Mastering Azure Connectivity to the Microsoft Cloud Day One – Session 3 of 4
Agenda Outline Time Duration Topic 09:00 30 mins Intro and Overview 09:30 SDN, Virtual Network, and Azure Network Overview 10:00 RDFE / ARM Overview 10:30 15 mins Break 10:45 45 mins VNet Deep Dive 11:30 Hybrid Network Overview 12:00 90 mins Lunch 13:30 75 mins ExpressRoute Deep Dive 14:45 15:00 60 mins ExpressRoute Demo’s and Q&A 16:00 Roadmap and Futures
The big (network) picture Virtual network “Bring Your Own Network” Segmentation with subnets Full control with Routes and Security groups Rich partner ecosystem of Network Virtual Appliances The big (network) picture Azure Virtual Network Users Internet Front-end access Internet access Reserved public IPs Application gateway / WAF Load balancing DNS services DDoS protection Backend connectivity Point-to-site for dev / test VPN Gateways for secure site-to-site connectivity ExpressRoute for private enterprise grade connectivity Backend connectivity ExpressRoute VPN Gateways
Azure Compliance The largest compliance portfolio in the industry TechReady 18 9/26/2017 12:56 PM Azure Compliance The largest compliance portfolio in the industry HIPAA / HITECH FedRAMP JAB P-ATO FIPS 140-2 FERPA DISA Level 2 ITAR-ready CJIS 21 CFR Part 11 IRS 1075 Section 508 VPAT ISO 27001 PCI DSS Level 1 SOC 1 Type 2 SOC 2 Type 2 ISO 27018 Cloud Controls Matrix Content Delivery and Security Association Shared Assessments European Union Model Clauses United Kingdom G-Cloud Singapore MTCS Level 3 Australian Signals Directorate Japan Financial Services China Multi Layer Protection Scheme China CCCPPF New Zealand GCIO GB 18030 EU Safe Harbor ENISA IAF © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Customer’s connection What is ExpressRoute? Unified connectivity to all Microsoft Cloud Services Predictable performance, high bandwidth Enterprise-grade resiliency and SLA for availability Global ExpressRoute partner ecosystem Customer’s network Customer’s connection Traffic to public IP addresses in Azure Traffic to Virtual Networks Traffic to Office 365 Services and CRM Online Microsoft Edge Partner Edge
ExpressRoute connectivity models 9/26/2017 12:56 PM ExpressRoute connectivity models Exchange Cloud exchange co-location ExpressRoute Point-to-point Ethernet connection WAN Any-to-any (IP VPN) connection © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Partners
9/26/2017 12:56 PM Montreal Dublin Amsterdam Toronto Seattle Chicago London Berlin Beijing New York Silicon Valley Las Vegas Frankfurt Washington DC Tokyo Los Angeles Atlanta Shanghai Dallas Osaka Hong Kong Mumbai Chennai ExpressRoute Privately connect from anywhere to any Azure region Singapore Sao Paulo Sydney Public Azure locations Melbourne* National cloud locations © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Meet-Me Sites ExpressRoute Standard SKU allows connectivity anywhere within a geopolitical region e.g. if you are connected to the Seattle ExpressRoute Meet-Me site you can access all Azure regions in North America ExpressRoute Premium SKU allows connectivity across geopolitical regions e.g. If you are connected to the Seattle ExpressRoute Meet-Me site you can access any Azure region (excluding National Clouds)
National Clouds
ExpressRoute Premium SKU 9/26/2017 12:56 PM ExpressRoute Premium SKU Global connectivity Link a Virtual Network from any Azure Region to your ExpressRoute circuit More routes (IP prefixes) Supports up to 10,000 routes for Azure private peering (up from 4,000) Connect more virtual networks Up to 100 virtual networks depending on bandwidth option Connect to Office365 and CRM Online © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Pricing https://azure.microsoft.com/en-us/pricing/details/expressroute/
ExpressRoute Setup ExpressRoute Meet-Me Site 9/26/2017 12:56 PM Provider Device 1 “demarcation” MSFT Router 1 BGP sessions Physical Virtual connection ExpressRoute circuit Customer’s network Provider Device 2 MSFT Router 2 Physical BGP sessions Virtual connection IP VPN or Ethernet © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Private Peering VNET gateway is required 9/26/2017 12:56 PM Azure Private Peering VNET gateway is required Any address, bidirectional connections “Force-tunnel” VNET traffic to customer’s network Set up DMZ for cross-premises traffic Link multiple VNETs on the same circuit Side-to-Site VPN can be used as a back-up GW2 DMZ Azure Virtual Network (VNET2) Internet ExpressRoute VPN BGP (0.0.0.0/0) Azure Virtual Network (VNET1) DMZ Customer’s network GW1 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Private Peering VNet and Gateway sizing are important! 9/26/2017 12:56 PM Azure Private Peering VNet and Gateway sizing are important! Gateway subnet is a /28 or /27 Standard or High Performance GW GW2 DMZ Azure Virtual Network (VNET2) Internet ExpressRoute VPN BGP (0.0.0.0/0) Azure Virtual Network (VNET1) DMZ Customer’s network GW1 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Public Peering Unidirectional connections 9/26/2017 12:56 PM Azure Public Peering Unidirectional connections Public IP addresses only to Microsoft ExpressRoute Azure Public Services Customer’s network NAT © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Peering Premium Add-on is required 9/26/2017 12:56 PM Premium Add-on is required QoS support for Skype for Business Public Internet is required Bidirectional connections Public IP addresses only to Microsoft Microsoft Peering Public Internet DNS CDN Required Bidirectional connections Voice Video & Interactive Best effort NAT Customer’s network © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Planning for deployment 9/26/2017 12:56 PM Planning for deployment Choose Microsoft datacenter, ExpressRoute connectivity partner and location Formulate disaster recovery strategy Design network security from day one Consider global connectivity, optimal networking and performance Understand application-level (e.g. Office365) deployment requirements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
9/26/2017 12:56 PM Summary Private connectivity to the Microsoft Cloud: Azure, CRM, Office 365, Skype for Business Rich connectivity partner ecosystem and locations Global connectivity with ExpressRoute Premium SKU Support for all National cloud environments Built in redundancy for high availability Planning is an important step for optimal connectivity © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Resources https://azure.microsoft.com/en-us/services/expressroute/ Documentation https://azure.microsoft.com/en-us/documentation/services/expressroute/ Technical Overview https://azure.microsoft.com/en-us/documentation/articles/expressroute-introduction/ Locations and partners https://azure.microsoft.com/en-us/documentation/articles/expressroute-locations/ Gateways https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpngateways/#gwsku Pricing https://azure.microsoft.com/en-us/pricing/details/expressroute/ SLA https://azure.microsoft.com/en-us/support/legal/sla/expressroute/v1_0/
© 2016 Microsoft Corporation. All rights reserved © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.