The Microsoft Azure Partner Community is led by National Partner Technology Strategists from the Microsoft US Partner Team. Partner Community activities include blog posts, discussions on Yammer, newsletters, and community calls.
Networking on Microsoft Azure
When you think about Microsoft Azure, what comes to mind? Computing in the cloud? Hosting a mobile app? Web site hosting and scaling? Networking probably doesn’t jump to the top of your list, but as a Microsoft partner, it should.
Helping customers consider and design networking into their cloud plans is a critical step on their journey to the cloud. Before you spin up a Virtual Machine or start migrating a workload, you should give some thought to the intended use of that workload and how the network design will support it. I have talked with partners and customers who were so eager to get a workload running on Azure that they overlooked networking, and had to spend additional time later addressing it.
Networking on Microsoft Azure and “in the cloud” can sound challenging—perhaps even a bit scary. But it isn’t, and for that, I give a big shout out to the Azure engineering team for making it easy through some really nice tools. So, if this topic is new to you, don’t be afraid to jump in.
When planning an Azure deployment, you’ll want to look at these three components, the building blocks for Azure networking:
- How your cloud workload communicates with your on-premises resources and data
- How workloads on Azure communicate with each other
- How the outside world communicates with your workload if it is facing the public internet
In this post, we’ll look at the first building block, connecting Azure and on-premises resources.
Connecting Azure and on-premises resources
One of the strengths of Azure is the hybrid data center, a combination of on-premises servers and servers in the cloud, networked to work seamlessly. A properly designed and configured network creates such a seamless experience that users won’t need to know, or care about, where their server is actually located.
Azure has three networking options: point-to-site, site-to-site, and ExpressRoute. Here’s a quick look at these options, with more details noted below.
A point-to-site VPN allows you to create a secure connection to your virtual network. In a point-to-site configuration, the connection is configured individually on each client computer that you want to connect to the virtual network. Point-to-site connections do not require a VPN device. They work by using a VPN client that you install on each client computer. The VPN is established by manually starting the connection from the on-premises client computer. The VPN client can also be configured to automatically restart.
Use a point-to-site configuration when:
A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network. To create a site-to-site connection, a VPN device that is located on your on-premises network is configured to create a secure connection with the Azure Virtual Network Gateway. Once the connection is created, resources on your local network and resources located in your virtual network can communicate directly and securely. Site-to-site connections do not require you to establish a separate connection for each client computer on your local network to access resources in the virtual network.
Use a site-to-site connection when:
Two important notes:
With Azure ExpressRoute, you can create private connections between Azure datacenters and infrastructure that are on your premises or in a co-location environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies, and higher security than typical connections over the Internet.
In some cases, using ExpressRoute connections to transfer data between on-premises and Azure can also have cost benefits. With ExpressRoute, you can establish connections to Azure at an ExpressRoute location (Exchange Provider facility) or directly connect to Azure from your existing WAN network (such as a MPLS VPN) provided by a network service provider. Jonathan Gardner will take a deeper look at ExpressRoute in the next post in this series.
- Azure networking resources on MSDN
- Virtual Network FAQ
- Virtual Network Configuration Tasks – step-by-step guides for many common scenarios
- Microsoft Azure: Site-to-Site VPN on Microsoft Virtual Academy
IaaS for IT Pros video
Partner Practice Enablement module 3
Join the US Azure Partner Community
Thanks for exploring the topic of networking on Azure with us in the US Azure Partner community. Register for our community call on January 15 at 9:00AM Pacific Time. Guest speakers from Microsoft Consulting will join us to discuss networking and offer tips and tricks from their experiences with Azure.
- Watch previous Azure Partner Community calls on demand
- Read the US Azure Partner Community blog posts
- Join the Azure Partners group on Yammer
- Sign up for the US Azure Partner newsletter