For security reasons, many businesses prefer to connect to their cloud resources through a virtual private network (VPN). However, the relatively sluggish performance provided by standard VPNs can fall short of the demands of mission-critical business processes and apps. To help solve this problem, the Azure team built ExpressRoute: a direct, private, secure connection to Azure that bypasses the public Internet. By leveraging ExpressRoute, businesses can move their resources and data to the cloud quickly and efficiently; run hybrid applications at scale; strengthen their business continuity and disaster recovery (BCDR) solutions, and accelerate connections between Azure datacenters housing their resources and running their apps. ExpressRoute is one of the service solutions we consult with our client about when reviewing their Managed Azure Environment.

ExpressRoute pricing is pay-as-you-go with two primary offerings. The affordable metered data plan provides unlimited inbound data transfer. The more robust unlimited data option provides free, unlimited inbound and outbound data transfer (once you’ve paid the fixed monthly port fee). The optional premium add-on, ExpressRoute Premium, includes increased route limits and global connectivity.

The Azure team recently introduced five new ExpressRoute features, outlined below, resulting in less downtime; more route filtering options; greater insight into circuit status; greater awareness of planned maintenance; and increased control over routing connections. Azure is also expanding the number of ExpressRoute locations and reducing latency to further improve the ExpressRoute experience.

An alternative to standard VPN

Connections between on-premises and cloud environments often take place through a virtual private network (VPN). By leveraging an encrypted connection, VPNs provide the added security that many business processes require online. Nonetheless, a standard VPN connection can be relatively sluggish. Although Azure does provide excellent VPN services to improve VPN performance and convenience, many businesses are looking for a still faster and more reliable alternative to the standard VPN experience. ExpressRoute meets that need with a private, direct connection to Azure that includes the security of a standard VPN at far greater connections speeds. ExpressRoute comes with port speeds as fast as 10 Gbps and with Azure’s highest availability SLA. There are three connectivity models available: cloud exchange, point-to-point, and any-to-any. The Azure team documents the differences between the three models in detail.

Common scenarios

In 2018, businesses face a number of common scenarios that call for a high-speed, virtual, private connection like ExpressRoute. Let’s look at four of them:

Transitioning to the cloud

It’s a common misconception that transitioning to the cloud is like moving into a new house. Whether you’re moving VMs, performing a data migration, or engaging in still more complex tasks, transitioning to the cloud is rarely an all-or-nothing endeavor or a one-time event. Depending on the size of your company and the complexity of your on-premises system (datacenters, VMs, workloads, etc) it may take weeks, months, or even years to transition. The direct, private connection that ExpressRoute offers can make the ongoing process far more efficient.

Hybrid scenarios

If your company is like most small to medium-sized enterprises (SMEs), moving some resources and processes to the Azure cloud, while leaving others on-premises, may serve your needs best. You may even choose to run demanding hybrid applications that involve constant cross-traffic between your on-premises system and Azure. For example, as the Azure team points out, you might decide to run your corporate network in the Azure cloud, while authenticating customers through an on-premises Active Directory solution. Either way, bypassing the public Internet with ExpressRoute can make the entire hybrid process smooth, consistent and seamless.

Business continuity and disaster recovery (BCDR)

Two of the most widely used Azure services include Azure Backup and Azure Site Recovery (ASR). These two services provide a comprehensive, cloud-based BCDR solution for your on-premises apps. However, their performance is only as good as your cloud connection. ExpressRoute can ensure that your BCDR components achieve the greatest continuity, and quickest recoveries, for your on-premises apps.

Datacenter extension

You can also use ExpressRoute to accelerate connections between two or more Azure datacenters that house your resources and apps. The same principles above apply. By leveraging a private, direct connection between Azure datacenters that run your VMs and apps, you will achieve greater speeds, security, and reliability across the board.

Pricing

The Azure team emphasizes, surprisingly, that “we’re not trying to make money on ExpressRoute.” Rather, they simply want to make it as easy as possible for individuals and businesses to consume Azure services, where Azure does make their money. Nonetheless, ExpressRoute is a paid service that is available, like many Azure services, on a pay-as-you-go basis. There are two plans and an optional premium add-on to choose from:

Metered data

ExpressRoute’s metered data plan comes with free, unlimited inbound data transfer. Outbound data, however, is charged at a rate based on the port speed you choose in advance. There are eight options, ranging from 50 Mbps at $55 per month to 10 Gbps at $5,000 per month. There is also a “fixed monthly port fee (based on High Availability dual ports).”

Unlimited data

The unlimited data plan comes with free, unlimited inbound and outbound data transfer. You are only charged the fixed monthly port fee, which ranges from $300 per month for 50 Mbps all the way up to $51,300 per month for 10 Gbps.

Premium add-on

For an additional charge based on your choice of plan and port speed, you can opt to include ExpressRoute Premium as an add-on service. Note, however, that you don’t need to pay any premium added-on charges to “connect to other regions in the same geo” as the ExpressRoute location you are already connected to. ExpressRoute Premium includes increased route limits, global connectivity and additional VNet links for each ExpressRoute circuit.

New features

The Azure team recently introduced five new features to the ExpressRoute service:

Gateway upgrade for zero downtime

Planned maintenance, such as a “VM OS upgrade” or “host OS upgrade,” can lead to outages and downtime. This can be a serious concern for production sites and key business processes. To fix the problem, the ExpressRoute team found a sophisticated way to “drain the connections” affected. By seamlessly performing failovers and switching to unaffected VMs during planned maintenance events, ExpressRoute is able to avoid any experience of downtime. In fact, the Azure team maintains that ExpressRoute users generally will not notice so much as “a single packet loss” during planned maintenance events.

Microsoft Peering route filter

As an ExpressRoute user, you can now use route filters to “reduce the number of prefixes” you and your service provider receive, as well as to “select the list of services you plan to consume through Microsoft peering.”

Resource health check

ExpressRoute now gives users a view into the status of their circuits. You can confirm, for example, whether your circuit is up or down at any given time. You can also easily view the health history of your resources.

Planned maintenance notifications

ExpressRoute now notifies partner service providers of any planned maintenance, such as IP updates, in advance. Service providers often pass this information on to ExpressRoute users.

Connection weight

This new ExpressRoute option gives you the power to choose the connection you want to use to route your traffic.

Current status

Currently, Azure has more than 30 ExpressRoute locations and is “constantly expanding” the list. As a rule, Azure plans to add a new ExpressRoute location for every new Azure region they announce. Furthermore, the company is committing itself to bringing latency down to the remarkable benchmark of 2 milliseconds. Although this level is not strictly included in the ExpressRoute SLA (which only strictly applies to availability) the team believes it’s an important part of their larger long-term goal: to “give you the illusion that you’re actually running in our datacenters.”

Taking the fast lane to Azure

As outlined above, businesses often use VPNs to securely connect to the cloud. However, standard VPNs can fall short on performance, especially when it comes to supporting mission-critical apps and business processes. To solve this common problem, the Azure team built the ExpressRoute service. By avoiding the public Internet with a direct and private connection to Azure, ExpressRoute provides superior performance while retaining the security of a VPN. As a result, businesses can transition to the cloud quickly and efficiently; run demanding hybrid apps at scale; bolster their BCDR solutions; and create private fast-lanes between Azure datacenters housing their resources and running their apps.

Azure’s pay-as-you-go pricing divides into two primary plans and includes an optional, premium add-on. While the metered data plan provides unlimited inbound data transfer, the unlimited data plan provides free, unlimited inbound and outbound data transfer. However, the more robust unlimited data plan is subject to a fixed monthly port fee. The optional ExpressRoute Premium add-on applies to either plan and includes increased route limits, global connectivity, and additional VNet links.

The Azure team has been hard at work on new ExpressRoute features and improvements. Five recently introduced features, outlined above, provide for downtime avoidance, robust route-filtering, circuit status insights, planned maintenance notifications, and routing-connection controls. The Azure team is also actively expanding the number of ExpressRoute locations, while reducing latency, in order to approximate the experience of “running in our datacenters.”

To learn more about Azure services drawing attention in 2018, contact us.