Looking to establish a presence in Azure?

Direct connection to Azure through Microsoft ExpressRoute.

Written by Aram Sadeghi.

One of the key items in the shopping basket of businesses considering the move to the cloud or expanding their existing tenancy, is the connecting link between their infrastructure and the cloud.

In today’s topic, I am going to briefly cover a dedicated circuit, used to connect Azure customers to Microsoft cloud.

One of the most commonly used and easiest way to connect is using VPN.

We all know VPN and the numerous advantageous it has brought to the IT world by making end-to-end communication safer and cheaper to run.

Can we therefore conclude VPN connection to Azure is the right solution for business?

In my view, it certainly can and does provide some great benefits, however as with anything in life, it does come with some disadvantageous.

Whilst some might argue that internet is reliable, hence VPN can be seen as a reliable connection, in my view this is not the case. As a home user or a typical user browsing the internet you may not notice issues that commonly happen, which can be a nightmare for an organisation running business processes.

An example of this is would be whilst streaming a video, the video is progressively downloaded with most streaming platforms in advance thus if there is a hiccup, this might not be noticed by the end user.

Compare this with a business that is running hundreds of SQL queries or other tasks that are latency sensitive, what happens when there is a hiccup?

Well, loss of revenue, damage to reputation and the list goes on.

One of the key benefits for most organisations is the predictability of the circuit.

You can expect a stable and reliable latency in addition to throughput using ExpressRoute, also known as ER.

This becomes even more important when businesses have a hybrid model where part of the infrastructure in the cloud needs to communicate with an on-premise on latency sensitive application.

This is in comparison with traditional model of connecting to Azure using VPN where there is no guarantee on reliability of the circuit as it is crossing public network.

Another key item on the list is the support. As an enterprise, you will need to ensure that you can escalate any issues you have between two end points and any underlying infrastructure is supported by a business Service Level Agreement.

Often if you have any problems with VPN, it is quite difficult to troubleshoot it due to no visibility or in fact supportability of the underlying infrastructure.

One can still troubleshoot and debug any issues to the egress point of their infrastructure which is fine, however how about hops between egress and Microsoft?

This can quite easily be a blocker for most business as it is not possible to make the move towards cloud without having proper support on the transit link thus supporting the criticality of implementing an ER circuit.

There are also other advantageous to deploying ER:

  • Dynamic bandwidth scaling
  • Robust failover options
  • Dynamic routing

I am going to cover other aspects of ER in future posts so watch out this space.

If you are interested to know more or have any arising questions, drop us a message on the contact us section of the website and we will come back to you as soon as we can. Alternatively, drop Aram an e-mail direct at aram.sadeghi@coreazure.com.

Aram Sadeghi, Network Practice Lead, CoreAzure.


Speed Matters Workshop: Quickly Migrate to Azure

Secure your place at our workshop here.

Moving to the Cloud can often be a complex and time-consuming process. That’s why CoreAzure have partnered with Velostrata to make the transition to Cloud as simple and as quick as possible. Unlike replication-based approaches, Velostrata has an agentless platform that moves applications to the Cloud in just a matter of minutes.

Our solution enables accelerated Cloud migration and workload mobility with speed, scale, simplicity, and perhaps most importantly, safety. The software is easy to deploy and manage, and can significantly reduce the risks associated with migration.        

Are you interested in finding out more about how you can migrate workloads to Azure in minutes not days? Join CoreAzure, with guest speakers from CoreAzure and Velostrata on the 1st August for an afternoon workshop and discover how we can simplify and accelerate the process of migrating to Azure. The session will also feature a live demo on how to use our solution to migrate workloads to Azure in just a matter of minutes.

This is your opportunity to share and discuss, with the Cloud specialists, the pros and cons, and any concerns that you may have about migrating to Azure. The objective is to leave you with an understanding of how you can use Azure Virtual Machines for a wide range of computing solutions and realise the benefits of Cloud computing.


    • 12:30-1:30pm – Welcome & Lunch
    • 1:30-2:00pm – Introduction to CoreAzure & Velostrata
    • 2:00-2:45pm – Challenges in migrating to the Cloud
    • 2:45-3:00pm – Break
    • 3:00-4:00pm – Live Demonstrations
    • 4:00-4:30pm – Q&A with CoreAzure & Velostrata
    • 4:30-5:00pm – Wrap-up & Close
    • 5:00pm-onwards – Drinks

 Key Information:

  • Date: Tuesday 1st August 2017
  • Location: London
  • Time: 1:30pm-5pm. Drinks and networking session from 5pm onwards. Lunch on arrival and refreshments throughout the session.             

Interested in attending? Register here today!

If you have any questions before the workshop, please get in touch via the details below;

Charlie La Foret | Pre-Sales Consultant



CoreAzure and Vuzion announce CSP partnership

CoreAzure are delighted to announce a new partnership with Vuzion to become a tier-two Cloud Solution Provider (CSP). The partnership will enhance our capability to offer Microsoft solutions and services to our customers in the public sector, including discounted pricing, and enhanced managed service capabilities.

Microsoft created CSP indirect partners with the aim of strengthening the partner customer relationship, and with a specific objective of making it easier for customers to purchase the solutions and services they need through enabling them to build a long-lasting relationship with a partner they can trust.

CSP partners commit to providing a high-quality service, to bring their own value and services to final solutions, and provide efficient and accurate billing along with expert customer support.

Charlie La Foret, Pre-Sales Consultant at CoreAzure, says; “We are looking forward to passing on the benefits of becoming a CSP to our existing and prospective public and private sector clients, in particular helping them to realise the full potential of the Azure platform.

Julian Dyer, Vuzion CTO, says “CoreAzure has an excellent reputation as an established provider of Microsoft Cloud services. The partnership with Vuzion will help strengthen our respective services and bring value to Microsoft customers.

“For Vuzion, CoreAzure’s skills and expertise represent a valuable addition to our partner ecosystem, and we’re very pleased to welcome them on board.”

About CoreAzure:

CoreAzure are leaders in the Microsoft technology stack, specialising in Microsoft Azure, with an ability to maximise our client’s investment in Microsoft technology whilst supporting their vision to adopt cloud. We believe that technology needs to align with business vision, and aim to be the partner that always goes that extra mile. Our customers see us as the “go-to experts” when it comes to Microsoft technology, and time and again we prove to them that our knowledge, skills and experience are second to none.

About Vuzion:

Vuzion is an innovative cloud aggregator born from Cobweb, the number one independent cloud hosting provider in Europe that has been liberating technology since 1996. We strive to deliver the best hand picked cloud solutions through our one-of-a-kind partner ecosystem and reach our mission, to future proof business.

For more information, please contact:

Charlie La Foret



Microsoft Azure – Single Instance SLA

Microsoft announced on Monday a significant improvement to their Service Level Agreements in respect of a single instance Virtual Machine in Azure – now offering 99.9% availability!

Many organisations with legacy line of business applications are nervous about moving those workloads to the Cloud owing to the SLA provided by the cloud vendor. Often those legacy applications are unable to take advantage of scale-out features and therefore reside on a single instance server, which in turn suffers from relatively poor SLA commitments.

Microsoft have done extensive work to improve availability of the Azure infrastructure, including innovative machine-learning to predict failing hardware early and offering premium storage to help improve reliability and performance of attached disks – the net effect of this work is that they can now offer single instance virtual machines in Azure with 99.9% availability, allowing organisations to take advantage of the agility of the cloud without compromising on their expectations of availability.

To qualify for the single instance virtual machine SLA, all storage disks attached to the VM must use Azure Premium Storage which offers both high availability and performance (80,000 IOPS and 2,000 MBps throughput).

To put that SLA into context that’s less than 9 hours per year downtime – there are very few organisations capable of running their own infrastructure with single instance line of business applications that can provide that level of availability.

Of course, if your legacy line of business applications do support scale-out then you can continue to build multi-machine high availability by having two or more virtual machines deployed in the same Availability Set or by utilising VM Scale Sets – both of which provide machine isolation, network isolation, and power unit isolation across multiple virtual machines.

If you want to know more about how you can migrate applications and workloads safely, securely and efficiently to Azure then please feel free to contact us here at CoreAzure.

News from Microsoft Ignite 2016

CoreAzure at Microsoft Ignite

CoreAzure at Microsoft Ignite (click for full size image)

This week a few of us at CoreAzure have been stateside in Atlanta, Georgia for the Microsoft Ignite conference.

Microsoft Ignite brings together thousands of IT Decision Makers, IT Professionals, and Enterprise Developers from all over the world to attend sessions run by Microsoft technical and business leaders in order to get a greater in-depth understanding of the Microsoft technology stack. The great and the good from Microsoft are here starting with a Keynote from Satya Nadella, Scott Guthrie, and Brad Anderson to deep-dive hands on technical sessions from the likes of Mark Russinovich and Gurdeep Singh Pall.

The week has been packed full of product and service announcements (so much so it’s been difficult to keep up), so I thought it may be helpful to list just a few of our favourites: –

Windows Server 2016

On Monday (26th September) during the Keynote speech Microsoft announced the General Availability of Windows Server 2016. Windows Server 2016 is the next generation of their cloud-ready enterprise server operating system featuring innovations such as Windows Server and Hyper-V Containers, Nano Server, and Software Defined Networking (SDN).

Windows Server 2016 features: –

 Extended security: Windows Server 2016 introduces new layers of security to harden the platform to address emerging threats, control privileged access, and protect virtual machines (shielded VM’s in Hyper-V)

 Resilient compute: Simplified virtualisation upgrades, new instalment options, and increased resilience helping ensure the stability of the infrastructure without limiting agility

 Reduced cost storage: Expanded capabilities in software defined storage with an emphasis on resilience, reduced costs, and increased control

 Simplified networking: New networking stack brings the core networking capabilities and SDN architecture directly from Azure

 Application efficiency and agility: Windows Server 2016 delivers new ways to package, configure, deploy, run, test, and secure your applications running on-premises or in the cloud using new capabilities such as Windows containers and the new Nano Server lightweight OS deployment option

To learn more about Windows Server 2016 head over to the official Microsoft Windows Server 2016 product site here.

Storage Spaces Direct

Microsoft Storage Spaces Direct is a feature of Windows Server 2016 that pools storage to build a highly available and scalable software defined storage system for Hyper-V VMs.

Storage Spaces Direct makes two copies of data to other nodes in the cluster. Each node runs as a fault domain and data is spread across the fault domains to prevent data loss if a disk fails. If a disk fails, data will be replicated to another disk in the cluster so three copies of data are present at all times.

By adding more nodes to the cluster Storage Spaces Direct will automatically pool the storage into the cluster (up to 240 disks and 12 nodes can be added to a cluster).

Storage Spaces Direct uses Server Message Block (SMB) 3.0 for communication between storage nodes.

Storage Spaces Direct can be deployed two ways. In the hyper-converged deployment, the Hyper-V clusters and storage are on the same hardware; this model is more appropriate for smaller scale-out deployments. In the private cloud storage deployment, the Hyper-V clusters and storage resources are separate; this model is for larger scale-out deployments.

By separating the Hyper-V clusters and storage in the private cloud deployment, administrators can scale and manage the storage and compute resources independently.

System Center 2016

At the same time as announcing the general availability of Windows Server 2016, Microsoft also announced general availability of System Center 2016.

System Center Configuration Manager 2016 provides a plethora of tools and features to manage your Windows client environments (especially Windows 10), as well as those non-Windows clients such as Linux and OS-X. SCCM 2016 also integrates with Microsoft InTune to enable management of all devices within your organisation from fixed desktops to mobile devices including Android, iOS, and Windows.

System Center 2016 provides easy discoverability of management packs, alert tuning, scheduled maintenance windows to reduce alert noise, support for Windows Server 2016 security capabilities such as Shielded Virtual Machines (preventing illicit virtual machine copying) and Host Guardian service (providing key management to support Shielded VMs).

System Center 2016 also supports handling rolling upgrades to cluster nodes without the need to stop workloads. Additionally, it can manage the lifecycle of Windows Server 2016 Nano Server – the minimal footprint server deployment of Windows Server 2016 which is 20 times smaller than Server Core deployment in Windows Server 2012 R2.

For ease of management across a hybrid cloud System Center 2016 integrates with Operations Management Suite.

Operations Management Suite

The cloud based management suite gained several improvements with insights and analytics, security and compliance, and protection and recovery. Here are just a few of the new features of OMS: –

 New application and service monitoring capabilities for Azure SQL, MySQL, and VMware Hosts
 Connector for Application Insights enabling integrated application and workload analytics
 Azure activity log search
 New ingestion API’s for expanded data and log collection
 Enhanced Update Management features including insights into time estimates as well as update sequencing (keeping Windows Server and Linux system up to date)
 Enhanced change tracking with granular file-based tracking to support Windows Server and Linux
 Azure Security Center
 Expanded security data ingestion using Common Event Format (including Cisco ASA)
 Behavioural analytics to detect insider threats and attempts within a compromised system
 Expanded Linux and VMware backup and recovery support
 Integrated monitoring with Log Analytics including Site Recovery capacity planning

New licensing options for hybrid cloud environments have also been announced. Microsoft are now offering two new subscription options: –

 Operations Management Suite E1: Insight & Analytics and Automation & Control
 Operations Management Suite E2: Includes everything in E1 and adds both Security & Compliance, and Protection & Recovery services

Both E1 and E2 also includes subscription rights to System Center 2016.

Increased Performance in Azure

Microsoft have announced a number of advancements including new server categories, network bandwidth improvement (resulting in an increase of bandwidth of up to 50%), and increased IOPS performance of Azure Storage combined with newly developed storage specific offloads.

Virtual Network Peering

Microsoft officially announced the general availability of Virtual Network Peering. VNet Peering connects two virtual networks in the same region through the Azure backbone. Once peered the two virtual networks appear as one for all connectivity purposes. Although they are managed as separate resources, virtual machines in the virtual networks can communicate with each other directly using private IP addresses.

Traffic between VMs within the peered virtual networks is routed through Azure much like traffic is routed between VMs in the same virtual network.

Some of the benefits of using VNet Peering are:

 Low latency, high bandwidth connectivity between resources in different virtual networks

 Ability to use resources such as Network Appliances and VPN Gateways as transit points in a peered virtual network

 Ability to connect a virtual network using Azure Resource Manager to a virtual network that uses the classic deployment model enabling full connectivity between resources in those virtual networks

Requirements of Virtual Network Peering are:

 Networks that are peered must be in the same Azure region

 Peered networks must have non overlapping IP address spaces

 VNet Peering is between two virtual networks with no derived transitive relationship. For example, if virtual network A is peered with virtual network B, and if virtual network B is peered with virtual network C, then virtual network A is not peered with virtual network C.

 Peering can be established between virtual networks in two different subscriptions as long as a privileged user of both subscriptions authorises the peering, and the subscriptions are associated to the same Active Directory tenant

 A virtual network using ARM (Azure Resource Manager) can be peered with a virtual network using either ARM or the classic deployment model. But two virtual networks both using the classic deployment model cannot be peered with each other

 Although communication between VM’s in peered virtual networks has no additional bandwidth restrictions, bandwidth caps based on VM size still applies

Azure Native IPv6 Support

Internet facing load balancers can now be deployed with an IPv6 address thereby providing the following capabilities:

 Native end-to-end IPv6 connectivity between public Internet clients and Azure VM’s through the load balancer

 Native end-to-end IPv6 outbound connectivity between VM’s and public Internet IPv6-enabled clients

This means that an IPv4 or IPv6 enabled Internet client can communicate with the public IPv5 or IPv6 address (or hostname) of the Azure Internet facing Load Balancer. The load balancer routes the IPv6 packets to the private IPv6 addresses of the VM’s using NAT (the IPv6 Internet client cannot communicate directly with the IPv6 address of the VM’s).

Native IPv6 support for VM’s deployed via ARM provides:

 Load balanced IPv6 services of IPv6 clients on the Internet
 Native IPv6 and IPv4 endpoints on VM’s (known as “dual-stacked”)
 Inbound and outbound initiated IPv6 connections
 Supported protocols including TCP, UDP, and HTTP(s) enabling the full range of service architectures

This level of functionality enables the following benefits:

 Compliance: Regulatory requirements insisting that application be accessible to IPv6 only clients
 IOT: Allows developers to use dual-stacked (IPv4 & IPv6) Azure VMs to address the massively growing number of mobile & IOT requirements

There are however some limitations you need to be aware of:

 IPv6 load balancing rules can only be created through the template, CLI, or PowerShell (i.e. they cannot be created through the Azure Portal)

 Existing VMs cannot use IPv6 addresses – you must deploy new VM’s

 Public IPv6 addresses cannot be assigned to a VM – they can only be assigned to a load balancer

 VMs with IPv6 addresses cannot be members of an Azure Cloud Service (they can be connected to a VNet and communicate with each other over their respective IPv4 addresses)

 Private IPv6 addresses can be deployed on individual VM’s in a Resource Group but cannot be deployed into a Resource Group via Scale Sets

 NSG protection for IPv4 is supported in dual-stacked deployments. NSG’s do not apply to the IPv6 endpoints

 Changing the IdleTimeout for IPv6 is not currently supported – the default if 4 minutes

Active-Active VPN Gateway

You can now create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs will establish S2S VPN tunnels to your on-premises VPN device, as shown the following diagram:

VPN Gateway

In this configuration, each Azure gateway instance will have a unique public IP address, and each will establish an IPsec/IKE S2S VPN tunnel to your on-premises VPN device specified in your local network gateway and connection. Note that both VPN tunnels are actually part of the same connection. You will still need to configure your on-premises VPN device to accept or establish two S2S VPN tunnels to those two Azure VPN gateway public IP addresses.

Because the Azure gateway instances are in active-active configuration, the traffic from your Azure virtual network to your on-premises network will be routed through both tunnels simultaneously, even if your on-premises VPN device may favor one tunnel over the other. Note though the same TCP or UDP flow will always traverse the same tunnel or path, unless a maintenance event happens on one of the instances.

When a planned maintenance or unplanned event happens to one gateway instance, the IPsec tunnel from that instance to your on-premises VPN device will be disconnected. The corresponding routes on your VPN devices should be removed or withdrawn automatically so that the traffic will be switched over to the other active IPsec tunnel. On the Azure side, the switch over will happen automatically from the affected instance to the active instance.

Azure DNS

Microsoft announced the general availability of Azure DNS. Customers can now host domains in Azure DNS and manage DNS records using the same credentials, APIs, tools, billing, and support as other Azure services.

Microsoft Certifications

Microsoft is streamlining its technical certifications, aligning to industry recognised areas of competence while providing flexibility to showcase your specific skills in Microsoft products and services.

Five new MCSE and MCSD specialities have been released and aligned to Centres of Excellence used by the Microsoft Partner Network to identify technical competencies that are widely recognisable by both Microsoft Partners and customers.

The five new certifications are: –

 MCSE: Cloud Platform and Infrastructure – focusing on skills validation for Windows Server and Microsoft Azure

 MCSE: Mobility – focusing on skills validation for Windows Client and Enterprise Mobility Suite

 MCSE: Data Management and Analysis – focusing on skills validation for both on-premises and cloud-based Microsoft data products and services

 MCSE: Productivity – focusing on skills validation for Office 365, SharePoint, Exchange, and Skype for Business

 MCSD: App Builder – focusing on skills validation for Web and Mobile app development

To earn each of these certifications you must first earn a qualifying MCSA certification and then pass a single additional exam from a list of electives associated with the corresponding Center of Excellence.

Microsoft Certification Paths

Microsoft Certification Paths (click for full size image)

Microsoft Azure available from UK data centres

We at CoreAzure are delighted at Microsoft’s announcement in relation to the general availability of their UK data centres enabling businesses and government bodies to be able to secure information in the UK.

Notable first customers of these UK cloud services include; the Ministry of Defence, whose 230,000 employees will use Office 365 and Azure, and the South London and Maudsley NHS Foundation Trust, the largest mental health trust in the UK to name just a few.

Microsoft’s announcement to move its services to UK data centres will in our opinion enable many organisations to review their current business and IT strategies in relation to public cloud adoption in the UK.

The new facilities in Cardiff, Durham and London will host Microsoft’s Azure cloud platform and Office 365 productivity suite. Dynamics CRM Online will be added in the first half of 2017. Not every Azure service is generally available yet within the UK, but it is worth reviewing at what Microsoft Azure can offer your organisation. https://lnkd.in/d2Pna-j

The CoreAzure team pride themselves as being specialists in Microsoft Azure with an ability to maximise your existing investment in Microsoft technologies whilst realising your vision to adopt cloud.  If you are thinking of moving to Microsoft Azure, let us help you in that journey.