This topic introduces Hybrid Connections, lists the supported configurations, and lists the required TCP Ports.
Hybrid Connections are a feature of Azure BizTalk Services. Hybrid Connections provide an easy and convenient way to connect Azure Websites and Azure Mobile Services to on-premises resources behind your firewall:
Hybrid Connections benefits include:
TCP-based services that use dynamic ports (such as FTP Passive Mode or Extended Passive Mode) are currently not supported.
Hybrid Connections also provide Enterprise Administrators control and visibility into the corporate resources accessed by hybrid applications, including:
Hybrid Connections support the following framework and application combinations:
When using Hybrid Connections to access on-premises SQL Server, consider the following:
Hybrid Connections use Shared Access Signature (SAS) authorization to secure the connections from the Azure applications and the on-premises Hybrid Connection Manager to the Hybrid Connection. Separate connection keys are created for the application and the on-premises Hybrid Connection Manager. These connection keys can be rolled over and revoked independently.
Hybrid Connections provide for seamless and secure distribution of the keys to the applications and the on-premises Hybrid Connection Manager.
Application authorization is separate from the Hybrid Connection. Any appropriate authorization method can be used. The authorization method depends on the end-to-end authorization methods supported across the Azure cloud and the on-premises components. For example, your Azure application accesses an on-premises SQL Server. In this scenario, SQL Authorization may be the authorization method that is supported end-to-end.
Hybrid Connections require only outbound TCP or HTTP connectivity from your private network. You do not need to open any firewall ports or change your network perimeter configuration to allow any inbound connectivity into your network.
The following TCP ports are used by Hybrid Connections:
|80||HTTP port; Used for certificate validation.|
|5671||Used to connect to Azure. If TCP port 5671 is unavailable, TCP port 443 is used.|
|9352||Used to push and pull data. If TCP port 9352 is unavailable, TCP port 443 is used.|