Introduction


Typically, connecting to Microsoft's cloud services (such as Dynamics 365, Sharepoint Online, Azure Storage, etc.) is peformed over the public Internet. However, you may want the benefits of consistent latency and performance offered by using private connectivity via Microsoft Peering. Usually, this Traditionally, getting to these services from your sites via a private line usually requires leased lines from your premises to each of your cloud environments and managing the routing yourself, as well as allocating two /30 public IP subnets and having a public ASN. This method means long-term contracts and, depending on your location, may also introduce more latency than it's worth, since all of the data moves through your facility on its journey between the clouds.


With Pureport's Multicloud Fabric, you can quickly and easily connect two clouds together via native private connectivity. This Solution Brief focuses on accessing Microsoft cloud services from a Customer Site via Site VPN Connection and Azure Expressoute with Microsoft Peering using our Multicloud Fabric as the connection broker.



Note: Microsoft authorization is required to use ExpressRoute for Office 365. Microsoft reviews every customer request and authorizes ExpressRoute for Office 365 usage only when a customer's regulatory requirement mandates direct connectivity. For more information refer to "Azure ExpressRoute for O365".



Geographical Considerations

If you are connecting to Microsoft through ExpressRoute at any one peering location within a geopolitical region, you will have access to all Microsoft cloud services across all regions within the geopolitical boundary. For example, if you connected to Microsoft in Washington DC through ExpressRoute, you will have access to all Microsoft cloud services hosted in East US and West US


Routing Considerations

Before you establish a Microsoft Peering connection, you should make a list of the BGP community values to use in the route filter. Keep the number of community values to the minimum required to achieve your goals, as each BGP community can add hundreds of routes each to your route table. Also determine if your Customer Gateways have limits on the size of their route tables and adjust your router filter accordingly.


Prerequisites

Before you begin, you will need:

  • A Microsoft Azure account with permissions to create ExpressRoute circuits, Route Filters, and establish Microsoft Peering
  • A VPN device capable of IPSec Routed Tunnels with BGP
  • A basic understanding of how the Pureport platform connects clouds and sites


Putting it together

The steps required to complete connectivity between an Azure vNet and Google public services are outlined below:

  1. Create a Pureport Network. See "Creating a Network" for details.

  2. Provision a Route-Based BGP VPN Gateway in your Pureport Network and connect to it from your customer premises device

  3. Connect your Pureport Network to Azure using Microsoft Peering

  4. Create a Router Filter and attach it to your ExpressRoute circuit established in Step 3


Supported Microsoft Cloud services

Pureport provides support for privately connecting to the following Microsoft Cloud services via BGP Communities. A list of the Microsoft BPG Communities is available here:

Support for BGP Communities