Enterprise customers are increasingly adopting multiple cloud providers—per a recent Gartner Survey, By 2027, over 90% of enterprises will adopt multicloud models, up from 80% in 2023, for differentiated capabilities and interoperability and to mitigate vendor lock-in risks. The intentional drivers for this trend include data sovereignty, which refers to the legal requirement to store data within a specific geographic location, and cost optimization, which allows businesses to select the most cost-effective cloud provider for each workload. The other intentional drivers include product selection, geographical reach, while the unintentional drivers include shadow IT, line of business (LOB) owner-driven cloud selection, and mergers and acquisitions.
This multicloud strategy demands enterprise cloud architects to design and enable hybrid clouds that can connect, operate, and govern multiple cloud environments securely and efficiently.
Microsoft Azure has long anticipated such an evolution and has been building and evolving its networking services, such as Azure ExpressRoute and Azure Virtual WAN and management and orchestration solutions, such as Azure Arc, to provide seamless, multicloud connectivity as well as centralized management of multicloud resources.
With Azure’s multicloud enabled networking and management services, Azure enterprise customers can evolve their enterprise cloud network architecture from hybrid cloud to hybrid multicloud and with Azure as their “hub” cloud while the other connected clouds as their “spoke” clouds.
Azure Arc for multicloud orchestration and management
Azure Arc is a hybrid and multicloud management solution, enabling customers to take advantage of Azure management services (Microsoft Defender for Cloud, Update Management, Azure Monitor, and more) no matter where the environment is running. Since its launch in November 2019, Azure Arc is being leveraged by thousands of enterprises to manage their servers, Kubernetes clusters, databases, and applications across on-premises, multicloud, and edge environments, providing customers with a single way to manage their infrastructure.
Microsoft is investing more in this space with the goal of making it easy for customers to discover, visualize, and manage their multicloud estate. These additional Azure Arc multicloud capabilities are leveraged by other services such as Azure Virtual WAN and Defender for Cloud, so customers can easily connect and secure their multicloud environments.
Azure networking services for enabling multicloud connectivity
Azure networking services span the full breadth of cloud networking capabilities, features, and functions, covering cloud network virtualization and segmentation, private, high-performance hybrid networking, secure application delivery, and network security, and they serve as the important building block for an enterprise cloud architecture and means for enterprise cloud consumption.
While these services help enterprises optimally leverage Azure with highest security, performance, and reliability, enterprises can now leverage Azure’s network services and management tools to access, interconnect, and consume workloads across other clouds.
For connectivity to and from other CSPs (AWS, GCP, OCI, Alibaba), Azure offers three fundamental services offered with a wide range of speeds and feeds.
1. Direct internet peering
2. Azure VPN and Virtual WAN
3. Azure ExpressRoute
Figure 1: Azure as a hub cloud
Direct internet peering with other CSPs
Many workloads depend on cross cloud connectivity over Public IP. Microsoft operates one of the largest wide area networks in the world. With more than 200 edge point of presence (PoPs) and more than 40,000 peering connections, Microsoft is deeply connected to other clouds and service providers providing best in class Public IP to Public IP connectivity. Microsoft connects to AWS and GCP in 50 different locations across the world with multiple terabits of capacity in some locations. All the traffic between other clouds and Microsoft is carried within Microsoft global backbone until it is handed off or back to the destination CSPs network. Traffic between other clouds and Microsoft goes via dedicated private network interconnect (PNI). This private network interconnect is built on high availability architecture, providing both low latency and higher reliability.
Microsoft is also working with other cloud and service providers to build next-generation solutions, which would increase the capacity significantly, reduce the time to provision capacity, and remove the single location dependency. Recently we announced our partnership with Lumen on Exa-Switch program. This technology is built to deliver high-capacity networks while reducing the time to deliver the capacity between clouds and service providers.
Azure VPN and Virtual WAN for multicloud connectivity
One of the most common and prevalent ways to interconnect resources between public clouds is over the internet using a site-to-site VPN. All public cloud providers offer IPSec VPN gateway as a service and this service is widely used by Azure customers to set up a private cloud-to-cloud connection. As an example, interconnecting resources in Azure Virtual Networks using Azure VPN Gateway and AWS Virtual Private Cloud (VPCs) using AWS virtual private gateway is described in this how to guide by Azure.
Azure Virtual WAN is an Azure native networking service that brings many networking, security, and routing functionalities together to provide a single operational interface for Azure customers to build a managed global transit cloud network, interconnecting and securing customers’ Azure Virtual Networks and on-premises sites using various network connectivity services such as site-to-site and point-to-site VPN, virtual network (VNet) connections, ExpressRoute, and Azure Firewall.
Using Azure Virtual WAN’s site-to-site VPN, Azure customers can connect VPCs in other CSPs to the Azure Virtual WAN Hub. While this type of VPN connection currently needs to be set up manually, Azure Virtual WAN is extending and enhancing this site-to-site VPN connection service to enable managed multicloud VPN connections for VWAN hub.
In addition, Azure Virtual WAN integrates and supports many independent software vendors (ISV) partners’ software defined wide area network (SDWAN) and VPN services under the Network Virtual Appliance (NVA) in VWAN hub partner program and the combined solutions can be used to build multicloud connections between Azure and other CSPs such as AWS and GCP. Some of these partner offers are described in the multicloud partners solution section below.
Azure ExpressRoute service for multicloud
Azure ExpressRoute lets you extend your on-premises networks into the Microsoft Cloud over a private connection via a connectivity provider (ExpressRoute Provider Model) or directly (ExpressRoute Direct model). ExpressRoute has a constantly growing ecosystem of connectivity providers and systems integrator partners.
Azure currently offers a native multicloud connectivity service to interconnect Azure and Oracle Clouds. While this native service was built to support Azure customers that want highspeed, secure connections between their Oracle applications on Oracle Cloud and Azure Cloud, this type of native multicloud highspeed interconnection service to other CSPs is currently being planned.
Meanwhile, many of the ExpressRoute partners offer innovative multicloud interconnect service offers such that Azure customers could cross-connect Azure ExpressRoute with other CSP’s highspeed private connection services. Some of these partner offers are described below by the partners themselves.
Azure partner solutions for enabling multicloud connectivity
Alongside Azure native network services there are a number of Azure Networking ISV, Cloud Exchange Platform (CXP), and Marketplace Partners that offer many innovative services that are able to fulfill the diverse multicloud networking needs of our enterprise customers.
While this blog does not cover all of the ISV and CXP partners (Azure marketplace for a full list of multicloud ISV and CXP solutions), here are some partners in no particular order, that offer multicloud networking solutions that are leveraged by a number of our customers to build connectivity between their workloads in Azure and workloads in other CSPs.
Aviatrix
The Aviatrix Secure Cloud Networking Platform enables Azure customers to securely interconnect workloads in Azure with workloads in other CSPs and on-premises workloads. Aviatrix solves common customer challenges around optimizing cloud costs for data transfer, accelerating M&A customer onboarding, and providing distributed security enforcement with consistent policies across multicloud environments.
Alkira
For customers using Azure, Alkira offers an elegant approach for onboarding cloud applications onto their network. Alkira achieves this through its Cloud Exchange Point (CXP) hosted in Azure, which not only helps onboarding VNETs in Azure but it can also onboard workloads running in other CSPs.
Prosimo
Prosimo’s Full Stack Cloud Transit is built for enterprises to connect networks, applications, platform as a service (PaaS), and users into a unified network fabric across public and private clouds. The solution provides a transformative set of tools to rapidly adopt native services from cloud service providers and elevate them to meet the sophisticated requirements for enterprises with advanced networking features such as overlapping IP addresses, service insertion, and namespace segmentation. The solution is delivered as a service yet under the enterprise’s own control, with an elastic scaling approach that meets their operational flexibility and compliance needs.
Arrcus
Azure cloud customers can use Arrcus FlexMCN solution to build secure connectivity with micro-segmentation between their workloads in Azure VNets to other CSPs such as AWS and ensure a consistent network policy across clouds. Arrcus FlexMCN solution allows segment routing-based traffic engineering (SR-TE) to deliver application aware performance and route optimization.
Cisco Systems
Cisco enables control and security while driving agility and innovation across multicloud and hybrid environments. Catalyst SD-WAN’s Cloud OnRamp simplifies, automates, and optimizes cloud connectivity while ensuring secure connections to Azure. It leverages built-in automation with Azure Virtual WAN for interregional, branch to cloud, and hybrid-cloud/mulitcloud connectivity.
Equinix
Equinix Fabric Cloud Router makes it easy to connect applications and data across different clouds—solving the hard problems enterprises face today.
Cloud-to-cloud—gain the performance benefits of a private network without the hassle and costs of a physical router, spin up routing virtually with reliable, high bandwidth connections between multiple cloud providers and avoid backhauling traffic.
Megaport
The Megaport platform enables private access from Azure to hundreds of services across the globe including AWS, Oracle, Google, and IBM Cloud. Common multicloud architectures for Azure include connectivity to your private data center environments, as well as cloud-to-cloud peering with other hyperscalers and cloud service providers. Easily connect at one of more than 850 Megaport-enabled data center locations to ensure your network is no longer a cumbersome but necessary evil, but a simple and flexible way to drive innovation across your business.
Azure’s multicloud networking services
In conclusion, as enterprises increasingly adopt a multicloud strategy, Azure, along with its ecosystem partners, provides flexible solutions for connecting and consuming cloud resources from other CSPs. Azure’s multicloud networking services, such as ExpressRoute, Virtual WAN, and Azure Arc, enable seamless, secure, and high-performance connections between Azure and other CSPs. Additionally, Azure’s partner solutions offer innovative services to meet the diverse multicloud networking requirements of enterprise customers. By using Azure as the hub cloud of their enterprise cloud architecture, customers can benefit from Azure’s multicloud capable networking and management services to transform their enterprise cloud network architecture from hybrid cloud to hybrid multicloud.
Source: microsoft.com
0 comments:
Post a Comment