Senior Program Manager Azure Networking Extending your onpremises network into Azure using ExpressRoute 3618 Review of Hybrid scenarios in Azure ExpressRoute overview Agenda slide Windows Azure hybrid offerings ID: 581302
Download Presentation The PPT/PDF document "Ganesh Srinivasan" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1Slide2
Ganesh SrinivasanSenior Program Manager, Azure Networking
Extending your on-premises network into Azure using ExpressRoute
3-618Slide3
Review of Hybrid scenarios in AzureExpressRoute overview
Agenda slideSlide4
Windows Azure hybrid offerings
Cloud
Customer
Segment and workloads
Secure p
oint-to-site
c
onnectivity
Virtual Network (Point-to-Site)
Developers
POC Efforts
Small scale deployments
Connect from anywhere
Secure
site-to-site
VPN
c
onnectivity
Virtual Network
(Site-to-Site
)
SMB, Enterprises
Connect to Azure Compute
IaaS
and
PaaS
workloads
Private site-to-site
c
onnectivity
ExpressRoute
SMB & Enterprises
Mission critical workloads
Backup/DR, Media, HPC
Connect to all hardwareSlide5
Windows Azure Virtual Network
Extend your infrastructure
Networking on-ramp for migrating apps and services
Your “virtual” branch office / datacenter in the cloud
Run “hybrid” apps that span cloud and
your premises
Secure
private
networks
fully contained
in Windows AzureExtend your trust boundary - IaaS
and PaaS better together
Virtual Network
Your
Datacenter
Internet
Active Directory
SharePoint
SQL
Server
Windows AzureSlide6
Virtual Networks & P2S Connectivity
Connect from anywhere securely
No software installation required!
Easy to setup and use
Ideal for prototyping, development, demos
P2S and S2S
coexist
P2S
VPNs
Active Directory
SharePoint
SQL
Server
Windows Azure
Existing
Datacenter
S2S VPNSlide7
What’s new
On-premise
S2S VPN
Existing
Datacenter
P2S
VPNs
Active
Directory
SharePoint
SQL
Server
Windows Azure
Exciting capabilities
Point-to-site Generally Available
Dynamic Routing Gateways generally available
More VPN devices optionsSlide8
ExpressRouteSlide9
Reluctance to adopt public cloud
60%
Cited
p
erformance
as a key challenge
for Cloud
66%
Cited
d
ata
and network s
ecurityas a key challenge for Cloud
Private network
H
oster
Private cloud
Private cloud
Performance
Predictability
Security
Expensive
Performance
Predictability
Security
Expensive
Internet
AzureSlide10
What Customers Want
Performance
Assured bandwidth
to Azure
Security
Azure is connected to
the customer’s WAN
No
internet in the path
Availability
No single point
of failure
Private network
H
oster
Private cloud
Private cloud
Internet
Azure
WANSlide11
Cloud on your
WAN
Avoids
risks from exposure to Internet
Avoids
complexity and added costs
Provides lower latency, higher bandwidth and greater availability
Public cloud
WAN
Customer DC
Customer site 1
Customer site 2
Public
internet
Customers want Windows Azure on their network
IPsec VPN over Internet
Greater
networking costs and latency since data is
hair
pinned
through a customer data center
Data travels over the open Internet to connect to
cloud
Bandwidth is limited
Public cloud
WAN
Customer DC
Customer site 1
Customer site 2
Public
internetSlide12
High throughput
Security
Lower cost
Predictable performance
What is
ExpressRoute
?
ExpressRoute
provides organizations a private,
dedicated
, high-throughput network connection between Windows Azure datacenters
and their on-premises
IT environment.Slide13
Enable mission critical workloads
Dev/test
l
ab
BI/big data
Media
Productivity
apps
Storage, b
ackup,
and
r
ecovery
Hybrid
appsSlide14
Windows Azure
Public services
(Storage, SQL DB, …)
Windows Azure Compute
(Virtual Machines, Cloud
Services, virtual networks)
Azure Edge
Carrier / IXP Infrastructure
Customer’s network
Traffic to public IP addresses in Windows Azure
Traffic to Virtual Networks in Windows Azure
Customer’s dedicated connection
ExpressRoute Connectivity
Make shapes consistent and icons throughout deck similar
Windows Azure
Public services
Windows Azure
Compute
Azure
Edge
Connectivity Provider
Infrastructure
Customer’s
network
Customer’s dedicated connection
Traffic to public IP addresses in Windows Azure
Traffic to Virtual Networks in Windows AzureSlide15
Public and Private peering
Make shapes consistent and icons throughout deck similar
Contoso
(10.0.0.0/16)
DNS Server
Exchange
AD/DNS
IIS Servers
SQL Farm
Proxy/
Internet edge
Monitoring
Netbound
–
ExpressRoute
Circuit
Windows
Azure
Storage
SQL
Websites
Direct internet traffic
Cross Premises
Internet bound
Azure service access
Contoso virtual networks/
Vms
Azure public services
AD/DNS
I
nternetSlide16
Virtual Network and
ExpressRoute
Connect via an encrypted link over public internet
Peer at an
ExpressRoute
location, an Exchange Provider facility
Connection from a WAN provided by Network Service Provider.
Azure becomes another site on the customer’s WAN network.
Scenario 1: IPSec VPN over internet
Scenario
2: Exchange Provider
Scenario
3: Network Service Provider
Windows Azure
Customer DC
Virtual
Network - Compute only.
ExpressRoute
- Provides customer choice and include access to
compute, storage, and other Azure services.
Customer site
ExpressRoute
p
artner location
Windows Azure
Customer site 1
Customer site 2
Customer site 3
Windows Azure
WAN
Public
internet
Public
internet
Public
internetSlide17
Exchange Provider
Network Service Provider scenario
Customer
Tiers/pricing
Customer already using co-location facility; or wants to meet Azure at Exchange Provider location for a simple point to point connection
Connect to Windows Azure directly through a virtual cross connection
Higher flexibility
Control over routing
Place your hardware in the Exchange Provider’s datacenter
Throughput based tiers, data charges separate
Upto
10
GBps
Customer already getting managed WAN services (like MPLS VPN)
Connect to Windows Azure through VPN provider
Easy to onboard
Use your existing VPN to connect to Azure
Access from any site
Throughput based tiers (with unlimited data)
Connection speeds of up to 1
GBps
Two flavors of
ExpressRoute
Customer site
ExpressRoute
p
artner location
Windows Azure
Customer site 1
Customer site 2
Customer site 3
Windows Azure
WANSlide18
ExpressRoute Partners
Exchange Provider
Network Service Provider scenario
Customer site
ExpressRoute
p
artner location
Windows Azure
Customer site 1
Customer site 2
Customer site 3
Windows Azure
WAN
Public
internet
Public
internetSlide19
ExpressRoute and Exchange ProvidersSlide20
Equinix
and ExpressRoute
Secure and private
Consistent throughput
Flexible and dynamic
Reduced provisioning times
e
quinix
c
loud exchange
1G Bandwidth
1G Bandwidth
10
G BandwidthMicrosoft managed ExpressRoute
Seamless
automated provisioning
Customer
cage
Customer
cage
Customer
cageSlide21
2. Customer requests connectivity through Exchange Provider
1. Customer
signs up for
ExpressRoute
3. Customer get s-key
IXP
Customer Experience : Exchange Provider Workflow
Customer
Microsoft
Windows
Azure
Exchange Provider
4. Customer passes s-key & other details
5. Customer configures routing
6. Customer links services
Customer signs up for
ExpressRoute
Signs up for a Windows Azure subscription
Signs up for
ExpressRoute
service
Customer requests connectivity through Exchange Provider
Customer provided with list of connectivity providers, locations, and supported bandwidths
Customer selects best option and makes a request
Customer receives a service key (s-key) in response to the request
Customer configures routing between their premises and Azure
Customer sets up 2 pairs of BGP sessions (one for public peering and one for private peering)
Customer specifies IP subnets for BGP sessions, AS number and MD5 hash (optional)
Customer links services
Links virtual networks to private peering BGP sessions
Connectivity to public peering services and NAT enabled as soon as BGP session has been configured
Configuration complete
Customer connects to all Azure services via
ExpressRoute
circuit
Exchange Provider enables connection
for customer
Customer passes service key (s-key) and other details to Exchange Provider necessary to facilitate peering
Exchange Provider enables a pair of virtual
crossconnects
for customers per circuit
Exchange Provider sends confirmation to Microsoft (programmatically) and other customersSlide22
ExpressRoute and Network Service ProvidersSlide23
Extend your AT&T VPN to Windows Azure
*Storage will be supported
upon service launch
AT&T NetBond and Windows Azure ExpressRoute
seamlessly
integrate to allow you to
extend your MPLS VPN into Windows Azure isolating
your traffic from other cloud traffic
Storage*
Compute
Users
Internal IT
VPN access
–
Today:
fixed connections
Future:
on demand, self service, consumption
based connections
Private Cloud
VPN
VPN
Base or persistent loadsIT resources – on demand, self service, consumption based, dynamically scalable, logically isolated
Enterprise AEnterprise BWindows AzureSlide24
WAN
2. Customer requests connectivity through Network Service Provider
1. Customer
signs up for
ExpressRoute
3. Customer get s-key
IXP
Customer Experience : Network Service Provider Workflow
Customer
Microsoft
Windows
Azure
Network Service Provider
4. Customer passes s-key & other details
5. Customer links services
Customer signs up for
ExpressRoute
Signs up for a Windows Azure subscription
Signs up for
ExpressRoute
service
Customer requests connectivity through NSP
Customer provided with list of connectivity providers, locations, and supported bandwidths
Customer selects best option and makes a request
Customer receives a service key (s-key) in response to the request
Customer links services
Links virtual networks to private peering BGP session
Connectivity to public peering services and NAT enabled as soon as BGP session has been configured
Configuration complete
Customer connects to all Azure services via
ExpressRoute
circuit from WAN
NSP enables connection
for customer
Customer passes on service key (s-key) to
NSP along
with other details necessary to facilitate peering and routing
NSP enables
connectivity and configures routes for both public and private peering sessions
NSP
sends confirmation to Microsoft (programmatically) and customerSlide25
ExpressRoute PowerShell Commandlets
ExpressRoute
commandlets
Description
Get-
AzureDedicatedCircuitServiceProvider
Lists all ExpressRoute service providers including carriers and internet exchange points offering connectivity across all regions in Windows Azure.
Get-AzureDedicatedCircuitLists all ExpressRoute circuits and details of each circuit. Get-
AzureDedicatedCircuitLinkLists the link state of a particular virtual network and an ExpressRoute circuit.New-AzureDedicatedCircuit
Creates a new ExpressRoute circuit in a Windows Azure subscription. New-AzureDedicatedCircuitLink
Creates a link between an ExpressRoute circuit and a virtual network in the current Windows Azure subscription.
Remove-AzureDedicatedCircuitRemoves an ExpressRoute circuit.Remove-AzureDedicatedCircuitLinkRemoves the link between a Virtual Network and an ExpressRoute circuit.BGP Configuration commandlets
DescriptionGet-AzureBGPPeeringReturns an object with bgp configuration information of an ExpressRoute circuit.New-AzureBGPPeeringCreates a new BGP peering configuration for an ExpressRoute circuit.Remove-AzureBGPPeeringRemoves the routing configuration for an ExpressRoute circuit.
Set-AzureBGPPeeringUpdates a BGP peering configuration for an ExpressRoute circuit.Slide26
During public preview
Washington D.C.
Silicon Valley, CA
Additional locations coming soon
Locations:
ExpressRoute Locations
Global datacenters
ExpressRoute
locations
Public previewSlide27
ExpressRoute Pricing
Exchange Provider
Network Service Provider
Per month:
$12,000
Per month:
$7,200
Per month:
$1,800
Per month:
$1,200
Per month:
$600
1
Gbps
500 Mbps
100 Mbps
50 Mbps
10 Mbps
Tiers with hard caps on bandwidth + unlimited data transfer
Monthly fee with included data transfer
1Gbps Port +
15 TB included
egress
Per month:
$600
Free Ingress
Overage:
$
0.035/GB
Zone 1 $
0.07/GB Zone 2
10Gbps Port + 250
TB included
egress
Per month:
$10,000
Free Ingress
Overage:
$
0.035/GB
Zone 1 $
0.07/GB Zone 2Slide28
Windows Azure page for Networking services
Virtual NetworkExpressRoute
Tutorials and How To guides
Virtual networks and connectivity
ExpressRoute with Exchange Providers
Whitepapers
Windows Azure Network Security
ResourcesSlide29
Your Feedback is Important
Fill out an evaluation of this session
and help shape future events.
Scan the QR code
to evaluate
this session on your mobile device.
You’ll also be entered into
a daily prize drawing!Slide30
©
2014
Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.