Hyper-scale Enterprise Grade Hybrid Azure compute regions Azure compute regions Microsoftconnectivity Azure datacenter regions Internet by country Microsoft’s network is one of the largest in the world Internet.
Download ReportTranscript Hyper-scale Enterprise Grade Hybrid Azure compute regions Azure compute regions Microsoftconnectivity Azure datacenter regions Internet by country Microsoft’s network is one of the largest in the world Internet.
Hyper-scale Enterprise Grade Hybrid Azure compute regions Azure compute regions Microsoftconnectivity Azure datacenter regions Internet by country Microsoft’s network is one of the largest in the world Internet users ■ 500,000,000+ ■ 100,000,000 – 499,999,999 ■ 50,000,000 – 99,999,999 ■ 25,000,000 – 49,999,999 ■ 5,000,000 – 24,999,999 ■ 100,000 – 4,999,999 ■*Operated 50,000by – 999,999 21Vianet ■ 0 – 49,999 Classic vs. Hyper-scale networks Large L2 Domains L3 at all Layers HW-based Service Software Service Simple Tree Design L2 Diversity and manual provisioning Complex hardware and lack of automated operations High complexity and human error L3 Clos-based design Agility Efficiency Availability Automated provisioning, integrated process Simplify requirements, optimized design, and unify infrastructure Resilient, automated monitoring and remediation, low human involvement Building the right abstractions to enable Scale and Agility Abstract Proprietary Hardware Appliance Application Plane Control Plane Physical Transport Plane Azure FrontEnd Management, Control, and Data planes Management Plane Compose compute & storage roles and networks Controller Control Plane Tenant Commodity Hardware Tell & Program Instead of Discover and react Example: ACLs Management Switch Control Data Create a tenant Plumb tenant ACLs to switches Apply ACLs to these flows Users Azure Virtual Network Internet Backend Connectivity ExpressRoute VPN Gateways Azure DNS DNS New Traffic Manager www.contoso.com Internet LB VM1 VM2 IP1 IP2 MicrosoftAzure • • IP1 Internet IP2 IP3 IP4 • Internet Reserved IP • • Internet Webrole.1.contoso.cloudapp.net 130.26.5.120 Webrole.0.contoso.cloudapp.net 130.26.10.80 Contoso App with 2 virtual machines VM Instance 1 VM Instance 2 On Premises 10.0/16 Internet Direct Internet Connectivity VPN & ExpressRoute Azure VPN GW Backend 10.3/16 Mid-tier 10.2/16 Virtual Network Frontend 10.1/16 Internet Virtual Machine NIC2 10.3.3.33 NIC1 10.2.2.22 Default 10.1.1.11 VIP 133.44.55.66 Internet Backend Subnet Mgmt Subnet Virtual Network Frontend Subnet Cloud Services & Virtual Machines VM Firewall NSG Virtual Network Isolation ACLs DDoS Protection Internet On Premises 10.0/16 Internet ExpressRoute and VPNs VPN GW Backend 10.3/16 Virtual Network Mid-tier 10.2/16 Frontend 10.1/16 Azure Virtual Network Internet Cross-premises connectivity ADC & Load Balancer Internet Microsoft Azure Customer On Premises Compress/Optimize Internet Connectivity • • • • Consumers Access over public IP DNS resolution Connect from anywhere Secure point-to-site connectivity • • • • Developers POC Efforts Small scale deployments Connect from anywhere Secure site-to-site VPN connectivity ExpressRoute private connectivity • SMB, Enterprises • Connect to Azure compute • • • • SMB & Enterprises Mission critical workloads Backup/DR, media, HPC Connect to Microsoft services WAN WAN WAN ExpressRoute provides a private, dedicated, high-throughput network connection to Microsoft Customer’s network Partner Edge Customer’s connection Traffic to Office 365 Services Traffic to public IP addresses in Azure Traffic to Virtual Networks Microsoft Edge Microsoft Microsoft Public internet Customer site 3 Customer site 2 Customer site Exchange Customer site 1 Public internet Atlanta Chicago Chicago (Gov Cloud)* Dallas LA NY Seattle Silicon Valley Washington DC Washington DC (Gov Cloud)* Amsterdam Dublin* London Sao Paulo Chennai* Hong Kong Mumbai* Melbourne* Osaka* Singapore Sydney Tokyo Internet VPN Gateway (Internet Edge) Services on public IPs ExpressRoute Contoso virtual networks/VMs Virtual Network Gateway SKU ExpressRoute GW Throughput VPN GW ExpressRoute Coexistence VPN GW Throughput VPN GW Max IPsec Tunnels Cost (USD) / Hour Basic 500 Mbps No 100 Mbps 10 $0.04 Standard 1000 Mbps Yes 100 Mbps 10 $0.19 Performance 2000 Mbps Yes 200 Mbps 30 $0.49 Q3 CY 2015 • • StorageAccount • • • VirtualMachine NetworkSecurityGroup VirtualNetwork NetworkSecurityRule Subnet NetworkInterfaceCard LoadBalancer AvailabilitySet PublicIPAddress • • • VMExtension TrafficManager VirtualNetworkGateway • • • • User Defined Routes on subnets to direct flows to appliances Network Security Groups to secure subnets Network Virtual Appliances for security, routing and ADC Secure cross-premises connectivity with ExpressRoute and VPN Gateways Front End – through firewalls Middle Tier (exposed to FE and Infra) ExpressRoute Infrastructure (protected) http://aka.ms/learnhybrid http://aka.ms/hybrid-storage-ebook http://aka.ms/azure-fundamentals-ebook @MS_ITPro NO PURCHASE NECESSARY. Open only to event attendees. Winners must be present to win. Game ends May 9th, 2015. For Official Rules, see The Cloud and Enterprise Lounge or myignite.com/challenge http://myignite.microsoft.com