One of the challenges of Organizations migrating On-Premise resources to Azure is Security.
- How to transfer data securely over the Internet?
- What are the Alternatives?
VPN Gateway
Virtual Private Network is a Private Interconnected which uses Encrypted Tunnel to communicate between 2 Private Networks. The untrusted internet problem is resolved by Encrypting the communications.
VPN Gateway is similar to Virtual Network Gateway which allows Site-to-Site, Point-to-Site and Network-to-Network connections.
- Site-to-Site connections allow On-premise datacenter to connect to Azure Virtual Networks
- Point-to-Site connections allow User Devices connections to Azure Virtual Networks.
- Network-to-Network connections allow Azure Virtual Network to other Azure Virtual Networks.
ExpressRoute
Azure ExpressRoute allows secured, dedicated, high-bandwidth connections between your On-Premises and Azure. This will bypass the Internet and hence more secured.
Following are the Features of Express Route:
- Layer-3 Connectivity
- Faster Access due to Peering of Networks
- More Security
- Higher Bandwidth
- Bypasses Public Internet
- Available in all Locations
- Office365 Connectivity through Microsoft Peering
Following are the Drawbacks of Express Route:
- ExpressRoute Circuit which is a Physical Connection needs to be created from Internet Provider
- Cost is More
Few ExpressRoute providers are listed below:
Virtual Network Gateway
Virtual Network Gateway is required to connect 2 Networks either as:
- VPN
- ExpressRoute
When to choose VPN Gateway?
Low Bandwidth requirements
Point-to-Site scenarios
Occasional Connectivity
Moderate Data Security
When to choose ExpressRoute?
Dedicated Connection Required
High Security for Data
Faster & Continuous Access
References
Microsoft Azure Articles.. 