When I talk with Customers about Microsoft Azure, I can usually gauge pretty quickly if they are ready to dive or not quite ready yet. Lets face it, if you are a die hard IT Pro who has been working On-Premises for the bulk of your career, starting to use “The Cloud” can be a little unnerving. That’s one of the reasons I always try to get something across from the start: Using public cloud resources should be an AND conversation, not a mutually exclusive OR conversation.
No one is trying to get you to drop and migrate all your resources out to “The Cloud”.
I started dabbling in Microsoft Azure a while back, when IaaS first came out. Things have changed a lot since then, lots of new functionality has been added and it’s getting easier and easier to use. I’ve started to think about it as simply “another” location I could use when I decide to deploy new virtual machines. What are your options for connectivity to these machines? You can abstract it out to 4 levels of connectivity:
- Remote Management only: When you spin up new systems in Azure – You control remote connectivity to the machine by modifying things called EndPoints. There are only 2 EndPoints that are open for remote management – an RPD session on a custom port and remote management port is open. End result, you can get into your machine and if there are multiple machines in your setup, they could have connectivity to each other.
- Point to Site VPN: I typically see this one as a quick and dirty connection method for a single machine that resides on premises to have unfettered access to the machines up in Azure. Think of this as either a development box or maybe a database server that you want to keep on-premises for whatever reason, but you want the machines in Azure to have two way communication back to it. Simple to setup, easy to manage. You configure this from the Azure portal and download the VPN client to run on the box.
- Site to Site VPN: Similar to the Point to Site, but it requires some additional setup. You have to define all the subnets you want connectivity to on premises and in Azure and then download a Gateway configuration script. It could either be a hardware router that need to setup on premises or it could be a configuration file that you can load into a Windows Server 2012 R2 RRAS server. The nice thing about this option is that connectivity is not limited to only one system. Any system that is within the network ranges you defined will be able to route it’s packets out to Azure and Back.
- ExpressRoute: This is the ultimate connectivity option if you plan on going full on Hybrid after trying out one of the other three options. This is a subscription service which can be enabled on your account that leverages an existing connection you have with one of our partner network providers. Our partner providers have direct connections to various Azure Regions, allowing for a direct connection from your network over their private lines into the Azure Datacenter. Your packets are never transmitted over the public internet – it all stays within the network of the provider or Azure Datacenter at a very high speed with minimal latency. This option comes in very handy when you have a large number of resources on premises that need connectivity without latency up to the Azure world.
I have had very good success using both the Point to Site and Site to Site VPN in smaller production rollouts or pilots / proof of concepts. When it comes to a more robust connectivity options, ExpressRoute is definitely the top tier solution.
Breaking news: We made some announcements at TechEd Europe this week – two additional European partners have been added to the ExpressRoute family (Orange and BT).