises network and the Azure VNet. If VPN setup isn't an option of you, then you could use the Azure Service Bus Relay service to connect an on-premises WCF Web Service to the Azure Web App. Additionally, a Biztalk Hybrid Connection could be used to tunnel through the firewall between your on-premises resources and the Azure Web App. Hybrid Cloud is fully supported in Microsoft Azure and there are a few options to choose depending on which fits your needs / scenario best.
You can create a VPN on Azure, add the web site to it and then create a site to point VPN connection to add the VM that has the on-premise web service to it.
Another solution, if your web service is developed in WCF, you can use Service Bus Relay with your web service, this will make it accessible from your Azure web site.
Can anybody tell me how to connect a web app running on azure to existing web services (.ASMX) on premises?
We do not have the source for the services they are exposed by third party applications and we do not want to open them up to public access.
Sounds like Azure's Service Bus Relay Service might be what you're looking for...
There might be three options based on your scenario. But I personally prefer the third one.
If you used azure cloud service (web role, worker role), you can use Windows Azure Connect. It builds an IP-sec communication between the azure machine and your local machine. Then you can connect to your local service through the its IPv6 address.
If you used azure virtual machine to host your azure project you can use Virtual Network. It's more powerful than the Windows Azure Connect.
You can use Windows Azure Service Bus Relay. It can open your local service to the cloud regardless how your azure project is hosted. But since it's only support WCF of Service Relay, and since you cannot change codes and config of your service, you might need some more works. Maybe you can create a small WCF on your local machine as a proxy, register it to Service Bus Relay, and pass all request/response to your local service.