Creating an Azure App Service Hybrid Connection

This is such a simple yet powerful tool to use, easy to implement and does some real hard core, complicated stuff in the back ground to get the connectivity to work.  Similar instructions can be found here “Azure App Service Hybrid Connections”.

I wrote this article about connecting an Azure App Service to VM in a VNET using Point-to-Site (P2S):

In this scenario, I again connect an Azure App Service to an Azure VM in a VNET, I did this because I have no on-premise network to connect to.  However, I am certain it is not any more complicated.

The steps required to configure a Hybrid Connection are:

  • Configure the endpoint which the App Service will contect to
  • Install and configure the Hybrid Connection Mananger on the server being connected to
  • Test it out

Configure the endpoint which the App Service will contect to

First access the Azure App Service in the portal and select the Networking link as shown in Figure 1.

image

Figure 1, configure azure app service hybrid connection, app service

Notice in Figure 2 that as I selected a Standard SKU that I get 25 connections.  The number of connections are based on the selected SKU and can be seen in detail here.  Initially, I thought the connection limit meant that this was the maximum of concurrent connections which my Azure App Service could have open with the configured backend server, this turned out to be wrong.  Based on my SKU, I can create a Hybrid Connection with 25 different backends.

image

Figure 2, configure azure app service hybrid connection, app service

Also in Figure 2, see in the red square “download connection manager” that this is the location to download the Hybrid Connection Manager installation package for installation on the onsite or other dedicated server to which you want to create the connection.

TAs illustrated in Figure 3, he name of the Hybrid connection can by anything, just make it describe the connection so in the future you know what the connection is for.  The Endpoint Host should match the name of the server (NETBIOS) to which you are connecting.  I call out NETBIOS which is converse to FQDN as I have read using the FQDN causes some problems if you do not have a DNS server, also do not use an IP address.  Although I have read those possible issues, I have not done it to see for myself.  But I think you can make the configuration simply even with those contraints.

image

Figure 3, configure azure app service hybrid connection, app service

There are some ports which the hybrid connection uses, so avoid: 9350-9354, 5671, 80 and 443.  I have not seen any document stating that any other port is restricted. I wrote an article here that explains more about those ports usage.  That article is about HCM with Biztalk which is deprecating, but the port descriptions still ally as far as I know.

Lastly, it is a good idea to create the Service Bus in the same region as the App Service.  Select OK and then you will see the newly created hybrid connection in the portal, as seen in Figure 4.

image

Figure 4, configure azure app service hybrid connection, app service

That is all from an App Service perspective next, you need to install the Hybrid Connection Manager on the machine you want the App Service to connect to.

Install and configure the Hybrid Connection Mananger on the server being connected to

Download the Hybrid Connection Manager package I mentioned previously, shown in Figure 2 and once installed open it.  You will find it in the menu similar to that shown in Figure 5.

image

Figure 5, configure azure app service hybrid connection, onsite or backend server

Once opened, you should see a window similar to that shown by Figure 6.

image

Figure 6, configure azure app service hybrid connection, onsite or backend server

Click on the ‘Add a new Hybrid Connection’ and then login to the Azure Subscription which contains the App Service you configured using the previous steps (Figures 1-4).

Select the subscription from the drop-down, which will list the Hybrid Configurations and select the one you desire, then Save it.  The result is something similar to Figure 7.

image

Figure 7, configure azure app service hybrid connection, onsite or backend server

Once the save completes, return to the portal and view the Hybrid Connection, see Figure 8, and you notice the status has also changed to Connected.

image

Figure 8, configure azure app service hybrid connection, app service

Now the connectivity should be functional between the App Service and the Azure VM in the VNET.

Test it out

As shown in Figure 9, before the Hybrid Connection Manager was configured on the backend VM (Figure 7), but after the Hybrid Connection was configured for the App Service (Figure 4), I was able to get a successful TCPING response.  I interpret this to mean that TCPING only checks if the port is open and not that the machine is responding to the tcp ping.  This was a new learning.

I also checked using a CURL, and it failed as expected.

image

Figure 9, testing, troubleshooting azure app service hybrid connection, app service

After I installed the Hybrid Connection Manager on the backend server (Figure 7) and configured it, the CURL worked, although not as expected (becuase there was some content in the index.html file), but it did work and without an error, Figure 10.  The TCPING kept working, as expected too.

image

Figure 10, testing, troubleshooting azure app service hybrid connection, app service

Instead of using CURL and TCPING, I am going to make an HttpClient call from an Azure Function via the same Hybrid Connection.  Read about how I do that here “How to Azure Function App with Hybrid Connection”

To get a overview of the project I worked on, read the following articles as well.