1. 9/18/ :01 AM
Key elements of Office 365 connectivity strategy based on real-life examples
Konstantin Ryvkin Principal Architect
Office 365
Jeff Mealiffe
Principal Program Manager
Office 365
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. In lieu of introduction
9/18/ :01 AM
In lieu of introduction
This session is about “Enterprise Connectivity to Office 365”
Focused on strategies, not features
Emphasis on concepts, underlying trends and principles
Designed to make your Office 365 experience even better
Presented by Product Group engineers, who also work directly with customers
One of the few sessions (if not the only one) where every slide has a diagram
Other relevant sessions:
BRK3051: Get your enterprise network ready for Office 365
BRK1005: Best practices for optimizing Office 365 connectivity
BRK3029: Demystifying internet connectivity to Skype for Business Online and Microsoft Teams
BRK3387: Meet up with the Office 365 networking team
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Why connectivity is important
Same Office 365 service often yields different customer experience in
Performance
Availability
Interoperability
Scalability
Complexities to connect and consume
In many cases customer connectivity is the driver for these deltas
Customers report
Connectivity is the leading cause of their performance concerns with Office 365
Network being a bottleneck or blocker to fast onboarding into Office 365
Single failures in the customer network affecting Office 365 availability for broad set of users
A 3rd party network solution which optimized connectivity for on-premises Exchange and Sharepoint, causes interoperability issues with Office 365
Enterprise customers are often challenged to select the best match between connectivity options and public cloud services, specifically Office 365

4. Why connectivity strategy
Cloud changes the fundamentals of services, data access and connectivity
Many legacy network architectures don’t scale for the cloud
Enterprises redesign networks for cloud readiness and Office 365 is often a trigger
Multi-cloud agility and unanticipated adoption remain key concerns
Successful connectivity strategy turns network from a bottleneck into cloud enabler and remains future proof and aligned with the cloud evolution and innovation 1 2 3

5. Enterprise connectivity challenge
9/18/ :01 AM
Enterprise connectivity challenge
Consumer/SMB
Enterprise Last Mile
Enterprise
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6. What’s your cloud strategy made of – SaaS, PaaS, IaaS?
Cloud Ready Customer Network Connectivity Common strategy, common infrastructure investments, differentiated setup
IaaS
SaaS
SaaS
PaaS
Customers (IT professionals) build their own solutions
Customers (users) consume finished applications
Focused on customer specific solutions within an organization’s boundaries
Focused on pre-built user collaboration experiences within and across organization boundaries
Location specific (virtual datacenter) cloud experience – customer decides where to put it
Highly distributed (not location specific) cloud experience across many apps – gravitates where the users are
Tenant concept is at the (virtual) infrastructure and network level
BYON (Bring/Build Your Own Network) in the cloud
Tenant concept at the application level. Cloud network is pre-build and optimized for collaboration and global reach
Design and customize your own network within IaaS
Understand and align with SaaS network

7. SaaS connectivity trends
9/18/ :01 AM
SaaS connectivity trends
SaaS disrupts traditional connectivity models
Security controls move from network into applications and the Cloud
Internet to the Cloud becomes shorter
Diversity of connectivity options increases
Internet connectivity itself is moving to the Cloud
SaaS
MPLS
ISP 2
ISP 3
ISP 4
ISP 1
Internet
ISP 2
ISP 3
ISP 4
ISP 1
Internet
SD-WAN
WAN
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

8. Core Services and Endpoints
9/18/ :01 AM
Office 365 Ecosystem
Office 365 workloads and micro services based distributed architecture
Richer collaboration drives expanding set of features and endpoints
Connectivity pivot: Enable/Permit (all) vs. Optimize (some)
Exchange Online
SharePoint Online and ODfB
Skype for Business
Microsoft Teams
Exchange Online Protection
Office Online
Azure Active Directory
Other Office 365 Services
CDNs
System Services
Other Microsoft Cloud Services
3rd Party Cloud Services
Core Services and Endpoints
Auxiliary Services and Endpoints
Core Servic es
Customer Connectivity
# of Endpoints and Services
95%+ of network demands
aka.ms/o365ip
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Latency - main currency in the world of cloud performance
Once spent you don’t get it back
What accumulates latency? Network path distance and app processing overhead
End-to-end latency = customer controlled latency [1, 2, 3] + cloud latency [4]
Lots of engineering investments at multiple levels to optimize latency into and within the Cloud 4
Microsoft Global Network 2
Customer Network 1 3
Egress & Security Stack
WAN
Service Front Door
Network POP

10. Office 365 - Service Front Doors
Front Door concept many different names [AFD, Front End, CAFE, Relay Server, CDN]
User connects to workload specific Service Front Doors via URL/IP
The goal of the Service Front Door is to optimize user experience
Front Doors use variety of technology stacks and methods to connect users
Application discovery, Geo DNS, Anycast DNS, Anycast TCP [see BRK1005 for details]
Design may change over time, but the goal stays the same
Direct users to the closest set of Service Front Doors for any given workload
Match DNS resolution plane with Data plane for Office 365 traffic
DNS  
Microsoft Global Network
Customer Network
Egress & Security Stack
WAN
Service Front Door
Network POP

11. Office 365 connectivity architecture and strategy
9/18/ :01 AM
Office 365 connectivity architecture and strategy
Microsoft Global Network (AS8075): Presence | Peering | Backhaul
Distributed Service Front Door infrastructure
Intelligent content and business logic placement
Office 365 cloud becomes closer and closer to end users
35+ datacenters
100+ locations
2500+ networks @ 150+ peering locations
Microsoft Global Network
Network POP
Service Front Door
Customer Network
WAN
Egress & Security Stack
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. Office 365 connectivity architecture and strategy
9/18/ :01 AM
Office 365 connectivity architecture and strategy
Microsoft Global Network (AS8075): Presence | Peering | Backhaul
Distributed Service Front Door infrastructure
Intelligent content and business logic placement
Q: What can you do to align with Office 365 strategy and fully take advantage of these investments
A: Egress Office 365 data traffic locally with matching DNS name resolution
Customer Network
Miami, FL
ISP
Service Front Door
Orlando, FL
Estimated User to Front Door RTT (EXO example)
ISP
Service Front Door
ISP
Washington DC
~65ms
~25ms
Service Front Door
San Francisco, CA
San Jose, CA
~5ms
~5ms
Service Front Door
Service Front Door
~85ms
Seattle, WA
ISP
Microsoft Global Network
Seattle, WA
* Data at rest remains within tenant specific geo/compliance boundary
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. Microsoft Global Network and Office 365
9/18/ :01 AM
Microsoft Global Network and Office 365
Main Office 365 connectivity principle: enable shortest possible (local egress) path from the user into the nearest Microsoft (AS8075) peering location
“Every different way we ran our Exchange performance test scenario, going to Microsoft network as quickly as you can was the best thing you can possibly do.”
Gary Steere GSX Solutions
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

14. Microsoft Global Network
9/18/ :01 AM
Show of hands
When it comes to network connectivity for Office 365 my company currently does:
Local Egress with matching DNS resolution plane
Local Egress without matching DNS resolution plane
Remote Internet Egress through on-premises datacenters
Private/Dedicated connectivity into specific Microsoft peering locations
“I didn’t realize that these options make such a difference, but now that we discussed it I will go back to my network team and report back!” 4
Customer Network
ISP 3
Service Front Door
ISP
Service Front Door 1 2
Service Front Door
Service Front Door
ISP
Microsoft Global Network
* Data at rest remains within tenant specific geo/compliance boundary
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

15. 9/18/ :01 AM
Trust
WAN
Trusted services and simpler to connect to and they generally perform better for users
Office trusted service, not the Internet
Broad and expanding set of security, privacy and compliance features
Evaluate Office 365 security features focusing on outcomes, not implementation
Consider the scale vector
Differentiate Office 365 traffic when needed [e.g. outbound vs. inbound]
Bypass high impact duplicate network security layers for features and outcomes provided natively by Office 365
Check with your network/security vendor for support of automatic Office 365 traffic identification and whitelisting
Level of trust
Compensating Overhead /Cost, Complexity, Latency/
Content Gateways
B&I RO Proxy
Proxy/SWG
AFW/NGFW
B&I RW Proxy
L4&DNS FW
Strong encryption in transit (TLS), DDOS protection, Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), Advanced Threat Protection (ATP), Customer Lock Box,Advanced Security Management, Anti-Virus, Secure Score, Threat Intelligence, Advanced Data Governance, Regional Data Residency, Conditional Access, Tenant Restrictions, Activity APIs, Customer Controlled Keys, Vulnerability Scanning, Intrusion Detection, Encryption at Rest, Zero Standing Rights, Certifications ( ISO, SOC, FEDRAMP, FISMA, ..), Go-local and Sovereign Clouds, eDiscovery, Regulatory Hold, Audit Logs, Next Gen Privacy …
O365
Generic Internet Site
Verifiably Trusted Application
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

16. Internet connectivity is also moving to the cloud
9/18/ :01 AM
Internet connectivity is also moving to the cloud
Major industry trend driven by network/security ISVs
Having another cloud on the critical path of your Office 365 user experience may have a big impact on performance, availability and interoperability and can undo many Office 365 connectivity investments
Critical factors: Overall architecture of the offering, physical characteristics [such as locations, peering, proximity to end users and the edge of Microsoft network] as well as ability to identify and whitelist Office 365 traffic
Use Office 365 connectivity principles to evaluate network and security cloud offerings
If risk of impact or uncertainty is high, bypass 3rd party clouds for Office 365 data traffic via direct (local) egress
Customer Network
ISP
Service Front Door
Microsoft Global Network Office 365
3rd Party IaaS/Security Cloud  !
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

17. Microsoft Global Network Office 365
9/18/ :01 AM
A word about SD-WAN
New approach for branch office connectivity - transport neutral, business-centric or application-centric approach through network wide orchestration
Adds application and flow awareness to the network and can select the best path from application performance, availability, cost and other angles
Can help customers fulfill ‘local egress’ and ‘trusted application' principle from branch directly connectivity into Microsoft Global Network
Several SD-WAN solutions developed native and automatic awareness of Office 365 flows based on the endpoint information Microsoft provides
Customer Network 3
ISP
Service Front Door
SWG
SD-WAN Edge
MPLS 2
ISP
Service Front Door 1
LTE
Service Front Door
Service Front Door
SD-WAN Edge
ISP
Microsoft Global Network Office 365
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

18. Impact of enterprise connectivity on availability
9/18/ :01 AM
Impact of enterprise connectivity on availability
Office 365 is hyper focused on uptime and availability
Customer connectivity is a big part of the equation to ensure that Office 365 uptime is translated to users without significant loss
No individual SLAs or uptimes would compensate for daisy chains and single point of failure
Call to action: account for resiliency (including geo-) and availability in your connectivity strategy from day 1
NSP
O365
99.99%
End-to-end: 99.95%
ISP 2
99%
ISP 3
End-to-end: 99.99%  
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

19.   Summary: Office 365 Connectivity Principles
Identify and differentiate Office 365 traffic using Microsoft published endpoints data
Egress Office 365 data connections as close to the user as practical with matching DNS resolution
Avoid network hairpins and optimize connectivity directly into the nearest entry point into Microsoft’s network
Assess bypassing proxies, traffic inspection devices and duplicate security which is available in Office 365
Head Office
Branch Office
ISP
Microsoft Network 
Microsoft Network
ISP 
Internet
aka.ms/o365ip

20. 9/18/ :01 AM
Case Studies
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

21. Customer example #1 A lack of trust
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

22. Office 365 traffic is not “Internet traffic”
9/18/ :01 AM
Internet
Proxy
Office 365
Legacy Internet proxy infrastructure may not be suitable for Office 365 – consider scalability & performance
Office 365 traffic is not “Internet traffic”
Identify trusted traffic and consider proxy bypass
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

23. Customer example #2 A case of centralized egress
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

24. Microsoft Global Network
9/18/ :01 AM
Microsoft Global Network
Internet
Customer Wide Area Network
Office 365
Office 365
“Front Door”
Office 365
“Front Door”
Backhauling Office 365 traffic & hairpinning effect increases latencies & impacts link congestion
ExpressRoute may help resolve localized issues, not a solution for backhauling/hairpinning
Regional Internet egress solves latency & congestion issues
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

25. Customer example #3 A misplaced partner
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

26. Microsoft Global Network
9/18/ :01 AM
Microsoft Global Network
Internet
Customer Wide Area Network
New 3rd-party SWG
3rd-party
SWG
Office 365
Office 365
Front Door
Office 365
Front Door
3rd-party cloud solutions may not be well-aligned to Office 365 connectivity strategy
Critical to understand peering strategy of all cloud solutions in traffic path
Content break/inspect increases latencies
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

27. Thank You! We look forward to hearing back
Microsoft Ignite 2015
9/18/ :01 AM
Thank You!
We look forward to hearing back
&
© 2015 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

28. Please evaluate this session
Tech Ready 15
9/18/2018
Please evaluate this session
From your
Please expand notes window at bottom of slide and read. Then Delete this text box.
PC or tablet: visit MyIgnite
Phone: download and use the Microsoft Ignite mobile app
Your input is important!
© 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

29. 9/18/ :01 AM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.