Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET Coming Soon: GET:IT Endpoint Management 1-Day Conference on September 28th at 9:30 AM ET
Cloud Computing

Microsoft Adds BT and Verizon As Azure ExpressRoute Partners

Microsoft recently announced partnerships with AT&T, Level 3 and Equinix to introduce a new WAN solution to connect on-premise clouds with Microsoft Azure via Multiprotocol Label Switching (MPLS) networks. It appeared that the rest of the world would enviously watch on as Microsoft focused (once again) on the home market in the USA. Last night, Microsoft announced new partnerships with BT and Verizon.

Connectivity to Microsoft Azure

There are three ways that you can connect to services in Azure: public connection, site-to-site VPN, and Azure ExpressRoute.

Public connection

You can create endpoints in your cloud service(s), which is like punching holes through the Azure firewall into your virtual network(s). This is a publicly accessible connection that you optionally secure.

This option should normally only be used for services that you want to make available to the public. Typical examples would be HTTP or HTTPS services, or maybe RemoteFX (Remote Desktop) for desktop-as-a-service (DaaS). You would not use endpoints for internal or secure communications.

Sponsored Content

Say Goodbye to Traditional PC Lifecycle Management

Traditional IT tools, including Microsoft SCCM, Ghost Solution Suite, and KACE, often require considerable custom configurations by T3 technicians (an expensive and often elusive IT resource) to enable management of a hybrid onsite + remote workforce. In many cases, even with the best resources, organizations are finding that these on-premise tools simply cannot support remote endpoints consistently and reliably due to infrastructure limitations.

Site-to-Site VPN

This is a private and encrypted channel across the public Internet. This option allows you to extend your networking into the virtual network(s) that you deploy within Azure. You can route quite happily between your Azure virtual network(s) and your private on-premise networks without opening up any holes in security boundaries and all data will be secured by the VPN tunnel.

There are some downsides to the site-to-site VPN option. The VPN tunnel traverses the public Internet. That means the stability and bandwidth of the connection is subject to the many variables between your network edge and Microsoft’s data center(s). Try running a tracert between you and an Azure cloud service to see how many ISPs and countries you might hop across!

The other issue affects larger multisite businesses that are deploying internal-facing services in Microsoft Azure instead of a local data center. Imagine that you have 20 branch offices in your WAN. You then have a primary VPN (from Site A) and failover (from Site B) site-to-site VPN connections into Microsoft Azure. Every branch office will route to Microsoft Azure via Site A, and this creates a choke point on your WAN and on the Site A Internet connection.

Using a site-to-site VPN to connect to a Microsoft Azure cloud service
Using a site-to-site VPN to connect to a Microsoft Azure cloud service.

Azure ExpressRoute

ExpressRoute is a new option that enables private connectivity to your cloud services in Microsoft Azure. You can add Azure to an MPLS WAN; your cloud services in Azure appear on the WAN and route like other sites. The choke point is removed, and the reliance on any one or two sites is removed.

using AzureExpress Route To Add Azure To The MPLS WAN
Using AzureExpress Route to add Azure to the MPLS WAN

You can also connect to Azure from an Express Route location. This is a peered service provider or data center.

One interesting scenario that some ExpressRoute partners could offer is the ability to add not just Azure, but also other public clouds or hosted private clouds appear as sites on your WAN. Now that is hybrid cloud computing!

Using an MPLS network gives you a private and secure connection to your services within Azure. But the biggest benefit is that you are now using a managed network that is subject to a service level agreement (SLA) from the ISP. This means that true hybrid cloud computing can be depended upon. Storage that is store remotely will have predictable performance. N-tier applications that span data centers can perform at expected levels without the vagaries of the Internet.

Going International

Up until now there didn’t appear to be any clear statements on the future schedule of ExpressRoute availability for the Microsoft data centers located outside of the United States. However, the BT announcement says that the “service is due to go live in summer 2014 in Europe through direct network connectivity to Microsoft Azure data centres in Dublin and Amsterdam.” This refers to the Europe North (Dublin) and Europe West data centers. They go on to say that this “will be followed by connections in Asia, then by additional locations around the world”.

I would expect that most small/medium enterprises will continue to use site-to-site VPN connectivity into Microsoft Azure. Larger businesses that operate an MPLS WAN will opt to use ExpressRoute assuming that their ISP is a partner, and importantly, both the ISP and Microsoft don’t screw up the pricing.

Related Topics:

Aidan Finn, Microsoft Most Valuable Professional (MVP), has been working in IT since 1996. He has worked as a consultant and administrator for the likes of Innofactor Norway, Amdahl DMR, Fujitsu, Barclays and Hypo Real Estate Bank International where he dealt with large and complex IT infrastructures and MicroWarehouse Ltd. where he worked with Microsoft partners in the small/medium business space.
Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: