Dec 21, 2015
Internet ConnectivityTraffic Manager & DNSInternet Connectivity & Load Balancing
Virtual Network & Hybrid ConnectivityVirtual Network EnhancementsNetwork Security GroupsCross premises connectivity
Network Virtual AppliancesVirtual appliance platformDemos: Citrix & Riverbed virtual appliances
ExpressRoute
Agenda
Customer needs
AvailabilityPolicyEcosystem
Global presenceGlobal connectivityScale out
SeamlessPerformanceSecurity
EnterpriseGrade
HyperScale
Hybrid
The Big (Network) Picture
Internet Clients
On premises Datacenter
AzureVirtual Network
Frontend ConnectivityLoad-balanced and direct IPs
ACLs & DDoS protection
Traffic Manager & Azure DNS
Virtual NetworksFlexible multi-tier topologies
Backend ConnectivitySecure Internet cross premises VPN connectivity
ExpressRoute – direct connectivity
Internet connectivityTraffic Manager External EndpointsInstance Level Public IP (Preview)IP Reservation for VIPs
Intra-region communicationInternal Load BalancingIn-Region VNet to VNet
Cross-premises connectivityMultiple-Site VPNCross-Region Vnet to VnetExpressRoute
Previous TechEd NA Announcements
What’s New for TechEd EuropeInternet connectivity
Reverse DNS (PTR) SupportTraffic Manager Nested ProfilesInstance Level Public IP GASource IP-based AffinityTCP flow idle connection timeout
Virtual networkNetwork Security GroupPublic non-RFC1918 IPs in VNetILB for SQL Always On
Cross-premises connectivity
Forced Tunneling for IPsec VPNsExpressRoute Multi-Subscription Circuit SharingExpressRoute Multi-Circuit VNetHigh Performance VPN gatewayVPN/ExpressRoute Operation LogsIPsec VPN NULL encryption & PFS
Network Virtual Appliance
Multiple NICs per VMMAC persistence
NEW
Traffic Manager: DNS-based Load Balancing
www.yourapp.com
Performance - Direct to “closest” service based on network latencyRound-robin - Distribute equally across all servicesFailover - Direct to “backup” service if primary fails
—also included in other policies
Load balancing policies
Enable richer profiles with greater flexibility for large/complex deployments
Traffic Manager Nested ProfilesNEW
Level 1: Route to user’s nearest Geo (US, EU, ASIA)
Level 2: Route to nearest Region, with cross-region failover within the Geo
Level 3: Load-balance within the region, divert 1% for flighting
US West US East Europe North Europe West
Cloud Services
Example: Cross-region failover within a Geo, plus in-region flighting
Instance-Level Public IP GAInternet IP assigned to a single VM
Entire port ranges are accessible
Support applications with dynamic public ports; e.g., FTP, multi-media
Ideal for workloads with heavy outbound connections
Instance level public IPs
Internet
VM1 VM2
Cloud service
Reserved VIP
LB Microsoft Azure
GA
151.2.3.4
131.3.3.3 131.4.4.4
Source IP-based AffinityAll connections from the same Internet client IP to the same backend server
2-tuple/3-tuple hash
ScenariosApplications that require multiple connections to the same serverExample: media streaming to establish control and data channel to same backend server
NEW
Azure Load Balancer
Client 1
Client 2
VM Server Instance 1
VM Server Instance 2
VIP
Client 3
Increasing Idle Connection TimeoutConfigurable connection
timeout to VIPs
Idle connection timeout as high as 30 minutes
Better experience for mobile clients connecting to Azure
LB
Client
Idle Connection Timeout increased up to 30 minutes
Traffic to the VIP
Server 1 Server 2
NEW
Network Security Groups (NSG)Enables network segmentation & DMZ scenarios Access Control List
Filter conditions with allow/deny
Individual addresses, address prefixes, wildcards
Associate with VMs or subnetsACLs can be updated independent of VMs
NEW
Virtual Network
Backend10.3/16
Mid-tier10.2/16
Frontend10.1/16
VPN GW
Internet
On Premises 10.0/16
S2SVPNs
Internet
√ √
√ √
DMZ in a Virtual Network
Load Balancer
Internet
Web Proxy
App Servers
Database
VIRTUAL NETWORK
DMZ
InternalLoad
Balancer
DNS Servers
NSG
NSG
NSG
NSG
Multiple NICs in Azure VMsMultiple NICs enable virtual appliances in Azure
MAC/IP addresses persist through VM life cycle
Separate frontend-backend traffic, and management-data planes
Up to 4 NICs per VM
Azure Virtual Machine
NIC2 NIC1Defaul
t
Azure Virtual Network
FrontendSubnet
AppSubnet
BackendSubnet
Internet
10.2.2.2210.2.3.33 10.2.1.11
VIP: 133.44.55.66
NEW
Bring Your Appliances to the CloudBuilding blocks
Multiple NICsMAC address persistence
Appliance ecosystemBarracuda NG FirewallCitrix NetScalerRiverbed Steelhead, SteelApp, SteelStoreMore to come!
“Azure Certified”
© 2014 Citrix. Confidential.22
Services AnywhereWork Anywhere
1010SSL101SSL
Ap
p S
tore
Networking & Cloud Infrastructure
Windows Desktops
Windows & Mobile Apps
Data Sync & Sharing
Collaboration & Support
© 2014 Citrix. Confidential.23
Infrastructure & ServicesMobile Workspace
1010SSL101SSL
Ap
p S
tore
Networking & Cloud Infrastructure
Windows Desktops
Windows & Mobile Apps
Data Sync & Sharing
Collaboration & Support
Data
Desktops Collaboration
Apps
Personal
© 2014 Citrix. Confidential.24
Performance Offload SecurityAvailability
Citrix NetScaler OverviewMaking Applications Run 5x Better
• World-class load balancing
• Global Server Load Balancing
• Caching
• Compression
• Optimization
• TCP Connection Management
• SSL processing
• SSL VPN
• Application firewall
NEW
© 2014 Citrix. Confidential.25
40%reduction in bytes
30%reduction in Requests
~100% Faster Page Load Time
Advanced Application Acceleration
© 2014 Citrix. Confidential.27
NetScaler Unified Gateway
Web Apps Mobile Apps SaaS/Cloud AppsC/S Apps
Optimized delivery andthreat protection
Granular visibility and control
Seamless authentication& authorization
© 2014 Citrix. Confidential.28
NetScaler for Azure
Same NetScaler binary
Supports new Azure multi-NIC
Different interfaces in different zones
Microsoft Azure hybrid offerings
Cloud Customer Segment and workloads
Secure point-to-site connectivity
• Developers• POC Efforts• Small scale
deployments• Connect from
anywhere
Secure site-to-site VPN connectivity
• SMB, Enterprises• Connect to Azure
compute
ExpressRoute private connectivity
• SMB & Enterprises• Mission critical workloads• Backup/DR, media, HPC• Connect to all Azure
services
Forced Tunneling“Force” or redirect customer Internet-bound traffic to an on-premises site
Auditing & inspecting outbound traffic from Azure
Needed by many scenarios for critical security and IT policy requirements
NEW
Virtual Network
Backend10.3/16
Mid-tier10.2/16
Frontend10.1/16
VPN GW
Internet
On Premises
S2SVPNs
Forced Tunneledvia S2S VPN Internet
Gateway EnhancementsHigh Performance Gateway
Better throughputMore S2S tunnelsPricing
$0.49 per gateway hourData transfer & VNet traffic rates unchanged
No Encryption option
Better throughput for Vnet-to-Vnet within AzureIntra-/Inter-region Vnet-to-Vnet traffic stays within Microsoft networks, not Internet
PFS Support for IKE
Compliance requirements & better security
Operations LogsVisibility into critical gateway events
NEW
Gateway SKU
ExpressRoute Throughput*
S2S Throughput*
MaxTunnels
Default 500 Mbps 100 Mbps 10
Performance 1000 Mbps 200 Mbps 30
* Subject to traffic conditions and application behavior
Cloud on your WANTraffic flows directly from customer WAN to AzureReduces complexityProvides lower latency, higher bandwidth and greater availability
Azure
WAN
Corp HQ
Branch office 1
Branch office 2
Public internet
Customers want Azure on their network
IPsec VPN over InternetEncrypted data traverses Internet to reach AzureLimited bandwidth and higher availability
Azure
WAN
Corp HQ
Branch office 1
Branch Office 2
Public internet
ExpressRoute PartnersExchange Provider Network Service Provider
ExpressRoutepartner location
Publicinternet
Customer site
Microsoft Azure
Customer site 1
Customer site 2
Customer site 3
WANPublic
internet
Microsoft Azure
NEW
US• Atlanta• Chicago• Dallas• Los Angeles• New York• Seattle• Silicon Valley, CA• Washington D.C.
EMEA• Amsterdam• London, UK
APAC• Hong Kong• Singapore• Sydney• Tokyo
Locations
ExpressRoute Locations
• AT&T• British Telecom• Colt• Equinix• Internet Initiative Japan
(IIJ)• Level3• Orange• SingTel• Tata Communications• Telecity Group• Telstra• Verizon
Partners
Azure datacenters
ExpressRoute Locations (today)
New Locations and coming soon
Path Diversity for HA and DROne VNet can be linked to many circuits
Each circuit can be through different service providers in different locations
HA + DR = Active-active in 1 location + active-active in 2nd location
Aggregate Throughput determined by VNet Gateway size
North Europe
WestEurope
London Amsterdam
NEW
Sharing ExpressRoute ConnectionsShare an ExpressRoute circuit across other subscriptions
Circuit owner must authorize and can revoke
Owner gets billed for usageMicrosoft Azure
On-premises Network
Proxy / Interner edgeIIS Servers
AD / DNS
SQL Farm
Exchange
ExpressRoute
SQL DBStorage Websites
Marketing
AD / DNS
Monitoring
Sales
AD / DNS
R&D
AD / DNS
IT
AD / DNS
NEW
Enabling more enterprise scenarios
Enhanced network security, availability, performance, monitoring, and manageability
Expanded partnerships
Continued global expansion of ExpressRoute
In Summary
Breakout Sessions CDP-B229 Mark Russinovich and Mark Minasi on Cloud Computing CDP-B227 Introduction to Microsoft Azure Networking Technologies and What's New CDP-B333 Extending Your Network to Microsoft Azure Using ExpressRoute CDP-B209 Designing Hybrid Scenarios with Microsoft Azure CDP-B212 Microsoft Azure for Enterprises: What and Why CDP-B226 Introduction to Microsoft Azure Infrastructure-as-a-Service CDP-B356 What's New in Microsoft Azure IaaS and Roadmap CDP-B365 Hybrid Cloud Solutions with Microsoft Azure: For Architects
Hands On Labs CDP-H204 Introduction to Microsoft Azure Virtual Machines DBI-H308 Exploring Manual and Automatic Database Backup Using Microsoft Azure Storage in Microsoft SQL Server 2014
Related content
Come visit us in the Microsoft Solutions Experience (MSE)!Look for the Cloud and Datacenter Platform area TechExpo Hall 7
For more informationWindows Server Technical Previewhttp://technet.microsoft.com/library/dn765472.aspx
Windows Server
Microsoft Azure
Microsoft Azurehttp://azure.microsoft.com/en-us/
System Center
System Center Technical Previewhttp://technet.microsoft.com/en-us/library/hh546785.aspx
Azure Pack Azure Packhttp://www.microsoft.com/en-us/server-cloud/products/windows-azure-pack
Resources
Learning
Microsoft Certification & Training Resources
www.microsoft.com/learning
Developer Network
http://developer.microsoft.com
TechNet
Resources for IT Professionals
http://microsoft.com/technet
Sessions on Demand
http://channel9.msdn.com/Events/TechEd
Azure
Implementing Microsoft Azure Infrastructure Solutions
Classroomtraining
Exams
+
(Coming soon)Microsoft Azure Fundamentals
Developing Microsoft Azure Solutions
MOC
10979
Implementing Microsoft Azure Infrastructure Solutions
Onlinetraining
(Coming soon)Architecting Microsoft Azure Solutions
(Coming soon)Architecting Microsoft Azure Solutions
Developing Microsoft Azure Solutions
(Coming soon)Microsoft Azure Fundamentals
http://bit.ly/Azure-Cert
http://bit.ly/Azure-MVA
http://bit.ly/Azure-Train
Get certified for 1/2 the price at TechEd Europe 2014!http://bit.ly/TechEd-CertDeal
2 5 5MOC
20532
MOC
20533
EXAM
532EXAM
533EXAM
534
MVA MVA
Please Complete An Evaluation FormYour input is important!TechEd Schedule Builder CommNet station or PC
TechEd Mobile appPhone or Tablet
QR code
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.