Today after some time I had a chance to play around with the new functionality of the Windows Azure Platform. One thing that interested me a lot was how easy it is actually to deploy an application in a hybrid scenario, which means that a part of the application stays on-premise (in a local environment) and a part of the application is deployed in the Public Cloud.
There are in general 2 options on how to achieve this with Windows Azure Platform:
- Using Windows Azure AppFabric to connect different applications together
- Although this is feasible and really cool, it still requires an application that is based on SOA principles and many times that is not the case, at least not with all of the existing applications;
- Using Windows Azure Connect (Windows Azure Virtual Network)
- This one raised my curiosity, since it seems too good to be true: to be able to easily connect my environment with the public cloud thru a specialized Virtual Private Network (VPN).
So I tried it out and enrolled into the CTP for Windows Azure Connect and off I went. To be honest the whole setup took me less time than to write this blog post, so I guess it is awesomely easy and it works like a charm. And above all it is nicely documented in a Tutorial on the MSDN site.
My scenario was the following: I wanted a simple web application that would be exposed to the outside users, while also in an internal VPN network connected to my local PC (so i.e. you can imagine a web application that reaches out to your on-premise database). Here is the process I used to get to the final result:
- First step was to go to the Azure Management Portal and to get the connectivity token for my project, which is really simple by clicking on the proper toolbar :
- Second step was to create a Windows Azure Web Role Project with Visual Studio 2010 (no issues there, I believe) and to right-click the Web Role, selecting Properties and then Virtual Network (of course you have to install the latest SDK for Windows Azure). You enter the previously acquired token and a section in the configuration file (<connect>) is created for you. I also added a startup task for the role to enable “ping” on the machine as explained in the Tutorial. I did tweak the web site just a bit, so that it was personalized…
- Next step was deployment of the project on the Windows Azure Platform, which is old news to you all.
- Afterwards I have installed the Local Endpoint by clicking on the toolbar (displayed above) and following the link provided. It installed a simple client that looks like the picture below. After it is installed it refreshed the connectivity status regularly (or you can do it manually) and soon it is displayed among the computers you can join together on the Windows Azure Management Portal.
- After the Web Role is deployed and the client software installed, we can create a connectivity group that defines how the computers in our VPN will communicate to one another. It is really simple using Windows Azure Management Portal, you select “Create Group” and add computers to the group:
- In a few minutes time the computers were connected together (you can see the weird designator for the role that was running in the cloud – RD0…..) and I could ping the Web Role (Windows Server 2008 R2 with IIS 7.5 ) like shown below, which means there was IPv6 connectivity enabled between my computer and the Web Role on top of Windows Azure (so any database or other similar scenario would work as well!)
- Final test for me was to try if my Web Role (or My Web Application) could still be easily accessed from the outside (by end users) or does this VPN hinder that experience in any way. Well, it turns out, everything works (and enabling such scenario in an on-premise scenario would be a bit of a pain – especially if you need to do it securely with a server in a DMZ and a connection into secure environment):
And that is basically all there is to it! Really straightforward and working out of the box… Amazing!!!