Overview of Windows Azure Connect
Updated: April 25, 2013
The recommended way to implement cross-premises and hybrid scenarios is by using Windows Azure Virtual Network. Please see Windows Azure Virtual Network Overview for more information about Virtual Network.
With Windows Azure Connect, you can use a simple user interface to configure IPsec protected connections between computers or virtual machines (VMs) in your organization’s network, and roles running in Windows Azure. After you configure these connections, role instances in Windows Azure use IP addressing like that of your other networked resources, rather than having to use some form of external virtual IP addressing. Windows Azure Connect makes it easier to do tasks such as the following:
You can configure and use a distributed application that uses roles in Windows Azure (for example, a Web role) together with servers in your organization’s network (for example, a SQL Server and associated network infrastructure). The distributed application could be one that you are reworking to include not only resources in your network, but also one or more Windows Azure roles, such as a Web role.
Many combinations are possible between Windows Azure roles (Web roles, Worker roles, or VM roles) and your networked resources (including servers or VMs for file, print, email, database access, Web communication, collaboration, and so on). Your networked resources can also include legacy systems that are supported by your distributed application.
You can join Windows Azure role instances to your domain, so that you can use your existing methods for domain authentication, name resolution, or other domain-wide maintenance actions. For diagrams that help describe this configuration, first see the basic diagram in Example configuration in Windows Azure Connect, later in this topic, and then see Use Windows Azure Connect When Roles Are Joined to a Domain.
You can remotely administer and debug Windows Azure role instances.
You can easily manage Windows Azure role instances using existing management tools in your network, for example, remote Windows PowerShell or another management interface.
The following diagram shows the elements in an example configuration in Windows Azure Connect. Worker Role 1, Web Role 1, and Web Role 2 are all within one subscription to Windows Azure (although they may be in different services within the subscription). However, only Worker Role 1 and Web Role 1 have been activated for Windows Azure Connect, as shown by the yellow lines around these roles. The role instances in Worker Role 1 are connected to a group of development computers. The yellow dot on each development computer shows that the endpoint software for Windows Azure Connect has been installed. The yellow dotted line around the development computers shows that these computers have been placed into an endpoint group (which is required before the connection can be created). Similarly, role instances in Web Role 1 are connected to an endpoint group that contains databases.
Example configuration in Windows Azure Connect
The following illustration shows the Windows Azure Connect interface:
The following list describes the elements that must be configured for a connection that uses Windows Azure Connect:
Windows Azure roles that have been activated for Windows Azure Connect: To activate a Windows Azure role, ensure that an activation token that you obtain in the Windows Azure Connect interface is included in the configuration for the role. The configuration for the role is handled by a software developer, either directly through a configuration file or indirectly through a Visual Studio interface that is included in the Windows Azure software development kit (SDK). The Visual Studio interface makes it simpler for you or a software developer to provide the activation token and specify other properties for a given role.
Endpoint software installed on local computers or VMs: To include a local computer or VM in your Windows Azure Connect configuration, begin by installing the local endpoint software on that computer. After the endpoint software is installed, the local computer or VM is called a local endpoint.
Endpoint groups (for configuring network connectivity): To configure network connectivity, place local endpoints in groups and then specify the resources that those endpoints can connect to. Those resources can be one or more Windows Azure Connect roles, and optionally, other groups of endpoints. Each local endpoint can be a member of only one endpoint group. However, you can specify that a particular group can connect to endpoints in another group, which expands the number of connections that are possible.