Cloud networking isn’t just for cloud services. Increasingly you can use the same network connections and services that Microsoft uses to run things like Bing and Office 365 either for your own sites and services or just for connectivity.
An increasing number of Microsoft Azure edge services use the Microsoft network. One of them is Front Door, which recently moved from preview to general availability.
“Azure Front Door started its life as the 'front door,' the entry point and acceleration service for things like Bing and Office 365, and now it's available for everybody to build global highly scalable services,” Yousef Khalidi, corporate VP of product management for Microsoft Azure Networking, tells Data Center Knowledge. “Now we also have a preview of a web application firewall for Front Door, so now you can do WAF level 7 at the edge or inside your virtual network in the cloud, or both.”
Front Door is aimed at large organizations needing to connect globally, Khalidi says.
The service is for applications that are distributed over multiple locations globally. “Front Door’s job is to get your customer to the closest one and, if something goes wrong, to go to the next one,” he explains. “If you’re a small company mostly serving customers in a single region, you probably won’t start with it, but once you grow and have customers in multiple cities and countries and continents, you’ll probably want to have it.”
The service addresses some of the most pressing needs for global applications, Corey Quinn, cloud economist at the Duckbill Group, tells us. “Global load balancing, SSL configuration, and WAF are all domain specialities in their own right, but they aren’t core competencies most businesses need to own. Offerings like Front Door mean that now some of those customers won’t have to.”
For customers already building on Azure, it makes more sense to get this kind of service from Microsoft rather than from a CDN provider, he says, although that’s more of a practical than a technical decision. “As much as we try to pretend that different vendors are drop-in replacements for one another, anyone who’s tried it and lived to tell the tale can attest that it devolves rapidly into vendor finger-pointing. Having this as a first-party offering speeds time to market, which is invariably priority-one for successful businesses.”
Azure as Your Private Network
Services like Front Door build on investments Microsoft has been making in the Azure network.
“We revamped all the intraregional networking in the last year or so; we now have full meshes between buildings and the like, and ExpressRoute plugs in directly there,” Khalidi says, adding that it supports intra-region east-west traffic, including ExpressRoute traffic. “People use ExpressRoute as an extension of their private network, not as a link to the internet.”
The new ExpressRoute Global Reach service offers the next logical step, enabling organizations to link together two ExpressRoute circuits to create a private network between their own data centers or corporate networks.
“You can enter our network at any ExpressRoute entry point and exit it at any ExpressRoute point,” he says. “If you have two ExpressRoute entry points, you can splice them together dynamically. If you're an enterprise and you need to provision extra bandwidth across the Atlantic for a day, this is just an API call. You can copy stuff from your data center in London to your data center in Silicon Valley. It’s really hard to add capacity to your network, but with this it's literally an API call.”
Extensive as Microsoft’s network is (“We have so much bandwidth between regions that it isn’t even funny,” Khalidi tells us), these services aren’t intended to replace enterprises’ own connectivity; they’re more of a temporary supplement.
“We are not positioning it against what enterprises have today in their big MPLS networks,” he says. “On the contrary, we're saying it could be a backup for that and, importantly, it's a dynamic thing. You can keep it on forever, you can shut it down after an hour – whatever you want.”
Theoretically, an enterprise could use Microsoft’s WAN backbone as backup in case of problems with its own network backbone, although the amount of routing setup and configuration of MPLS circuits required would make that somewhat complex. But in practice, customers use it to get flexibility. “What we see people using it for today is very much to augment what they have or for on-demand usage,” Khalidi says. “There's no need to provision a big backbone if you're only going to transfer your books once or twice a month, for example.”
As long as Microsoft gets the pricing right, the service is likely to appeal to customers, Quinn tells us, noting that “corporate IT is Azure’s sweet spot.”
ExpressRoute connections can now run at 100Gb, and “that’s not just a vanity number,” Khalidi says. “You'd be surprised how many customers are demanding multiple 100Gbs.”
Customer demands are also leading Azure to expand its WAN edge footprint, in conjunction with partners, with about 147 connection points now live globally.
“Customers are now asking for a second entry point in the same city for ExpressRoute,” he says. “Banks especially insist on this. If you’re a large organization and you have a mission-critical app and you want to get to your region from some metro, until we had a second location in the same metro, you had to go through a remote location. If something goes wrong, you have to failover there. Now, with one in the same city even after you failover, it will be smooth, and BGP failover can literally be seconds.”
Demand for multiple ExpressRoute points in large cities like London and Singapore is a sign that organizations are starting to rely on access to ExpressRoute. That’s a smart decision, Quinn says.
“Any chance you get to piggyback on a major cloud provider’s internal network is a chance you should strongly consider taking,” he says. “They’re highly incentivized to keep latency and throughput within tight tolerances, and they’re better at choking third-party throats than you are.”