What’s New in Azure Networking
The new version of Azure brings with it enhanced options for private networks, virtual private networks, and multi-region load balancing. We’ll start with the last one:
Azure Traffic Manager
Azure Traffic Manager is essentially a DNS server with a policy engine. The purpose of Azure Traffic Manager is to route traffic across multiple regional data centers. This allows you to direct users to a data center that is geographically closest to them. Health monitoring is included so that if a specific data center goes down (due to faults or planned maintenance) traffic can be automatically rerouted.
Traffic Manager is available for both Azure Web Sites and Cloud Services. While you can have multiple Cloud Services, Traffic Manager only supports one Azure Web Site per regional data center. (Note that websites have other options for high availability within a region so this isn’t really a limiting factor.)
As part of its health monitoring support, Traffic Manager can detect when a Cloud Service is down and automatically reroute users to a static website until the issue is resolved.
Virtual Networks (Vnet) in Azure are a logical partitioning of the network for which administrators have full control. These networks are internal to Azure, much like a private network behind a firewall. Subnets are possible with private IP ranges that you don’t have to worry about colliding with other Azure tenants.
In the past Vnet IP addresses were persistent but randomly assigned.
With the new version, static Vnet IP addresses can be specified at deployment time. They can also be assigned and removed from existing machines at run time. This allows the use of private DNS servers within the Virtual Network.
Another new feature is the ability to move a virtual machine from one subnet to another subnet. In the past this wasn’t possible; you had to instead burn down and rebuild the virtual machine.
Point-to-site Connectivity: Point to site VPNs is a basic VPN connection between an onsite data center and Azure. We covered the preview of this feature last year, but in brief it uses the VPN client that needs to download and run. Unfortunately it has to be setup on each machine that needs access to the VPN.
Site-to-site Connectivity: This option allows you to establish site-to-site connectivity between your local and Azure private networks, eliminating the need for a per-machine configuration. This is done using a VPN gateway attached to the local network. Be sure to check with Microsoft before purchasing a VPN gateway as they have not yet certified all of the hardware vendors.
If you choose this option a preconfigured script is available. This script is run on your VPN device to establish the tunnel to Azure.
ExpressRoute: As mentioned in our SQL Server 2014 coverage, ExpressRoute is a dedicated connection between Azure and your data center. Though somewhat expensive, it removes the uncertainty of communicating over the Internet.
For more information see the Channel 9 video What’s New in Azure Networking.
Roy Rapoport Aug 28, 2014