什么是 Azure 中继?What is Azure Relay?

使用 Azure 中继服务可以安全地在公有云中公开企业网络中运行的服务。The Azure Relay service enables you to securely expose services that run in your corporate network to the public cloud. 无需打开防火墙上的端口或者对企业网络基础设施进行彻底的改造就能实现此目的。You can do so without opening a port on your firewall, or making intrusive changes to your corporate network infrastructure.

中继服务支持在本地服务与云中或其他本地环境中运行的应用程序之间使用以下方案。The relay service supports the following scenarios between on-premises services and applications running in the cloud or in another on-premises environment.

  • 传统的单向请求/响应式通信和对等通信Traditional one-way, request/response, and peer-to-peer communication
  • Internet 范围的事件分发,实现发布/订阅方案Event distribution at internet-scope to enable publish/subscribe scenarios
  • 跨网络边界的双向无缓冲套接字通信。Bi-directional and unbuffered socket communication across network boundaries.

Azure 中继不同于 VPN 等网络级集成技术。Azure Relay differs from network-level integration technologies such as VPN. Azure 中继的范围可以限定于一台计算机上的单个应用程序终结点。An Azure relay can be scoped to a single application endpoint on a single machine. VPN 技术的侵入性更强,因为它依赖于对网络环境的改造。The VPN technology is far more intrusive, as it relies on altering the network environment.

基本流程Basic flow

在中继数据传输模式下,涉及的基本步骤如下:In the relayed data transfer pattern, the basic steps involved are:

  1. 本地服务通过出站端口连接到中继服务。An on-premises service connects to the relay service through an outbound port.
  2. 该服务创建双向套接字,以便专门为特定的地址进行通信。It creates a bi-directional socket for communication tied to a particular address.
  3. 然后,客户端可以通过将流量发送到针对该地址的中继服务来与本地服务通信。The client can then communicate with the on-premises service by sending traffic to the relay service targeting that address.
  4. 中继服务接着通过客户端专用的双向套接字将数据中继到本地服务。The relay service then relays data to the on-premises service through the bi-directional socket dedicated to the client. 客户端不需要与本地服务建立直接连接。The client doesn't need a direct connection to the on-premises service. 它不需要知道该服务的位置。It doesn't need to know the location of the service. 另外,本地服务不需要在防火墙中打开任何入站端口。And, the on-premises service doesn't need any inbound ports open on the firewall.

功能Features

Azure 中继具有两项功能:Azure Relay has two features:

  • 混合连接 - 使用开放标准 Web 套接字,实现多平台方案。Hybrid Connections - Uses the open standard web sockets enabling multi-platform scenarios.
  • WCF 中继 - 使用 Windows Communication Foundation (WCF) 实现远程过程调用。WCF Relays - Uses Windows Communication Foundation (WCF) to enable remote procedure calls. WCF 中继是传统的中继产品,很多客户已在其 WCF 编程模型中使用。WCF Relay is the legacy relay offering that many customers already use with their WCF programming models.

混合连接Hybrid Connections

Azure 中继的混合连接功能是以往的中继功能的安全开放协议演进。The Hybrid Connections feature in Azure Relay is a secure, and open-protocol evolution of the Relay features that existed earlier. 可在任何平台中以任何语言使用此功能。You can use it on any platform and in any language. Azure 中继的混合连接功能基于 HTTP 和 WebSocket 协议。Hybrid Connections feature in Azure Relay is based on HTTP and WebSockets protocols. 此功能允许通过 Web 套接字或 HTTP(S) 发送请求和接收响应。It allows you to send requests and receive responses over web sockets or HTTP(S). 此功能与常用 Web 浏览器中的 WebSocket API 兼容。This feature is compatible with WebSocket API in common web browsers.

有关混合连接协议的详细信息,请参阅混合连接协议指南For details on the Hybrid Connection protocol, see Hybrid Connections protocol guide. 可将混合连接与任何运行时/语言的任何 Web 套接字库配合使用。You can use Hybrid Connections with any web sockets library for any runtime/language.

Note

Azure 中继的混合连接取代了 BizTalk 服务的旧式混合连接功能。Hybrid Connections of Azure Relay replaces the old Hybrid Connections feature of BizTalk Services. BizTalk 服务的混合连接功能构建在 Azure 服务总线 WCF 中继的基础之上。The Hybrid Connections feature in BizTalk Services was built on the Azure Service Bus WCF Relay. Azure 中继的混合连接功能对现存的 WCF 中继功能做了补充。The Hybrid Connections capability in Azure Relay complements the pre-existing WCF Relay feature. 这两项服务功能(WCF 中继和混合连接)在 Azure 中继服务中并存。These two service capabilities (WCF Relay and Hybrid Connections) exist side-by-side in the Azure Relay service. 它们共享一个公用网关,但实现方式有所不同。They share a common gateway, but are otherwise different implementations.

WCF 中继WCF Relay

WCF 中继适用于整个 .NET Framework 和 WCF。WCF Relay works with the full .NET Framework and for WCF. 可以使用一套 WCF“中继”绑定在本地服务与中继服务之间建立连接。You create a connection between your on-premises service and the relay service using a suite of WCF "relay" bindings. 中继绑定将映射到新的传输绑定元素,这些元素旨在创建与云中服务总线集成的 WCF 通道组件。The relay bindings map to new transport binding elements designed to create WCF channel components that integrate with Service Bus in the cloud. 有关详细信息,请参阅 WCF 中继入门For more information, see getting started with WCF Relay.

混合连接与WCF 中继Hybrid Connections vs. WCF Relay

使用混合连接和 WCF 中继都能与企业网络中的资产建立安全连接。Hybrid Connections and WCF Relay both enable secure connection to assets that exist within a corporate network. 哪一种功能更好将取决于具体的需求,如下表中所述:Use of one over the other depends on your particular needs, as described in the following table:

WCF 中继WCF Relay 混合连接Hybrid Connections
WCFWCF xx
.NET Core.NET Core xx
.NET Framework.NET Framework xx xx
Java script/Node.JSJava script/Node.JS xx
基于标准的开放协议Standards-Based open protocol xx
RPC 编程模型RPC programming models xx

体系结构:处理传入中继请求Architecture: Processing of incoming relay requests

下图演示了 Azure 中继服务如何处理传入的中继请求:The following diagram shows you how incoming relay requests are handled by the Azure Relay service:

处理传入 WCF 中继请求

  1. 侦听方客户端将侦听请求发送到 Azure 中继服务。Listening client sends a listening request to the Azure Relay service. Azure 负载均衡器将请求路由到某个网关节点。The Azure load balancer routes the request to one of the gateway nodes.
  2. Azure 中继服务在网关存储中创建中继。The Azure Relay service creates a relay in the gateway store.
  3. 发送方客户端发送连接侦听方服务的请求。Sending client sends a request to connect to the listening service.
  4. 收到请求的网关在网关存储中查找中继。The gateway that receives the request looks up for the relay in the gateway store.
  5. 网关将连接请求转发到网关存储中提到的适当网关。The gateway forwards the connection request to the right gateway mentioned in the gateway store.
  6. 网关将请求发送到侦听方客户端,让该客户端与最靠近发送方客户端的网关节点建立临时通道。The gateway sends a request to the listening client for it to create a temporary channel to the gateway node that's closest to the sending client.
  7. 侦听客户端会创建一个临时通道,通往最靠近发送客户端的网关。The listening client creates a temporary channel to the gateway that's closest to the sending client. 通过网关在客户端之间建立连接以后,客户端就可以彼此交换消息了。Now that the connection is established between clients via a gateway, the clients can exchange messages with each other.
  8. 网关将来自侦听客户端的任何消息转发到发送客户端。The gateway forwards any messages from the listening client to the sending client.
  9. 网关将来自发送客户端的任何消息转发到侦听客户端。The gateway forwards any messages from the sending client to the listening client.

后续步骤Next steps