You are the architect for the ACME shipping group. You are responsible for designing the integration of 2 existing applications at a high level, one app is running on-premises and the other running in Azure. The integration requires a secure connection between the two apps directly, without exposing other resources on-premises or in Azure. Which technology would be the best fit?
Azure relay service is correct as this is far less intrusive, this is used to securely connect hybrid applications which can be scoped to a single application endpoint on a single machine. This connection is seen as peer-to-peer without exposing other elements as VPN would. Site-to-Site VPN will not suffice as this would not create a direct link between the two apps without exposing other resources. Point-to-Site will not suffice as the Azure portion must be linked to a VNet which exposes other resources. NSG’s are used to allow and block traffic, it cannot be used to link hybrid environments, only manage basic firewall rules once the connection is already configured.