We’re transitioning from traditional network performance monitoring to a powerful integration between AppNeta by Broadcom Software and Azure Monitor. This strategic shift allows us to focus on what truly matters—the user experience we offer our employees.

As our networking infrastructure has evolved to embrace and depend upon cloud services, so have the expectations of our employees. Our network extends across thousands of on-premises and cloud resources and stretches to 160 countries across the world.

[Explore the rest of our series on moving our network to the cloud.]

Our network monitoring must always answer the important questions for our business and the Microsoft employees that drive that business. Our organization’s needs come from diverse perspectives and use-case scenarios, and they include essential questions our monitoring must answer, including:

“How do I understand and optimize the performance of my resources?”

“Are my resources available and redundant?”

“Can I diagnose problems end-to-end?”

“Does network configuration comply with security policies and ensure it’s in the desired state?”

“How can I use data to predict behavior and outcomes?”

“How is the network experience impacted after a change is implemented?”

In all these questions, lie answers that revolve around our employees’ user experience. What are the people who use our network infrastructure experiencing, and how can we better measure and improve that experience?

We realized that conventional network performance monitoring—monitoring the systems and infrastructure that support our network—could only tell part of the story. To truly understand and meet our requirements, we needed to monitor user experiences directly. This understanding became the driving force behind our decision to embrace user-experience monitoring.

The lifecycle of our hybrid cloud networking environment dictates how we observe and measure the end-to-end experience in our network environment. Across our network environment, multiple factors impact the user experience.

Network resources must be healthy and available. Resources and network paths must meet performance requirements for throughput and latency. Network configuration must meet standards and be protected from configuration drift. Resources must be adequately inventoried and backed up.

The broader picture of network state must be integrated with related data to provide a holistic perspective of the user experience.

We use AppNeta by Broadcom Software to bridge our cloud monitoring capabilities into our on-premises corporate network and capture the end-to-end network experience for our employees, whether connected from home, a customer’s office, or one of our Microsoft office locations worldwide. AppNeta allows us to observe the entire corporate network experience and integrate that monitoring data with observations from Azure Monitor for our cloud networking environment.

We’re integrating the user experience across our office locations and on-premises network infrastructure into a global cloud network environment hosted in Azure. Our cloud network is at the core of connectivity for Microsoft, with our Azure-based VWAN connecting our entire global network.

This monitoring solution allows us to track and analyze various user-centric metrics precisely, from application responsiveness to service availability and beyond. We can proactively identify potential issues before they impact our users, take targeted actions, and optimize the user experience to ensure seamless interactions between our users and services.

We currently monitor more than 500 network-specific Azure resources, including Virtual Networks, Azure Firewalls, IP groupings, ExpressRoute circuits, ExpressRoute Gateways, VPN Gateways, Azure VWAN Hubs, and Azure VWAN Global Reach.

Across these cloud resources and into on-premises resources using integration with AppNeta, we’re tracking almost 50 parameters—native and synthetic—including simple metrics such as throughput, CPU utilization, packet loss, and latency. These parameters also include more complex and holistic measures such as the provisioning state of resources, resource status, data path availability, configuration drift, and rule changes.

These metrics are combined using dashboards and workbooks in Azure Monitor, creating a hop-by-hop measure of visibility, performance, configuration, resiliency, and interoperability for user experiences.

By integrating AppNeta with Azure Monitor, we’re creating a holistic view of the end-to-end user experience. AppNeta’s on-premises monitoring capabilities, combined with Azure Monitor’s rich telemetry data and reporting, allow us to comprehensively understand how our users interact with our services.

Our transition to user-experience monitoring has created numerous benefits. Prioritizing our users’ needs results in more satisfied and empowered employees. Real-time insights into user interactions allow us to address issues promptly, leading to reduced downtime and improved service reliability. Our focus on user experience strengthens our relationship with the employees we support and positions us as an employee-centric organization.

Our journey to network monitoring in the cloud is ongoing and ever evolving. The integration between AppNeta and Azure Monitor sets the stage for continuous growth and improvement for our network environment and organization.

We’re currently working on building self-healing capabilities into our monitoring solution using Azure-based automation tools. We’re taking a more proactive approach to the health of our network, and automation ensures that self-healing capabilities can be deployed consistently and efficiently across the entire network.

We’re also moving toward Azure Data Lake for data lake and data lakehouse capabilities, increasing the flexibility of our reporting and dashboarding while ensuring adequate performance for the monitoring solution as demand and workload increase.

Our transition from traditional network performance monitoring to integrated user-experience monitoring with AppNeta and Azure Monitor represents our dedication to user satisfaction. By directly understanding our employees’ experiences, we can exceed their expectations and ensure seamless interaction with our services.

In this transformative journey with AppNeta and Azure Monitor as our allies, we’re well-equipped to embrace a user-centric outlook where monitoring excellence translates into unparalleled user experiences. We’ll continue prioritizing user satisfaction as the driving force behind our monitoring strategy.

Here are some considerations for moving towards a more cloud-based, user-centric networking infrastructure.

• Extend your global network with robust monitoring solutions. A robust monitoring solution like ours can effectively manage vast and diverse infrastructures.
• Directly monitor user experiences for better network performance. The integration of AppNeta provides a comprehensive understanding of network performance and user interaction across various environments.
• Proactively identify and resolve issues in your network. Using integrated monitoring tools enables you to detect potential issues before they impact users, enhancing service reliability and minimizing downtime.
• Track comprehensive metrics for a holistic network understanding. By monitoring comprehensive metrics, you can gain a detailed and holistic view of your network’s performance, aiding in more informed decision-making.
• Embrace future-oriented developments for your network management. Self-healing capabilities and Azure Data Lake adoption highlight the importance of continuous improvement and adapting to evolving network needs.
• Adopt an employee-centric approach for organizational success. Prioritizing user experience strengthens your position as an employee-centric organization. Focusing on user satisfaction can lead to broader organizational success.

Find special offers, benefits, and incentives to help you migrate to Azure, optimize costs, learn new skills, and grow your business.

• Explore the rest of our series on moving our network to the cloud.
• Unpack the learnings, pitfalls, and compromises of Microsoft’s expedition to the cloud.
• Discover engineering a Zero Trust network at Microsoft.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Focusing on user-experience network monitoring with AppNeta and Azure Monitor appeared first on Inside Track Blog.

In the modern workplace, Microsoft employees access their work from diverse locations. To ensure secure and efficient connectivity to cloud and on-premises resources for our global workforce, we’re adopting Azure Virtual WAN (VWAN) in conjunction with enterprise-scale security solutions.

Our enterprise-scale security solutions are vital in authenticating remote users across Azure and on-premises resources, enabling seamless service-to-service authentication. Our approach creates a more robust and reliable environment by removing interdependencies between network services and physical locations. Through strong authentication enforcement and role-based access control, our security solutions are tailored to support deployments at an enterprise scale.

We’re evolving remote access for our employees by migrating our remote and VPN access infrastructure to a modern, cloud-based solution using Azure VPN and Azure VWAN. Our new solution accommodates evolving security requirements and scales to support the changing demands of our remote workforce. This transition improves our security posture and enhances the overall efficiency of our remote access infrastructure, aligning seamlessly with our commitment to scalable and secure solutions for our global workforce.

Moving to the Azure-based solution allows us to support all remote access users with the Azure VPN client. This unified approach creates a simplified user experience and performs better for remote employees than our previous solution.

Our solution’s core is Azure Virtual WAN, a networking service that combines many networking, security, and routing functionalities to unify Azure and on-premises networking capability into a single operational interface.

Azure VWAN supports site-to-site, point-to-site, and private connections between Azure and on-premises users and resources using ExpressRoute, Azure VPN, Azure Firewall, and advanced routing configuration. The hub and spoke architecture of Azure VWAN provides enterprise scale and performance from cloud-hosted Azure VWAN hubs in Azure regions across the globe. Using the globally distributed Azure public cloud infrastructure, we can quickly deploy a global transit network architecture for our entire enterprise, supporting instant connectivity from the closest Azure VWAN Hub to any on-premises network endpoints.

Using the Azure VPN client and integrated VPN support built into Azure VWAN, our employees connect to the closest regional hub, securely and efficiently integrating them with Azure VWAN and our global corporate network. Currently, Azure VPN is selectively deployed for specific use case scenarios. It doesn’t serve as the default network access now, but its versatility allows for such a role, and we plan to use Azure VPN as the default remote access solution soon.

Using Azure VWAN and Azure VPN to manage our global network and remote access has resulted in many improvements to our wide area network architecture and the employee experience when using the network.

We’re using infrastructure as code (IaC) to deploy and scale our VPN capacity, enabling us to quickly accommodate and host over 100,000 users. Our ongoing efforts include onboarding all Microsoft employees to Azure VPN.

Protecting intellectual property is paramount for Microsoft. Our solution provides a highly secure environment through Azure VPN, using industry-standard encryption protocols and advanced security features. This ensures that all data transmitted between employees and resources in Azure or on-premises remains confidential and protected from unauthorized access.

Our architecture is designed to scale seamlessly as the user base grows. With the inherent scalability of Azure Virtual WAN, we can accommodate additional users and network resources without compromising performance. This flexibility ensures that Microsoft can support its expanding workforce without sacrificing connectivity or user experience.

Our network build process uses IaC principles to create a highly adaptable, robust, and reliable network environment. Our deployment templates and resource modules—created using the Bicep language—define the desired state of our VWAN infrastructure in a declarative manner. Following Microsoft best practices, we maintain a central Bicep template that invokes distinct modules—also defined in Bicep—to instantiate the necessary resources for deployment. This modular framework allows us to be flexible and accommodate new changes or requirements by applying various deployment patterns. For more information, visit Deploying a VWAN using infrastructure as code and CI/CD.

Our solution offers centralized management and monitoring capabilities, enabling our support ecosystem to manage our VPN infrastructure efficiently. Our security team can easily configure VPN settings and management using Azure Dashboard, allowing them to monitor usage patterns in a smart way. This centralized control ensures streamlined administration and effective troubleshooting.

We design the user experience to maximize productivity. Our solution optimizes network connectivity, relying on a global profile to minimize latency and allow employees to access hosted resources seamlessly from anywhere in the world. This eliminates barriers to productivity and empowers users to collaborate efficiently, irrespective of their geographic location.

Intellectual property protection often involves compliance requirements. Our solution adheres to industry best practices and relevant regulations to ensure that we meet necessary compliance standards. This includes data privacy, access controls, and auditability, providing peace of mind that intellectual property is handled in a secure and compliant manner.

We’re excited about the successful enterprise-scale deployment of our Azure Virtual WAN and Azure VPN-based solution. This deployment increases our ability to safeguard intellectual property while seamlessly supporting the connectivity needs of Microsoft employees. We remain committed to supporting the internal networking needs of Microsoft and ensuring secure and seamless connectivity as our organization grows.

Contact us today to explore how our solutions can help protect your intellectual property, enable remote access at scale, and provide a robust and secure network infrastructure tailored to your organization’s unique requirements.

• Migrate to a cloud-based VPN solution. Transition your VPN and remote access infrastructure to Azure VPN and Azure VWAN for a more scalable and secure remote access solution.
• Leverage Infrastructure as Code for network management. Adopt infrastructure as code (IaC) using the Bicep language to efficiently manage and scale your network infrastructure, allowing for flexible and rapid deployment.
• Plan for scalability and user growth. Ensure your network architecture is designed to scale seamlessly with Azure Virtual WAN, accommodating additional users and resources without sacrificing performance.
• Centralize management and monitoring. Use centralized management and monitoring tools, such as the Azure Dashboard, to efficiently administer VPN settings and manage network usage.

Get started with Azure VWAN with routing intent and routing policies at your company.

• Check out our full series on moving our network to the cloud. 
• Learn more about Azure Virtual WAN.
• Get more insight on how Azure VPN Gateways work.

Want more information? Email us and include a link to this story and we’ll get back to you.

Please share your feedback with us—take our survey and let us know what kind of content is most useful to you.

The post Deploying global remote VWAN connectivity with Azure VWAN and Azure VPN appeared first on Inside Track Blog.