Skip to main content


Azure: Did You Know? Hybrid Connections as VPN Alternative

hybrid2In real life cloud deployment scenarios one of the very common cases is when only part of the application resides in the cloud. Usually, it’s when there is a legacy system which can’t be migrated to the cloud and resides on premises, or it’s not optimal to deploy entire system to the cloud. After all, cloud is not an answer to every question. In this case, these is a need to establish a connection between parts of the applications which are deployed in Azure (for example, a web site), and parts which reside on premises (for example, a mainframe).

There are more than one way of connecting Azure resources to on-premises application. The most obvious is a VPN (Azure ExpressRoute) between Azure cloud and on-premises (or co-located) environment. It’s fast, solid, but not exactly cheap (see
Then there is an alternative way: Azure Hybrid connections: which also allows application deployed in Azure to access applications on premises. And, unlike VPN, it’s free. In essence, setting up Azure Hybrid connection requires the following steps:
– You need to set up new BizTalk service in Azure portal (or piggy-back on existing BizTalk service if you have one already)
– You need to configure new Hybrid Connection in Azure portal. Each hybrid connection needs to be specific to on-premises server and port number. For example, if you have on-premises SQL server, then you need to create a new hybrid connection for that SQL server name and port (usually 1434). Of course, server name (or IP) could be internal to your environment.
– Finally, you need to download and install on your internal network a Hybrid Connection Listener (a Windows service). It doesn’t have to reside on the same server as your resource which you trying to access from Azure, but it should have access to it. This listener will act as a software router enabling Azure to connect to you on-premises application.
And then, the magic will start to happen: your Azure application will be able to work with your on-premises resource, just like it was on the same network with it. Note that Azure application should keep addressing on-premises resource by its internal server name or IP. Azure will take care of routing traffic through the listener.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Stan Tarnovskiy

Solutions Architect at Perficient

More from this Author

Follow Us