{"id":12238,"date":"2023-10-26T17:01:03","date_gmt":"2023-10-27T00:01:03","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=12238"},"modified":"2023-11-28T16:56:58","modified_gmt":"2023-11-29T00:56:58","slug":"boosting-employee-connectivity-with-microsoft-azure-based-vwan-architecture","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/boosting-employee-connectivity-with-microsoft-azure-based-vwan-architecture\/","title":{"rendered":"Boosting employee connectivity with Microsoft Azure-based VWAN architecture"},"content":{"rendered":"

\"MicrosoftEditor\u2019s note: This is the fourth in our ongoing series on moving our network to the cloud internally at Microsoft.<\/em><\/p>\n

Whether our employees are in neighboring cities or different continents, they need to communicate and collaborate efficiently with each other. We designed our Microsoft Azure-based virtual wide-area network (VWAN) architecture to provide high-performance networking across our global presence, enabling reliable and security-focused connectivity for all Microsoft employees, wherever they are.<\/p>\n

We\u2019re using Azure to strategically position enterprise services such as the campus internet edge in closer proximity to end users and improve network performance. These performance improvements are streamlining our site connectivity worldwide and improving the user experience, increasing user satisfaction and operational efficiency.<\/p>\n

We\u2019ve recently piloted this VWAN architecture with our Microsoft Johannesburg office. Our users in Johannesburg were experiencing latency issues and sub-optimal network performance relating to outbound internet connections routed through London and Dublin in Europe. In other words, employees had to go to another continent in order to reach the internet.<\/p>\n

To simplify the network path for outgoing internet traffic and reduce latency, we migrated outbound traffic for two network segments in Johannesburg to the Azure Edge using a VWAN connected through Azure ExpressRoute circuits.<\/p>\n

The solution relocates the internet edge for Johannesburg to the South Africa North region datacenter in South Africa, using Azure Firewall, Azure ExpressRoute, Azure Connection Monitor, and Azure VWAN. We\u2019ve also evolved our DNS resolution strategy to a hybrid solution that hosts DNS services in Azure, which increases our scalability and resiliency on DNS resolution services for Johannesburg users. We\u2019ve deployed the entire solution adhering to our infrastructure as code strategy, creating a flexible network infrastructure that can adapt and scale to evolving demands on the VWAN.<\/p>\n

We\u2019re using Azure Network Watcher connection monitor and Broadcom AppNeta to monitor the entire solution end-to-end. These tools will be critical in evaluating the VWAN’s performance, enabling data-driven decisions for optimizing network performance.<\/p>\n

The accompanying high-level diagram outlines our updated network flows. We can support distinct user groups by isolating the guest virtual route forwarding zone (red lines) and the internet virtual route forwarding zone (black lines). This design underscores our commitment to robust outbound traffic control, ensuring a secure and optimized network environment.<\/p>\n

\"Traffic
Creating efficient and isolated traffic routing to the internet with Azure-based VWAN architecture.<\/figcaption><\/figure>\n
\"Beth
Beth Garrison is a cloud software engineer and part of the team that is helping build and maintain Microsoft Digital\u2019s network using infrastructure as code.<\/figcaption><\/figure>\n

We strongly believe our VWAN-based architecture represents the future of global connectivity. The agility, scalability, and resiliency of VWAN infrastructure enables increased collaboration, productivity, and efficiency across our regional offices.<\/p>\n

Our pilot in Johannesburg proved that improvements in network performance directly affected user experience. By relocating the network edge to the South Africa region in Azure instead of our datacenter edge in London\/Dublin, latency for connections from Johannesburg to other public endpoints in South Africa has dropped from 170 milliseconds to 1.3 milliseconds.<\/p>\n

Latency for other network paths has also improved, but by lesser amounts depending on the specific destination. The improvements were always greater the closer the destination was to Johannesburg, including connectivity paths to the United States and Europe, demonstrating stability and reliability in these critical connections. Significant benefits of the VWAN solution include:<\/p>\n