Posts

Looking to establish a presence in Azure?

Direct connection to Azure through Microsoft ExpressRoute.

Written by Aram Sadeghi.

One of the key items in the shopping basket of businesses considering the move to the cloud or expanding their existing tenancy, is the connecting link between their infrastructure and the cloud.

In today’s topic, I am going to briefly cover a dedicated circuit, used to connect Azure customers to Microsoft cloud.

One of the most commonly used and easiest way to connect is using VPN.

We all know VPN and the numerous advantageous it has brought to the IT world by making end-to-end communication safer and cheaper to run.

Can we therefore conclude VPN connection to Azure is the right solution for business?

In my view, it certainly can and does provide some great benefits, however as with anything in life, it does come with some disadvantageous.

Whilst some might argue that internet is reliable, hence VPN can be seen as a reliable connection, in my view this is not the case. As a home user or a typical user browsing the internet you may not notice issues that commonly happen, which can be a nightmare for an organisation running business processes.

An example of this is would be whilst streaming a video, the video is progressively downloaded with most streaming platforms in advance thus if there is a hiccup, this might not be noticed by the end user.

Compare this with a business that is running hundreds of SQL queries or other tasks that are latency sensitive, what happens when there is a hiccup?

Well, loss of revenue, damage to reputation and the list goes on.

One of the key benefits for most organisations is the predictability of the circuit.

You can expect a stable and reliable latency in addition to throughput using ExpressRoute, also known as ER.

This becomes even more important when businesses have a hybrid model where part of the infrastructure in the cloud needs to communicate with an on-premise on latency sensitive application.

This is in comparison with traditional model of connecting to Azure using VPN where there is no guarantee on reliability of the circuit as it is crossing public network.

Another key item on the list is the support. As an enterprise, you will need to ensure that you can escalate any issues you have between two end points and any underlying infrastructure is supported by a business Service Level Agreement.

Often if you have any problems with VPN, it is quite difficult to troubleshoot it due to no visibility or in fact supportability of the underlying infrastructure.

One can still troubleshoot and debug any issues to the egress point of their infrastructure which is fine, however how about hops between egress and Microsoft?

This can quite easily be a blocker for most business as it is not possible to make the move towards cloud without having proper support on the transit link thus supporting the criticality of implementing an ER circuit.

There are also other advantageous to deploying ER:

  • Dynamic bandwidth scaling
  • Robust failover options
  • Dynamic routing

I am going to cover other aspects of ER in future posts so watch out this space.

If you are interested to know more or have any arising questions, drop us a message on the contact us section of the website and we will come back to you as soon as we can. Alternatively, drop Aram an e-mail direct at aram.sadeghi@coreazure.com.

Aram Sadeghi, Network Practice Lead, CoreAzure.

 

Highly Available Cross-Premises and VNet-to-VNet Connectivity

A couple of days ago, Microsoft announced that New Azure VPN Gateways is now 6x faster which is fantastic news.

It gets even better when you start digging a little deeper and understand not only have they becomes faster but you can now create an Azure VPN gateway in an active-active configuration, where both instances of the gateway VMs will establish S2S VPN tunnels to your on-premises VPN device, as shown the following diagram;

Taking this to the next step, the most reliable option is then combine the active-active gateways on both your network and Azure, as shown in the diagram below;

Here you create and setup the Azure VPN gateway in an active-active configuration, and create two local network gateways and two connections for your two on-premises VPN devices. The result is a full mesh connectivity of 4 IPsec tunnels between your Azure virtual network and your on-premises network.

The same active-active configuration can also apply to Azure VNet-to-VNet connections. You can create active-active VPN gateways for both virtual networks, and connect them together to form the same full mesh connectivity of 4 tunnels between the two VNets, as shown in the diagram below:

This ensures there are always a pair of tunnels between the two virtual networks for any planned maintenance events, providing even better availability.

For those who are interested in taking this to the next level and  considering Highly Available Cross-Premises Connections then please do look at the Microsoft article ‘Configure active-active S2S VPN connections with Azure VPN Gateways’ and if you would like help and assistance then please do contact us.

Send us mail