I had spent a fair amount of time trying to understand the various options available to extend a datacenter to Microsoft Azure. In this article I’ll be covering the different options we have to extend a datacenter to cloud. Each of this deployment methods has various challenges and ways of implementation, I will be covering those in a later blog. This one gives a basic idea about the options available.

Azure hybrid cloud solutions is one of the best cloud computing services available in market today. It is considered highly reliable and stable platform on which organizations can invest and deploy instantly with couple of mouse clicks. Here we will be discussing the various roadmaps or possible ways to extend an existing datacenter to Microsoft Azure. Extending the datacenter to Microsoft Azure can increase the reliability ,performance, productivity and capability while saving time and effort. Imagine organisations running a datacenter hosting thousands of machines, in a collocation model or by proving Infrastructure as a service. Let’s say 95% of the datacenter resources and space are utilized, now your company is getting a billion dollar business which will require another hundreds or thousands of machine to be hosted. If the organization fails to meet the requirements say space, hardware, power etc in the limited time frame, there is a large chance of losing the deal. Here Azure helps to extend the datacentre capability without huge investment and time lag in the project. All Virtual machines in Azure can be connected to your on-premise datacentre infrastructure to deliver enterprise grade experience.  Azure easily integrates with your existing IT environment through the largest network of secure private connections, hybrid database and storage solutions, and data residency and encryption features. There are basically three ways how you can extend a datacenter to cloud.

  1. Site-to-Site VPN.
  2. Point-to-Site VPN.
  3. Private high-throughput connectivity or Express Route.

1. Site-to-Site VPN


In general if someone ask me what is Site-to-Site VPN, I would say it is a simple way to connect your every pieces of corporate network without really installing the vpn client individual machine. In site-to-site, VPN clients send and receive TCP/IP traffic through a VPN gateway without installing any client vpn applications. The VPN gateway encapsulates and encrypts outbound traffic, and send it through a VPN tunnel over the Internet, to a peer VPN gateway at the target site. The peer VPN gateway strips the headers, decrypts the content, and delivers the packet to the target host inside its private network. The most prominently used secure tunneling protocol in site-to-site VPNs is the IPsec Encapsulating Security Payload (ESP). A plain Windows Server 2012 with RRAS (Routing and Remote Access) enabled can be used to create the VPN connection with Windows Azure Virtual Network, instead of using a hardware VPN device. One can always use a supported hardware VPN device also if there is already own one. One can also specify IPsec ESP NULL encryption with route-based and High Performance VPN gateways. Null based encryption does not provide protection to data in transit, and should only be used when maximum throughput and minimum latency is required.


2. Point-to-Site VPN:

This is a certificate based VPN solution where individual machines can directly connect to Microsoft Azure network gateway by producing a certificate issues to the device. Point-to-Site is an perfect solution when you want to connect to your Virtual network from a remote location or when you only have a few users who need to connect to a virtual network. Point-to-Site connections neither require a VPN device nor a public-facing IP address to work.



Note: It’s important to know that Azure currently works with two deployment models: Resource Manager and Classic model. I will be discussing in details about each of these models in my upcoming posts. It is the resource providers that differentiate the two models here.

For now just keep in mind that the Point-to-Site VPN can be achieved using two models, that is Classic and Resource Manager. (Will be discussing in future posts)

3. Express Route:

ExpressRoute enhances the service by ensuring customers can access the cloud with heightened security and guaranteed performance from all over the world. Azure ExpressRoute lets you create private connections between Azure datacenters and infrastructure on your premises or in a collocation environment. ExpressRoute connections don’t go over the public Internet. They offer more reliability, faster speeds, lower latencies, and higher security than typical Internet connections.


To make use of Express Route, establish connections to an Exchange provider facility, or directly connect to Azure from your existing WAN network, such as a MPLS VPN, provided by a network service provider. Express route best for periodic data migration, disaster recovery,replication for business continuity and other high-availability strategies. It can be a cost-effective option for transferring large amounts of data, such as datasets for high-performance computing applications, or moving large virtual machines between Azure and your on-premises production environment. ExpressRoute lets you securely add compute and storage capacity to your existing datacenter. With high throughput and less latencies, Azure will feel like a natural extension to your datacenter, so you can enjoy the scale and economics of the public cloud without having to compromise on network performance.




ExpressRoute partners and peering locations


Resource Manager vs. classic deployment

Connecting Private and Public Clouds through Exchange Providers


Photo courtesy: Google Images


By Anoop Karikuzhiyil Babu

Started his career with Exchange 2003 as a Microsoft Support Engineer, later moved to Microsoft Enterprise Unified Communication Team as Premier Engineer. Post handling numerous Premier environments and deployments, currently settled as a Solution Architect for Messaging and Collaboration in United Arab Emirates largest Tier3 Datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *