Non public deployment challanges


We are using your deployment solution across a number of projects and have recently adopted it for a new major client software development.

I have nothing but good things to say from what we’ve done with it so far. Good work!

We are running a continuous deployment process using VS/TFS/Team City delivering Microsoft Stack Web Apps out to our multiple environments and we have come across one issue.

In production, our WCF application layer is not publicly accessible, and therefore we had to think of a few solutions to get code deployed from our internal environment into a secure, non public facing web server.

We discussed a couple options;

  1. Open up the required ports from a specific IP range into the WCF web service layer.

  2. Install a deployment server in the DC, behind the firewalls and then publish to this server using SFTP or some other secure mechanism.

  3. Same as 2 but pull the nuget packages onto the deployment server and not push.

We also discussed a pretty cool alternative, which we wanted to share with you. What about using the Azure Service Bus to create a secure connection from the tentacles and from the deployment server. This would mean that port 80/443 outbound connections could be opened from internal/protected networks from both the development company and the production DC allowing the deployment to function is a secure way, but without masses of firewall configuration as these ports are normally considered to be acceptable for use.

You may have considered this previously, if so this our vote for it. If not and you want to discuss in more detail please let me know. In addition, if you want some help I’d be more than happy to contribute FOC to your project and help you get a proof-of-concept running using the Azure Service Bus.



Hi James,

Thanks for the suggestion, using Azure service bus is a cool idea. I’ve created a Trello item to track this:

This one may also come in handy (and is more likely to be implemented first):