As demands for faster and more secure connections escalate, businesses are exploring alternatives to conventional internet connectivity methods. Among these alternatives, Microsoft Azure ExpressRoute is a viable solution for businesses leveraging their internet connectivity.
What is ExpressRoute?
Microsoft Azure ExpressRoute is a service designed to establish a direct, private network connection between on-premises infrastructure and Azure cloud services, eliminating the need for the public internet. This connection significantly enhances the reliability, speed, and security of cloud-based applications and data transmission. Through ExpressRoute, on-premises networks seamlessly extend into the Microsoft cloud, ensuring seamless and efficient integration.
Compared to VPN, your Internet Service Provider (ISP) connects your traffic through cabling to the Internet backbone. For ExpressRoute, ISP does the same thing but cables it to Microsoft's private network instead.
Why use ExpressRoute?
ExpressRoute provides various benefits for businesses:
- Performance and reliability: By bypassing the public internet, ExpressRoute can offer more reliable and consistent performance, especially for latency-sensitive applications or large data transfers.
- Integration with cloud services: ExpressRoute enables direct connectivity to Microsoft cloud services, including Azure and Office365. This direct connection can result in lower latency and improved performance compared to VPN connections.
- Cost-saving: ExpressRoute prices have decreased over time, making it a cost-effective option for many organizations. Depending on network usage patterns, ExpressRoute can offer savings by reducing data transfer costs, optimizing network usage, and potentially eliminating the need for VPN hardware or licenses.
- Increased security: Network security is automatically enhanced because ExpressRoute provides a private connection – not physically connected to the Internet. While adherence to security best practices at other layers of the technical stack should keep you secure, the reduced exposure to potential threats adds additional protection. It is sufficiently secure that ExpressRoute does not encrypt the data, though Microsoft provides options to encrypt the data if you want to. While large organizations would typically not switch to ExpressRoute if it were not more cost-effective, the increased security is the reason cited most often in deciding to switch. ExpressRoute also makes compliance with regulatory concerns like SOC easier than the VPN alternative.
- Hybrid Networks: Less complex hybrid cloud connectivity – for mixed on-prem and cloud assets - is probably the most welcome difference for IT teams. Almost all large enterprises have a mix of cloud and on-premises workloads that need high-bandwidth communications. When you review a typical enterprise Azure installation, as many as half of the components and complexity are there to support hybrid connectivity. While additional details are beyond the scope of this article, you will need to connect on-prem routers via an ExpressRoute circuit to an "ExpressRoute Gateway" and eliminate many existing hybrid networking components.
How ExpressRoute works
Microsoft exposes its global network to businesses and consumers through "Edge Routers." Routers are network devices that forward packets between networks. A great example would be Wi-Fi routers installed in most American homes, where people use an "edge router" to connect and secure enterprise traffic to the cloud. Just as people would connect to a Wi-Fi router in your home, businesses can attach to an edge router that is geographically located with your ISP and run enterprise traffic without touching the public Internet. More information is available at https://www.cisco.com/c/en/us/products/routers/what-is-an-edge-router.html.
ExpressRoute – What to consider
Network and environment complexity
Many businesses maintain multiple environments beyond their production setup, including development and testing environments. These environments may be localized to specific Azure regions or have differing requirements compared to the production environment. Therefore, it is advisable to evaluate the suitability of ExpressRoute on a subscription-by-subscription basis.
Pricing plans and bandwidth
ExpressRoute pricing can be complex due to the various offerings available. While larger enterprises may need to navigate this complexity, most businesses typically opt for a "metered data plan" for "ExpressRoute Circuits" with bandwidth ranging from 100 Mbps to 10 Gbps. If your business requires data sharing across different Azure geographies, such as different continents, an ExpressRoute "Premium" connection may be necessary. Businesses can use "Network Watcher” to determine their bandwidth.
ExpressRoute – Frequently asked questions
Can ExpressRoute replace the Internet?
ExpressRoute is not a general replacement for the Internet but is only used for Microsoft 365 and Azure. However, there is no compelling reason to use ExpressRoute with Microsoft 365 because it 365 designed to be completely secure over the public Internet.
How much Wide Area Network (WAN) capacity does Microsoft have?
While it is not a factor that average business stakeholders consider, nor should they, Microsoft has invested billions of dollars in laying fibre-optic cables worldwide, including undersea cables, with thousands of miles of fibre just in the United States. Microsoft has also partnered with thousands of Internet Service Providers (ISPs) worldwide – Microsoft could not offer the service without ISP partners. Thus, Microsoft will not run out of capacity.
Which is more suitable: VPN or ExpressRoute?
The critical factors for choosing a VPN or ExpressRoute are cost and availability. The costs have dropped, and availability has improved recently, so ExpressRoute is now generally the preferred option for Azure workloads. There are several ISP partners, and your ISP is likely one of them.
Another way to determine if ExpressRoute is suitable for you is if your business is big enough to have a dedicated network administrator, in which case ExpressRoute is a good choice. Businesses can discover the pricing plans and current availability on Microsoft website.
However, ExpressRoute is typically not the best choice for small businesses or businesses with a modest amount of traffic between their offices and partners. In those cases, however, companies should at least set up a Virtual Private Network (VPN) over the Internet. A VPN creates an "encrypted tunnel" to ensure that anyone who intercepts your network traffic can only see the encrypted version. You can also connect a VPN to ExpressRoute. If you are not using ExpressRoute now, you are likely using a VPN.
Should all Azure traffic go over ExpressRoute?
The answer is: Not necessarily. Most businesses that create their software have multiple environments besides their production environment, including environments devoted to development and testing. Each business development and test environment may be local to a particular Azure region or have different requirements than your production environment. Thus, you should consider ExpressRoute on a subscription-by-subscription basis.
The route to high-performance Internet connectivity
ExpressRoute provides a secure, reliable, and high-performance connectivity solution for organizations looking to extend their on-premises networks to the Azure cloud, enabling them to leverage the benefits of cloud computing while maintaining control over their network infrastructure and data.
With extensive Azure expertise, a global presence in 30 countries and territories, and quick response times, FPT is well-equipped to evaluate the suitability of ExpressRoute for organizations, determine the necessary bandwidth, and seamlessly connect on-premises networks to the Microsoft global network.
More information on ExpressRoute is available at https://learn.microsoft.com/en-us/azure/expressroute/.
