Microsoft Azure Hybrid Architectures
Some of the real power of Microsoft Azure is in hybrid architectures. Not only can you combine the power of PaaS and IaaS resources where it makes sense, you can also add these resources as an extension of your corporate environment. Microsoft recently added a new method for connecting Azure Web Sites and Azure Mobile Services to on-premises resources with a preview feature called Hybrid Connection.
Unlike other methods of connecting the corporate environment to Azure, Hybrid Connection doesn’t require changes to VPN gateways or incoming firewall port rules. Yet, it enables a secure TCP connection to services such as SQL server, MySQL and HTTP Web APIs. Not only that, but it allows Azure Web Sites or Mobile Services to access on-premises resources in the same manner they would if they were on-site. The connection strings don’t change!
Microsoft did a great job documenting the process and how it works, and you can read about that here.
I want to address one of the questions I’ve heard, “Why you would want to do this?”
Microsoft is clearly enabling developers to work more easily and without the barriers that can sometimes be put in place by traditional IT infrastructures. Some may see this as “going around IT” or perhaps endangering the security of an organization, but I don’t agree. The Hybrid Connection feature can actually reduce the attack surface as it only allows access to a specific service and port from Azure. Also, Microsoft did the right thing by enabling Enterprise Administrators the ability to manage the feature through group policy as well as logging. I believe that as IT organizations embrace technologies that enable their users and developers to be more nimble, they can increase the security of the organization. Empowered users won’t need to circumvent policy or find workarounds. IT departments must continue to do their due diligence around security, but it doesn’t have to be at odds with innovation.