Embed Size (px)
Citation preview
Learn Best Practices to Use
Azure Networking for Your
Hybrid and Cloud-Native
Workloads
How do I ask a question?
If you have a technical or content-related question, please use the Q&A window
We will address the questions as they come in
Can I view this presentation after the webinar?
Yes, this presentation is being recorded
A link to the recorded presentation will be sent to the email address you used to register
Welcome
Meet our speakers
Mahesh Nayak
Principal Program Manager, Azure Networking
Wagner Mota
Senior Program Manager, Azure Networking
Agenda
1
2
3
4
5
Global network infrastructure
Hybrid connectivity options
Azure orbital
Q&A
+1000’s of enterprise customersAzure Networking
powers customers
Microsoft global network
61 Azureregions 165k+ miles of fiber +
subsea cables 175+Network
Edge sites 200+ Express Route partners 20k+ peering
connections
Azure Networking
Best performing
cloud network
Zero Trust-based
network security
Developer
ready
Best performing cloud network
175+ Network POPs placed within 25
milliseconds from 85% of GDP
Traffic runs on the Microsoft private global
network closest to the user with cold potato
routing, irrespective of geographies
Azure traffic between datacenters stays on
Azure network and does not flow over the
internet
99.05% of Azure inter-region pairs
beat the Internet*
*Claims based on the results from the ThousandEyes 2020 "Cloud Benchmark Performance" report. The findings are based on data gathered within and between multiple global regions of the five public cloud providers over a
four-week period.
Zero Trust based network security
All Azure DC-DC traffic encrypted by
default
A diverse set of network segmentation
controls available to create isolated
environments
Intelligent threat protection and secure
app delivery
Inter-AZ, Inter Region hosting architecture
for HA/DR
Developer ready
Networking support for micro services
based modern architectures
Turnkey network security to protect
applications against internet attacks
Built-in load balancing, scaling, and high
availability for application delivery
Build, protect, and monitor your
network infrastructure
Enable edge computing platforms and apps
Build, secure, and deliver application to
serve global user base
Enable remote users to access
internal resources
Connect on-premises
datacenter and branches to the
cloud
Secure network infrastructure
5G and edge computing
Secure global app delivery
Remote work at scale
On-prem and
branch connectivity
Azure Networking Services
Azure Networking
services for on-prem
and branch
connectivity
Azure ExpressRoute
Azure Virtual WAN
Azure VPN Gateway
Azure Peering Service
Azure Routing Preference
Azure Orbital
Azure ExpressRouteExperience predictable performance with a faster, private connection to Azure
Use Azure ExpressRoute to create private
connection between Azure datacenter and
your on-premises or co-location
infrastructure
• Predictable network performance and lower
latencies than public internet connection
• Bandwidth up to 10/100 Gbps Supported
• Enterprise-grade resiliency with availability
SLA
• ExpressRoute Direct, Local, and Global Reach
• Over 200 ExpressRoute partners, including
Satellite providers
Azure ExpressRoute Global ReachBuild your own cloud-based private, global backbone
Build cloud based virtual global backbone by
linking ExpressRoute circuits together
between your on-premises networks
• Connectivity from on-premises to on-premises
fully routed privately within the Microsoft global
backbone
• Can be a backup to existing network
infrastructure, or it can be the primary means to
serve enterprise Wide Area Network (WAN)
needs
• Microsoft manages care of redundancy, the
larger global infrastructure investments, and the
scale out requirements
ExpressRoute
in Tokyo
Local service
provider “XYZ”
ExpressRoute
in Silicon Valley
ExpressRoute
in Hong Kong
Local service
provider “ABC”
Microsoft
global
network
Service
Provider
in the US
Azure VPN GatewayConnect your infrastructure to the cloud
A virtual network gateway that sends
encrypted traffic between an Azure virtual
network and on-premises over the public
Internet, or between Azure virtual
networks.
• Deploy and access resources within your
VPN
• Supports multiple platforms, protocols, and
authentication mechanisms
• Configure once to access multiple resources
• Scale on-prem VPN by connecting it to
Azure
Internet
VPN-connected site
VPN-connected site
Point-2 site users
Microsoft backbone
Spoke Spoke
Hub
Internet edge Internet edgeInternet edge
Azure region
VPN gateway
On-premises and
legacy apps
Azure Virtual WAN
Brings networking and routing functionalities under a
single operational interface
• Brings together S2S VPN, P2S VPN, Express Route, VNET and
transitive routing under a single operational interface
• Use when you need to connect multiple on-prem sites, ROBO
locations, PoS sites, and cloud services
• Branch connectivity via connectivity automation provided by
Virtual WAN VPN/SD-WAN partners
• Intra cloud connectivity (transitive connectivity for Virtual
Networks)
• Transit connectivity for VPN and ExpressRoute
• Custom routing
• Security with Azure Firewall and Azure Firewall Manager Branch Branch Branch
VNet VNet
VNet
VNet
VNetVirtual WAN
Remote Users
ExpressRoute
Site-to-Site VPN
VNet Connection
Point-to-Site
VPN
SD_WAN
CPE
SD_WAN
CPE
SD_WAN
CPE
HQ/DC
Azure Peering ServiceInternet-first access to the cloud
Peering Service is a networking capability that
enhances customer connectivity to Microsoft cloud
services or any Microsoft services accessible via the
public internet.
• Best public routing (optimum route hops/AS hops) over
the internet to Microsoft cloud services for optimal
performance and reliability.
• Ability to select the preferred service provider to
connect to the Microsoft cloud.
• Traffic insights such as latency reporting and prefix
monitoring.
• Route analytics and statistics: Events for (BGP) route
anomalies (leak or hijack detection) and suboptimal
routing.
Routing preference for Public IP and StorageCurrently in preview
Cold Potato routing
• Performance optimized
• Route via the Microsoft Global Network
• Enters the Microsoft network closest to the user
• Stays on Microsoft backbone until it exits Microsoft
closest to the user
• Default network for all our networking services
Hot Potato routing
• Cost optimized
• Routes via the ISP network
• Enters the Microsoft network closest to the hosted
service region
• Exits Microsoft in the same region the service is hosted
Azure Orbital – Ground Station as a Service
Azure Orbital is a
managed service that
lets you communicate
to, control your
satellite, process data,
and scale your
operations directly in
Microsoft Azure
Ground segment operational efficiencies
Global CommunicationsEarth Observation
• Spacecraft Contact self-servicescheduling
• Direct Data ingestion into Azure
• Marketplace integration with 3rd
party data processing, image calibration services
• Integrated cloud modems for X, S, UHF bands or pick a certified cloud modem from marketplace
• Global expansion through 3rd
party networks
• Colocation of teleport in proximity of Azure Datacenters or interconnexion with 3rd party existing teleports
• Routing over global Microsoft network
• Internet breakout at the edge
• Traffic delivery to provider’s virtual network
• Ground Station digital transformation
• Integrated with workloads in Cloud
• 3rd party marketplace integration with modems, resource management, mission control services
• Routing from/to ground station over Microsoft global network
Azure Orbital - Scenarios
Azure Orbital – Earth ObservationGround Station as a Service – Customer workflow
Register a Spacecraft
Create a Contact Profile
Schedule Contact
1
2
3
Ground Station
Digitized Radio
Frequency
Azure Orbital
Vnet Gateway
Software
Radio
(Modem)
Contact
Scheduling
Orchestration
Software
Radio
(Modem)
Antenna
Control &
Tracking
Monitoring
Secure
Data Delivery
(VITA49)
D/Encryption
D/Encryption
D/Encryption Data processing pipeline
Tracking,
Telemetry &
Command
Azure
Storage
Data
Warehouse
X Band Payload
(VITA49)
S Band Payload and
Tracking & Control
(VITA-49)
Demodulated or Raw IQ
(Incl. X-band Wideband)
Orbital Virtual Network (GSaaP)
(Microsoft Owned)Customer’s Virtual
Network
Azure Portal Azure SDKCustomer Bring-Your-Own
or Azure Marketplace
Azure Orbital – Earth ObservationGround Station as a Service – High Level Architecture
Azure
Services
Customer
Satellite
X, S & UHF
Front End
Processing
Global, integrated backhaul to the cloud
Orbital Ground Station
(Provider or
Customer-dedicated)
Azure Services
Cloud-native network services
Provider leverages other Azure services to provide
managed services to their customers
Internet breakout
at the edge
Customer’s virtual
network in Azure
Customer’s on-
premise network
Provider’s edge
network in
another region
Azure Orbital – Global CommunicationsGround Station as a Service
Satellite providers can use Orbital & Azure WAN for global routing over Microsoft Global Network while
leveraging other Azure services to provide managed services to their customers
ExpressRoute Firewall
Firewall
ManagerVirtual
WAN
3P
MarketplaceDDoS
Orbital
Services
Provider’s Virtual
Network
Co-located at datacenter
or close proximity
Going beyond selling capacity – Managed Services model
Satellite network operators are also able to become network MSPs to help their customers adapt the
future cloud-based networks
Satellite provider
Azure
networking
services
Today
Azure
networking
services
Satellite providerMSP
Managed
MSP
Managed
Tomorrow
MSP
Managed
Example of managed Cloud Network Services: SDWAN, Firewall, WAN Optimization, ExpressRoute…
SES launch customer for GSaaS Communications
SES selected Azure Orbital for O3b mPOWER next generation MEO
communications system
Resources
https://aka.ms/network-skilling
Azure Networking skilling videos
What is Azure Orbital?
https://docs.microsoft.com/en-au/learn/modules/design-a-hybrid-network-architecture/
Design a hybrid network architecture on Azure
https://docs.microsoft.com/en-au/azure/networking/microsoft-global-network
About Microsoft global network
https://docs.microsoft.com/en-au/azure/networking/azure-orbital-overview
Thank you for joining us.
