There are multiple ways to integrate and Azure service to your corporate network like making use of service endpoints, private endpoint connections, subnet delegation, microsoft peering etc. But what if you want to expose your services running in the corporate network to Azure without making any changes to Firewall rules and port mappings etc.?
Microsoft Azure Relay makes this possible by relaying the communication between the azure services and the on-premise services via WebSocket connections. Azure Relay does this without any changes required to your network infrastructure or the opening of ports in a firewall in a secure manner. Azure Relay differs from network-level integration technologies such as VPN. An Azure relay can be scoped to a single application endpoint on a single machine. The VPN technology is far more intrusive, as it relies on altering the network environment.
Relay addresses the technical challenge of communication between on-premise service and the external application which does not reside on the same premise or firewall. It allows on-premise service to expose a public end-point. External applications which are not in the same premise or firewall can be able to access the on-premise service using these endpoints. With the addition of firewalls and private endpoint connections, you can also now create a private link for the relay service on your VNET and access the service without using a public endpoint.
References:
Comments