Azure Integration PatternsSam Vanhoutte - Codit

Nice to meet youSam VANHOUTTECTO Codit

6 year - BizTalk V-TSP1st year - Integration MVP

sam.vanhoutte@codit.eu+32 474 849 993@SamVanhoutte

be.linkedin.com/in/

samvanhoutte/

> 60 Active integration customers

International Focus - HQ in BEFocused on integration solutions

2000 Belgium2004 France2013 Portugal

60 employees > 50 consultants BizTalk certifiede-news + SoMe

2012 & 2013

Partner of the Year

Award FinalistApplication Integration

And take home the Lumia 1320

Present your feedback form when you exit the last session & go for the drink

Give Me Feedback

Bring the cloud to your enterprise: Integration

serversmainframe databasesapps

Your Data Center

Integration

PartnersSaaSApps

Same problemsdifferent solutions, new challenges

Network latency

Identity Management

Different SLAs

Data SecurityMonitoring

Management

Mobile AccessInterop

Changing schemasServices not Servers

ConnectivityREST-first

Architectural challenges

Operational challenges

Security LatencyStandards & Interop

Hybrid connectivity …

“DevOps”Enterprise procedures SLA’s Monitoring …

Same problemsdifferent solutions, new challenges

Cloud Integration Patterns

Network Integration

Data Integration

Application Integration

Connect and synchronize data between on-prem and cloud

Connect on protocol – network level

Synchronous or asynchronous message communication on application level

NETWORK INTEGRATION

Network integration: Technology overview

• Virtual Networking– Point to Site– Site to Site

• ExpressRoute

• Hybrid connections– (app. integration)

Virtual networking options

Cloud Customer Segment and workloads

Secure point-to-site connectivity

Virtual Network (Point-to-Site)

• Developers• POC Efforts• Small scale deployments• Connect from anywhere

Secure site-to-site VPN connectivityVirtual Network (Site-to-Site)

• SMB, Enterprises• Connect to Azure Compute• IaaS and PaaS workloads

Private site-to-site connectivity

ExpressRoute

• SMB & Enterprises• Mission critical workloads• Backup/DR, Media, HPC• Connect to all hardware

ExpressRoute connectivityMicrosoft AzurePublic services

Microsoft Azure Compute

Azure Edge

Connectivity Provider

Infrastructure

Customer’s network

Customer’s dedicated connection

Traffic to public IP addresses in Azure

Traffic to Virtual Networks in Azure

ExpressRoute connectivity

High throughput

Security

Lower cost

Predictable performanceExpressRoute provides organizations a private, dedicated, high-throughput network connection between Windows Azure datacenters and their on-premises IT environment.

DATA INTEGRATION

Data integration: Technology overview

• Azure Storage– Azure File Service– Table & Blob

storage

• Azure SQL Database– Data Sync– SQL Connectivity

Connect to Azure SQL Database• Through SQL Azure TDS• Local firewall settings

– Outbound connections– TCP port 1433

• SQL database firewall– Provide allowed IP ranges to connect to server– Use sp_set_database_firewall_rule on

database level

SQL Azure Data Sync• Warning! Still in preview… For years

• Powers movement of data– Cloud cloud– On-premises cloud

• Getting data where you need it– Sync SQL Azure instances– Sync SQL Server to SQL Azure– Sync offline apps to SQL Azure– Enable geo-replication of data

Sync

SQL Azur

e

APPLICATION INTEGRATION

Application integration:Technology overview

• Service Bus– Relay Service– Messaging – Notification Hubs

• BizTalk Services– Hybrid Connections– Adapter service– EDI Trading

partners

Service Bus Brokered MessagingPort 9354 outboundPort 5672 for AMQPPort 443 for HTTPS

• Asynchronous / queued processing • Distributed processing• Load leveling / Temporal decoupling• Interoperability through AMQP / REST• Routing of messages

Topic SubSubSub

Service Bus Relay - how it works• Outbound firewall only• Bi-directional

communication patterns• Load-balancing in the

cloud• HTTP or TCP

connectivity• Different security

options

solution. a b

NLB

outbound socket rendezvous

HTTP/SocketForwarder

outbound socket

connect

Ctrl

Ctrl

TCP/SSL or HTTP

BackendNamingRouting

Fabric

FrontendNodes

Firewall friendly? Yes, but…• Only outbound firewall rules needed

– TCP: Ports 9350-9353– HTTP: Ports 80 & 443

• IP range of cloud services change constantly– Don’t block outbound IP addresses– http://bit.ly/15lXMB0

Port configuration #fyi• Outbound TCP (Ports 9350-9353)

– 9350 Unsecured TCP One-way (client)– 9351 Secured TCP One-way (all listeners, secured clients)– 9352 Secured TCP Rendezvous (all listeners except one-way)– 9353 Direct Connect Probing Protocol (TCP listeners with direct

connect)

• Outbound HTTP (Port 80, Listeners)– TCP equivalent tunnel with overlaid TLS/SSL formed over pair of

HTTP requests– Alternate connectivity path if outbound TCP is blocked

• Outbound HTTPS (Port 443, Senders)

Service Bus Relay

Demo – connect to on prem SQL

Hybrid Connections

Web Sites

Mobile Services

Corporate Network

Microsoft SQL Server

Hybrid ConnectionOther published resourcesHybrid Connection

Manager

Hybrid connectionsAccess to on-premises resourcesConnect to SQL Server, Web Services or most other that use TCP or HTTP connectivity

No need to alter the network perimeterDoesn’t require a VPN gateway or Firewall changes to allow incoming trafficApplications have access only to the resource that they requireOutbound connection needed on port 5671

IT maintains control over resourcesSupport for Group Policy and Event/Audit Logging providing Admins control and visibility

Event and Audit loggingIT has insight into resources being accessedIT can use existing infrastructure investments for monitoring and control

Dashboard on Azure portalAccess to connection health, statusWill provide insights on usage and metrics

Hybrid Connections

Demo – migrate web site

BizTalk Services

Database ERPBizTalk Adapter Service

Server Explorer(Visual Studio)

PowerShell CmdLets

Management Service REST API

Lob Relay (Service Host)Lob TargetLob Target

Bridge

Pipeline

V E T E

Messages

Sources

FTP/S

HTTP

SFTP

Destinations

Service Bus

Web Service

FTP/S

HTTP

Blob

BizTalk Services

Demo – connect to SAP or SQL on prem

Hybrid connectivity options

Cloud On-prem Segment and workloads

Quick shift & lift connectivityHybrid Connections

• Migration projects• Mobile & Web sites• TCP/HTTP• Quick & easy set up

Web Service (SOAP/REST) communication

Service Bus Relay

• Custom dev – green field• Web service communication• Loose coupling of components• Load-balancing in the cloud

EAI & B2B connectivityRich messaging

BizTalk Services

• Enterprise customers• Legacy file support (flat file, edi)• Transformation & validation in cloud• Message tracking & archiving

Scenarios

When to use what ?

Local, shielded network

Virtual Networking

VPN device

Site to Site VPN

SOAP

Site to Site VPN, connecting local services and file shares

FTP

IPSec tunnel

Codit Integration Cloud

Local, shielded network

Virtual Networking

VPN device

Site to Site VPN

SOAP

Site to Site VPN, connecting local services and file shares

FTP

IPSec tunnel

Advantages• Connections managed from the cloud• On-premises footprint extremely small• No DMZ deployment needed• Extensible connection service

Reasoning• Minimize network / application impact• Fully outsource solution

Codit Integration Cloud

Belgium

SQL Data Sync

Worker Rolereference data lookup

SQL Data Sync

Feed Azure Database with local SQL reference data for lookups

On prem SQL

SQL Azure Database

" changing the way integration is done "

Belgium

SQL Data Sync

BizTalk Services (bridge enrichment : look up)

SQL Data Sync

Feed Azure Database with local SQL reference data for lookups

On prem SQL

SQL Azure Database

Advantages• Quick to set up• Low latency for data access (same data center)• No changes need to local application

Reasoning• Warning – in preview for years !• Good for caching data in the cloud

Netherlands

Service Bus Relay

BizTalk Adapter Service

Service Bus Relay

REST FILE

Cloud Integration environment, using Service Bus Relay to on-prem

SQL

Cyprus

Cloud Connector

Codit Integration Cloud

Service Bus RelayCloud Integration environment, using Service Bus Relay to on-prem

Advantages• Connections managed from the cloud• On-premises footprint extremely small• No DMZ deployment needed• Extensible connection service

Reasoning• Minimize network / application impact• Fully outsource solution

BizTalk Services

Azure BizTalk Services

On prem ESB

Service Bus Relay

SAP WMS Oracle

FTP, AS2…

Customer moving all B2B to the cloud, relaying to on prem BizTalk

BizTalk Services

Windows Azure BizTalk Services

BizTalk ESB

Service Bus Relay

SAP WMS Oracle

FTP, AS2…

Advantages• Faster set-up of partner connections• One-time firewall set-up• Support for existing mappings & schemas in WABS• No specific DMZ deployment needed

Reasoning• Latency less important for B2B than EAI

Customer moving all B2B to the cloud, relaying to on prem BizTalk

THANK YOU

AND NOW, QUESTIONS?OR DRINKS?

Follow Technet Belgium@technetbelux

Subscribe to the TechNet newsletteraka.ms/benews

Be the first to know

Belgiums’ biggest IT PRO Conference