I had an idea to access an on-premise source like a database or something else via Azure Functions. There other approaches where you could use Logic Apps and the corresponding gateway to access on-premises system data. But using Logic Apps we relay on connectors and actions and are not as free as using Azure Functions where we can use our own code like C# or other languages. I remembered also a technology called Hybrid Connections which I wanted to figure out what it is all about. If we check the documentation it says:
Hybrid Connections is both a service in Azure and a feature in Azure App Service. As a service, it has uses and capabilities beyond those that are used in App Service. To learn more about Hybrid Connections and their usage outside App Service, see Azure Relay Hybrid Connections.
Within App Service, Hybrid Connections can be used to access application resources in other networks. It provides access from your app to an application endpoint. It does not enable an alternate capability to access your application. As used in App Service, each Hybrid Connection correlates to a single TCP host and port combination. This means that the Hybrid Connection endpoint can be on any operating system and any application, provided you are accessing a TCP listening port. The Hybrid Connections feature does not know or care what the application protocol is, or what you are accessing. It is simply providing network access.
In our case we are going to implement the feature, because Azure Functions is based on the Azure App Service. But what can we do and what can we not achieve with a Hybrid Connection? This is also well documented:
App Service Hybrid Connection benefits
- There are a number of benefits to the Hybrid Connections capability, including:
- Apps can access on-premises systems and services securely.
- The feature does not require an internet-accessible endpoint.
- It is quick and easy to set up.
- Each Hybrid Connection matches to a single host:port combination, helpful for security.
- It normally does not require firewall holes. The connections are all outbound over standard web ports.
- Because the feature is network level, it is agnostic to the language used by your app and the technology used by the endpoint.
- It can be used to provide access in multiple networks from a single app.
Things you cannot do with Hybrid Connections
- Mount a drive.
- Use UDP.
- Access TCP-based services that use dynamic ports, such as FTP Passive Mode or Extended Passive Mode.
- Support LDAP, because it can require UDP.
- Support Active Directory, because you cannot domain join an App Service worker.
Ok this sounds cool and for accessing a SQL database shouldn’t be a problem, because we use TCP only and a fixed port 1433.
So let’s start, first we create a function. Go to Marketplace and kick off the Azure Function App dialog…
I call my App AzS-HybridFunctions, because I want to access data on a system on Azure Stack. Very important here! We must choose the App Service Plan otherwise Hybrid Connection is not available! The rest choose what ever appropriate is for you…
Go to Networking…
…there you should see the following menu. Choose Configure your hybrid connection endpoints…
…the next dialog will appear and we choose Add hybrid connection…
…the next dialog appears and click Create new hybrid connection…
I am going to name my connection as configured in the screenshot. Notice here that I call my endpoint SQL01 and the port 1433…
…we should see the created connection as Not connected…
The next steps will setup the counterpart of the Hybrid Connection. Therefore we click Download connection Manager and copy the source to our target system on-premises…
…as I mentioned I have virtualized on-premises SQL Server 2016 SP2 on which I am going to install the software…
…accept and click Install…
…after a few minutes click Finish. Start the HCM and click Add a new Hybrid Connection…
We need to login with our Azure account…
…we should see the connection in our subscription, select it and click Save…
..the connection will show as Connected…
..,in the Azure portal the connection appears as connected as well…
So far we have laid the foundation for our project. We created the Function App and successfully connected to an on-premises SQL server.
To test the connection endpoint, we can try to ping it. Click on Advanced tools (Kudu)
…and open the Debug console CMD…
…then type tcpping SQL01:1433 or whatever your host/port assignment is. We can successfully ping the SQL Server endpoint…
The last missing part is the function itself. We go back to the Function App and create Timer trigger function…
…I call mine ScheduledFunction and leave the defaults…
…next we need to set the connection string for our SQL Server. Go to the application settings of the Function App…
…the value looks like this…
Server=tcp:SQL01,1433;Initial Catalog=master;Persist Security Info=False;User ID=[user];Password=[password];MultipleActiveResultSets=False;Encrypt=True;TrustServerCertificate=True;Connection Timeout=30;
…we need to set TrustServerCertificate=True otherwise we will receive an error that the certificate is not trusted. For our test case it does not matter. Finally we add the function code…
This function will run every 5 minutes and output the SQL Server version…
…as we can see it works as expected.
Conclusion:
It is very easy to create a P2P connection using Hybrid Connections. Having functions in place let’s us very easily use the Hybrid Connection to access data from on-premises servers. Keep in mind there are restrictions and limitations, but I am sure it will help in many cases to test certain scenarios.
A very clean concise explanation, loved it. Bookmarked it. Unfortunately it didn’t work.
You show a method to post comment, I don’t see a method to read comment. That might help.
I was given the info:
I verified our existing Hybrid Connections in Azure to see their connection properties. Mine is as follows:
HYBRID CONNECTION NAME 123
ENDPOINT HOST 123.4.com
ENDPOINT PORT 1433
SERVICE BUS NAMESPACE VendorSetup
NAMESPACE LOCATION Central US
HYBRID CONNECTION MANAGERS 1 connected
I can tcpping 123.4.com:1433 as per your instruction but I can’t get my function app to connect. Status still shows not connected. Any Ideas?
In Azure, the ‘Download Connection Manager’ link gets a 404 error, and I had to download a version of it from here: https://www.microsoft.com/en-ca/download/details.aspx?id=42962, which seems like a old version of the software and I cannot find the HCM Screen as shown above. I am only prompted for the End Point string during install. My Hybrid Connection is not connected. Finding information on this is difficult and sparse.