{"id":8745,"date":"2024-03-13T07:36:16","date_gmt":"2024-03-13T14:36:16","guid":{"rendered":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?p=8745"},"modified":"2024-03-13T07:43:41","modified_gmt":"2024-03-13T14:43:41","slug":"managing-microsoft-azure-expressroute-in-a-global-enterprise","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/","title":{"rendered":"Transforming how Microsoft uses Microsoft Azure ExpressRoute"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"112\" class=\"size-medium wp-image-7498 alignright\" style=\"margin-top: 0px;\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories-300x112.png\" alt=\"Microsoft Digital technical stories\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories-300x112.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/ms-digital-technical-stories.png 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/>Our Microsoft Digital Employee Experience (MDEE) team manages one of the largest Microsoft Azure enterprise environments.<\/p>\n<p>Migrating our virtual machine resources into Microsoft Azure necessitated significant connectivity between our on-premises networks and Azure. We have many Microsoft Azure ExpressRoute circuits connecting our on-premises resources to our Azure environment, and to ensure proper management of a network environment this large, we\u2019ve moved our Microsoft Azure networking environment to a hub and spoke shared circuit model. This gives uniform access for our internal business groups to ExpressRoute and other Azure networking components, and it also allows us to centrally manage and monitor how we provision our Azure networking.<\/p>\n<h2>Understanding Microsoft Azure ExpressRoute usage at Microsoft<\/h2>\n<p>Microsoft Azure ExpressRoute is the default connectivity method we use for connecting Microsoft Azure to our internal networks. It\u2019s the best solution in Azure for our large-scale network environment, compared to alternatives such as point-to-site or site-to-site virtual networks. We use ExpressRoute to connect Azure to datacenters, corporate headquarters, and regional offices across many different business groups. We use ExpressRoute for two primary purposes:<\/p>\n<ul class=\"c-list\">\n<li>To connect internal or partner on-premises resources to a Microsoft Azure network containing virtual machines\u2014typically to form a contiguous, isolated network space between Azure and an on-premises network.<\/li>\n<li>To provide dedicated and measurable bandwidth between on-premises resources and Microsoft Azure components.<\/li>\n<\/ul>\n<h3>Rethinking Microsoft Azure ExpressRoute business group subscriptions<\/h3>\n<p>When we first began our Microsoft Azure services, Microsoft Azure ExpressRoute connections were provisioned at the request of our business groups. We perform the ExpressRoute provisioning and assign IP address ranges to accompany the ExpressRoute circuit within the Azure subscription that belongs to the business group or partner organization. Although this approach has the benefit of leaving the ExpressRoute ownership in the hands of the business group that owns the subscription, it does have some management challenges:<\/p>\n<ul class=\"c-list\">\n<li>It doesn\u2019t scale well. As more and more of our business teams began to embrace Microsoft Azure, it became quickly clear that a one-to-one relationship between Microsoft Azure ExpressRoute circuits and subscriptions wasn\u2019t going to scale.<\/li>\n<li>A business team might initially request an IP address range with a Microsoft Azure ExpressRoute circuit based on their current use of resources, and then require more at a later date. Reconfiguring the ExpressRoute circuit to add a larger IP range requires additional work to add or change hardware.<\/li>\n<li>It requires a central account in each subscription to manage the circuits. Multiple accounts are complex and time-consuming to manage.<\/li>\n<li>There\u2019s not a single point of reference for where our Microsoft Azure ExpressRoute circuits have been provisioned.<\/li>\n<li>Microsoft Azure ExpressRoute circuits must be provisioned individually. Provisioning tasks don\u2019t only include creating the ExpressRoute circuit\u2014it also includes allocating IP addresses, configuring routers, and other network-related tasks. Having to configure routers for every request quickly started to impact the amount of time required for creating connections.<\/li>\n<\/ul>\n<h2>Using the provider subscription model<\/h2>\n<p>The provider subscription model is intended to simplify the provisioning and management of Microsoft Azure ExpressRoute circuits and virtual networks that can leverage them. In this model, we use a single shared provider subscription that owns every physical ExpressRoute circuit. These ExpressRoute circuits are then used by other consumer subscriptions that belong to our business groups by connecting virtual network to virtual network across subscriptions.<\/p>\n<figure id=\"attachment_8754\" aria-describedby=\"caption-attachment-8754\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8754 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-001-v2.png\" alt=\"Figure of the ExpressRoute shared circuit model that shows a series of objects connected to each other from left to right. \" width=\"624\" height=\"352\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-001-v2.png 624w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-001-v2-300x169.png 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><figcaption id=\"caption-attachment-8754\" class=\"wp-caption-text\">The Microsoft Azure ExpressRoute hub and spoke shared circuit model.<\/figcaption><\/figure>\n<h2>Implementing a hub shared provider subscription<\/h2>\n<p>To better manage the virtual networks for our Microsoft Azure ExpressRoute environment, we created shared provider subscriptions to specifically manage the ExpressRoute circuits. These provider subscriptions are owned by our central MDEE Infrastructure team. This team provides services out to the wider business units within MDEE and the larger corporate teams within all of Microsoft.<\/p>\n<p>The process for linking a Microsoft Azure ExpressRoute circuit to an external Microsoft Azure consumer subscription is a straightforward process and, after it\u2019s complete, our business groups can use the ExpressRoute connectivity in their own Azure environments. When we organize the ExpressRoute circuits this way, we can share connectivity between multiple business groups who may be using different subscriptions. This is beneficial when a single business group might not require the full amount of available bandwidth associated with an ExpressRoute circuit. It also adds greater flexibility to increase the number of IPs required later.<\/p>\n<p>In the graphic below, MSIT-CORP-ERPROVIDER-1 represents the Microsoft Azure subscription that is designated as the provider subscription for owning Microsoft Azure ExpressRoute circuits. Within the subscription are Azure resource groups, named for Azure regions, into which are placed the ExpressRoute circuits that are then used by the consumer subscriptions that belong to our business units.<\/p>\n<figure id=\"attachment_8756\" aria-describedby=\"caption-attachment-8756\" style=\"width: 624px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8756 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-002-v2.png\" alt=\"Figure shows the Microsoft IT implementation of the provider subscription model for ExpressRoute networks. \" width=\"624\" height=\"311\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-002-v2.png 624w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-002-v2-300x150.png 300w\" sizes=\"(max-width: 624px) 100vw, 624px\" \/><figcaption id=\"caption-attachment-8756\" class=\"wp-caption-text\">The MDEE implementation of the provider subscription model for Microsoft Azure ExpressRoute networks.<\/figcaption><\/figure>\n<p>The provider subscription has a simple setup. For each region where we\u2019re going to connect a Microsoft Azure ExpressRoute for connectivity, we create a resource group. This resource group owns the resources associated with that virtual network connectivity. We work with our central IP management team to allocate a large IP range for each circuit, from which smaller IP address ranges are assigned. As a particular region grows, we might need an additional circuit added. The table below provides an example of our configuration and naming conventions.<\/p>\n<p>&nbsp;<\/p>\n<table>\n<thead>\n<tr>\n<th style=\"border: 1px solid black; padding: 5px; text-align: center;\">Subscription name<\/th>\n<th style=\"border: 1px solid black; padding: 5px; text-align: center;\">Resource group name<\/th>\n<th style=\"border: 1px solid black; padding: 5px; text-align: center;\">ExpressRoute circuit name<\/th>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">NorthEurope<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-NEU-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">NorthEurope<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">SouthEastAsia<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-SEA-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">SouthEastAsia<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-SEA-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">SouthCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-SCUS-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">SouthCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-SCUS-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">CentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-CUS-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">CentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-CUS-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">CentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-CUS-Ckt-3<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">CentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-CUS-Ckt-4<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">EastUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-EUS2-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">EastUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-EUS2-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WCUS-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WCUS-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WCUS-Ckt-3<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestCentralUS<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WCUS-Ckt-4<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS2-Ckt-1<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS2-Ckt-2<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS2-Ckt-3<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS2-Ckt-4<\/td>\n<\/tr>\n<tr>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-Corp-ERProvider-01<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">WestUS2<\/td>\n<td style=\"border: 1px solid black; padding: 5px;\">MSIT-CORP-WUS2-Ckt-5<\/td>\n<\/tr>\n<\/thead>\n<\/table>\n<p><em>Naming conventions for Microsoft Azure subscriptions, resource groups, and Microsoft Azure ExpressRoute circuits.<\/em><\/p>\n<p>As you can see from the table, we have Microsoft Azure ExpressRoute circuits configured across various parts of the United States, as well as Europe and Southeast Asia. We used a defined naming convention for subscriptions, resource groups, and ExpressRoute circuits\u2014this gives us a standardized environment and simplifies ExpressRoute maintenance and usage. All of these resources can be managed within the same centralized shared provider subscription. As you can see, some regions have more circuits configured for them than others, reflecting our ability to use this model to grow based on need. As might be expected, the WestUS2 region has the most circuits (five) because it\u2019s located near the main Microsoft campus in Redmond, Washington.<\/p>\n<h2>Getting our internal customers connected<\/h2>\n<p>As part of pivoting our Microsoft Azure ExpressRoute services for our internal customers, we had to provide a way to request an ExpressRoute connection for their subscription. This was initially implemented by creating a website that could gather pertinent information from them to implement the request and then pass it on for use in the implementation process. The graphic below shows the new network form on our internal website that collects the following information about the request:<\/p>\n<ul class=\"c-list\">\n<li><strong>Request name:<\/strong> Plain text to identify the request, like \u201cNew Finance IT ExpressRoute Request.\u201d<\/li>\n<li><strong>Microsoft Azure subscription:<\/strong> The Subscription ID (GUID) for the subscription to connect.<\/li>\n<li><strong>Network type: <\/strong>Drop down to pick between our corporate network and our perimeter network.<\/li>\n<li><strong>Region:<\/strong> Choose the region they need for the virtual network connection.<\/li>\n<li><strong>Network size:<\/strong> \/26 or a \/27 virtual network. Customers that require something larger can contact us to request an exception.<\/li>\n<li><strong>Service name:<\/strong> The service associated as defined within our Microsoft Azure service hierarchy.<\/li>\n<li><strong>Associated users:<\/strong> We required at least two named contacts for notifications, follow-up, and to contact if there are any concerns regarding the configuration. Our security team will also use these contacts as required for detected compliance issues.<\/li>\n<\/ul>\n<figure id=\"attachment_8757\" aria-describedby=\"caption-attachment-8757\" style=\"width: 274px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8757 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-003-v2.png\" alt=\"Figure shows a screen capture of the New Network creation page for requesting ExpressRoute services from a web form. \" width=\"274\" height=\"335\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-003-v2.png 274w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-003-v2-245x300.png 245w\" sizes=\"(max-width: 274px) 100vw, 274px\" \/><figcaption id=\"caption-attachment-8757\" class=\"wp-caption-text\">The new network creation page for requesting Microsoft Azure ExpressRoute services.<\/figcaption><\/figure>\n<p>After we have this information, we use some simple automation that creates a resource group within the internal customer\u2019s subscription to host the new virtual network resources. We create a virtual network of the appropriate size in the consumer subscription and link it with the appropriate Microsoft Azure ExpressRoute circuit in the provider subscription. This is now a spoke in the hub and spoke model.<\/p>\n<p>The example in the graphic below shows the ERNETWORK resource group, which is created in the consumer subscription. In this example, a virtual network named MSIT-CORP-WUS-VNET-1 is also created in the ERNETWORK resource group, along with other network resources, such as a public IP address and a gateway. As the circuit owner, we create an authorization key in the provider subscription that can be used by the consumer subscription to access the Microsoft Azure ExpressRoute circuit. Finally, the authorization key is used to create a connection named MSIT-CORP-WUS-Conn-1 in the consumer subscription to link the gateway in the consumer subscription to the ExpressRoute circuit in the provider subscription.<\/p>\n<figure id=\"attachment_8758\" aria-describedby=\"caption-attachment-8758\" style=\"width: 245px\" class=\"wp-caption aligncenter\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-8758 size-full\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989-image-004-v2.png\" alt=\"An example of ExpressRoute network infrastructure in Azure. \" width=\"245\" height=\"258\" \/><figcaption id=\"caption-attachment-8758\" class=\"wp-caption-text\">An example of Microsoft Azure ExpressRoute network infrastructure in Microsoft Azure.<\/figcaption><\/figure>\n<p><img loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"74\" class=\"alignnone size-medium wp-image-7448\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways-300x74.png\" alt=\"Key Takeaways\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways-300x74.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/key-takeaways.png 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<p>Our goal with the provider subscription model is multilayered, but it ultimately comes down to efficiency in management. By hosting Microsoft Azure ExpressRoute circuits in a single subscription, we\u2019ve experienced several benefits to reduce the amount of Microsoft Azure peering overhead, enable faster ExpressRoute circuit provisioning, reduce routing overhead, and optimize our use of finite routable IP space. We\u2019ve also found several benefits:<\/p>\n<ul class=\"c-list\">\n<li>Microsoft Azure ExpressRoute circuits are hosted in fewer subscriptions, which provides centralized management and reduces sprawl.<\/li>\n<li>Dedicated bandwidth can be shared between multiple subscriptions, reducing costs and overhead.<\/li>\n<li>Provisioning is simplified. There\u2019s one place to create Microsoft Azure ExpressRoute circuits, and having fewer individually created ExpressRoute connections reduces the network configuration overhead in modifying network routes and configuring IP subnets.<\/li>\n<li>The model can easily be used by vendors, partners, and other third parties without the requirement to exchange account authentication information.<\/li>\n<li>Troubleshooting and management is simplified because our central IT team owns and has access to the subscription where the physical Microsoft Azure ExpressRoute circuit is hosted.<\/li>\n<li>We can allocate virtual networks in consumer subscriptions in a round-robin fashion to maintain load balancing throughout the network environment.<\/li>\n<li>The relationship between MDEE and the business groups is more accurately reflected. As the group responsible for network configuration and management, we have primary control over how our network is being used by the business groups.<\/li>\n<\/ul>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-7482 size-medium\" src=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png\" alt=\"Related links\" width=\"300\" height=\"81\" srcset=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links-300x81.png 300w, https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2021\/10\/related_links.png 500w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/p>\n<ul class=\"c-list\">\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/expressroute\/expressroute-faqs\" target=\"_blank\" rel=\"noopener\">Read this Microsoft Azure ExpressRoute FAQ.<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/expressroute\/expressroute-howto-circuit-portal-resource-manager\" target=\"_blank\" rel=\"noopener\">Learn more about creating and modifying a Microsoft Azure ExpressRoute circuit.<\/a><\/li>\n<li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-about-vpngateways\" target=\"_blank\" rel=\"noopener\">Discover more information on VPN gateways.<\/a><\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Our Microsoft Digital Employee Experience (MDEE) team manages one of the largest Microsoft Azure enterprise environments. Migrating our virtual machine resources into Microsoft Azure necessitated significant connectivity between our on-premises networks and Azure. We have many Microsoft Azure ExpressRoute circuits connecting our on-premises resources to our Azure environment, and to ensure proper management of a&#8230;<\/p>\n","protected":false},"author":133,"featured_media":8749,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[1],"tags":[423,115],"coauthors":[646],"jetpack_publicize_connections":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.8 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog<\/title>\n<meta name=\"description\" content=\"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog\" \/>\n<meta property=\"og:description\" content=\"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/\" \/>\n<meta property=\"og:site_name\" content=\"Inside Track Blog\" \/>\n<meta property=\"article:published_time\" content=\"2024-03-13T14:36:16+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-03-13T14:43:41+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1040\" \/>\n\t<meta property=\"og:image:height\" content=\"585\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Inside Track staff\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Inside Track staff\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/\",\"name\":\"Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg\",\"datePublished\":\"2024-03-13T14:36:16+00:00\",\"dateModified\":\"2024-03-13T14:43:41+00:00\",\"author\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/d87d5d73eed76dd055086299c842c17e\"},\"description\":\"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg\",\"width\":1040,\"height\":585,\"caption\":\"Microsoft is using a centrally managed hub and spoke model to increase efficiency, simplify management, and improve network performance in its Microsoft Azure ExpressRoute environment.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Transforming how Microsoft uses Microsoft Azure ExpressRoute\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/\",\"name\":\"Inside Track Blog\",\"description\":\"How Microsoft does IT\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/d87d5d73eed76dd055086299c842c17e\",\"name\":\"Inside Track staff\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/fb338dea806293f999356f7d8a399348\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3788032f4762be09ee17b2ec39f3d75b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3788032f4762be09ee17b2ec39f3d75b?s=96&d=mm&r=g\",\"caption\":\"Inside Track staff\"},\"description\":\"Questions? Send us a note: msitstaff@microsoft.com\",\"url\":\"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrack\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog","description":"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/","og_locale":"en_US","og_type":"article","og_title":"Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog","og_description":"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.","og_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/","og_site_name":"Inside Track Blog","article_published_time":"2024-03-13T14:36:16+00:00","article_modified_time":"2024-03-13T14:43:41+00:00","og_image":[{"width":1040,"height":585,"url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg","type":"image\/jpeg"}],"author":"Inside Track staff","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Inside Track staff","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/","name":"Transforming how Microsoft uses Microsoft Azure ExpressRoute - Inside Track Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg","datePublished":"2024-03-13T14:36:16+00:00","dateModified":"2024-03-13T14:43:41+00:00","author":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/d87d5d73eed76dd055086299c842c17e"},"description":"Check out how Microsoft is using a centrally managed hub and spoke model to boost its Microsoft Azure ExpressRoute environment.","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#primaryimage","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg","contentUrl":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg","width":1040,"height":585,"caption":"Microsoft is using a centrally managed hub and spoke model to increase efficiency, simplify management, and improve network performance in its Microsoft Azure ExpressRoute environment."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/managing-microsoft-azure-expressroute-in-a-global-enterprise\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/insidetrack\/blog\/"},{"@type":"ListItem","position":2,"name":"Transforming how Microsoft uses Microsoft Azure ExpressRoute"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#website","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/","name":"Inside Track Blog","description":"How Microsoft does IT","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/insidetrack\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/d87d5d73eed76dd055086299c842c17e","name":"Inside Track staff","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/insidetrack\/blog\/#\/schema\/person\/image\/fb338dea806293f999356f7d8a399348","url":"https:\/\/secure.gravatar.com\/avatar\/3788032f4762be09ee17b2ec39f3d75b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3788032f4762be09ee17b2ec39f3d75b?s=96&d=mm&r=g","caption":"Inside Track staff"},"description":"Questions? Send us a note: msitstaff@microsoft.com","url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/author\/insidetrack\/"}]}},"jetpack_featured_media_url":"https:\/\/www.microsoft.com\/insidetrack\/blog\/uploads\/prod\/2022\/11\/6989_hero.jpg","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9hcZA-2h3","_links":{"self":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/8745"}],"collection":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/users\/133"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/comments?post=8745"}],"version-history":[{"count":15,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/8745\/revisions"}],"predecessor-version":[{"id":11970,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/posts\/8745\/revisions\/11970"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media\/8749"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/media?parent=8745"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/categories?post=8745"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/tags?post=8745"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/insidetrack\/blog\/wp-json\/wp\/v2\/coauthors?post=8745"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}