Azure Infrastructure – Connecting On-Premise Network to Azure

One of the challenges of Organizations migrating On-Premise resources to Azure is Security. 

  • How to transfer data securely over the Internet?
  • What are the Alternatives?

VPN Gateway

Virtual Private Network is a Private Interconnected which uses Encrypted Tunnel to communicate between 2 Private Networks.  The untrusted internet problem is resolved by Encrypting the communications.

VPN Gateway is similar to Virtual Network Gateway which allows Site-to-Site, Point-to-Site and Network-to-Network connections.

  • Site-to-Site connections allow On-premise datacenter to connect to Azure Virtual Networks
  • Point-to-Site connections allow User Devices connections to Azure Virtual Networks.
  • Network-to-Network connections allow Azure Virtual Network to other Azure Virtual Networks.

ExpressRoute

Azure ExpressRoute allows secured, dedicated, high-bandwidth connections between your On-Premises and Azure.  This will bypass the Internet and hence more secured.

Following are the Features of Express Route:

  • Layer-3 Connectivity
  • Faster Access due to Peering of Networks
  • More Security
  • Higher Bandwidth
  • Bypasses Public Internet
  • Available in all Locations
  • Office365 Connectivity through Microsoft Peering

Following are the Drawbacks of Express Route:

  • ExpressRoute Circuit which is a Physical Connection needs to be created from Internet Provider
  • Cost is More

Few ExpressRoute providers are listed below:

image

Virtual Network Gateway

Virtual Network Gateway is required to connect 2 Networks either as:

  • VPN
  • ExpressRoute

When to choose VPN Gateway?

Low Bandwidth requirements

Point-to-Site scenarios

Occasional Connectivity

Moderate Data Security

When to choose ExpressRoute?

Dedicated Connection Required

High Security for Data

Faster & Continuous Access

References

https://docs.microsoft.com/en-us/learn/modules/connect-on-premises-network-with-vpn-gateway/2-connect-on-premises-networks-to-azure-using-site-to-site-vpn-gateways

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-about-vpngateways#a-namep2sapoint-to-site-vpn-over-sstp