Windows Azure Application Gateway

Background

I’m not sure when it started, but for a while now I’ve found it hard to just sit and watch TV or a movie with my family. I feel like it doesn’t occupy my mind enough, and I need to be doing something else at the same time. My Surface has come in really handy here – usually if I’m watching something, I’ll be doing something with it at the same time. I’m sure I’m not alone in this.

There’s a lot of stuff going on within my organization, and I like to have a general idea of what everyone is doing. Recently I’ve been spending a lot of time reviewing specs, wireframes and power point presentations from other teams. We make heavy use of SharePoint internally, both the corporate and cloud versions, and that’s generally where I go to find the docs I’m looking for.

I thought I could make good use of my “quality family time in front of the TV” by combining these two activities. However, when I’m at home, accessing the documents I need from my tablet can be tricky. When they are stored in SharePoint Online, I can get to them through my browser, but getting to documents in our internal SharePoint sites is harder because they are behind the corporate firewall. I started searching around for solutions, and came across a new service called the Windows Azure Application Gateway. Microsoft has ways for employees to connect to the corporate VPN on a Surface (using our smartcards), but this new service seemed like a light weight approach and looked interesting.

Windows Azure Application Gateway

clip_image002

The interoperability @ Microsoft blog had a great blog post about this service:

For obvious security reasons, connecting to resources that are behind a firewall usually requires a fairly complex infrastructure such as VPN (Virtual Private Network). The AppGateway demo app is designed to make the process simpler yet highly secured. The mobile app connects to a service on Windows Azure that acts as the proxy to an agent that is running inside the network behind the firewall. Using the Windows Azure Authentication service, the proxy can establish a trusted connection to the agent so that the application on the mobile device can browse web sites that would not be normally accessible outside the corporate network.

The site has an easy to understand explanation of what the service does, and how it works. It was actually what caught my eye… I really like the graphic they use. I call him Mr. Firewall.

clip_image004

The usage scenario they described fit what I was trying to do – there were corpnet resources I wanted to access, but couldn’t access them from home.

clip_image006

Many companies will provide a way to connect to their internal corporate network (for example, DirectAccess or connecting through a VPN). These solutions tend to work fine from a laptop, but might not always work so well for a tablet or phone. Surface RT supports VPN connections, but many corporate networks require some form of custom VPN client or smartcard solution that might make it harder (or more awkward) to use. If your company doesn’t offer a VPN solution, or you’re in a reverse scenario where you want to access your home network while you’re at work, then you might be out of luck.

clip_image008

Their walkthrough graphics got me hooked, and I decided to try it out.

Usage

To use the service, you need to create login with either Windows Azure Active Directory (WAAD) or Office 365. (You can sign up to WAAD for free).

Once you have a login, you can download the connector and install it on your corporate machine (or your home machine, if you’re trying to create a bridge from work to home).

clip_image010

After install, you’ll see an Application Gateway icon in your notification area, and a browser pops up asking you to login and register your connector.

clip_image012

After registration, you get a webpage dashboard on your connector machine, with live tiles.

clip_image014

I like the detailed status window that lets you test your connectivity:

clip_image016

Once your connector is setup, you can use it to access web sites in a few different ways. There are custom iOS and Android client apps available, and on a windows OS (Windows Phone, Surface, PC) you access the Web Client directly using your browser. Here is a screenshot from my Surface RT:

appgateway from surface

Click on the name of your connector, and it brings up a web browser interface. From here you can enter intranet URLs. The data from the site gets passed back through your connector machine and rendered on your device. It’s as if you were directly connected to your network using a VPN.

Conclusion

I’ve just started using the service, but it seems to work great so far. I’m able to browse internal SharePoint sites, and view (and edit) Word/PowerPoint files on my Surface. It hasn’t been out long (it’s still in Preview), so I expect there will be further improvements before it becomes generally available.

A more detailed explanation of how the service works can be found here, and it looks the source code for their Android demo app is available on Github.

Try it out and let the team know what you think!

Leave a Reply

You must be logged in to post a comment.