Skip to content

Instantly share code, notes, and snippets.

@roblesch

roblesch/forwardingservice.md

Last active October 22, 2019 01:21
Show Gist options
  • Save roblesch/f00428c0f23360bb4624e2803c46388e to your computer and use it in GitHub Desktop.
Save roblesch/f00428c0f23360bb4624e2803c46388e to your computer and use it in GitHub Desktop.
Download ZIP
Telemetry Forwarding Investigation
Raw
forwardingservice.md

Telemetry forwarding

We need a service behind a static public IP to communicate telemetry events to Application Insights

Telemetry collection endpoint: https://github.com/microsoft/ApplicationInsights-Home/blob/master/EndpointSpecs/ENDPOINT-PROTOCOL.md

https://dc.services.visualstudio.com/v2/track

Squid Proxy

https://phoenixnap.com/kb/setup-install-squid-proxy-server-ubuntu

https://cloudinfrastructureservices.co.uk/how-to-setup-squid-proxy-cache-in-azure/

Should we use a proxy?

  • Using a proxy changes client SDK implementation
    • To open a tunnel, a proxy expects a HTTP CONNECT request: 
      CONNECT dc.services.visualstudio.com:443 HTTP/1.1
Host: dc.services.visualstudio.com:443
User-Agent: curl/7.64.0
Proxy-Connection: Keep-Alive
  • IP whitelisting is a policy constraint. Should we engineer around a policy constraint?

Proxy pros

  • Easy to set up
  • Minimal maintenance overhead

Proxy cons

  • Client SDK must support proxy (HTTP CONNECT)
  • Security policy concern
  • Requires whitelisting an additional IP
  • Pay for VM

Node.js forwarding service

Forward requests using a minimal express server

Pros

  • Can run on the same machine as signalling
  • Allowed under existing security policy
  • No need to whitelist another IP

Cons

  • Development & maintenance overhead
  • Sharing a machine with signalling doesn't scale
  • Running on its own machine requires whitelisting an additional IP
  • Pay to run on its own machine
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment