What’s New in Azure

Networking
CDP-B227

Yousef Khalidi
Distinguished Engineer

Microsoft Corporation
Agenda
Internet Connectivity
Traffic Manager & DNS
Internet Connectivity & Load Balancing

Virtual Network & Hybrid Connectivity

Virtual Network Enhancements
Network Security Groups
Cross premises connectivity

Network Virtual Appliances

Virtual appliance platform
Demos: Citrix & Riverbed virtual appliances

ExpressRoute
Customer needs Global presence
Global connectivity
Hyper Scale out
Scale

Seamless
Availability
Enterprise Performance
Policy Hybrid Security
Ecosystem Grade
The Big (Network) Picture Virtual Networks
Azure Flexible multi-tier topologies
Virtual Network
Internet Clients

Frontend Connectivity
Load-balanced and direct IPs
ACLs & DDoS protection Backend Connectivity
Traffic Manager & Azure DNS Secure Internet cross premises
VPN connectivity
ExpressRoute – direct
connectivity
On premises
Datacenter
Previous TechEd NA Announcements
Internet connectivity
Traffic Manager External Endpoints
Instance Level Public IP (Preview)
IP Reservation for VIPs
Intra-region communication
Internal Load Balancing
In-Region VNet to VNet
Cross-premises connectivity
Multiple-Site VPN
Cross-Region Vnet to Vnet
ExpressRoute

What’s New for TechEd Europe
Internet connectivity
Reverse DNS (PTR) Support
Traffic Manager Nested Profiles
Instance Level Public IP GA
Source IP-based Affinity
TCP flow idle connection timeout
Virtual network
Network Security Group
Public non-RFC1918 IPs in VNet
ILB for SQL Always On
N
EW
Cross-premises
connectivity
Forced Tunneling for IPsec VPNs
ExpressRoute Multi-Subscription
Circuit Sharing
ExpressRoute Multi-Circuit VNet
High Performance VPN gateway
VPN/ExpressRoute Operation Logs
IPsec VPN NULL encryption & PFS
Network Virtual Appliance
Multiple NICs per VM
MAC persistence
Internet
Connectivity
Traffic Manager: DNS-based Load Balancing

www.yourapp.com Load balancing policies

Performance - Direct to “closest” service based on network latency
Round-robin - Distribute equally across all services
Failover - Direct to “backup” service if primary fails
—also included in other policies
 N
Traffic Manager Nested Profiles

EW
Enable richer profiles with greater flexibility for
large/complex deployments
Level 1: Route to user’s
Example: Cross-region nearest Geo (US, EU, ASIA)
failover within a Geo,
plus in-region flighting Level 2: Route to nearest
Region, with cross-region
failover within the Geo

Level 3: Load-balance within

the region, divert 1% for
flighting

US West US East Europe North Europe West

Cloud Services
Instance-Level Public IP GA

G
A
Internet IP assigned to a single VM
Entire port ranges are accessible
Support applications with dynamic Internet
public ports; e.g., FTP, multi-media
Ideal for workloads with heavy
151.2.3.4
outbound connections LB Microsoft Azure

Instance level public IPs

131.3.3.3 131.4.4.4
Cloud service
Reserved VIP

VM1 VM2
 N
Source IP-based Affinity

EW
All connections from the Client 1 Client 2 Client 3

same Internet client IP to

the same backend server
2-tuple/3-tuple hash

VIP
Scenarios Azure Load Balancer
Applications that require multiple
connections to the same server
Example: media streaming to
establish control and data channel
to same backend server VM Server VM Server
Instance 1 Instance 2
 N
Increasing Idle Connection Timeout

EW
Configurable connection Client
timeout to VIPs
Idle Connection
Traffic to Timeout
Idle connection timeout as high the VIP increased up to
as 30 minutes 30 minutes

LB
Better experience for mobile
clients connecting to Azure

Server 1 Server 2
Virtual Network &
Security
 N
Network Security Groups (NSG)

EW
Enables network On Premises 10.0/16
segmentation & DMZ
scenarios Internet
Access Control List
√
S2S Internet
Filter conditions with allow/deny VPNs √
Individual addresses, address
prefixes, wildcards
√ √
Associate with VMs or VPN
GW

subnets Backend Mid-tier Frontend

ACLs can be updated

10.3/16 10.2/16 10.1/16
Virtual Network
independent of VMs
Demo: Network
Security Group
DMZ in a Virtual Network
Internet

DMZ
Database

DNS Servers

NSG
Load Balancer
Internal
Load
Balancer
NSG

App Servers

NSG NSG

Web Proxy
VIRTUAL NETWORK
Virtual Appliance
Platform &
Ecosystem
 N
Multiple NICs in Azure VMs

EW
Up to 4 NICs per VM
Multiple NICs enable virtual
appliances in Azure
Azure Virtual Machine

MAC/IP addresses persist NIC2 NIC1

10.2.2.22
Default
10.2.1.11

through VM life cycle

10.2.3.33

VIP:
133.44.55.66

Internet
Separate frontend-backend
traffic, and management-data Backend
Subnet
App
Subnet
Frontend
Subnet

planes Azure Virtual Network

Bring Your Appliances to the Cloud
Building blocks “Azure Certified”
Multiple NICs
MAC address persistence

Appliance ecosystem
Barracuda NG Firewall
Citrix NetScaler
Riverbed Steelhead, SteelApp,
SteelStore
More to come!
Citrix NetScaler &
Azure
Jason Poole
Director PMM Netscaler
Citrix
 Work Anywhere Services Anywhere

Collaboration & Support

App Store
Data Sync & Sharing

1010SSL101SSL Windows & Mobile Apps

Windows Desktops

Networking & Cloud Infrastructure

22 © 2014 Citrix. Confidential.

 Mobile Workspace Infrastructure & Services

Collaboration & Support

App Store
Apps Data Data Sync & Sharing

1010SSL101SSL Windows & Mobile Apps

Desktops Collaboration

Windows Desktops
Personal
Networking & Cloud Infrastructure

23 © 2014 Citrix. Confidential.

 N
EW
Citrix NetScaler Overview
Making Applications Run 5x Better

Availability Performance Offload Security

•• World-class
World-class •• Caching
Caching •• TCP
TCP •• SSL
SSL VPN
VPN
load
load balancing
balancing •• Compression Connection
Connection •• Application
Compression Management Application
•• Global Management firewall
Global Server
Server •• Optimization
Optimization
firewall
Load
Load Balancing
Balancing •• SSL
SSL processing
processing

24 © 2014 Citrix. Confidential.

 Advanced Application Acceleration

~100% 40% 30%

25 Faster Page Load Time
© 2014 Citrix. Confidential. reduction in bytes reduction in Requests
 NetScaler Insight for Web App and Published App Visibility

26 © 2014 Citrix. Confidential.

 NetScaler Unified Gateway

Web Apps Mobile Apps C/S Apps SaaS/Cloud Apps

Optimized delivery and Seamless authentication

threat protection & authorization
Granular visibility and control

27 © 2014 Citrix. Confidential.

 NetScaler for Azure

Same NetScaler binary

Supports new Azure multi-NIC

Different interfaces in different zones

28 © 2014 Citrix. Confidential.

Demo:
Citrix Netscaler
Demo:
WAN Optimization
with Riverbed
Hybrid
Networking
Services
Microsoft Azure hybrid offerings
Cloud Customer Segment and workloads

• Developers
Secure point-to-site • POC Efforts
connectivity • Small scale deployments
• Connect from anywhere

• SMB, Enterprises
Secure site-to-site • Connect to Azure compute
VPN connectivity

• SMB & Enterprises

ExpressRoute private • Mission critical workloads
connectivity • Backup/DR, media, HPC
• Connect to all Azure services
 N
Forced Tunneling

EW
“Force” or redirect customer On Premises
Internet-bound traffic to an
on-premises site Internet

Forced Tunneled
Auditing & inspecting S2S
via S2S VPN Internet
outbound traffic from Azure
VPNs

Needed by many scenarios VPN

for critical security and IT

GW

Backend Mid-tier Frontend

policy requirements 10.3/16 10.2/16 10.1/16
Virtual Network
 N
Gateway Enhancements

EW
High Performance Gateway No Encryption option
Better throughput Better throughput for Vnet-to-
More S2S tunnels Vnet within Azure
Pricing Intra-/Inter-region Vnet-to-Vnet
$0.49 per gateway hour traffic stays within Microsoft
Data transfer & VNet traffic rates networks, not Internet
unchanged
PFS Support for IKE
Compliance requirements &
Gateway SKU ExpressRoute S2S Max better security
Throughput* Throughput* Tunnels
Default 500 Mbps 100 Mbps 10 Operations Logs
Performance 1000 Mbps 200 Mbps 30 Visibility into critical gateway
* Subject to traffic conditions and application behavior events
 N
Virtual Network VPN Ecosystem

EW
ExpressRoute
Customers want Azure on their network
Branch Office 2 Branch office 2

Azure Azure

Branch office 1 Branch office 1

WAN WAN
Public
internet
Public
internet
Corp HQ Corp HQ
IPsec VPN over Internet Cloud on your WAN
Encrypted data traverses Internet to reach Azure Traffic flows directly from customer WAN to Azure
Limited bandwidth and higher availability Reduces complexity
Provides lower latency, higher bandwidth and
greater availability
ExpressRoute Partners

N
EW
Exchange Provider Network Service Provider

Microsoft Microsoft
Public Azure Azure
internet Customer site 3

Customer site 2

WAN
Public
Customer site ExpressRoute internet
partner location Customer site 1
ExpressRoute Locations
Locations
US
• Atlanta
• Chicago
• Dallas
• Los Angeles
• New York
• Seattle
• Silicon Valley, CA
• Washington D.C.

EMEA
• Amsterdam
• London, UK
Partners
• AT&T
APAC • British Telecom
• Hong Kong • Colt
• Singapore • Equinix
• Sydney • Internet Initiative Japan (IIJ)
• Tokyo • Level3
• Orange
• SingTel Azure datacenters
• Tata Communications
• Telecity Group ExpressRoute Locations (today)
• Telstra
New Locations and coming soon
• Verizon
Path Diversity for HA and DR

N
EW
North West
One VNet can be linked to many circuits Europe Europe

Each circuit can be through different

service providers in different locations
London Amsterdam
HA + DR = Active-active in 1 location +
active-active in 2nd location

Aggregate Throughput determined by

VNet Gateway size
Sharing ExpressRoute Connections

N
EW
Share an ExpressRoute circuit across other subscriptions
Circuit owner must authorize and can revoke
Owner gets billed for usage Microsoft Azure

On-premises Network
Storage SQL DB Websites

Proxy /
SQL Farm IIS Servers Interner edge
AD / DNS

IT
Monitoring
AD / DNS ExpressRoute

Exchange
AD / DNS

AD / DNS Sales

AD / DNS
R&D

Marketing
In Summary
Enabling more enterprise scenarios

Enhanced network security, availability, performance,

monitoring, and manageability

Expanded partnerships

Continued global expansion of ExpressRoute

Related content
Breakout Sessions
CDP-B229 Mark Russinovich and Mark Minasi on Cloud Computing
CDP-B227 Introduction to Microsoft Azure Networking Technologies and What's New
CDP-B333 Extending Your Network to Microsoft Azure Using ExpressRoute
CDP-B209 Designing Hybrid Scenarios with Microsoft Azure
CDP-B212 Microsoft Azure for Enterprises: What and Why
CDP-B226 Introduction to Microsoft Azure Infrastructure-as-a-Service
CDP-B356 What's New in Microsoft Azure IaaS and Roadmap
CDP-B365 Hybrid Cloud Solutions with Microsoft Azure: For Architects
Hands On Labs
CDP-H204 Introduction to Microsoft Azure Virtual Machines
DBI-H308 Exploring Manual and Automatic Database Backup Using Microsoft Azure
Storage in Microsoft SQL Server 2014
For more information
Windows Server Windows Server Technical Preview
http://technet.microsoft.com/library/dn765472.aspx

System Center System Center Technical Preview

http://technet.microsoft.com/en-us/library/hh546785.aspx

Azure Pack Azure Pack

http://www.microsoft.com/en-us/server-cloud/products/
windows-azure-pack

Microsoft Azure Microsoft Azure

http://azure.microsoft.com/en-us/

Come visit us in the Microsoft Solutions Experience (MSE)!

Look for the Cloud and Datacenter Platform area TechExpo Hall 7
Resources
Learning
Sessions on Demand Microsoft Certification & Training Resources
http://channel9.msdn.com/Events/TechEd www.microsoft.com/learning

TechNet Developer Network

Resources for IT Professionals
http://microsoft.com/technet http://developer.microsoft.com
Azure
Exams EXAM EXAM EXAM

532 533 534

+
http://bit.ly/
Implementing (Coming soon)
Azure-Cert
Developing Microsoft Microsoft Azure Architecting Microsoft
Azure Solutions Infrastructure Solutions Azure Solutions

Classroom MOC 2 MOC 5 MOC 5

training 10979 20532 20533 http://bit.ly/

Azure-Train
(Coming soon) Implementing
Microsoft Azure Developing Microsoft Microsoft Azure
Fundamentals Azure Solutions Infrastructure Solutions

Online MVA MVA

training http://bit.ly/
(Coming soon) (Coming soon) Azure-MVA
Microsoft Azure Architecting Microsoft
Fundamentals Azure Solutions

Get certified for 1/2 the price at TechEd Europe 2014! http://bit.ly/
TechEd-CertDeal
Please Complete An Evaluation Form
Your input is important!

TechEd Schedule Builder TechEd Mobile app QR code

CommNet station or PC Phone or Tablet
Evaluate this session
© 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.
The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on
the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.