Microsoft Azure Peering Service - What does a fast lane have to do with information security?
In eigener Sache
Many large companies use Microsoft Azure services. are used. These include the best-known Azure application, Office 365, with services such as Microsoft Teams 365 with services such as Microsoft Teams, Microsoft Exchange Online or Microsoft Sharepoint. Due to their provision via the cloud, these services are not only very scalable, but in theory they are also highly available and thus fail-safe. But many companies still see considerable deficits here. Therefore we would like to would like to do a little educational work:
One possible solution to make Microsoft Azure services truly services is called Microsoft Azure Peering Service. This service has been around for quite some time, but due to its Voraussetzungen it is not only practically unknown in the SME sector, but also difficult
or even impossible to implement.difficult or even impossible to implement.
One of the basic requirements is that your company has its own autonomous system. has its own Autonomous System. Setting up an Autonomous System is not rocket science, all it requires is the filling out of a few a few forms and a set-up fee of about 2000€.
In diesem Blogbeitrag we have shown you that with FortiGate Firewall, running your own autonomous system is not difficult. difficult.
As a thank you for your membership, you will receive a fixed assigned IPv4 and IPv6 network. However, in order for these networks to be reachable you need so-called peering partners. Here, a further monthly investment is necessary, as you have to pay two independent providers, to announce your autonomous system. For a gigabit connection you have to pay between 700 to 900 euros net per month per provider. The second sticking point is the operation of a kind of 24x7 network operation centre, so that Microsoft can reach you at any time in the event of faults.
So far, so uneconomical.However, a connectivity service can also cover two of the three three protection goals of information security. As you probably know, these three protection goals are integrity, confidentiality and availability. We have already demonstrated the coverage of availability already demonstrated, but a connection service also covers confidentiality. point of confidentiality. In contrast to a connection via the "normal" internet Internet, with a connection service you can be told exactly which connection your data takes from the point of origin, e.g. our data centre, to the Microsoft Cloud. The direct connection of our data centre to DE-CIX, the largest German Internet exchange point, makes this routing even more transparent. more transparent.
The advantages of a peering service should not be underestimated. underestimated:
- Guaranteed bandwidth with fixed SLAs and monitoring service
- No intransparent routing via the Internet, but directly and transparently via a dedicated fast lane (Layer 2)
- Guaranteed data sovereignty up to the Microsoft network
So what if we could bypass all the prerequisites and you can still get access to the Fastlane and thus increase the availability and confidentiality of your Microsoft Azure services?
Here are two options for a connection via our Express Lane:
- We set up a VPN connection via your existing internet connection. Our data centre has multiple redundant connections - however, since you are going to our data centre via the Internet and not Layer 2, we cannot offer you the full the full bandwidth.
- For business-critical business-critical services in Azure, you should think about a dedicated Layer 2 connection connection to our data centre. We work with many local and and global providers and can support you in the implementation.
That this service works has Hochtief bereits am Beispiel Microsoft Teams bewiesen. Through the use of the Micrososft Azure Peering Service reduced the latency between the HOCHTIEF headquarters in Essen and Microsoft Teams within Office 365 from 53 to 5 milliseconds. 5 milliseconds - a reduction of a whopping 90%. Attached you will find the Success story:
Would you like to learn more about this exciting topic? Then arrange an appointment today with one of our Microsoft Azure Peering Service experts.
Marcel Zimmer is the Technical Managing Director of EnBITCon. During his time in the German Armed Forces, the trained IT developer was able to gain numerous project experiences. His interest in IT security was significantly awakened by his service in command support. Even after his service, he is an active reservist in the Bundeswehr.
His first firewall was a Sophos UTM 120, which he had to set up for a customer project. Since then, his interest in IT security has grown steadily. In the course of time, various security and infrastructure topics have come into his focus. His most interesting projects included, for example, WLAN coverage in an explosion-proof area, as well as a multi-site WLAN solution for a large