Moving Microsoft’s global network to the cloud with Microsoft Azure

|

Transforming our global enterprise network services internally at Microsoft is enabling us to capture the full benefit of cloud networking.

Microsoft Digital storiesMicrosoft Azure has been part of the enterprise solution architecture at Microsoft for more than eight years. One thing has remained constant throughout our journey—from early lift-and-shift migrations to recent transformations to cloud-first solutions—the network.

“In the early stages, migrating on-premises resources into Azure was our priority, and low-bandwidth dedicated links provided connectivity between on-premises networks and Azure,” says Raghavendran Venkatraman, a principal cloud network engineer at Microsoft Digital (MSD), Microsoft’s internal IT organization. “Over time, these links evolved into high-bandwidth shared connections, providing greater flexibility and capacity.”

As new networking features were released on Azure, the Microsoft Digital cloud networking team embraced these innovations with enthusiasm and a Customer Zero mindset. This approach led to a continuing transformation of our network architecture and an ongoing partnership with the Azure product team.

Venkatraman poses for a corporate photo.
Raghavendran Venkatraman is a principal cloud network engineering manager in Microsoft Digital, the company’s IT organization. His team is leading the cloud networking transformation at Microsoft.

We transitioned to a high-bandwidth model to support our connectivity needs between Azure and on-premises resources, integrating with the native Azure security features. That gave us a robust framework that reduced our reliance on on-premises hardware and third-party devices.

Now, we find ourselves at an inflection point in this journey.

Our line-of-business applications have successfully transitioned to Azure. Our product development environments, previously exclusively on-premises, have matured into hybrid configurations that seamlessly blend on-premises and cloud resources. Additionally, many of our labs have moved to the cloud. Almost 98 percent of Microsoft’s IT infrastructure is hosted in Azure.

However, we need to go further back to understand the complete story.

Long before we deployed our very first Azure tenant or created a virtual network, the Microsoft global network had its humble beginnings more than 40 years ago, supporting connectivity for a handful of employees in a single building in Redmond, Washington.

Our global network has since grown to include more than 180,000 employees working in more than 180 countries and regions worldwide. Our global network is critical for our business operations and is at the center of our architecture design, engineering principles, and security posture. This global network connects our offices and data centers and has been our employees’ launching pad from the corporate network to the cloud.

“There is a critical facet of our organization’s network that has yet to embrace the cloud’s transformative capabilities fully,” Venkatraman says. “Our global network and enterprise services still depend on third-party solutions. These services include vital components such as DNS, remote access, internet edge, and connectivity between our regional Microsoft locations.”

Migrating our enterprise network services to the cloud supports the shift toward modern, agile IT operations. It enables us to respond swiftly to the changing demands of our users and the technological landscape. Using Azure helps us future-proof our infrastructure, ensuring it remains adaptable and resilient in the face of ongoing change.

—Raghavendran Venkatraman, principal cloud network engineer, Microsoft Digital

[Read our ongoing series on moving our network to the cloud.]

Why move global network connectivity to the cloud?

We’re migrating these essential global network services to the cloud. This shift aligns our network architecture with Microsoft’s cloud-first mindset. It enables our network engineers to use the extensive capabilities of Azure, offering greater agility, scalability, and resilience for our network and services.

The journey to migrating these enterprise services isn’t just about technology evolution. It’s about aligning our infrastructure with our vision for the future. It’s about harnessing the power of the cloud to usher in a new era of efficiency, security, and agility at Microsoft.

“Migrating our enterprise network services to the cloud supports the shift toward modern, agile IT operations,” Venkatraman says. “It enables us to respond swiftly to the changing demands of our users and the technological landscape. Using Azure helps us future-proof our infrastructure, ensuring it remains adaptable and resilient in the face of ongoing change.”

Azure offers a comprehensive array of defense-in-depth security features and services, including built-in encryption, DDoS protection, Microsoft Defender for Cloud, network security groups, application security groups, and secure secrets management with Azure Key Vault. Our migration ensures that we continue to meet the highest standards of security and data protection, a critical aspect of our operational excellence.

There are several compelling advantages to embracing Azure as a core network provider. It provides unmatched scalability, high reliability, and exceptional agility. These factors contribute to building a cost-efficient infrastructure that can adapt to our evolving needs.

—Raghavendran Venkatraman, principal cloud network engineer, Microsoft Digital

Azure offers more than 60 regions worldwide to deploy and host Azure resources. These regions are connected by a resilient backbone network connecting continents, regions, and cities. It offers a comprehensive suite of features to support enterprise network operations in the cloud.

The primary directive of our migration to the cloud is to transition our global enterprise network traffic from third-party and on-premises network resources to the global Azure backbone, taking advantage of the vast array of benefits that the Azure backbone network offers our workloads.

Connecting via Azure virtual networking to many endpoints, including internal, third-party, and internet apps and services.

Connecting and supporting Microsoft’s global network with Microsoft Azure.

“There are several compelling advantages to embracing Azure as a core network provider,” Venkatraman says. “It provides unmatched scalability, high reliability, and exceptional agility. These factors contribute to building a cost-efficient infrastructure that can adapt to our evolving needs.”

Our shift to the cloud as our primary network represents an opportunity for us to harness the full potential of Azure, and it aligns seamlessly with our commitment to delivering efficient, reliable, and agile services, not just for our internal needs but also for our partners and customers.

By acting as Customer Zero and embracing these Azure features and network services for our core needs, we want to set new benchmarks for efficiency and performance and demonstrate the full extent of Azure’s capabilities.

How we’re migrating our network to Azure

Shifting Microsoft’s global network and enterprise services to Azure involves transforming and improving the paths that shape our network traffic flow. “We’re moving essential services such as DNS, remote access, and the internet edge out of on-premises and third-party solutions and into Azure-native services and functionality,” Venkatraman says.

We aim to create a more agile, resilient, and stable global virtual wide area network (VWAN) that supports all our enterprise traffic. By hosting our core network in Azure, we’re placing our employees as close as possible to the network and cloud resources they need.

Within our global VWAN, the vast majority of our employees will be transferred to a remote, internet-first connectivity method, making the internet their first connection point and placing them in close network proximity to the nearest Azure region, where most of our IT resources reside. Simultaneously, we’re transitioning regional offices to connect with our corporate environment directly through Azure, supplemented by a local internet edge. This replaces the conventional centralized edge for that region and creates a more efficient path to each location, improving efficiency and increasing performance.

We’re improving automation and agility by adopting software-defined networking practices natively available in the cloud and taking a continuous integration/continuous deployment (CI/CD) approach to building our VWAN-based network infrastructure. This results in quick and reliable delivery of changes to network services and enables us to match the increasing pace of technology change in the marketplace.

Understanding the benefits of an Azure-based global network

Transitioning our enterprise services to the cloud is a pivotal milestone in our ongoing journey to transform and enhance our network infrastructure and organization. This strategic shift offers remarkable advantages that profoundly impact our operations, scalability, and efficiency.  These benefits include:

  • Highly available network infrastructure. By embracing the cloud, we gain access to a network infrastructure with built-in reliability and availability. This ensures seamless connectivity and service delivery to our employees and customers.
  • Data center footprint reduction. Our line-of-business applications have successfully migrated to virtual data centers hosted on the cloud. This evolution minimizes our reliance on traditional on-premises data centers and opens doors to a more agile and scalable approach.
  • Cloud-native enterprise services. We’re moving core enterprise services to the cloud, aligning our operations with the modern digital age. This transition streamlines our services, enhancing their efficiency and accessibility.
  • Maximized usage of cloud resources. As Azure continues to evolve and offer innovative features, our migration to the cloud allows us to capitalize on the full potential of these advancements, keeping us at the forefront of technological progress.
  • Strategic advancements and the seamless integration of Microsoft Entra. Azure networking increases our capability to migrate enterprise services to the cloud. This strategic movement includes integration with Microsoft Entra, which enables us to prioritize security. We’re using Entra integration to minimize public-facing exposure, exercise tight control over incoming traffic, and implement dynamic onboarding processes to deploy network services.
  • A reference architecture for our customers. The transition underlines our commitment to the cloud, providing a reference architecture that communicates Microsoft’s commitment to delivering enterprise-class products and using those products to run our own organization.
  • Cost-efficient infrastructure. Cloud migration empowers us to build an infrastructure that is not only cost-efficient but also highly agile and scalable. We can optimize resource utilization, ensuring we pay only for what we consume.
  • Reduced third-party dependency. As we bring more services in house through the cloud, we can optimize our reliance on third-party solutions. This consolidation enhances our control, security, and cost-effectiveness. One of the biggest benefits is that we will have less of a need to sign and be constrained by multi-year contracts with third-party providers.
  • Infrastructure that is secure by design. The cloud’s security features, combined with our robust in-house practices, create a secure-by-design infrastructure. This enhances the protection of our services and data.
  • Hybrid management possibilities. Our hybrid approach integrates the management of on-premises and cloud resources. This approach ensures a unified, efficient, and effective way of managing our entire infrastructure.
  • DevOps-integrated infrastructure as code (IaC). We’re embracing a DevOps culture and integrating IaC principles into our operations. This approach automates deployment and configuration, streamlining our workflows and ensuring rapid and reliable delivery of changes.
  • Built-in reliability and resiliency. The global Azure network provides a highly redundant backbone. By using this architecture, we enhance the reliability and availability of our global services without requiring extra management or deployment.
  • Enhanced scalability. The extensive bandwidth and capabilities of Azure provide enhanced scalability and position us strategically to drive AI innovation. Our network’s ability to rapidly adapt to varying workloads and accommodate future growth enables us to align with Azure Copilot capabilities. The natively available data telemetry enables us to integrate with Azure AI offerings, fostering an agile environment that keeps pace with the rapid evolution of AI innovation within our organization.

Moving forward

Moving our global enterprise network services to the cloud is a transformative move that aligns with our mission to optimize the full potential of Azure and embrace modern, cloud-native practices.

“Transitioning enterprise services to the cloud is a transformative move that aligns with our mission to optimize the full potential of Azure and embrace modern, cloud-native practices,” Venkatraman says. “This transition represents a major step toward a more efficient, scalable, and secure future, embodying our commitment to innovation and technological excellence.”

As we migrate our global enterprise network services to Azure, we’re continually examining and integrating newly released Azure capabilities. This approach supports our vision for combining efficiency, resilience, and agility to enable our employees and organization to achieve more. It sets the stage for a future in which our network and services are more adaptable, efficient, and secure than ever before.

Key Takeaways

Here are some tips for getting started on moving your network to the cloud:

  • Embrace cloud transition proactively. Assessing and acting on the potential of cloud infrastructure can lead to increased agility, scalability, and cost-effectiveness.
  • Prioritize security and compliance. A secure-by-design infrastructure is vital for protecting services and data and maintaining stakeholder trust.
  • Adopt a hybrid management approach. A hybrid configuration that blends on-premises and cloud resources offers a unified, efficient way of managing infrastructure, balancing the strengths of both environments.
  • Integrate DevOps and automation practices. Continuous integration/continuous deployment (CI/CD) and infrastructure as code (IaC) principles streamline workflows, ensuring rapid and reliable delivery of changes and optimizing resource deployment.
  • Stay updated and adapt. As cloud platforms evolve, re-evaluate and adjust your cloud strategy to remain at the forefront of technological progress.

Try it out

Simplify your moving your network to Azure with Microsoft Azure Migrate.

Try creating and modifying a circuit with Microsoft Azure ExpressRoute.

 

Related links

Read our ongoing series on moving our network to the cloud.

 

We'd like to hear from you!

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

Recent