ExpressRoute and VPNs in Azure

In this edition of Azure Every Day, I’d like to discuss networking and interacting between your data center and Azure. Two options you have are ExpressRoute and VPNs and I’d like to point out some reasons why you may choose one option over another or use a combination of both.

Let me start with a quick overview of what these components are and where they may fit strategically in your organization.

Overview of VPNs

First, let’s look at VPNs, which support a couple types of interaction and run over public internet. One VPN gateway is site to site integration, meaning you plug your data center into Azure on a VPN and have them trust each other. This is a common way to start out with Azure.

Or you can use a point to site gateway, which means you want to take your laptop and have it secured using a VPN into Azure and both these VPNs are supported across the platform. Which you choose depends on what makes sense for you. If you have a mobile workforce, you may need to do a lot of point to site work, for instance.

Overview of ExpressRoute

ExpressRoutes, unlike VPNs, run on dedicated private network fiber. To make ExpressRoute happen, you’ll need a connectivity partner (like AT&T or Verizon) to provide the private fiber connection between your assets and the Azure cloud. ExpressRoute is appealing from both a performance and security standpoint, but it’s not always something you can easily scale out due to cost implications and there’s more work involved.

Check out Azure Data Week coming in October 2018

Comparing ExpressRoute and VPN

Let’s look at some comparisons:

  • SLA – VPNs and ExpressRoute run 99.95% SLA in most cases.
  • Bandwidth – ExpressRoute offers a wide range of connectivity options as it ranges from 15 megabytes/second to 10 gigabytes/second. VPNs are more limited, ranging from 100 megabytes/second up to 1.25 gigabytes/second. But this is changing as Microsoft is constantly working to improve the capabilities of both.
  • Security – To keep your data secure, VPNs use IPSec and IKE protocols and are typically fine for doing anything you want to do. But if you have a requirement or security that says your data can’t be pushed over the public internet, you would need to go to an ExpressRoute.
  • Third Party Access – With ExpressRoute you can access some hosting organizations, like Rackspace, and take advantage of connections within their data centers.
  • Office 365 – ExpressRoute allows you to take advantage of using some co-locating capabilities to do ExpressRoute connectivity to Azure and it will also cover Office 365.

Bottom line is, because of the complexity and cost of all these scenarios, it’s common to leverage multiple types of connectivity to Azure based on your needs for your business. You need to keep in mind all factors, such as security, performance and SLA capabilities. VPNs can be turned on quickly, where using ExpressRoute will take a lot more work to implement.

Choose wisely to make the best, most cost-effective choice for your organization which meets your business requirements and needs.

Advertisements