When I talk with Customers about Microsoft Azure, I can usually gauge pretty quickly if they are ready to dive or not quite ready yet. Lets face it, if you are a die hard IT Pro who has been working On-Premises for the bulk of your career, starting to use “The Cloud” can be a little unnerving. That’s one of the reasons I always try to get something across from the start: Using public cloud resources should be an AND conversation, not a mutually exclusive OR conversation.
No one is trying to get you to drop and migrate all your resources out to “The Cloud”.
I started dabbling in Microsoft Azure a while back, when IaaS first came out. Things have changed a lot since then, lots of new functionality has been added and it’s getting easier and easier to use. I’ve started to think about it as simply “another” location I could use when I decide to deploy new virtual machines. What are your options for connectivity to these machines? You can abstract it out to 4 levels of connectivity:
- Remote Management only: When you spin up new systems in Azure – You control remote connectivity to the machine by modifying things called EndPoints. There are only 2 EndPoints that are open for remote management – an RPD session on a custom port and remote management port is open. End result, you can get into your machine and if there are multiple machines in your setup, they could have connectivity to each other.
- Point to Site VPN: I typically see this one as a quick and dirty connection method for a single machine that resides on premises to have unfettered access to the machines up in Azure. Think of this as either a development box or maybe a database server that you want to keep on-premises for whatever reason, but you want the machines in Azure to have two way communication back to it. Simple to setup, easy to manage. You configure this from the Azure portal and download the VPN client to run on the box.
- Site to Site VPN: Similar to the Point to Site, but it requires some additional setup. You have to define all the subnets you want connectivity to on premises and in Azure and then download a Gateway configuration script. It could either be a hardware router that need to setup on premises or it could be a configuration file that you can load into a Windows Server 2012 R2 RRAS server. The nice thing about this option is that connectivity is not limited to only one system. Any system that is within the network ranges you defined will be able to route it’s packets out to Azure and Back.
- ExpressRoute: This is the ultimate connectivity option if you plan on going full on Hybrid after trying out one of the other three options. This is a subscription service which can be enabled on your account that leverages an existing connection you have with one of our partner network providers. Our partner providers have direct connections to various Azure Regions, allowing for a direct connection from your network over their private lines into the Azure Datacenter. Your packets are never transmitted over the public internet – it all stays within the network of the provider or Azure Datacenter at a very high speed with minimal latency. This option comes in very handy when you have a large number of resources on premises that need connectivity without latency up to the Azure world.
I have had very good success using both the Point to Site and Site to Site VPN in smaller production rollouts or pilots / proof of concepts. When it comes to a more robust connectivity options, ExpressRoute is definitely the top tier solution.
Breaking news: We made some announcements at TechEd Europe this week – two additional European partners have been added to the ExpressRoute family (Orange and BT).
Last mile question: I have a roaming mobile LightSwitch application I want to implement in a rural area. I am looking for a configuration which would allow me to use a WiFi if it is available or cellular data if WiFi is not available. Do you know of any solutions in this space?
Sorry man – that’s a bit out of my area of expertise. One would think that it’s a matter of just doing an internet check, regardless of the network being used. As I mentioned – I’m an infrastructure guy, not really in the dev world – sorry.
Good thoughts, the 3rd option is just unique one never realises that option exists. Nice writeup!
Thank you sir… ExpressRoute is only available from select Datacenter regions, where our 9 partners have a point of presence. As I mentioned – it’s also not for the feint of heart – if you are already working with one of these partners for internet connectivity, you are probably well engaged and aware of the cost for their services.
You got a point!
Very Nice, just hope they will understand you.
Hi Rick, how about ExpressRoute availability in Canada?
I don’t have any insight into it’s available from a Canadian provider. ExpressRoute requires that you have a partner who’s Point of Presence is close to the Datacenter. Since there are currently no Datacenters in Canada, it kind of rules out people like Bell… That being said, I don’t know if it is worth exploring if these partners have PoPs in Canada and you could route through their networks to their US datacenter POP…
Good and Great Stuff – Pretty Clear.
Hi Rick,
You said RPD but you almost certainly meant RDP. 🙂
Good article too.
DOH! now I have to revisit. Thanks for the catch!
Dear Rick
My hard-disk died on me the other day. I am a writer who is now without word. I don’t even know my password to re-download. If you want to help me then that is all I require. All this cloud stuff is kind of beyond me, I just like to save stuff or email it to myself. You really need to simplify this stuff. I don’t like those “random subject” for “dummies” or worse “idiots” type tutorials though it is not entirely inappropriate for me in this instance. I think you should do an optional babysteps on this subject. You look tech savvy Rick and this stuff is over my head. I can’t even process it. If you are selling something start off with the benefits, why would I bother get a headache figuring this stuff out if I don’t ultimately need it. If you look at my account on word you’ll see I’ve hardly ever used cloud. Azure is a nice color blue to me, once again don’t really know what you are talking about. Though God bless with what you are doing we all need some of that, Gary
Thanks for the kind words Gary. I don’t quite understand what your issue is with a lost password for Word, as I am not aware of it requiring a password to be used. If this is something that I can help you with – shoot me a contact and I can try to help.
good