VPN:
• Allows you to connect to a network securely.
• Some companies allow employees to work outside the
office, and connecting to a VPN allows them to get access
to network resources or internal company servers.
• Traffic travels encrypted over the public Internet
•
Establishes a secure tunnel from your computer to the
company network.
• VPN is also used to connect the networks of two offices
together
• Requires a Gateway device on both ends
With Azure, there are two types of VPN connections you
can establish from your network to an Azure virtual
network:
Point-to-site (P2S) and
Site-to-site (S2S)
Express Route:
Point-to-site (P2S):
single computer within your network that needs to connect with VM on Azure.
Not effective, if multiple servers are involved on-premise.
Certificate encryption is done for traffic.
Uses network protocol: SSTP (SEcure Socket Tunneling Protocol), which doesn't require physical hardware VPN device.
Site-to-site (S2S):
entire network can be connected with the Virtual network in the azure.
But this requires a Gateway device at our site to connect.
Direct internet traffic.
Connection might be slow as from single gateway.
Speed limit is 200 MBPS.
Uses network protocol: IPsec (IKE v1 and IKE v2).This type of connection requires a VPN device or RRAS.
Express Route:
Expensive: from 500 to 50k$ per month.
Very similar to Site-to-Site.
It is expensive and had covered many limitations of site-to-site.
It doesn't use the public internet even though it is encrypted.
It has a private fiber line(IXP-internet service provider) from companies like AT&T from the on-premise to Azure.
It is faster than P2S/S2S.
Basic : 500 MBPS
Standard: 1 GBPS
High performance: 2 GBPS
2nd option: We can have dedicated servers hosted at IXP instead of on-premise.
3rd option:MPLS -- mulitple cities and networks has connections from between all of them.
Azure acts like MPLS enpoint to all the networks.
What is the difference between Azure ExpressRoute and a normal site-to-site VPN?
1. ExpressRoute uses a direct connection to Azure and does not travel over the public Internet.
2. ExpressRoute is expensive to setup and maintain.
3. ExpressRoute is a much faster connection.
Azure Point to Site (P2S) - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-point-to-site-create
Azure Site to Site (S2S) - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-site-to-site-create
Azure ExpressRoute - https://azure.microsoft.com/en-us/services/expressroute/
ExpressRoute Technical Overview - https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
Configure a VPN Gateway to Connect to VNets - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
• Allows you to connect to a network securely.
• Some companies allow employees to work outside the
office, and connecting to a VPN allows them to get access
to network resources or internal company servers.
• Traffic travels encrypted over the public Internet
•
Establishes a secure tunnel from your computer to the
company network.
• VPN is also used to connect the networks of two offices
together
• Requires a Gateway device on both ends
With Azure, there are two types of VPN connections you
can establish from your network to an Azure virtual
network:
Point-to-site (P2S) and
Site-to-site (S2S)
Express Route:
Point-to-site (P2S):
single computer within your network that needs to connect with VM on Azure.
Not effective, if multiple servers are involved on-premise.
Certificate encryption is done for traffic.
Uses network protocol: SSTP (SEcure Socket Tunneling Protocol), which doesn't require physical hardware VPN device.
Site-to-site (S2S):
entire network can be connected with the Virtual network in the azure.
But this requires a Gateway device at our site to connect.
Direct internet traffic.
Connection might be slow as from single gateway.
Speed limit is 200 MBPS.
Uses network protocol: IPsec (IKE v1 and IKE v2).This type of connection requires a VPN device or RRAS.
Express Route:
Expensive: from 500 to 50k$ per month.
Very similar to Site-to-Site.
It is expensive and had covered many limitations of site-to-site.
It doesn't use the public internet even though it is encrypted.
It has a private fiber line(IXP-internet service provider) from companies like AT&T from the on-premise to Azure.
It is faster than P2S/S2S.
Basic : 500 MBPS
Standard: 1 GBPS
High performance: 2 GBPS
2nd option: We can have dedicated servers hosted at IXP instead of on-premise.
3rd option:MPLS -- mulitple cities and networks has connections from between all of them.
Azure acts like MPLS enpoint to all the networks.
What is the difference between Azure ExpressRoute and a normal site-to-site VPN?
1. ExpressRoute uses a direct connection to Azure and does not travel over the public Internet.
2. ExpressRoute is expensive to setup and maintain.
3. ExpressRoute is a much faster connection.
Azure Point to Site (P2S) - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-point-to-site-create
Azure Site to Site (S2S) - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-site-to-site-create
Azure ExpressRoute - https://azure.microsoft.com/en-us/services/expressroute/
ExpressRoute Technical Overview - https://docs.microsoft.com/en-us/azure/expressroute/expressroute-introduction
Configure a VPN Gateway to Connect to VNets - https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal

No comments:
Post a Comment