Optimize your network for the cloud Microsoft 2016 5/9/2018 11:48 AM Optimize your network for the cloud Alejandra Hernandez Azure Infrastructure Consultant Ed Fisher Technology Solutions Professional © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Agenda Evolving your network Common elements of Microsoft cloud connectivity ExpressRoute Designing for Microsoft SaaS Designing for Azure PaaS and IaaS
Evolving your network 5/9/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Evolving your network for cloud connectivity TechReady 23 5/9/2018 11:48 AM Evolving your network for cloud connectivity Before the cloud LAN and WAN were the critical elements. Internet access was secondary. Network security was the security and the edge was the border. After the cloud Shift from on-premises datacenters to Internet connectivity, now critical for internal business operations. Shift from “four walls” security strategy to protecting identities and data. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Optimize connectivity and throughput to your edge Over the years, many organizations have optimized intranet connectivity and performance to applications running in on-premises datacenters. With productivity and IT workloads running in the Microsoft cloud, additional investment must ensure high connectivity availability and that traffic performance between your edge network and your intranet users is optimal. As more of your day-to-day productivity traffic travels to the cloud, you should closely examine the set of systems at your edge network to ensure that they are current, provide high availability, and have sufficient capacity to meet peak loads. Name resolution, packet inspection, egress, routing, peering, and proximity all can impact performance.
Common elements of Microsoft cloud connectivity 5/9/2018 Common elements of Microsoft cloud connectivity © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Areas of Networking Common to all Microsoft Cloud Services 5/9/2018 Areas of Networking Common to all Microsoft Cloud Services Intranet Performance Performance to Internet based resources will suffer if your intranet, including client computers, is not optimized. Edge Devices Devices at the edge of your network are egress points and can include NATs, proxy servers, firewalls, intrusion detection devices. Internet Connection Your WAN connection to your ISP and the Internet should have enough capacity to handle peak loads. You can also use an ExpressRoute connection for Azure and Office 365 Internet DNS A, AAAA, CNAME, MX, PTR, and other records to locate Microsoft cloud or your services hosted in the cloud. For example, you might need a CNAME record for your app hosted in Azure PaaS © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5/9/2018 ExpressRoute © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
TechReady 23 5/9/2018 11:48 AM With ExpressRoute Control through SP over entire traffic path from edge to Microsoft cloud edge. Predictable throughput and latency as it’s a dedicated path. Safe from Internet monitoring or packet capture and analysis from Internet users. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
With ExpressRoute Coexisting 5/9/2018 With ExpressRoute Coexisting https://azure.microsoft.com/en-us/documentation/articles/vpn-gateway-topology/ © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute connectivity models TechReady 23 5/9/2018 11:48 AM ExpressRoute connectivity models Any-to-Any Co-located Point-to-Point Ethernet Already using an IP VPN (MPLS) provider to connect your sites Datacenter located on your premises Already using a co-lo © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
ExpressRoute peering connections TechReady 23 5/9/2018 11:48 AM ExpressRoute peering connections Microsoft SaaS: Traffic to O365 and CRM Services, bidirectional initiated communication. Microsoft PaaS: Traffic to public IP addresses in Azure, unidirectional initiated communication from on-premises systems. Microsoft IaaS: Traffic to Virtual Networks, bidirectional initiated communication. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Applications and traffic flow: before Application locates the IP address of SharePoint farm using internal DNS Traffic is sent over the site-to-site VPN connection
Applications and traffic flow: after Application access the URLs of SharePoint Online Traffic is forwarded across ExpressRoute to proxy server in the edge Proxy server locates SharePoint Online IP address Proxy server forwards traffic back over to ExpressRoute connection. Hair Pinning
ExpressRoute and the Microsoft Network Non-optimal Regionally optimal Traffic from East Coast branch to Microsoft peering location must travel back across to the East US Azure datacenter. Use multiple ExpressRoute connections to regional Microsoft cloud peering locations
ExpressRoute Premium Globally distributed organizations 5/9/2018 ExpressRoute Premium Globally distributed organizations Access to any Microsoft datacenter on any continent from any Microsoft peering location on any continent Higher availability when a local ExpressRoute connection becomes unavailable © 2015 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Designing for Microsoft SaaS 5/9/2018 Designing for Microsoft SaaS © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Internet edge considerations
Recommendations Don’t route Internet traffic over the private WAN Use in-region DNS and Internet egress to get onto the Microsoft network as close to your users as possible Bypass the proxy when possible, ensure proxy capacity when not Ensure your ISP peers with us Use ExpressRoute when QoS is required for Office 365 and a network assessment confirms your end to end environment supports it
Designing for Azure PaaS and IaaS 5/9/2018 Designing for Azure PaaS and IaaS © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
PaaS: Determine Services for distribution of traffic 5/9/2018 PaaS: Determine Services for distribution of traffic Azure Application Gateway HTTP load balancing Cookie based session affinity SSL offload Azure Traffic Manager Failover Round Robin Performance © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Hybrid LOB applications in Azure IaaS TechReady 23 5/9/2018 11:48 AM Hybrid LOB applications in Azure IaaS © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5/9/2018 Resources © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Cloud Networking for Enterprise Architects TechReady 23 5/9/2018 11:48 AM Cloud Networking for Enterprise Architects aka.ms/cloudarchnetworking Steps you through optimizing your network's access to the Microsoft Cloud © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Networking investments Investment area SaaS PaaS IaaS Architect reliable, redundant Internet connectivity with ample bandwidth ü ü ü Monitor and tune Internet throughput for performance ü ü ü Troubleshoot Internet connectivity and throughput issues ü ü ü Design Azure Traffic Manager to load balance traffic to different endpoints ü ü Architect reliable, redundant, and performant connectivity to Azure virtual ü networks Design secure connectivity to Azure virtual machines ü Design and implement routing between on - premises locations and virtual ü networks Architect and implement load balancing for internal and Internet - facing IT ü workloads Troubleshoot virtual machine connectivity and throughput issues ü
Questions? Please use the microphones.
Please evaluate this session 5/9/2018 11:48 AM Please evaluate this session Your feedback is important to us! From your PC or Tablet visit MyIgnite at http://myignite.microsoft.com From your phone download and use the Ignite Mobile App by scanning the QR code above or visiting https://aka.ms/ignite.mobileapp © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
5/9/2018 11:48 AM Thank you © 2014 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.