Microsoft caters for various network connectivity methods for the consumption of Azure services, these connectivity methods can be characterised into two categories:
- Public Transport Services
- Private Transport Services
Public transport services are defined as transport services that are readily available and accessible to the general public. In context of Microsoft Azure services, Microsoft grants public access to hosted services via the Internet. Due to the public nature of the Internet, connectivity is not regarded as secure or reliable. Additional security measures are therefore required to protect traffic traversing the Internet. Connectivity to Azure via the Internet can be secured via Point-to-Site Virtual Private Network (VPN), Site-to-Site VPN or at the application layer via Hypertext Transfer Protocol over Secure Socket Layer (HTTPS). The choice is dependent on the Azure services employed and the Cloud deployment model.
Private transport services are defined as network carriage services that are segregated from public transport services, that is, they are private to businesses and are not available for public use. In respect to Microsoft Azure, private transport services are provisioned by select Service Providers to provide fast, scalable, reliable and secure network access directly into Azure Datacentres. This connectivity method is marketed by Microsoft as ExpressRoute.
ExpressRoute provides a layer three (3) routed connection between the customer and Azure to facilitate the bidirectional extension of on-premises networks into Azure over private high speed network services. ExpressRoute is a unique service in that it not only provides private, high speed Hybrid connectivity into Azure but it also provides multiple peering options to fully leverage Microsoft’s range of Cloud services. The three peering methods are: Private peering, Public peering and Microsoft peering.
Private peering facilitates connectivity to Microsoft’s Azure Compute environment which consists of Infrastructure-as-a-Service (IaaS) and Platform-as-a-Service (PaaS) offerings. This peering method allows for the extension of customer networks via BGP routed private addressing, hence the name, Private peering.
Public peering facilitates connectivity to Microsoft’s Azure Public hosted environment (which consists of offerings such as: Websites, Storage and SQL databases) by means of public IP address connectivity. Peering to Azure public services via the customer WAN provides reliability, service guarantees and security that the traditional Internet based Public connectivity method cannot provide. Hybrid connectivity via private peering requires network address translation (NAT).
Microsoft peering facilitates connectivity to Microsoft’s Azure Online services (Office 365). As per the public peering method, peering to Azure Online services via the customer WAN provides reliability, service guarantees and security that the traditional Internet based Public connectivity method cannot provide. Microsoft peering requires on-premises connectivity via Public IP addresses.
The election to utilise private services is dependent if Hybrid connectivity to Azure is required or not. If Hybrid connectivity is required, then the choice of ExpressRoute service comes down to service availability within the local region, the preference of charge model between the services and the ExpressRoute peering method(s) required.
The appropriate selection of Azure network connectivity method(s) for the consumption of Azure services is dependent on numerous factors, including:
- Cloud Services Employed within Azure (IaaS; PaaS; SaaS)
- Cloud Deployment Model (Public Cloud; Hybrid Cloud)
- Public / Private Transport Availability (Internet / ExpressRoute)
Other factors that influence connectivity choice are:
- Application presentation
- Application latency sensitivity
- Workload bandwidth demand
- Service / network SLA support
- Security requirements
The appropriate selection of Azure network connectivity method(s) for the consumption of Azure services is dependent on a combination of the above factors including: local site transport availability options and service consumption model factors.
If you’d like to know more, please contact us.