extending your premises to microsoft azure with virtual networks
TRANSCRIPT
Extending Your Premises to Microsoft Azure with Virtual Networks and ExpressRouteGanesh Srinivasan Jon OrmondAzure Networking Microsoft ITJai DesaiStorSimple
DCIM-B388
Virtual Networks and Connectivity
ExpressRoute
Microsoft IT and ExpressRoute
StorSimple and ExpressRoute
Agenda
Windows Azure hybrid offeringsCloud Customer Segment and workloads
Secure point-to-site connectivity
Virtual Network (Point-to-Site)
• Developers• POC Efforts• Small scale
deployments• Connect from
anywhereSecure site-to-site VPN connectivityVirtual Network (Site-to-Site)
• SMB, Enterprises• Connect to Azure
Compute• IaaS and PaaS workloads
Private site-to-site connectivity
ExpressRoute
• SMB & Enterprises• Mission critical workloads• Backup/DR, Media, HPC• Connect to all hardware
Virtual Network
<subnet X>
<subnet Y>
<subnet Z>
Virtual network Recap
DNS Server
Logical isolation with control over networkCreate subnets with your private IP addressesStable and persistent private IP addressesBring your own DNSUse Azure-provided DNSSecure VMs with input endpoint ACLs
Microsoft Azure
In-Region VNet to VNet
BackendVNet
Mid-TierVNet
FrontendVNetInternet
SecureCommunication
Microsoft Azure
Contoso US HQ Contoso East Asia
Connectivity between Virtual Networks
Multi-tier applications with strong isolation and secure cross-tier communicationVirtual networks may be in different subscriptions
Enables rich network topologies in the cloud
Multi-site VNet connectivityMultiple Site-to-Site connections
Multiple on-premises sites connect to same virtual network
Sites may be geographically dispersed
Connect up to 10 sites to a virtual network securely over IPsec
Connect to multiple
on-premises locations
Before
With multi-site Vnet Connectivity
VNet1US West
VNet2East Asia
One-to-oneconnection
VNet1US West
VNet2East Asia
Contoso NorthAm
HQ (10.0.0.0/16)Contoso NorthAm
HQ (10.0.0.0/16)Contoso East Asia
(10.3.0.0/16)
Cross-region VNet connectivityCross-region VNET connectivity to any Azure region
For HA and DR, customers create virtual networks in different Azure regionsScenario: SQL AlwaysOn sync to cross-region replicas
Connect to multiple on-premises
locations and to other VNets
Before
With multi-site and cross-region VNet to VNet
VNet1US West
VNet2East Asia
One-to-oneconnection
VNet1US West
VNet2East Asia
Contoso NorthAm
HQ (10.0.0.0/16)Contoso NorthAm
HQ (10.0.0.0/16)Contoso East Asia
(10.3.0.0/16)
Cross-subscription connectivityVirtual networks in different subscriptions can securely communicate using private IP addressesScenarios: Cross-division/dept. workload communication; B2B transactions in the cloud
Virtual Network VPN Ecosystem
ExpressRoute
Cloud on your WANAvoids risks from exposure to InternetAvoids complexity and added costsProvides lower latency, higher bandwidth and greater availability
Public Cloud
Private Netwo
rk
Customer DC
Customer site 1
Customer site 2
Public internet
Customers want Cloud on their networks
IPsec VPN over InternetGreater networking costs and higher latencyData traverses the Internet to reach public cloudLimited bandwidth
Public Cloud
Private Netwo
rk
Customer DC
Customer site 1
Customer site 2
Public internet
Security
Lower cost
Predictable performance
High throughput
What is ExpressRoute?
Connect your private network with Azure via secure, high-throughput, low latency connections bypassing the Internet
Azure
Private Networ
k
Customer DC
Customer site 1
Customer site 2
ExpressRoute
Enterprise workloads Dev/test lab BI/big data
Media Productivity apps
Storage, backup, and recovery
Hybrid apps
Virtual Network and ExpressRoute
Connect via an encrypted link over public internet
Peer at an ExpressRoute location, an Exchange Provider facility
Connection from WAN provided by Network Service Provider. Azure becomes another site on the customer’s WAN.
IPsec VPN over internet
Exchange provider
Network service provider
Customer DC
Virtual Network—Compute only.
ExpressRoute—Provides customer choice and includes access to
compute, storage, and other Azure services.
ExpressRoutepartner location
Customer site 1
Customer site 2
Customer site 3
WAN
Publicinternet
Publicinternet
PublicinternetCustomer site
Microsoft Azure
Microsoft Azure
Microsoft Azure
Exchange provider Network service provider scenario
Customer
Tiers/pricing
Customer already using co-location facility; or wants to meet Azure at Exchange Provider location for a simple point to point connection• Connect to Windows Azure directly through a virtual cross
connection• Higher flexibility• Control over routing• Place your hardware in the Exchange Provider’s datacenter• Throughput based tiers, data charges separate• Upto 10 GBps
Customer already getting managed WAN services (like MPLS VPN)• Connect to Windows Azure through VPN provider• Easy to onboard• Use your existing VPN to connect to Azure• Access from any site
• Throughput based tiers (with unlimited data)• Connection speeds of up to 1 GBps
ExpressRoute Flavors
ExpressRoutepartner location
Publicinternet
Customer site
Microsoft Azure
Customer site 1
Customer site 2
Customer site 3
WANPublic
internet
Microsoft Azure
ExpressRoute PartnersConnecting at an Exchange provider
Connecting via a Network service provider
ExpressRoutepartner location
Publicinternet
Customer site
Microsoft Azure
Customer site 1
Customer site 2
Customer site 3
WANPublic
internet
Microsoft Azure
ExpressRoute Bandwidth tiersExchange Provider ScnearioMonthly fee with included outbound data transfer.Unlimited inbound data transfer included
200 Mbps+
3TB/month
500 Mbps+
7.5TB /month
1 Gbps+
15TB /month
10 Gbps+
250TB /month
99.9% SLA
DedicatedCircuit uptime
Available Today• Washington D.C. • Silicon Valley, CA• London, UK
Coming Soon...• Additional sites in Europe,
Asia, and North America
Locations:
Global datacenters
ExpressRoute locations today
ExpressRoute locations
Customer ConnectivityAzurePublic services
Azure Compute
Azure Edge
Connectivity Provider
Infrastructure
Customer’s network
Customer’s dedicated connection
Traffic to public IP addresses in Windows AzureTraffic to Virtual Networks in Windows Azure
Public and Private peering
Contoso (10.0.0.0/16)
Exchange
AD/DNS
IIS ServersSQL Farm Proxy/Internet edge
Monitoring
ExpressRoute Circuit Microso
ft Azure
Storage SQL Websites
Direct internet trafficCross PremisesInternet bound
Azure service access
Contoso virtual networks/VMs
Azure public services
AD/DNS
Internet
Routing policy is customerchoice
2. Customer requests
connectivity through
Exchange Provider
1. Customer signs up for ExpressRoute
3. Customer gets s-key
Customer experience: Exchange provider workflow
Customer
Microsoft Azure
Exchange provider
4. Customer passes s-key and other details5. Customer configures
routing6. Customer links services
Customer signs up for ExpressRoute
Signs up for a Windows Azure subscriptionSigns up for ExpressRoute service
Customer requests connectivity through Exchange provider
Customer provided with list of connectivity providers, locations, and supported bandwidthsCustomer selects best option and makes a requestCustomer receives a service key (s-key) in response to the request
Customer configures routing between their premises and Azure
Customer sets up 2 pairs of BGP sessions (one for public peering and one for private peering)Customer specifies IP subnets for BGP sessions, AS number and MD5 hash (optional)
Customer links servicesLinks virtual networks to private peering BGP sessionsConnectivity to public peering services and NAT enabled as soon as BGP session has been configured
Configuration completeCustomer connects to all Azure services via ExpressRoute circuit
Exchange provider enables connection for customer
Customer passes service key (s-key) and other details to Exchange Provider necessary to facilitate peeringExchange Provider enables a pair of virtual crossconnects for customers per circuitExchange Provider sends confirmation to Microsoft (programmatically) and other customers
WAN
2. Customer requests
connectivity through Network
Service Provider
1. Customer signs up for ExpressRoute
3. Customer gets s-key
IXP
Customer experience: network service provider workflow
Customer
MicrosoftMicrosoft Azure
Network Service Provider
4. Customer passes s-key and other details5. Customer links services
Customer signs up for ExpressRoute
Signs up for a Windows Azure subscriptionSigns up for ExpressRoute service
Customer requests connectivity through NSP
Customer provided with list of connectivity providers, locations, and supported bandwidthsCustomer selects best option and makes a requestCustomer receives a service key (s-key) in response to the request
Customer links servicesLinks virtual networks to private peering
BGP sessionConnectivity to public peering services and NAT enabled as soon as BGP session has been configured
Configuration completeCustomer connects to all Azure services via ExpressRoute circuit from WAN
NSP enables connection for customer
Customer passes on service key (s-key) to NSP along with other details necessary to facilitate peering and routingNSP enables connectivity and configures routes for both public and private peering sessionsNSP sends confirmation to Microsoft (programmatically) and customer
ExpressRoute Demo
ExpressRoute and SharePoint DRActive DirectorySharePoint
WEB
Equinix – Silicon Valley
Active Directory
SharePoint App
F5 BIG IP Load Balancer
SharePoint App
SQL Witness
SQL Primary
SharePoint WEB
SQL Always On
AVSET: SPWEB AVSET: SPAPP SQL Replica AVSET: AD
ExpressRoute Circuit (1Gps)
Sync Commit for Auto-Failover
Domain Controller
Microsoft Azure - West US
ExpressRoute and Microsoft ITJon OrmondDirector MSIT NetworkingMicrosoft IT
100k+ Users on Office 365 Exchange110+
Modern Apps Delivered
300k System Center managed devices
180k+Users
40kMSIT Servers in On-Prem Data Centers
The Microsoft IT Environment
513Site locations (113 countries)
<10%LOB apps run in PaaS today
1m+Devices hit the Microsoft network
210kSharePoint Sites in the Cloud
1,300+LOB apps managed by IT
4.5m Remote connections/ month
75kMSFT employees on Yammer
80%LOB apps in Azure in 5 years
153kManaged Windows 8.1 Systems
200k+Unique devices connect to wireless/day
Enterprise First & Best Program
95%In the Cloud, WAP and Azure, in 5 years
21,470Wireless Access Points
2,302Routers
22gbSustained Internet Traffic
7,241Ethernet Switches
12,055Total Managed Network Devices
939SAN Switches
288Firewalls
131Load Balancers
>24M ft2Wireless Coverage
519Wireless Controllers
49,152Strands of Dark Fiber (Puget Sound Campus)
600Managed Circuits
9IT Datacenters
Network Infrastructure Services
Demo: Bridging Microsoft CorpNet and Azure using ExpressRouteJon Ormond
StorSimple and ExpressRouteJai DesaiWW TSP – StorSimpleMicrosoft Corporation
Storage Challenges Are BroadUntested Disaster Recovery
Primary Storage
Disk-Based Backup Storage
Tape Infrastructure and Management
Archival Storage
Replicated Storage for
DR
Offsite Facility for
Georesilience
Data Management Complexity
Backup IssuesData Growth and Footprint
Storage Today = Complex & Expensive
Equipment Sprawl
StorSimple Hybrid Cloud Storage Solution
Thin, ReducedSnapshots Cloud Snapshots Recover from Cloud
to any DCAutomated
Cloud-as-a-TierEnterprise
SAN Storage
Primary Storage
Disk-based Backup Storage
Tape Infrastructure & Management
Archival Storage
Replicated Storage for DR
Offsite Facility for Geo-resilience
Reduce storage TCO by 60-80%
Microsoft Azure
Cust
omer
DC
/ Exp
ress
Rout
e Pa
rtne
r Lo
cati
onStorSimple Overview
StorSimple connects Windows, Hyper-V and VMware servers to Azure Storage in minutes with no application modificationStorSimple Benefits• Consolidates primary, archive, backup, DR
thru seamless integration with Microsoft Azure
• Integrated data management and protection through tiering, de-dupe/compression, cloud snapshots
• DR testing and revolutionary performance for DR
Application Servers
Inactive Primary Data + Backup + Archive + DR
Speed of SSD/SAS
Warm data on SAS Local Tier
Most Active Data on SSD
StorSimple
Azure Public Storage
Microsoft Azure
LAN connection
ISP or ExpressRoute
ExpressRoute to Microsoft Azure• Predictable network performance (reliability)• High throughput (up to 10G)• Low cost of connectivity
Elastic, On-demand, Cost-effective
StorSimple E2E ArchitecturePublic
internet
Microsoft Azure
Azure Compute
Connectivity Provider
Infrastructure
Azure Edge
Dedicated connection
(Up to 10Gbps)
Traffic to public IP addresses in Microsoft Azure
Traffic to Virtual Networks in Microsoft Azure
ExpressRoute partner location
(Equinix)Customer
data center
iSCSI
Switch
VMs Eth NIC
Physical or Virtual servers
SwitchHost-
side NIC
Azure NIC
Virtual Router
Virtual Router
/ WAN
Public BLOB Storage
Note: MPIO configuration not shown. StorSimple supports MPIO
Demo: StorSimple in action
Microsoft AzureExpressRoute
StorSimple Use Case – File Shares/Archives
All applications
NAS
SAN
Primary Storage
Disk-based Backup Storage
Tape Infrastructure & Management
Archival Storage
Offsite Facility for Geo-resilience
Tier 1, Tier 2, Tier 3 data
• Primary storage & Cloud-as-a-tier• Integrated data protection• Automatic archiving• Disaster recovery• Cloud economics
FC/iSCSI
iSCSI
Applications using Tier 1
data
Tier 1 data
Tier 2 / Tier 3 data
Primary + Backup + Archive + DR
Existing and New Colocation Customers
Applications using Tier 2/ Tier 3 dataEx
pres
sRou
te
Part
ner
Loca
tion
Expr
essR
oute
Pa
rtne
r Lo
cati
on
StorSimple Use Case – Azure Compute
Microsoft Azure
Public BLOB Storage
Customer Data Center 1
Customer-owned
StorSimple
ExpressRoute Partner Location Equinix
ExpressRoute
Internet or ExpressRoute
Azure Compute
Virtual network
Customer Data Center 2
Internet or ExpressRoute
Deployment Scenarios• File shares• Collaboration
Public peering
Private peering
StorSimple Use Case – Disaster Recovery
Application Servers
StorSimple
Customer Data Center 1
Microsoft Azure
Public BLOB Storage
Customer Data Center 2
Customer DC
Disaster
ExpressRoute
Customer-owned StorSimple
ExpressRoute Partner Location Equinix
Internet or ExpressRoute 1. Data backup
(protection) using StorSimple cloud snapshots
Azure Compute
Virtual network
3. Customer spins up app in Azure VM
2. DR using StorSimple
4. Azure VM uses StorSimple for data storage
Internet or ExpressRoute
5. Customer productivity restored
Useful ContactsExpressRoute Sales: [email protected] StorSimple: [email protected]
DocumentationExpressRoute
Azure ExpressRoute overviewAzure ExpressRoute technical overviewAzure ExpressRoute FAQsAzure ExpressRoute API reference for customersAzure PowerShell cmdlet reference for customers
Case Study: MSIT Case studyStorSimple: http://microsoft.com/storsimple
Call To Action
What’s new in Windows Azure IaaSWhat’s new in Windows Azure NetworkingBuilding highly available and scalable applications in Windows AzureExtending your premises to Windows Azure with Virtual Networks and ExpressRouteExpressRoute: Connecting private and public clouds through Exchange ProvidersExpressRoute: Connecting private and public clouds through WAN providersSecurity and Windows Azure IaaSRunning your Dev/Test in Windows AzurePublic Cloud Security: Surviving in a Hostile Multitenant Environment Disaster Recovery and Windows Azure IaaSIaaS: Hosting a Microsoft SharePoint 2013 Farm on Windows AzureOracle in Windows Azure
Related Sessions
Come Visit Us in the Microsoft Solutions Experience!Look for Datacenter and Infrastructure Management
TechExpo Level 1 Hall CD
For More InformationWindows Server 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205286
Windows Server
Microsoft Azure
Microsoft Azurehttp://azure.microsoft.com/en-us/
System Center
System Center 2012 R2http://technet.microsoft.com/en-US/evalcenter/dn205295
Azure Pack Azure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
ResourcesLearning
Microsoft Certification & Training Resourceswww.microsoft.com/learning
msdnResources for Developers
http://microsoft.com/msdn
TechNetResources for IT Professionals
http://microsoft.com/technet
Sessions on Demandhttp://channel9.msdn.com/Events/TechEd
Complete an evaluation and enter to win!
Evaluate this session
Scan this QR code to evaluate this session.
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.