The Azure Relay Service facilitates your hybrid applications by enabling you to securely expose services that reside within a corporate enterprise network to the public cloud, without having to open a firewall connection or require intrusive changes to a corporate network infrastructure.
Hybrid Cloud and On-Premise Connectivity
- Relay facilitates secure connectivity without the requirement of an external VPN.
- Data can reside anywhere in any of the on premise data centers
- Network load balancing is done in round robin fashion, without the requirement of an external appliance.
- Supports both one way and duplex communications.
Connect on-premises applications via the cloud
Relay addresses the technical challenge of communication between on-remise service and the external application which does not reside on the same premise or firewall. It allows on-premise service to expose a public end-point. External applications which are not in the same premise or firewall can be able to access the on-premise service using these endpoints.
High Availability for On-Premise Services
Relay allows for registering multiple listeners to a single public relay endpoint. This provides a framework for both performance and availability without complex application logic or a costly networking appliance.
Relay Namespace
A Relay Namespace provides a scoping container for addressing Relay resources within your application. Creating one is necessary to use Relay and will be one of the first steps in getting started. A Relay namespace name can only be between 6 and 50 characters in length. You can have 10,000 Relay endpoints per service namespace. Relay also supports DNS whitelisting. The Relay client makes connections to the Relay service using fully qualified domain names. This enables customers to add an entry for *.servicebus.windows.net on firewalls that support DNS whitelisting.
Prerequisites
Azure account; if you do not have it, start a free trial here.
Follow the below steps to create the Azure Relay Namespace
- Login to Azure portal.
- Click on ‘+’ sign to create a new Azure Relay Namespace.
- Click on Relay.
![]()
- Fill the Create Namespace form -> Enter Namespace name(should be universally unique), Choose the appropriate subscription, select the resource group, select the datacentre location
![]()
- Click create button, this will redirect to the Relay Namespace overview screen
![]()
- You will notice “+ Hybrid Connection” , “+WCF Relay” these are two Relay offerings from Azure Relay.
Azure Relay Services
- Hybrid Connections
Uses the open standard web sockets enabling multi-platform scenarios.
- WCF Relays
Uses Windows Communication Foundation (WCF) to enable remote procedure calls. WCF Relay is the legacy Relay offering that many customers may already use with their WCF programming models.
WCF Relay
Using WCF Relay, you can initiate the connection between your on-premises service and the relay service using the WCF relay bindings. In the background, the relay bindings map to the new transport binding elements designed to create WCF channel components that integrate with Service Bus in the cloud. It is still a firewall friendly proprietary protocol which is dependent on WCF and .NET platform.
Follow the below steps to create a WCF Relay under Azure Relay Namespace
- Click on “+ WCF Relay”
![]()
- Enter the WCF Relay name and choose the relay type. Here, I have opted for NetTcp relay.
- On click, the "Create" button will create a new WCF Relay under the Relay Namespace.
![]()
Relay Hybrid Connections
Earlier, Service Bus Relay belongs to Azure Service Bus offering, a firewall friendly proprietary protocol which had the dependency on WCF and .Net platform.
Hybrid Connections are a feature of Azure BizTalk Services. Hybrid Connections provide an easy and convenient way to connect the Web Apps feature in Azure App Service and the Mobile Apps feature in Azure App Service to on-premises resources behind your firewall. It has port forwarding per connection and is dependent on windows agent.
The Azure Relay Hybrid Connections is a secure, open-protocol evolution of the existing Azure Relay features that can be implemented on any platform and in any language that has a basic WebSocket capability, which explicitly includes the WebSocket API in common web browsers. Hybrid Connections is based on HTTP and WebSockets.
It is cross platform and supports .NET Core. Java can be executable on Linux platform as well. It is completely based on Azure Resource Manager, so it is only available at New Azure portal. It does not have any dependency on WCF.
It provides network load balancing without the need of additional appliance. As the Relay resides at the cloud environment, we can have multiple listeners, the network will be load balanced based on round robin fashion, and you get a secured connectivity without requiring any external VPN.
Altogether, an interesting thing is that it is hybrid and supports cross platform and it can run on Windows, Linux, .Net Platform, Java, node.js etc. You can perform multi cast with Hybrid Connections Relay but the total number of listeners is limited to 25 listeners.
Follow the below steps to create a WCF Relay under Azure Relay Namespace
- Click on “+ Hybrid Connection”.
![]()
- Enter the Hybrid Connection Relay name.
- On click Create button will create a new Hybrid Connection Relay under the Relay Namespace.
![]()
Relay Namespace will have a list of newly created WCF Rely and Hybrid Connection.
Relay Listener and Limitations
A Relay may have multiple connected listeners and it is considered to be “open” when at least one Relay listener is connected to it. Adding additional listeners to an open Relay will result in additional relay hours.
A Relay must have at least one active listener for any sender to send the message. There can be a maximum of 25 listeners on a single relay.
Message size for NetOnewayRelayBinding and NetEventRelayBinding relays is 64 KB. There is no limitation for the message size for HttpRelayTransportBindingElement and NetTcpRelayBinding relays
You can use PowerShell commands to move a Relay namespace from one Azure subscription to another. In order to execute the operation, the namespace must already be active. Also, the user executing the commands must be an administrator on both the source and target subscriptions.
The following sequence of commands moves a namespace from one Azure subscription to another. To execute this operation, the namespace must already be active, and the user running the PowerShell commands must be an administrator on both the source and target subscriptions.
- # Create a new resource group in target subscription
- Select-AzureRmSubscription -SubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff'
- New-AzureRmResourceGroup -Name 'targetRG' -Location 'East US'
- # Move namespace from source subscription to target subscription
- Select-AzureRmSubscription -SubscriptionId 'aaaaaaaa-aaaa-aaaa-aaaa-aaaaaaaaaaaa'
- $res = Find-AzureRmResource -ResourceNameContains mynamespace -ResourceType 'Microsoft.ServiceBus/namespaces'
- Move-AzureRmResource -DestinationResourceGroupName 'targetRG' -DestinationSubscriptionId 'ffffffff-ffff-ffff-ffff-ffffffffffff' -ResourceId $res.ResourceId
Conclusion
Introduction of WCF Relay and Hybrid Connection in Azure Relay namespace is an extended capability for the existing Relay. WCF is a firewall friendly proprietary protocol which is dependent on WCF and .NET platform. The Azure Relay Hybrid Connections is a secure, open-protocol evolution of the existing Azure Relay features that can be implemented on any platform and in any language that has a basic WebSocket capability. Introduction of Hybrid Connection Relay focusses on to support multiple platform and programming languages.