In today’s rapidly changing technology landscape, the conventional model of infrastructure management—receiving user requirements, designing solutions, deploying infrastructure, and manually monitoring for health and availability—lacks the agility and efficiency we need to operate our network infrastructure in a modern work environment.

DevOps represents a mindset and a set of practices that bridge the gap between conventional infrastructure management and a modernized, agile approach to ensuring our network environment continually meets the requirements of our business.

Here in Microsoft Digital, the company’s IT organization, our journey into the DevOps mindset began with a cultural shift. We’ve emphasized collaboration and worked toward removing barriers to cross-team sharing. We’ve encouraged our engineering teams to embrace continuous improvement and align their work to common organizational goals. This shift in mindset has accelerated our project timelines, enhanced reliability, and sparked innovation within our teams.

[Explore moving Microsoft’s global network to the cloud with Azure. Read our ongoing series on moving our network to the cloud.]

Driving efficiency and resiliency with DevOps practices

DevOps is at the forefront of our service delivery cycle. It affects every step and choice our engineering teams make, and DevOps practices have revolutionized our infrastructure management processes.

From the first step of the process—gathering user requirements—our teams collaborate closely with stakeholders to ensure a thorough understanding of user needs and expectations. Our design process is a collaborative, collective effort, with multidisciplinary teams contributing toward efficient, scalable, and secure solutions. With Azure networking components at the core, our DevOps practices span the entire solution lifecycle.

We automate deployment using infrastructure as code (IaC) with Azure Resource Manager (ARM) templates, Bicep, Azure Blueprints, and Terraform. IaC is the cornerstone of our modernization efforts. We’ve automated most of our network deployment and management tasks by using IaC in ARM templates and across a robust suite of management tools. Massive network deployments now take minutes instead of months. Reconfigurations can be dynamically and sequentially deployed, honoring dependencies and network data flow requirements.

This IAC approach enables our engineers to maintain infrastructure consistency, enforce best practices, and improve team collaboration. This approach not only accelerates service delivery but also ensures the reliability and stability of our network environment.

We implement continuous integration and deployment (CI/CD) pipelines for network configurations. Using Azure DevOps services, we’ve set up CI/CD pipelines for our network configurations. Whenever our network infrastructure code changes, it automatically triggers a pipeline that tests and deploys these changes across our environments. This ensures that our network infrastructure can evolve rapidly and safely in response to new requirements or challenges.

We monitor and run diagnostics with Azure Monitor and Network Watcher. We’ve transformed our monitoring and alerting mechanisms by integrating Azure Monitor and Network Watcher. This gives us real-time visibility into our network performance and health, enabling our systems to proactively identify and resolve issues before they impact our users, often without human intervention. Automated alerts and diagnostics tools within these services allow us to respond swiftly to anomalies.

We automate security and compliance processes. Security is paramount in all our deployments. We automate compliance checks and security monitoring by integrating Azure Policy and Azure Security Center into our DevOps practices. This ensures our network infrastructure remains compliant with our stringent security standards and streamlines the process of identifying and mitigating potential security risks.

We incorporate feedback Loops for continuous improvement. We can continuously refine and improve our network infrastructure by incorporating feedback mechanisms into our processes. Azure DevOps provides tools for tracking user feedback, bug reports, and performance metrics, which we analyze to continuously refine our DevOps practices, aligning them with emerging technologies and industry best practices. This adaptive approach ensures that we stay agile and responsive to the ever-evolving needs of our users.

Modernization through virtualization

As we move forward in our DevOps journey, we’re pushing into new ways of thinking about networking and modern infrastructure management. Azure-based connectivity has emerged as a critical enabler in this pursuit. For example, our implementation of Azure Virtual WAN exemplifies DevOps-driven networking. Our Azure Virtual WAN solution connects branch offices, data centers, and Azure resources seamlessly, and it’s filled with DevOps practices. The Azure Virtual WAN environment is provisioned using ARM templates, defining the entire topology, including hubs, spokes, and VPN connections. Azure Monitor tracks performance metrics, such as latency and bandwidth utilization. Alerts trigger automatic scaling or failover actions. When new branches are added, Azure Virtual WAN scales dynamically to provide the throughput and performance necessary based on pre-configured auto-scaling rules.

By using Azure Virtual WAN to virtualize our connectivity for Microsoft employees and buildings across the globe, we’re eliminating the constraints of physical infrastructure and unlocking new possibilities for scalability and efficiency.

Staying agile and looking forward

We know we’re working with a moving target as we continue our DevOps journey. The technological landscape constantly evolves, presenting new challenges and opportunities. Our engineers are committed to staying adaptive and flexible, ready to iterate and develop our practices as we progress.

Our DevOps journey has fundamentally transformed our approach to Azure cloud network engineering and infrastructure management. Our use of Azure Virtual WAN, ARM templates, CI/CD pipelines, Azure Monitor, and Network Watcher is a testament to our commitment as Customer Zero to use Microsoft technologies to meet the ever-evolving demands of our users and the industry. By embracing DevOps practices, we’ve improved collaboration and efficiency and paved the way for continuous innovation in the future.

Here are a few ways that you can start adopting a DevOps mindset, whether you’re a seasoned network engineer or a DevOps enthusiast:

• Embrace DevOps for agility: Accelerate projects and foster innovation by promoting collaboration and continuous improvement.
• Use IaC for efficiency: Use Azure Resource Manager templates and IaC tools to streamline and standardize network deployments.
• Automate monitoring and security: Use Azure Monitor and Security Center for real-time insights and automated compliance.
• Adopt virtualization and stay adaptive: Use Azure Virtual WAN for scalable connectivity and remain open to evolving technologies and practices.

Learn how to Integrate ARM templates with Azure Pipelines.

• Explore moving Microsoft’s global network to the cloud with Azure.
• Explore our series on moving our network to the cloud.
• Unpack our cloud-centric architecture transformation.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Modernizing our cloud networking infrastructure with a DevOps mindset appeared first on Inside Track Blog.

We’ve recently helped SAP, one of our key business partners, replace an outdated VPN connectivity solution with a highly secure, cost-efficient connection into Azure for integration with ADP payroll using Azure VWAN and Azure VPN.

As cloud networking has matured, so have the requirements for security and traffic control. SAP’s pre-existing solution for connecting their VPN clients lacked support for critical IKEv2 security and traffic control mechanisms such as AES256 and SHA256 encryption and border gateway protocol (BGP). To support these new requirements, the existing hardware used in SAP’s VPN solution needed to be replaced to be compliant with IKEv2 standards.

Our cloud networking engineers at Microsoft Digital (MSD), the company’s IT organization, proposed a different solution: a cloud-first VPN solution using Azure VWAN and Azure VPN.

The cloud-first solution uses Azure VPN policies and tunneling to bypass the requirement for routing hardware in SAP’s environment. It also provides full support for IKEv2 and removes dependency on outdated VPN hardware and controls.

This is the first Azure-based solution using IKEv2 policy-based VPN connectivity for SAP and ADP support. This cutting-edge solution introduces a highly secure and cost-efficient way for business partners to connect with Azure while ensuring strict adherence to regulatory compliance.

The introduction of IKEv2 VPN connectivity allows partners’ systems to securely communicate with Microsoft’s SAP environment in Azure, fostering a seamless integration of services. It sets the stage for unprecedented connectivity, creating a robust ecosystem for business partners to collaborate and exchange data securely.

Azure VWAN provides native IKEv2 VPN connectivity support. By taking advantage of Azure’s powerful networking capabilities, the solution is instantly scalable and highly available. The Azure-native approach streamlines the entire connectivity process by simplifying set up, management, and monitoring.

With IKEv2 VPN and Azure VWAN, all communications between partners’ or providers’ systems and Microsoft’s SAP environment are encrypted and authenticated, safeguarding sensitive information from unauthorized access. As a result, we can provide our partners with peace of mind and uphold the highest standards of data protection.

By eliminating the need for complex hardware and streamlining the set-up process, we enable our internal businesses and partners to achieve significant cost savings. This cost-effectiveness empowers them to invest resources strategically and fuel their growth.

Regulatory compliance is non-negotiable in today’s business landscape. Our VPN connectivity and native network solutions are designed with strict adherence to regulatory requirements in mind. By meeting industry standards and regulatory mandates, we ensure that our business partners can confidently operate within the bounds of compliance, mitigating potential risks and challenges.

The first IKEv2 policy-based VPN connectivity solution for SAP and ADP support through Azure native network solutions represents an entirely new way to approach SAP and ADP connectivity for Microsoft partners. With improved security, better cost efficiency, and support for regulatory compliance adherence, we’re reshaping the standards for business partner connectivity in the cloud. We’re continuing to innovate and explore new approaches to secure and efficient VPN connectivity to support SAP systems.

To navigate the integration of your network with Microsoft Azure networking solutions, consider the following:

• Explore Azure VWAN and VPN. Evaluate your network for potential improvements by considering Azure Virtual WAN and VPN for enhanced security and efficiency.
• Assess security and compliance. Review your network’s security protocols and compliance standards against Azure’s IKEv2 encryption and regulatory adherence.
• Initiate a pilot project. Test the impact of Azure VWAN and VPN by launching a small-scale pilot within your network, focusing on performance and cost benefits.

Here’s how you can create a peer-to-site VPN connection using Azure Virtual WAN.

• Explore moving Microsoft’s global network to the cloud with Azure.
• Read our ongoing series on moving our network to the cloud.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Revolutionizing SAP and ADP connectivity with Microsoft Azure VWAN and VPN appeared first on Inside Track Blog.

Our Infrastructure and Engineering Services (IES) team in Microsoft Digital, the company’s IT organization, is working with the Azure Networking product group to drive this transformation as part of our ongoing effort to move our network to the cloud (read our full series here).

Azure for Operators empowers mobile network operators to unlock the power of 5G by bringing the cloud and network edge closer together. This allows operators to modernize their networks, streamline and optimize their business operations, and deliver new services faster with greater reach and lower cost.

At the core of the Azure for Operators product is a carrier-grade hybrid cloud platform built for mission-critical mobile network applications. Azure for Operators customers can deploy, manage, secure, operate, and monitor network-focused workloads with a cloud-based management interface and hybrid connectivity between Azure data centers and on-premises carrier networks.

To support the rapid-paced development and growth of Azure for Operators, the product group worked with our IES team to create a high-bandwidth, dedicated network between the Azure for Operators and the lab environments that our developers and engineers use to create functionality and innovation on the Azure for Operators platform. It’s one of many ways we’re using cloud networking to transform how we operate our business in Microsoft Digital in the continually evolving technology landscape that we live in.

Our solution uses Azure Express Route in a highly available, dedicated connection between the lab environment in Microsoft’s corporate network and Azure edge routers. It facilitates secure, dedicated connectivity using 802.1Q tunneling (Q-in-Q) to simulate the ExpressRoute direct connection experience.

This connection provides a functional test bed for developers, vendors, and proof-of-concept solutions that use the lab to accurately simulate Azure for Operators functionality in a dedicated, protected Azure for Operators environment.

With seamless cloud and communication services integration, this dedicated private connection empowers our developers to establish a direct link to Azure’s extensive cloud services. As a result, our developers can iterate rapidly in an accurately replicated test environment, increasing efficiency and solution performance. The result is a better, more innovative Azure for Operators environment for Azure customers.

Developers are at the heart of our transformative journey to move our network to the cloud. Solutions such as the dedicated Azure for Operators lab service empower our developers with a robust and scalable infrastructure, enabling them to focus on building exceptional applications and services without worrying about data transfer limitations. Our solution enhances their productivity and allows them to deliver superior user experiences.

Our vision is to revolutionize the way our developers interact with Azure. The dedicated Azure for Operators lab service plays a central role in this transformation, enabling our Azure for Operators business to fully embrace the convergence of cloud and communications and creating opportunities for greater connectivity elsewhere in Azure service development and delivery. Our IES team, the Azure Networking product group, and the Azure for Operators product group are reshaping the connectivity landscape at Microsoft and in the communications industry, fostering a collaborative environment where innovation flourishes.

As we continue to find ways to better connect our product and development teams to the resources they need, we’re creating an environment that empowers developers, accelerates innovation in our products, drives transformation across the cloud and communications landscape, and pushes the boundaries of what’s possible in the digital era. The seamless convergence created with our dedicated connectivity using Azure Express is the beginning of greater innovation at Microsoft.

Here are a few things to consider when evaluating Azure Express Route for your organization:

• Implement Azure ExpressRoute for enhanced connectivity. Adopt Azure ExpressRoute for secure, high-bandwidth data transfers, crucial for efficient cloud-based services.
• Create a developer-friendly environment with ExpressRoute. Use Azure ExpressRoute to establish a dedicated lab for developers, allowing effective application building and testing without bandwidth limitations.
• Embrace cloud and communication convergence through ExpressRoute. Integrate Azure ExpressRoute to innovate and transform your digital operations, opening new avenues in service development and delivery.

Here’s how you can establish a private peering connection from on-premises to an Azure virtual network using ExpressRoute.

• Read our ongoing series on moving our network to the cloud.
• Learn about our vision for moving our global network to the cloud with Microsoft Azure.
• Unpack how we’re doing more with less internally at Microsoft with Microsoft Azure.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Reshaping the Azure developer experience using Azure ExpressRoute appeared first on Inside Track Blog.