Is it possible to configure azure service fabric cluster to utilize hybrid connection so that on-prem services can connect to a SF service?
Asked
Active
Viewed 111 times
1 Answers
0
Yes, SF services are just regular processes. As long as the firewall configuration on the nodes allow outbound TCP connections, it should work.
It might not be an ideal solution though, as you're directly connecting with a specific process. (The default way to connect to services from the outside world works by using the load balancer on top of the cluster.) As service instances come and go, your on-prem client will occasionally encounter disconnects. (for example, when the service is upgraded, moved, or crashes)
Here's an example on how to use Relay outside of app services, inside a regular .NET Core app.
LoekD
- 11,402
- 17
- 27
-
Thanks. But isn't the hybrid connection will act as a service bus (relay) between SF service and on-prem service? SF service will talk to hybrid connection over outbound port while on-prem service will do the same. So why a load balancer is needed in between. Also I do not see a way to configure Hybrid connection for SF. I can onyl find this option under App service. So not sure how SF service can detect the hybrid connection. – user15778384 May 05 '21 at 08:07
-
I've updated the answer based on the additional questions in the comments. – LoekD May 06 '21 at 04:56
-
Thanks. Well the relay example you shared is more towards building a new relay app which will reside on on-prem server. While I am looking for a option where I can use already available Hybrid connection agent which just open up any service on specific port to be consumed from SF services. – user15778384 May 06 '21 at 13:37
-
The sample explains how to create both a [client/sender](https://learn.microsoft.com/en-us/azure/azure-relay/relay-hybrid-connections-dotnet-get-started#create-a-client-application-sender) and a [server/listener](https://learn.microsoft.com/en-us/azure/azure-relay/relay-hybrid-connections-dotnet-get-started#create-a-server-application-listener), using Azure Relay. – LoekD May 07 '21 at 05:53
-
Well this still does not answer my query. My use case is: SF reliable service wants to query a OData service running on-premises say https://myodata.com/odata. As the on-premises server only allows outbound connection to internet, no service from other VMs/environments/internet/Azure can access this. So to address this, without doing any major development work, I want to install Hybrid connection manager on on-premises VM so that external services can communicate with this service. But not sure whether SF service can utilize Hybrid connection relay app service? – user15778384 May 23 '21 at 08:09
-
Ah, now I think I get it: [You can not use the App Service hybrid connection](https://learn.microsoft.com/en-us/azure/app-service/app-service-hybrid-connections), but you can use the [Azure Relay](https://learn.microsoft.com/en-us/azure/azure-relay/relay-what-is-it) hybrid connection – LoekD May 25 '21 at 05:15
-
Or the other way could be to create a proxy app (kind of forward proxy) on app services, which can then use hybrid connection out-of-box? does this sounds like a decent solution? – user15778384 May 26 '21 at 11:21
-
No, adding an extra network hop adds an unneeded external dependency. (app service needs to be online before the data service can be called). There's also a performance impact, increased latency and potentially security impact (using the internet to communicate between app service and SF). – LoekD May 27 '21 at 05:05
-
Azure relay will require additional development and deployment on to on-prem environment. I was looking for a solution without any development as such. So it means there is no best possible way without creating a new azure relay service and deploy it on-prem? – user15778384 May 27 '21 at 07:45
-
You could consider using this [tool](https://github.com/Azure/azure-relay-bridge/blob/master/CONFIG.md) to build the connection for you instead of putting the code inside the data service. – LoekD May 27 '21 at 08:30