Inter-site Connectivity in Azure
The Azure product line was introduced in 2008 as a cloud platform comprising multiple interconnected services designed to develop and deploy .NET applications (a Windows programming language specific). It has grown to be a far bigger and more comprehensive platform than perhaps the first teams ever imagined.
Each service is designed to be a modular component that can plug into other Azure services, as well as (oftentimes) other external cloud or on-premise services. This highly modular design, combined with a software interface to build IT infrastructure rather than purchasing and configuring hardware, makes it the perfect modern solution to build end-to-end IT solutions for business.
Why Intersite connectivity?
Microsoft Azure Network Services offer the foundation for developing hybrid cloud solutions. It provides you with networking services to connect all of your applications, data, devices, and resources, both on-premise and in the cloud with a secure private connection. Having a connection between an on-prem and Azure cloud or between Azure cloud and other cloud providers enables the business to grow efficiently and thereby focus on generating more profits using the scalable and hybrid infrastructure.
Azure Intersite connectivity services
The services that provide connectivity between Azure resources, connectivity from an on-premises network to Azure resources, and branch-to-branch connectivity in Azure include Virtual Network (VNet), ExpressRoute, VPN Gateway, Virtual WAN, Virtual network NAT Gateway, Azure DNS, Azure Peering service, and Azure Bastion.
The most common type of connections using the above services are
VNet Peering
Virtual network peering enables us to connect two VNet in the same or across regions. If both of the virtual networks are in Azure and also within the same region, then you can use peering. Due to this, the workload in those virtual machines can communicate with each other.
- Once peered, the virtual networks appear as one, for connectivity purposes.
- Traffic remains private between VNet, it’s kept on Microsoft’s backbone network.
Two types of Vnet Peering:-
- Regional Vnet peering connects Azure virtual networks in the same region.
- Global Vnet peering connects Azure virtual networks in different regions.
Azure Network Gateways
A VPN gateway is a specific type of virtual network gateway, which is used to send encrypted traffic between an Azure virtual network and an on-premises location over the public internet. VPN gateway act as a middle man on both sides of the virtual networks. And if the workloads in those virtual networks need to communicate with each other, they will communicate via this encrypted channel of communication between the VPN gateways of both virtual networks.
This service is used for Point to Site and Site to Site connections.
Point to Site Connections
A Point-to-Site (P2S) VPN gateway connection lets you create a secure connection to your virtual network from an individual client computer. A P2S connection is established by starting it from the client's computer. This solution is useful for telecommuters who want to connect to Azure VNets from a remote location, such as from home or a conference. P2S VPN is also a useful solution to use instead of S2S VPN when you have only a few clients that need to connect to a Vnet.
Site to Site connections
A Site-to-Site VPN gateway connection is used to connect your on-premises network to an Azure virtual network over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel. This type of connection requires a VPN device located on-premises that has an externally facing public IP address assigned to it.
Vrtual WAN
Azure Virtual WAN is a networking service that brings many networking, security, and routing functionalities together to provide a single operational interface. Some of the main features include:
- Branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE).
- Site-to-site VPN connectivity.
- Remote user VPN connectivity (point-to-site).
- Private connectivity (ExpressRoute).
- Intra-cloud connectivity (transitive connectivity for virtual networks).
- VPN ExpressRoute inter-connectivity.
- Routing, Azure Firewall, and encryption for private connectivity.
Express Route
ExpressRoute lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. With ExpressRoute, you can establish connections to Microsoft cloud services, such as Microsoft Azure and Microsoft 365.
Connectivity can be from an any-to-any (IP VPN) network, a point-to-point Ethernet network, or a virtual cross-connection through a connectivity provider at a colocation facility. ExpressRoute connections don’t go over the public Internet. This allows ExpressRoute connections to offer more reliability, faster speeds, consistent latencies, and higher security than typical connections over the Internet.
References
Thanks for reading !
You can connect with me at https://www.linkedin.com/in/mubingirach/
