About Azure Hybrid Connection Manager

Owned by David Eedle
Last updated: Mar 22, 2021 by Theresa Klunk (Deactivated)
2 min read

Microsoft have implemented a solution in Azure, whereby it’s possible for cloud resources (in this scenario, the EdSmart data import integration logic) to communicate with on-premise resources via TCP (e.g. a SQL server behind a school firewall), all without opening any inbound ports.

The approach involves installing a Microsoft-developed piece of software (Hybrid Connection Manager, HCM) on an on-premise computer, which must have the following two things:

  1. Connectivity to the resource you want the cloud solution to talk to, so, for instance, TCP connectivity to your Synergetic SQL server;
  2. Standard outbound HTTPS connectivity to the internet over port 443.

We will provide you with a connection string that authenticates with our cloud Hybrid Connection infrastructure. When you install HCM on a computer within your network, you configure it with that connection string, and HCM then initiates an outbound HTTPS call to our infrastructure, which opens a web socket. This socket is used to relay TCP packets from the cloud back to the on-premise HCM machine, which forwards the TCP packets to the intended resource, receives the response, and then relays the response back to the cloud. In this way, our cloud resources can issue, for instance, SQL queries against your Synergetic database.

The solution only allows TCP traffic, so we can’t use Active Directory logins against the database (as UDP is involved in AD authentication). As such, you would have to provide us with a SQL account that has the necessary permissions to perform the queries on the Synergetic database.

This approach is much more lightweight and far cheaper than creating a VPN or ExpressRoute connection. It has lower performance capabilities than those options, but is more than suitable for the traffic involved in data imports from school SMS systems. it is an approach recommended by Microsoft for scenarios like this.

There is an associated cost of $200 per annum, which is essentially us passing on the cost we get charged by having our Azure infrastructure connect to your HCM instance. 


Related articles: