Things hard and not so hard.... RSS 2.0
# Wednesday, June 22, 2011
So you've got an on-premise WCF Service and you're going to expose the endpoint to the Cloud via ServiceBus.

I'm with a client excited about the prospect of Azure and using ServiceBus for connectivity for our local WCF Services.

Remember ServiceBus is touted as the firewall friend communications mechanism.

Should be pretty easy right? - just follow an article like - http://msdn.microsoft.com/en-us/library/ee732535.aspx

If you are on a Secure Server - i.e. one that doesn't have default open slather access to the internet by default you will fall well short.
(nb: the Azure ServiceBus documentation is a little thin here also. ie no mention whatsoever)

You will get 'can't contact watchdog.servicebus.windows.net' and many others....So....

After much head banging Scotty sat down one rainy day and looked at the full conversation to establish a connection to the cloud via Service Bus

NB: XXXX is your ServiceBus endpoint name you configured in the Azure Management Portal earlier. This endpoint lives in the Azure Singapore Data Center

When ConnectionMode = TCP (Hybrid)
1.       CNAME lookup for watchdog.servicebus.windows.net > returns ns-sb-prod-sn1-001.cloudapp.net
2.       Connect to ns-sb-prod-sn1-001.cloudapp.net (port 9350)
3.       CNAME lookup for XXXX-sb.accesscontrol.windows.net returns ns-ac-prod-sin-001.cloudapp.net
4.       Connect to ns-ac-prod-sin-001.cloudapp.net (port 443)
5.       CNAME lookup for XXXX.servicebus.windows.net returns ns-sb-prod-sin-001.cloudapp.net
6.       Connect to ns-sb-prod-sin-001.cloudapp.net (port 9351)
 
When ConnectionMode = Http
1.       CNAME lookup for XXXX-sb.accesscontrol.windows.net returns ns-ac-prod-sin-001.cloudapp.net
2.       Connect to ns-ac-prod-sin-001.cloudapp.net (port 443)
3.       CNAME lookup for XXXX.servicebus.windows.net returns ns-sb-prod-sin-001.cloudapp.net
4.       Connect to ns-sb-prod-sin-001.cloudapp.net (port 80)
 
Also, when we lock this down to https endpoint step 4 above will be over 443
 
So the complete firewall rules to support both modes should be:
·         watchdog.servicebus.windows.net (9350-9353)
·         ns-sb-prod-sn1-001.cloudapp.net (9350-9353)
·         XXXX-sb.accesscontrol.windows.net (443)
·         ns-ac-prod-sin-001.cloudapp.net (443)
·         XXXX.servicebus.windows.net (80, 443, 9350-9353)
·         ns-sb-prod-sin-001.cloudapp.net (80, 443, 9350-9353)
 
Note the difference between ns-sb-prod-sn1-001.cloudapp.net and the others ns-ac-prod-sin-001.cloudapp.net, ns-sb-prod-sin-001.cloudapp.net

Hopefully you won't get caught out at a client site asking for firewall changes, one at a time as you discover them.

Enjoy,

Mick + big thanks Scotty for the details.

Wednesday, June 22, 2011 12:24:38 PM (AUS Eastern Standard Time, UTC+10:00)  #    Comments [2] -
AppFabricServer | Azure | BizTalk | 2010 | BizTalk Adapter Pack | Tips
Saturday, August 13, 2011 1:08:43 PM (AUS Eastern Standard Time, UTC+10:00)
Gosh, I wish I would have had that inoframiton earlier!
Saturday, August 13, 2011 3:48:24 PM (AUS Eastern Standard Time, UTC+10:00)
You're telling me!!! The documentation isnt that flash in this area either.

Glad it helped you.

Enjoy,

Mick.
Comments are closed.
Archive
<December 2014>
SunMonTueWedThuFriSat
30123456
78910111213
14151617181920
21222324252627
28293031123
45678910
Blogroll
 AppFabric CAT
AppFabric Windows Server Customer Advisory Team - New Blog.
[Feed] BizTalk 2006 - Windows SharePoint Services adapter
BizTalk 2006 Sharepoint adapter!!
 Breeze SharePoint 2010 Bootcamp
Breeze SharePoint 2010 Bootcamp
[Feed] BTS 2006 R2/EDI
[Feed] Chris Vidotto (MS BTS Legend)
Needs no intro....
 Mark Daunt
BTS/SPS/.NET GURU!!!
About the author/Disclaimer

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.

© Copyright 2014
Breeze
Sign In
Statistics
Total Posts: 607
This Year: 11
This Month: 1
This Week: 0
Comments: 270
All Content © 2014, Breeze