You need to manually configure port forwarder. (Seem you need to know external IP beforehand). I doubt it could simply work in Azure environment that is behind a load balancer.
Other problems I would ask:
1. Is any long connection required between "Bob" and others? Azure has 1 min idle timeout that may break the protocol. (Not sure, need to check out the Tor implementation but haven't found detailed one)
2. The Tor installation&Configuration on Windows seems is UI based. So I think you need to use VM role. Even you use VM role, probably further configuration is required after moving to Azure. You have to RDP to VM and manually configure. Not a good way
to me. Is there any command that can configure Tor? (Haven't found doc regarding this)
My last question is, is Tor must be used in your requirement? It looks to me a decent solution is there with the help of Service Bus if the requriement is Server should not know the IP of client.
I think there is a difference between a relay and a HSP. The HSP accepts a *.onion address (similar to
duckduckgo.com at 3g2upl4pq6kufc4m.onion ) and doesn't necessarily relay traffic. The issue of a NAT in that specific context might not matter.
Yes, like the service bus, the sender and receiver should be anonymous. Can anyone at MSFT tell me how a comparable ServiceBus configuration would compare to a HSP-based
TOR connection? For example, a .onion address doesn't require DNS at all.. however as far as I know, the ServiceBus requires this.
Some links I'm looking at while I compare TOR against the Service Bus
Can anyone from MSFT assist in comparing the relative security of a TOR Exit Enclave (HSP) vs the Service Bus facilities? Keep in mind that a HSP is quite different than a plain relayed connection, which is often decrypted/sniffed/and hacked. (Attend
any Defcon conference and you'll see that being used as test data)
Correct me if I'm wrong, as I only read little documents about Tor after I see your question:
>For example, a .onion address doesn't require DNS at all..
This is because Tor software installed on your machine act as a resolver, a proxy. It maps the .onion address to the IP of the entry node in the Tor circus that can finally reach hidden server. The key is in the Tor network each node knows nothing about
the client and server IP (except the entry node who knows the IP of client and the exit node who knows the IP of hidden server). While as to Service Bus, logically there is only 1 node (Azure Service Bus) in the middle in the app layer. As a
result this node knows both the client and server IP.
As to client/server, they don't know each other's IP in both Tor and Service Bus scenarios(assume you don't enable direct connection). From security's perspective, it's harder to trace the message in Tor as no individual node knows the complete
path and knows both the hidden service and client IP address.
>Can anyone at MSFT tell me how a comparable ServiceBus configuration would compare to a HSP-based
As they are naturally different there is no a counterpart in Service bus. However, if your requirement is to hide client IP to the server then I think you can use Service Bus to relay the data for you.
>Keep in mind that a HSP is quite different than a plain relayed connection, which is often decrypted/sniffed/and hacked.
If you're talking about end-to-end security it's also possible in Service Bus. You can use message level security to protect your data. In Service Bus as there is only 1 node in the middle some security methods used in Tor may not required.