Hybrid Hyper-scale Enterpris e Grade

Azure compute regions

Tremendous Growth

Internet users ■ 500,000,000+ ■ 100,000,000 – 499,999,999 ■ 50,000,000 – 99,999,999 ■ 25,000,000 – 49,999,999 ■ 5,000,000 – 24,999,999 ■ 100,000 – 4,999,999 ■ 50,000 – 999,999 ■ 0 – 49,999 *Operated by 21Vianet Microsoft’s network is one of the largest in the world Microsoft Azure datacenter regions Internet connectivity by country

Classic vs. Hyper-scale networks Large L2 Domains HW-based Service Simple Tree Design L3 at all Layers SoftwareServiceSoftwareService Clos-based design Diversity and manual provisioning Complex hardware and lack of automated operations High complexity and human error Resilient, automated monitoring and remediation, low human involvement Simplify requirements, optimized design, and unify infrastructure Automated provisioning, integrated process Agility Efficiency Availability L3 L2

PhysicalTransportPlane ControlPlane Application Plane Switch Controller AzureFrontEnd Management Plane Control Plane Proprietary Hardware Appliance Building the right abstractions to enable Scale and Agility Commodity Hardware Abstract Management, Control, and Data planes Tenant Compose compute & storage roles and networks Tell & Program Instead of Discover and react Management Create a tenant Control Plumb tenant ACLs to switches Data Apply ACLs to these flows Example: ACLs

UsersInternet Azure Virtual Network Backend ConnectivityExpressRoute VPN Gateways

Virtual Network VPN GW Frontend10.1/16Mid-tier10.2/16Backend10.3/16 Internet On Premises 10.0/16 VPN & ExpressRoute Azure Direct Internet Connectivity

Internet

Virtual Network Backend10.3/16Mid-tier10.2/16Frontend10.1/16 VPN GW Internet On Premises 10.0/16 ExpressRoute and VPNs

DDoSProtection VirtualNetworkIsolation NSG VMFirewall Cloud Services & Virtual Machines Internet ACLs

Azure Virtual Network Internet Cross-premises connectivity

Secure site-to-site VPN connectivity SMB, Enterprises SMB, Enterprises Connect to Azure compute Connect to Azure compute Secure point-to-site connectivity Developers Developers POC Efforts POC Efforts Small scale deployments Small scale deployments Connect from anywhere Connect from anywhere ExpressRoute private connectivity SMB & Enterprises SMB & Enterprises Mission critical workloads Mission critical workloads Backup/DR, media, HPC Backup/DR, media, HPC Connect to all Azure services Connect to all Azure services Internet Connectivity Consumers Consumers Access over public IP Access over public IP DNS resolution DNS resolution Connect from anywhere Connect from anywhere

WAN WAN

WAN ExpressRoute provides a private, dedicated, high-throughput network connection to Microsoft

WAN O365 ExpressRoute Azure

Customer’s network Customer’s connection Partner Edge Traffic to public IP addresses in Azure Traffic to Virtual Networks Traffic to Office 365 Services Microsoft Edge

Atlanta Chicago Chicago (Gov Cloud) Dallas LA NY Seattle Silicon Valley Washington DC Washington DC (Gov Cloud)* Sao Paulo Amsterdam Dublin* London Chennai* Hong Kong Mumbai* Melbourne* Osaka* Singapore Sydney Tokyo

Exchange Public internet Customer site Microsoft Customer site 1 Customer site 2 Customer site 3 Public internet Microsoft

ExpressRoute Infrastructure (protected) Middle Tier (exposed to FE and Infra) Front End – through firewalls User Defined Routes on subnets to direct flows to appliances Network Security groups to secure subnets Network Virtual Appliances for security, routing and ADC Secure cross-premises connectivity with ExpressRoute and VPN Gateways

NO PURCHASE NECESSARY. Open only to event attendees. Winners must be present to win. Game ends May 9 th, For Official Rules, see The Cloud and Enterprise Lounge or myignite.com/challenge