{"id":4690,"date":"2023-03-22T11:54:57","date_gmt":"2023-03-22T18:54:57","guid":{"rendered":"https:\/\/SUMMALAI.COM\/?p=4690"},"modified":"2023-03-22T11:54:59","modified_gmt":"2023-03-22T18:54:59","slug":"azure-expressroute-vs-azure-vpn-gateway","status":"publish","type":"post","link":"https:\/\/SUMMALAI.COM\/?p=4690","title":{"rendered":"Azure ExpressRoute vs Azure VPN Gateway"},"content":{"rendered":"\n<p id=\"f3fd\">Comparison \u2014 Azure ExpressRoute vs Azure VPN Gateway.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*UKeZhTv7d2t0YkqpwelZkA.png\" alt=\"\"\/><figcaption>Reference: Microsoft<\/figcaption><\/figure>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"b45d\">TL;DR:<\/h1>\n\n\n\n<p id=\"b0eb\">ExpressRoute provides direct connectivity to Azure cloud services and connects Microsoft\u2019s global network. All transferred data is not encrypted, and do not go over the public Internet.<\/p>\n\n\n\n<p id=\"5f2e\">VPN Gateway provides secured connectivity to Azure cloud services over the public Internet. All transferred data is encrypted in a private tunnel as it crosses the internet.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"217b\">Azure ExpressRoute<\/h1>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*w7KTzrzwcVkfgXipOs_NrQ.png\" alt=\"\"\/><figcaption>Azure ExpressRoute<\/figcaption><\/figure>\n\n\n\n<p id=\"b78a\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/expressroute\/\" rel=\"noreferrer noopener\" target=\"_blank\">ExpressRoute<\/a>&nbsp;connections use a private, dedicated connection through a third-party connectivity provider to provide a direct connection between on-premises network and Azure.<\/p>\n\n\n\n<p id=\"e235\">This architecture is suitable for hybrid applications running large-scale, mission-critical workloads that require a high degree of scalability and resiliency.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"47a4\">Key Points<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>ExpressRoute uses layer 3 connectivity and security standards.<\/li><li>ExpressRoute connects the edge router of the on-premise network and Azure infrastructure with redundancy capabilities.<\/li><li>ExpressRoute provides dynamic scalability to help meet organizational needs (from 50 Mbps to 10 Gbps).<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"cbd8\">Benefits<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Much higher bandwidth available (up to 10 Gbps).<\/li><li>Supports dynamic scaling of bandwidth to help reduce costs during periods of lower demand.<\/li><li>99.9% availability SLA across the entire connection.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"6829\">Considerations<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>The setup and configuration for ExpressRoute are more complex and will require collaboration with the connectivity provider.<\/li><li>ExpressRoute requires the on-premises installation of high-bandwidth routers.<\/li><li>ExpressRoute circuit is handled and managed by the connectivity provider.<\/li><li>ExpressRoute doesn\u2019t support the Hot Standby Router Protocol (HSRP). You\u2019ll need to enable a Border Gateway Protocol (BGP) configuration.<\/li><\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"a8bd\">Azure VPN Gateway<\/h1>\n\n\n\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/miro.medium.com\/v2\/resize:fit:700\/1*rBbSakad_5Z2PZyRFbGrlQ.png\" alt=\"\"\/><figcaption>Azure VPN Gateway<\/figcaption><\/figure>\n\n\n\n<p id=\"6aca\"><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/vpn-gateway\/vpn-gateway-about-vpngateways\" rel=\"noreferrer noopener\" target=\"_blank\">VPN gateway<\/a>&nbsp;allows you to connect on-premises network to Azure networks to send traffic over the public Internet and uses an encrypted tunnel.<\/p>\n\n\n\n<p id=\"0686\">This architecture is suitable for hybrid applications where the traffic between on-premises hardware and the cloud is likely to be light, or you are willing to trade slightly extended latency for the flexibility and processing power of the cloud.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"0142\">Key Points<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Gateway Routing of VPN gateways is based on Dynamic and static routing.<\/li><li>It supports Secure Socket Tunneling Protocol, IP Sec protocol.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"7afa\">Benefits<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Easy to configure.<\/li><li>Much higher bandwidth available (up to 10 Gbps depending on the VPN Gateway SKU)<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"f48e\">Considerations<\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Requires an on-premises VPN device.<\/li><li>Although Microsoft guarantees 99.9% availability for each VPN Gateway, this&nbsp;<a href=\"https:\/\/azure.microsoft.com\/support\/legal\/sla\/vpn-gateway\/\" rel=\"noreferrer noopener\" target=\"_blank\">SLA<\/a>&nbsp;only covers the VPN gateway and not your network connection to the gateway.<\/li><\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"cbfc\">Key Differences<\/h1>\n\n\n\n<p id=\"b694\"><strong>Azure services support<\/strong><br>ExpressRoute: Microsoft Cloud Platform (Azure, Office 365, and Dynamics 365).<br>VPN Gateway: Azure Cloud Services and Azure Virtual Machines.<\/p>\n\n\n\n<p id=\"d9e6\"><strong>Bandwidth<\/strong><br>ExpressRoute: Up to 10 Gbps (or 100 Gbps with ExpressRoute Direct).<br>VPN Gateway: Up to 10 Gbps.<br><em>ExpressRoute provides a connection bandwidth that\u2019s almost 10 times faster than a VPN.<\/em><\/p>\n\n\n\n<p id=\"de3a\"><strong>Protocol<\/strong><br>ExpressRoute: Direct over VLAN or MPLS.<br>VPN Gateway: SSTP or IPsec.<\/p>\n\n\n\n<p id=\"9a81\"><strong>Routing<\/strong><br>ExpressRoute: Border Gateway Protocol (BGP).<br>VPN Gateway: Static or dynamic.<\/p>\n\n\n\n<p id=\"6d1c\"><strong>Configuration<\/strong><br>ExpressRoute: More complex configuration.<br>VPN Gateway: Simple configuration.<\/p>\n\n\n\n<p id=\"4d90\"><strong>Cost<\/strong><br>ExpressRoute: More expensive than a regular VPN network.<br>VPN Gateway: Less expensive.<\/p>\n\n\n\n<p id=\"34ef\"><strong>High availability<\/strong><br>ExpressRoute: Active-active.<br>VPN Gateway: Active-passive or active-active.<\/p>\n\n\n\n<p id=\"bbbd\"><strong>SLA<\/strong><br>ExpressRoute:&nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-us\/support\/legal\/sla\/expressroute\" rel=\"noreferrer noopener\" target=\"_blank\">99.95%<\/a><br>VPN Gateway:&nbsp;<a href=\"https:\/\/azure.microsoft.com\/en-us\/support\/legal\/sla\/vpn-gateway\" rel=\"noreferrer noopener\" target=\"_blank\">99.9\u201399.95%<\/a><\/p>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"7892\">Use cases<\/h1>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"2499\"><strong>ExpressRoute:<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Suitable for requirements for high speeds, low-latency connection, and high level of availability\/resiliency.<\/li><li>Suitable for mission-critical workload.<\/li><li>Access to all Azure services.<\/li><li>Doesn\u2019t suit smaller satellite offices that have a lower connectivity requirement.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"a945\"><strong>VPN Gateway:<\/strong><\/h2>\n\n\n\n<ul class=\"wp-block-list\"><li>Suitable for prototyping, development, test, labs, and small production workloads.<\/li><li>Suitable for small organizations.<\/li><li>Connect on-premises data centers to Azure virtual networks through a&nbsp;<em>site-to-site<\/em>&nbsp;connection.<\/li><li>Connect individual devices to Azure virtual networks through a&nbsp;<em>point-to-site<\/em>&nbsp;connection.<\/li><li>Connect Azure virtual networks to other Azure virtual networks through a&nbsp;<em>network-to-network<\/em>&nbsp;connection.<\/li><li>Suitable when lower-speed bandwidth is within an acceptable tolerance for day-to-day usage.<\/li><li>VPN isn\u2019t designed to handle high data volumes.<\/li><\/ul>\n\n\n\n<h1 class=\"wp-block-heading\" id=\"03e6\">Summary<\/h1>\n\n\n\n<p id=\"f371\">ExpressRoute is better suited to high-speed and critical business operations. VPN Gateway is cheaper than ExpressRoute and suitable for small organizations.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\"><p>ExpressRoute can be combined with VPN failover to get the higher bandwidth of ExpressRoute and highly available network connectivity.<\/p><cite>Ref: <\/cite><\/blockquote>\n","protected":false},"excerpt":{"rendered":"<p>Comparison \u2014 Azure ExpressRoute vs Azure VPN Gateway. TL;DR: ExpressRoute provides direct connectivity to Azure cloud services and connects Microsoft\u2019s global network. All transferred data is not encrypted, and do not go over the public Internet. VPN Gateway provides secured connectivity to Azure cloud services over the public Internet. All transferred data is encrypted in <a class=\"read-more\" href=\"https:\/\/SUMMALAI.COM\/?p=4690\">Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_bbp_topic_count":0,"_bbp_reply_count":0,"_bbp_total_topic_count":0,"_bbp_total_reply_count":0,"_bbp_voice_count":0,"_bbp_anonymous_reply_count":0,"_bbp_topic_count_hidden":0,"_bbp_reply_count_hidden":0,"_bbp_forum_subforum_count":0,"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1249,10],"tags":[1547],"class_list":["post-4690","post","type-post","status-publish","format-standard","hentry","category-azure-microsoft","category-microsoft","tag-azure-expressroute-vs-azure-vpn-gateway"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4690","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=4690"}],"version-history":[{"count":1,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4690\/revisions"}],"predecessor-version":[{"id":4691,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=\/wp\/v2\/posts\/4690\/revisions\/4691"}],"wp:attachment":[{"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=4690"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=4690"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/SUMMALAI.COM\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=4690"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}