Among all the offers that Microsoft’s “Azure” public cloud has, there is one that we rarely take into account: the direct connection between our data center or from our entire local network if we are a company with several locations, and the centers of data where the cloud is physically deployed, Azure ExpressRoute.
So that such a thing is needed if everything happens on the Internet anyway, or in the best case by a VPN between our infrastructure and Azure. In addition, it must be very expensive and complex to administer.
All these reasons, of course, come from the ignorance we have about the matter and the benefits it could bring us. In a world where our computing needs do not stop growing and diversifying, a direct connection has a growing place, as several companies are extending their data centers to public clouds.
But let’s look at three needs where a direct connection to the cloud brings a lot of value.
Perhaps the least valued and the most important of all needs. A direct connection with Azure, with the data traveling encrypted by known circuits without ever leaving the private network, without ever being able to be captured by a hacker, or any other malicious entity, increases the level of protection of our data by several magnitudes.
And not only that, we can deploy solutions where part of the information remains, for legal or security issues, physically stored in our infrastructure on land and allows us to be consulted directly from the cloud, traveling safely without ever compromising its integrity.
A web solution deployed in a highly scalable way can consult a database located on the other side of ExpressRoute, showing the necessary data, but not storing them on servers in the cloud itself. It allows solutions to process high volumes of information, consult the data, group them, relate them, or simply make calculations with them, without having to have a data repository in the cloud itself. Without compromising information security but allowing work with it.
When you deploy a solution in the cloud you always face the same problem, such as making it faster, consume less time and generally have a good response suitable for end-users. But the cloud, being on the Internet, is often unpredictable, if normally all traffic travels logically, it can happen, and it happens, that the data travels around the world before reaching the hired Azure region.
With Azure ExpressRoute, this cannot happen, the circuits are already traced and our data will pass through there, they will not be routed to wrong destinations due to a bad configuration on a router that we do not even know.
Of course, some may see a problem here. And what happens if the circuit falls? As always, if we want to be more secure we will apply for redundancy, instead of a circuit we will have two and the problem solved, it will be more expensive, but it will be more reliable as well. Unfortunately, you can’t have both at the same time.
As we see in the following scheme, ExpressRoute circuits are duplicated and each one carries the two types of Peering (private and public).
And the last advantage of Azure ExpressRoute over an Internet connection that we play here, is the speed we gain when using it. Under similar conditions the speed of connection to the cloud is higher, either because of the simple fact that the traffic from our facilities to Azure passes through fewer points than the Internet connection (in our test connection from a virtual machine in our headquarters in Argentina to another virtual machine in the Azure Data Center in Virginia there are only 5 jumps). In addition to not being at the mercy of sudden changes of routes, or going through poor or saturated equipment.
Types of Pairing (Peering)
We do not want to end this article without pointing out an important concept within Azure ExpressRoute, the type of pairing. There are two types of pairings in Azure; the private pairing and the pairing of Microsoft.
This type of pairing is designed to connect an IAAS service, basically virtual machines and PAAS that are implemented in a virtual network. It is a reliable extension of the main Azure network. Two-way connectivity can be configured between the main network and Azure virtual networks (VNet). This enables virtual machines and cloud services to be connected directly to private IP addresses.
It was designed to connect directly with the Office 365 data centers and with Azure PAAS services that are not implemented in a virtual network. Microsoft requires the client, or the provider of the connection, fixed public IP addresses to establish the connection. However, the Microsoft pairing assignment for Office 365 should be revised as it is granted only if necessary to comply with any legal regulation that says a direct connection is needed.
In conclusion, Azure ExpressRoute gives more speed to the cloud connection, ensures the integrity of the information and allows predictable speeds and circuits.
Learn more about the Azure solution by clicking here.
Convergia’s Senior Cloud Director, more than 30 years in technologies and systems market.
Cloud Architect, Application Developer, Database Designer, Project Manager in a wide variety of business applications. Particularly interested in function and microservices based developments using Microsoft .Net technologies. Always interested in migration projects to .Net Framework.