Azure Service Bus Relay

Service Bus Relay (SBR) enables you to protect and store sensitive data on premises but still have it accessible to other components running in the cloud. SBR is a Microsoft technology that provides a safe, secure and easy way to integrate your pubic cloud solution with a web service running in a private cloud environment. The real strength of the technology is it does not require any special port, firewall or security rules to run. Because of this, businesses can quickly expose an internal service externally without opening themselves up to any new attack vectors.

How it Works

How it works is architecturally less complex than expected. In the figure below you can see an example of how to setup a hybrid cloud using Azure Service Bus Relay.

Figure  - Service Bus Relay Architecture Diagram Figure Source: (Manheim, 2015)

In the figure, there is an application running in the cloud that is talking to a backend WCF Service running on premises. This is enabled by the service bus relay. How it works is the cloud app points to your service bus relay endpoint when making the call. The relay then connects with the WCF Service, which has already established a connection to the relay via NetTcpRelayBinding. The NetTcpRelayBinding “supports two connection modes, specified by the ConnectionMode property: Hybrid and Relayed. In Hybrid connection mode, communication is relayed through the Service Bus infrastructure while the client and service endpoints negotiate a direct socket connection to each other” (Microsoft, 2015). In addition to this, the communication over those channels is secured via SSL.

Setting Up Service Bus Relay

Configuring your application to use service bus relay and connecting an existing on premises service to the relay is easy. The steps are as follows:

  1. Create a service namespace
  2. Obtain the default management credentials for the namespace
  3. Get the Service Bus NuGet package
  4. Use Service Bus to expose and consume a SOAP web service with TCP
  5. Configure a service host programmatically or via the configuration file
  6. Configure a client programmatically or via the configuration file (Manheim, 2015 - More Detail)

Once this is setup and you have the service running it should show up in your Windows Azure dashboard.

Advantages of Service Bus Relay

There are several advantages using Service Bus Relay, which include:

  • No Security, port or firewall configuration to get up and running.
  • Connections to the relay are outbound on both ends, not opening up doors to intruders.
  • SSL over TCP secures communication by default between client and server.
  • Easy to setup from service standpoint, just another endpoint to setup in the service host.
  • Service and data are hosted securely on a private server.
  • Authentication and Authorization to the service through the relay is easily configurable.

If your organization has an internal service that you want to securely expose to an external application or partner, I suggest trying service bus relay. It will give you a foray into the cloud while letting the enterprise retain full control of the data and service.

Disadvantages of Service Bus Relay

There are also several disadvantages to Service Bus Relay. It may not always be the right solution for every problem.

  • Shared Key needs to be protected, single point of breach.
  • Potentially adding latency to system since adding an additional hop and the on premises service probably not geo-replicated.
  • On premises service doesn’t gain the advantages of being hosted on the cloud (scalability, reliability, etc).
  • On premises service could be single point of failure, needs to be redundant, load balanced, etc.

In conclusion, there are several advantages and disadvantages to this approach. If you are comfortable with storing your data in the public cloud and can port your existing WCF service to it then you would be better off using a pure approach. Feel free to leave a comment or check out the links above for additional information.