Mastering Azure Connectivity to the Microsoft Cloud Session 3
Agenda Outline for Sessions 1-3 Topic 1 Intro and Overview SDN, Virtual Network, and Azure Network Overview RDFE / ARM Overview 2 VNet Deep Dive Hybrid Network Overview 3 ExpressRoute Deep Dive Sessions 4-10 follow with focus on ExpressRoute for Office 365
The big (network) picture Virtual network “Bring Your Own Network” Segmentation with subnets Full control with Routes and Security groups Rich partner ecosystem of Network Virtual Appliances The big (network) picture Azure Virtual Network Users Internet Front-end access Internet access Reserved public IPs Application gateway / WAF Load balancing DNS services DDoS protection Backend connectivity Point-to-site for dev / test VPN Gateways for secure site-to-site connectivity ExpressRoute for private enterprise grade connectivity Backend connectivity ExpressRoute VPN Gateways
Azure Compliance The largest compliance portfolio in the industry TechReady 18 5/11/2018 6:28 AM Azure Compliance The largest compliance portfolio in the industry HIPAA / HITECH FedRAMP JAB P-ATO FIPS 140-2 FERPA DISA Level 2 ITAR-ready CJIS 21 CFR Part 11 IRS 1075 Section 508 VPAT ISO 27001 PCI DSS Level 1 SOC 1 Type 2 SOC 2 Type 2 ISO 27018 Cloud Controls Matrix Content Delivery and Security Association Shared Assessments European Union Model Clauses United Kingdom G-Cloud Singapore MTCS Level 3 Australian Signals Directorate Japan Financial Services China Multi Layer Protection Scheme China CCCPPF New Zealand GCIO GB 18030 EU Safe Harbor ENISA IAF © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Customer’s connection What is ExpressRoute? Unified connectivity to all Microsoft Cloud Services Predictable performance, high bandwidth Enterprise-grade resiliency and SLA for availability Global ExpressRoute partner ecosystem Customer’s network Customer’s connection Traffic to public IP addresses in Azure Traffic to Virtual Networks Traffic to Office 365 Services and CRM Online Microsoft Edge Partner Edge
ExpressRoute connectivity models 5/11/2018 6:28 AM ExpressRoute connectivity models Exchange Cloud exchange co-location ExpressRoute Point-to-point Ethernet connection WAN Any-to-any (IP VPN) connection © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Partners
5/11/2018 6:28 AM Montreal Dublin Amsterdam Toronto Seattle Chicago London Berlin Beijing New York Silicon Valley Las Vegas Frankfurt Washington DC Tokyo Los Angeles Atlanta Shanghai Dallas Osaka Hong Kong Mumbai Chennai ExpressRoute Privately connect from anywhere to any Azure region Singapore Sao Paulo Sydney Public Azure locations Melbourne* National cloud locations © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Meet-Me Sites ExpressRoute Standard SKU allows connectivity anywhere within a geopolitical region e.g. if you are connected to the Seattle ExpressRoute Meet-Me site you can access all Azure regions in North America ExpressRoute Premium SKU allows connectivity across geopolitical regions e.g. If you are connected to the Seattle ExpressRoute Meet-Me site you can access any Azure region (excluding National Clouds)
National Clouds
ExpressRoute Premium SKU 5/11/2018 6:28 AM ExpressRoute Premium SKU Global connectivity Link a Virtual Network from any Azure Region to your ExpressRoute circuit More routes (IP prefixes) Supports up to 10,000 routes for Azure private peering (up from 4,000) Connect more virtual networks Up to 100 virtual networks depending on bandwidth option Connect to Office365 and CRM Online © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Pricing https://azure.microsoft.com/en-us/pricing/details/expressroute/
ExpressRoute Setup ExpressRoute Meet-Me Site 5/11/2018 6:28 AM Provider Device 1 “demarcation” MSFT Router 1 BGP sessions Physical Virtual connection ExpressRoute circuit Customer’s network Provider Device 2 MSFT Router 2 Physical BGP sessions Virtual connection IP VPN or Ethernet © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Private Peering VNET gateway is required 5/11/2018 6:28 AM Azure Private Peering VNET gateway is required Any address, bidirectional connections “Force-tunnel” VNET traffic to customer’s network Set up DMZ for cross-premises traffic Link multiple VNETs on the same circuit Side-to-Site VPN can be used as a back-up GW2 DMZ Azure Virtual Network (VNET2) Internet ExpressRoute VPN BGP (0.0.0.0/0) Azure Virtual Network (VNET1) DMZ Customer’s network GW1 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Private Peering VNet and Gateway sizing are important! 5/11/2018 6:28 AM Azure Private Peering VNet and Gateway sizing are important! Gateway subnet is a /28 or /27 Standard or High Performance GW GW2 DMZ Azure Virtual Network (VNET2) Internet ExpressRoute VPN BGP (0.0.0.0/0) Azure Virtual Network (VNET1) DMZ Customer’s network GW1 © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Azure Public Peering Unidirectional connections 5/11/2018 6:28 AM Azure Public Peering Unidirectional connections Public IP addresses only to Microsoft ExpressRoute Azure Public Services Customer’s network NAT © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Microsoft Peering Premium Add-on is required 5/11/2018 6:28 AM Premium Add-on is required QoS support for Skype for Business Public Internet is required Bidirectional connections Public IP addresses only to Microsoft Microsoft Peering Public Internet DNS CDN Required Bidirectional connections Voice Video & Interactive Best effort NAT Customer’s network © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Planning for deployment 5/11/2018 6:28 AM Planning for deployment Choose Microsoft datacenter, ExpressRoute connectivity partner and location Formulate disaster recovery strategy Design network security from day one Consider global connectivity, optimal networking and performance Understand application-level (e.g. Office365) deployment requirements © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5/11/2018 6:28 AM Summary Private connectivity to the Microsoft Cloud: Azure, CRM, Office 365, Skype for Business Rich connectivity partner ecosystem and locations Global connectivity with ExpressRoute Premium SKU Support for all National cloud environments Built in redundancy for high availability Planning is an important step for optimal connectivity © 2013 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute Resources https://azure.microsoft.com/en-us/services/expressroute/ Documentation https://azure.microsoft.com/en-us/documentation/services/expressroute/ Technical Overview https://azure.microsoft.com/en-us/documentation/articles/expressroute-introduction/ Locations and partners https://azure.microsoft.com/en-us/documentation/articles/expressroute-locations/ Gateways https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-about-vpngateways/#gwsku Pricing https://azure.microsoft.com/en-us/pricing/details/expressroute/ SLA https://azure.microsoft.com/en-us/support/legal/sla/expressroute/v1_0/
© 2016 Microsoft Corporation. All rights reserved © 2016 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.