The integration proxy service is a Windows Service that runs on the customers infrastructure and acts as a host for the Azure WCF Relay Client.
The Azure Relay service enables you to securely expose services that run in your corporate network to the public cloud. You can do so without making intrusive changes to your corporate network infrastructure.
The relay service supports the following scenarios between on-premises services and applications running in the cloud or in another on-premises environment.
- Traditional one-way, request/response, and peer-to-peer communication
- Event distribution at internet-scope to enable publish/subscribe scenarios
- Bi-directional and unbuffered socket communication across network boundaries.
Azure Relay differs from network-level integration technologies such as VPN. An Azure relay can be scoped to a single application endpoint on a single machine. The VPN technology is far more intrusive, as it relies on altering the network environment.
In the relayed data transfer pattern, the basic steps involved are:
- An on-premises service connects to the relay service through an outbound port.
- It creates a bi-directional socket for communication tied to a particular address.
- The client can then communicate with the on-premises service by sending traffic to the relay service targeting that address.
The relay service then relays data to the on-premises service through the bi-directional socket dedicated to the client. The client doesn't need a direct connection to the on-premises service. It doesn't need to know the location of the service. And, the on-premises service doesn't need any inbound ports open on the firewall.