Tunneling Alternative for Teams-bots¶

Exec Summary¶

Tunneling Alternative for Teams-bots (TAFT) is a secure, open-protocol utility that enables traditional Web API/webhook infrastructure to operate over web sockets and Azure Relays.

TAFT allows you to expose a web service, to a public cloud endpoint, such as the Azure Bot Service. Use cases include running a Microsoft Bot service on a private network or a developer's local machine.

Teams application developers often have API services endpoints on their local machines during the development and testing phases. Such an environment presents a problem for testing since Teams is a cloud service and will need access to the local machine resources.

Similar issues arise for bot and other webhook-based services running on a private network.

Some enterprise security teams do not allow third-party solutions such as Ngrok. TAFT is a good alternative in such situations.

Although it was developed as a tunneling alternative for Teams bot development, the pattern has been used in production deployments.

Use Case¶

Customers use TAFT to provide a network path to Web API/webhook resources that are behind a private network. TAFT is an alternative to commercial network tunneling solutions such as Ngrok.

Related Priority Scenarios¶

This pattern isn't industry-specific. However, it has been of interest to industries such as finance and healthcare that have strict information security policies.

Description¶

TAFT supports network load balancing without the need of an extra appliance. The Relay is a cloud service, so it can have many listeners (up to 25). You are only limited to the maximum number of hybrid connections you can add to your Azure Relay Namespace.

The network is load balanced in a round robin fashion. Connectivity is secure without an external VPN.

TAFT is cross platform and can run on Windows, Linux, .NET Platform, Java, Node.js, etc.

Both http(s) and WebSocket connectivity to the Relay are supported.

TAFT is useful for debug scenarios or for more complex situations where the Bot Emulator is not enough. For example, you use the WebChat control hosted on a site and you need to receive ChannelData in your requests.

Repository Location¶

TAFT source code and documentation are available at https://github.com/microsoft/NetPassage.

Related Technologies¶

• .NET Core or Node JS
• Azure Service Bus Relays
• HTTP and WebSockets

Architecture¶

TAFT uses Microsoft Azure Service Bus Relay to tunnel all incoming messages through the Relay's hybrid connections (either Websocket or Http) and to the remotely running (e.g. local) TAFT client utility's listener, as shown in the architecture diagram below: