{"id":15073,"date":"2024-06-05T08:00:56","date_gmt":"2024-06-05T15:00:56","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=15073"},"modified":"2024-06-05T08:24:41","modified_gmt":"2024-06-05T15:24:41","slug":"moving-our-network-to-the-cloud-with-microsoft-azure","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/moving-our-network-to-the-cloud-with-microsoft-azure\/","title":{"rendered":"Moving our network to the cloud with Microsoft Azure"},"content":{"rendered":"

\"MicrosoftOur ongoing move to cloud networking here at Microsoft is at the core of our larger connectivity strategy.<\/p>\n

Very practically, this shift is playing a pivotal role in how we are and will continue to support our more than 221,000 employees across 180 countries and regions, many of whom are working remotely. Our need to enable our people to successfully work and connect from where they are remains paramount.<\/p>\n

Adopting cloud networking isn\u2019t simply moving network resources from the data center to the cloud\u2014we\u2019re transforming the way we think about networking altogether. It\u2019s about creating a new way to approach our connectivity and the business it supports.<\/p>\n

– Raghavendran Venkatraman, principal cloud network engineering manager, Microsoft Digital<\/p>\n<\/blockquote>\n

And how are we doing all of this?<\/p>\n

We\u2019re not going far\u2014we\u2019re using our own suite of Microsoft Azure network products.<\/p>\n

\u201cAdopting cloud networking isn\u2019t simply moving network resources from the data center to the cloud\u2014we\u2019re transforming the way we think about networking altogether,\u201d says Raghavendran Venkatraman, a principal cloud network engineering manager in Microsoft Digital, the company\u2019s IT organization. \u201cIt\u2019s about creating a new way to approach our connectivity and the business it supports.\u201d<\/p>\n

Venkatraman\u2019s team has been using Microsoft Azure to push cloud networking to the forefront of the company\u2019s business strategy, where it\u2019s being used as a tool to drive business agility and innovation, not just connect points on a network.<\/p>\n

And cloud networking is evolving rapidly.<\/p>\n

\u201cEverything is dynamic,\u201d says Tom McCleery, a principal group cloud networking engineering manager in Microsoft Digital. \u201cImplementing cloud networking doesn\u2019t involve waiting for new hardware to get deployed. Almost all aspects of the network are software controlled, and we manage our cloud network environment more like a software development project than a hardware management project.\u201d<\/p>\n

\u201cThis isn\u2019t about improving networking,\u201d McCleery says. \u201cIt\u2019s about fundamentally redefining it and then blowing the top off what was possible with traditional networking. It\u2019s a completely different game. We can create a more complex and capable network environment than you could ever realistically put together with hardware alone, and we can do it in minutes for a network environment that would have taken months or even years to deploy in the past.\u201d<\/p>\n

– Tom McCleery, a principal group cloud networking engineering manager, Microsoft Digital<\/p>\n<\/blockquote>\n

Software-defined networking (SDN) and infrastructure as code (IaC) have been instrumental in redefining how we approach networking. Infrastructure as code is the fundamental principle underlying our entire cloud networking infrastructure. Using IaC, we can develop and implement a descriptive model that defines and deploys network components and determines how the components work together. IaC allows us to create and manage a massive network infrastructure with reusable, flexible, and rapid code deployments.<\/p>\n

\u201cThis isn\u2019t about improving networking,\u201d McCleery says. \u201cIt\u2019s about fundamentally redefining it and then blowing the top off what was possible with traditional networking. It\u2019s a completely different game. We can create a more complex and capable network environment than you could ever realistically put together with hardware alone, and we can do it in minutes for a network environment that would have taken months or even years to deploy in the past.\u201d<\/p>\n

We\u2019re approaching network development and deployment with a new perspective. Agility is the key.<\/p>\n

Our network engineers have embraced the ability to almost instantly create network environments using IaC methods. Test environments that accurately mirror their production counterparts can be created in moments and decommissioned just as quickly, saving time, money, and effort for everyone involved.<\/p>\n

Enabling innovation with modern cloud networking practices<\/h2>\n

It\u2019s not just about quick deployment; it\u2019s about agility across all aspects of network management. The software-defined networking model allows for rapid provisioning of network resources, automated management, accurate, real-time monitoring, and advanced security features that adapt to the ever-changing threat landscape.<\/p>\n

We use Microsoft Azure DevOps, a source control system using Git, to track and manage our IaC templates, modules, and associated parameter files. With Azure DevOps, we can maintain a history of changes, collaborate within teams, and easily roll back to previous versions if necessary.<\/p>\n

Using SDN in Azure, we are achieving unprecedented microservice-like agility at a cloud scale. This approach allows us to experiment and refine our network infrastructure configurations as code, enhancing our ability to innovate swiftly and efficiently. By integrating CI\/CD practices, we have transformed our network into a truly elastic and dynamic system, capable of adapting seamlessly to our evolving needs.<\/p>\n

– Ragini Singh, a principal group engineering manager, Microsoft Digital<\/p>\n<\/blockquote>\n

We\u2019ve implemented automated testing to create safeguards and tests to validate the correctness and functionality of our cloud network code before deployment.<\/p>\n

We\u2019re using configuration management to automate the configuration and provisioning of cloud network objects and services within our cloud network infrastructure. These tools make defining and enforcing desired configurations and deployment patterns easy to ensure consistency across different network environments.<\/p>\n

\u201cUsing SDN in Azure, we are achieving unprecedented microservice-like agility at a cloud scale,\u201d says Ragini Singh, a principal group engineering manager, Microsoft Digital. \u201cThis approach allows us to experiment and refine our network infrastructure configurations as code, enhancing our ability to innovate swiftly and efficiently. By integrating CI\/CD practices, we have transformed our network into a truly elastic and dynamic system, capable of adapting seamlessly to our evolving needs.”<\/p>\n

\"Singh,
Ragini Singh, Raghavendran Venkatraman, and Tom McCleery are part of the team at Microsoft Digital transforming our network with Microsoft Azure.<\/figcaption><\/figure>\n

Continuous integration (CI) pipelines automate the deployment process for our IaC-based cloud network infrastructure. When the infrastructure code passes all validation and tests. The CI pipeline triggers the deployment process automatically.<\/p>\n

We\u2019ve implemented robust monitoring and observability practices for deploying and managing our deployments. Monitoring and observability are helping us to ensure that our CI builds are successful, detect issues promptly, and maintain the health of our development process.<\/p>\n

By following these steps and using continuous integration and development (CI\/CD) practices, we can build, test, and deploy our cloud network infrastructure in a controlled and automated manner, creating a better employee experience by ensuring faster delivery, increased stability, and more effortless scalability.<\/p>\n

Fast-tracking cloud networking development with Microsoft Azure<\/h2>\n

Our network engineering teams use Microsoft Azure to enable an agile deployment and management environment with instant global reach. The Azure network backbone provides instant reach to more than 60 regions worldwide with more than 165,000 miles of fiber optic and undersea cable systems.<\/p>\n

Azure Virtual WAN has been instrumental in our recent global cloud networking transformation. We\u2019re using Azure Virtual WAN to provide high-performance networking across our global presence, enabling reliable and security-focused connectivity for all Microsoft employees, wherever they are.<\/p>\n

– Raghavendran Venkatraman, principal cloud network engineering manager, Microsoft Digital<\/p>\n<\/blockquote>\n

We\u2019re using this vast global network to create instant benefits for our employees and business through innovative uses of Microsoft Azure cloud networking components.<\/p>\n

\u201cAzure Virtual WAN has been instrumental in our recent global cloud networking transformation,\u201d says Venkatraman, highlighting one of the Azure products currently pushing the boundaries of our cloud networking capabilities. \u201cWe\u2019re using Azure Virtual WAN to provide high-performance networking across our global presence, enabling reliable and security-focused connectivity for all Microsoft employees, wherever they are.\u201d<\/p>\n

Microsoft Azure Virtual WAN simplifies large-scale branch connectivity and provides optimized and automated connectivity between on-premises workloads across multiple regions and Azure resources. It Integrates various connectivity options, including Azure VPN and Azure ExpressRoute. Azure VWAN enables us to facilitate centralized management and global and branch connectivity monitoring, enhancing the overall network management experience.<\/p>\n

Azure Virtual WAN is one of several Azure cloud networking components that are enabling our transformation.<\/p>\n

Microsoft Azure Firewall is a fully stateful firewall, providing network-level protection for our applications. We use Azure Firewall to inspect and filter traffic between different Azure Virtual Networks and on-premises networks. It provides application-level filtering capabilities to allow or deny traffic based on rules.<\/p>\n

Microsoft Azure VPN enables secure communication between remote users, on-premises networks, and Azure resources over the public internet. Our remote users or branch offices can use Azure VPN to connect to Azure and on-premises resources securely using VPN tunnels. Azure VPN Integrates with Azure Firewall to inspect and filter VPN traffic for security purposes.<\/p>\n

Microsoft Azure ExpressRoute provides a dedicated, private connection to Azure from our on-premises data centers, bypassing the public internet. ExpressRoute offers higher reliability, lower latency, and increased security compared to traditional internet-based connections. Integration with Azure Firewall ensures that traffic coming over ExpressRoute is inspected and filtered for security and compliance.<\/p>\n

Microsoft Azure NAT Gateway enables outbound connectivity for resources traversing a virtual WAN environment or a virtual network, allowing access to the internet or other external services. Azure NAT Gateway is very useful for scenarios where internal resources need to initiate outbound connections. We use integration with Azure Firewall to control and monitor outbound traffic from Azure NAT Gateways to on-premises and Azure-based networks.<\/p>\n

Enabling agility across the cloud networking environment<\/h2>\n

Together, these Azure products help create an agile, robust, scalable, and secure network architecture that allows us to fulfill several common scenarios that occur across our cloud network:<\/p>\n