I found this great video (hat tip to Brian H. Prince and Keith Mayer) that quickly summarizes different ways to connect Azure to an on-premise datacenter. The video is only about 10 minutes long and gives a great high-level view of the different options: https://channel9.msdn.com/Series/Explain/HybridCloud101
Here’s a quick summary of the options:
1. BizTalk hybrid connections: this is a simple, super-easy option to implement that allows Azure to communicate with on-premise without needing to punch holes in your firewall. You simply create a new “hybrid connection” in Azure, which creates a package that you install on your on-premise box.
2. Azure AD application proxy: Azure AD can manage both cloud and on-premise applications. This is great to use for websites with authentication/authorization.
3. Azure Service Bus Relay: this option is for web services only; the web service with your custom code initiates a connection to Azure so they can communicate. You get automatic load-balancing as well as no opening firewall ports, etc.
4. Azure Service Bus Queue: a queue on Azure waits for http requests. Use this when you need queues (brokered messaging).
5. Point-to-site and site-to-site VPN: in these scenarios, you get a full virtual private network (VPN), more than just listening to a port.
6. Express Route: most complex to set up. Create your own pipe directly to Azure that doesn’t go over the internet.