Cloud Computing

Microsoft Adds BT and Verizon As Azure ExpressRoute Partners

Microsoft recently announced partnerships with AT&T, Level 3 and Equinix to introduce a new WAN solution to connect on-premise clouds with Microsoft Azure via Multiprotocol Label Switching (MPLS) networks. It appeared that the rest of the world would enviously watch on as Microsoft focused (once again) on the home market in the USA. Last night, Microsoft announced new partnerships with BT and Verizon.

Connectivity to Microsoft Azure

There are three ways that you can connect to services in Azure: public connection, site-to-site VPN, and Azure ExpressRoute.

Public connection

You can create endpoints in your cloud service(s), which is like punching holes through the Azure firewall into your virtual network(s). This is a publicly accessible connection that you optionally secure.

This option should normally only be used for services that you want to make available to the public. Typical examples would be HTTP or HTTPS services, or maybe RemoteFX (Remote Desktop) for desktop-as-a-service (DaaS). You would not use endpoints for internal or secure communications.

Sponsored Content

What is “Inside Microsoft Teams”?

“Inside Microsoft Teams” is a webcast series, now in Season 4 for IT pros hosted by Microsoft Product Manager, Stephen Rose. Stephen & his guests comprised of customers, partners, and real-world experts share best practices of planning, deploying, adopting, managing, and securing Teams. You can watch any episode at your convenience, find resources, blogs, reviews of accessories certified for Teams, bonus clips, and information regarding upcoming live broadcasts. Our next episode, “Polaris Inc., and Microsoft Teams- Reinventing how we work and play” will be airing on Oct. 28th from 10-11am PST.

Site-to-Site VPN

This is a private and encrypted channel across the public Internet. This option allows you to extend your networking into the virtual network(s) that you deploy within Azure. You can route quite happily between your Azure virtual network(s) and your private on-premise networks without opening up any holes in security boundaries and all data will be secured by the VPN tunnel.

There are some downsides to the site-to-site VPN option. The VPN tunnel traverses the public Internet. That means the stability and bandwidth of the connection is subject to the many variables between your network edge and Microsoft’s data center(s). Try running a tracert between you and an Azure cloud service to see how many ISPs and countries you might hop across!

The other issue affects larger multisite businesses that are deploying internal-facing services in Microsoft Azure instead of a local data center. Imagine that you have 20 branch offices in your WAN. You then have a primary VPN (from Site A) and failover (from Site B) site-to-site VPN connections into Microsoft Azure. Every branch office will route to Microsoft Azure via Site A, and this creates a choke point on your WAN and on the Site A Internet connection.

Using a site-to-site VPN to connect to a Microsoft Azure cloud service
Using a site-to-site VPN to connect to a Microsoft Azure cloud service.

Azure ExpressRoute

ExpressRoute is a new option that enables private connectivity to your cloud services in Microsoft Azure. You can add Azure to an MPLS WAN; your cloud services in Azure appear on the WAN and route like other sites. The choke point is removed, and the reliance on any one or two sites is removed.

using AzureExpress Route To Add Azure To The MPLS WAN
Using AzureExpress Route to add Azure to the MPLS WAN

You can also connect to Azure from an Express Route location. This is a peered service provider or data center.

One interesting scenario that some ExpressRoute partners could offer is the ability to add not just Azure, but also other public clouds or hosted private clouds appear as sites on your WAN. Now that is hybrid cloud computing!

Using an MPLS network gives you a private and secure connection to your services within Azure. But the biggest benefit is that you are now using a managed network that is subject to a service level agreement (SLA) from the ISP. This means that true hybrid cloud computing can be depended upon. Storage that is store remotely will have predictable performance. N-tier applications that span data centers can perform at expected levels without the vagaries of the Internet.

Going International

Up until now there didn’t appear to be any clear statements on the future schedule of ExpressRoute availability for the Microsoft data centers located outside of the United States. However, the BT announcement says that the “service is due to go live in summer 2014 in Europe through direct network connectivity to Microsoft Azure data centres in Dublin and Amsterdam.” This refers to the Europe North (Dublin) and Europe West data centers. They go on to say that this “will be followed by connections in Asia, then by additional locations around the world”.

I would expect that most small/medium enterprises will continue to use site-to-site VPN connectivity into Microsoft Azure. Larger businesses that operate an MPLS WAN will opt to use ExpressRoute assuming that their ISP is a partner, and importantly, both the ISP and Microsoft don’t screw up the pricing.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by: