Azure Hybrid Connections | Hybrid Connections as VPN Alternative

Azure Hybrid Connections | Hybrid Connections as VPN Alternative

In real life cloud deployment scenarios one of the very common cases is when only part of the application resides in the cloud. Usually, it’s when there is a legacy system which can’t be migrated to the cloud and resides on premises, or it’s not optimal to deploy entire system to the cloud. After all, cloud is not an answer to every question. In this case, these is a need to establish a connection between parts of the applications which are deployed in Azure (for example, a web site), and parts which reside on premises (for example, a mainframe).

There are more than one way of connecting Azure resources to on-premises application. The most obvious is a VPN (Azure ExpressRoute) between Azure cloud and on-premises (or co-located) environment. It’s fast, solid, but not exactly cheap (see

Then there is an alternative way: Azure Hybrid connections: which also allows application deployed in Azure to access applications on premises. And, unlike VPN, it’s free. In essence, setting up Azure Hybrid connection requires the following steps:

– You need to set up new BizTalk service in Azure portal (or piggy-back on existing BizTalk service if you have one already)

– You need to configure new Hybrid Connection in Azure portal. Each hybrid connection needs to be specific to on-premises server and port number. For example, if you have on-premises SQL server, then you need to create a new hybrid connection for that SQL server name and port (usually 1434). Of course, server name (or IP) could be internal to your environment.

– Finally, you need to download and install on your internal network a Hybrid Connection Listener (a Windows service). It doesn’t have to reside on the same server as your resource which you trying to access from Azure, but it should have access to it. This listener will act as a software router enabling Azure to connect to you on-premises application.

And then, the magic will start to happen: your Azure application will be able to work with your on-premises resource, just like it was on the same network with it. Note that Azure application should keep addressing on-premises resource by its internal server name or IP. Azure will take care of routing traffic through the listener.

Join the discussion