Today, enterprises generally place their resources in local data centers, as well as some or all of their resources on local or global cloud providers. And when enterprises have multiple locations or have resources on cloud providers like Azure, they use VPN service to establish a secure and uninterrupted communication between their different locations or to their resources located on Azure. Microsoft Azure has provided two services to enable this communication: VPN Gateway and Azure ExpressRoute service.
VPN Gateway provides 3 different connection types.
Site to Site VPN: Provides a secure and encrypted connection between two different networks.
Point to Site VPN: Provides a secure connection between a client and Azure.
Vnet to Vnet VPN: Provides secure connection between different virtual networks on Azure.
The data sent and received over the connection with the VPN Gateway IPsec tunnel are encrypted. The encryption method of the data can be configured in two different ways, Policy based and Route based.
Different versions of the VPN Gateway (Basic, VPNGW1, VPNGW2 etc.) should be preferred according to performance needs in different workloads.
You can make a Site to Site VPN connection between your enterprise and Azure by configuring the following components.
Azure Site: Virtual Network,Gateway Subnet,Public IP,Local Network Gateway,Virtual Network Gateway
Local Site: Firewall IPsec VPN,Public IP
In order to ensure business continuity, this connection can be configured as active-active or active-passive with high availability, so that the connection is not interrupted.
With VPN Gateway, VPN connection can be made between Azure and Multi Site.
Multisite VPN is preferred for enterprises’ transition scenarios to Azure or for the connection of different locations.
With Azure ExpressRoute service, which is the other connection service, it is possible to get VPN service over a special line for your organization. Azure ExpressRoute, provides high bandwidth in the connection between your data center and Azure.
High availability can be achieved by using the ExpressRoute service and the VPN gateway service together.