ExpressRoute, site to site, and point to site will all connect your virtual network to your on-premises environment, but which one do you use? In this video, Sharon explains the differences and which one to use.
- [Teacher] One of the advantages of using Azure is you can treat Azure as your office, you can treat it as a branch location, or it can become an extension of your data center itself. We are going to explore our different connectivity options from on-premise to Azure. As you've heard me say over and over again, the trick to Azure is planning. And before we start jumping in, there's a couple questions that you'll want to ask yourself. To give you an idea, you'll want to ask yourself, do you need a dedicated non-internet connection? Do you already have a public IP because you might need one depending on your solution? And do you have remote users who need to connect in to your virtual network? Once you have laid out your needs and your wants, then you can start making the decision on the type of connectivity solution to connect on-premise to Azure.
Our first option is ExpressRoute. This is a dedicated, private connection from your location to Azure. Because it doesn't transverse the internet, it is secure, reliable and fast. And it is offered by regional carriers which leads us to our next point. It may not be available in all regions. Another consideration for ExpressRoute is not all services can use ExpressRoute. For example, if you want to use the Content Delivery Network, the Visual Studio Team Services load testing, Multifactor authentication, or Traffic Manager, you're going to have to look at another solution.
And the next logical solution would be a site to site connection. Here we connect our on-premise environment to the Azure network to our Azure virtual network using a VPN gateway. This would be typical for a hybrid deployment where we have some services in Azure, some services on-premise. This connection is made using a VPN tunnel that supports IPsec and IKE. The nice thing with Site to Site is multisite is supported. We may have several physical locations all connecting into our Azure virtual network and using those resources.
And the best part is it's seamless to our users. Our users in the office will not know if they're pulling data from Azure or locally on-premise. But there are some considerations. You can only have one VPN gateway per virtual network and all of the connections coming into that VPN gateway share the bandwidth. A VPN device is required on-premise. We'll be discussing the VPN device options a little later in the course. You're also going to need a public IP, so if you do not have one, you'll have to acquire one if you like to use Site-to-Site.
And finally, DNS will be required as well. You will not be able to use the Azure DNS that is provided. You will have to have a DNS server and that server will have to be configured within the Azure virtual network. And finally, we have a Point to Site connection. I always remember this one as this is for remote users. These are for our road warriors who don't sit in the office. They may be connecting from home, the airport, the hotel. They connect using a secure connection from their client using the secure Socket Tunneling Protocol. And they do not require a public-facing IP address.
But before implementing a Point-to-Site, there are some things you need to be aware of. First of all the clients must be running Windows 7 and above or Server 2008 R2 and above. I'm sorry my next line is not going to be a Mac. There is no Mac support. You're going to require certificate for your Point-to-Site connections, and the certificate can be self-signed or if you have an existing Certificate Authority solution in place, you can use that. And there you have it. Your three options for connecting your on-premise environment to Azure.
- Creating an Azure virtual network
- Creating a virtual network using PowerShell
- Deploying a VM into a virtual network
- Modifying IP addresses
- Working with Azure DNS
- Configuring NSGs
- Setting up load balancers
- Configuring Azure load balancers
- Creating an application gateway
- Setting up on-premises connectivity
- Adding gateway VPNs
- Validating VPN devices
- Configuring VNet
- Creating site connections