Hi Friends,
In this section, we will learn more about VPNs in azure. Below are the main point of VPNs.
-
A VPN is connection between your computer and a virtual network within azure or a whole network of computers and virtual networks within azure.
- You may be using a VPN now to connect to your work environment from your laptop to your office network.
- Now, its quite common setup and it has been there already for quite sometime now. The advantage of this is, you might have tons of data, services, files in azure, which you don’t want to transfer over open network.
- You could setup resources like network security groups, firewalls within azure to make it safe and secure.
- But, you can use VPN, which is pretty safe and secure to connecting to these device and then you are exposed to those resources as they are local to you.
- Now, the private part of VPN means the data between yourself and the remote network is encrypted. So, it does travel over public internet.
-
In order to achieve this, there must a client installed on your machine aka VPN client and remote virtual gateway. Below are the examples.
- Point to Site (P2S) VPN
- Site to Site (S2S) VPN
- Express Route
- Express Route Direct
- Point to Site VPN:-
- In this case, traffic from your computer will be sent over network into azure virtual network.
- You can have multiple P2S vpns, which means you can have VPN client, your co-workers can have same VPN client.
- This is temprorary nest to the connection but its not efficient. For long time usuage, its sometime, its a bit of inconvenience.
- Site to Site VPN:-
- S2S VPN is probably the answer to the above problem. If you can connect to entire office network into azure, all of these computers on office network can connect into the resources in azure. This means, its persistent.
- For this, you need a phycial VPN device on your office. So, either you already have a one and you need to set it up or you need to require one. And microsoft provides list of devices that they support.
- S2S supports redundancy, multiple gateways, active gateways. S2S is great for most of the cases, but it does run over the public internet where in there is some speed restrictions.
- Express Route:-
- Express Route is a private connection, between your location and azure using IXP aka exchange provider.
- This means you are still encrypted but you are running private fiber network.
- You do need to work with private communication provider to set it up.
- Basically, its extremely fast and also expensive.
ExpressRoute Direct
- Express Route requires you to go to Internet service provider to connect to the azure network.
- But through direct, you can directly connect with Microsoft to apply to connect to their global Microsoft backbone.
- Microsoft has currently around 200 edge locations around the world which is outside the regions where VMs hosted.
- If we are close to any of these edge locations, we can just our servers directly on to the Microsoft networks through express routes.
- One of the advantages with this, we are going to get even higher speed.
- Speeds available are in the range of 10 Gbps to 100 Gbps.
- In this case, we get multiple circuits on one connection to support the speed.
- This kind of speed basically required for massive data ingestion. Let’s say, you have some big data services sitting in azure and you need that to be flowing from your network to azure on high speed. In those kind of scenarios, these kind of high speed is required.
- This means you are going to need these specialized hardwares which support these speeds.