Skip to main content

Azure Cloud connectivity - Solution architectures

Welcome to this comprehensive guide that explores the different Azure cloud connectivity options available for accessing your Azure resources. In this guide, we will discuss two architectures: Azure Cloud connectivity over Internet IPsec and Azure Cloud connectivity Private.

Azure Cloud connectivity over Internet IPsec

We provide you with two architecture options for accessing your Azure resources over the internet:

  • Standard Architecture
  • High Availability (HA) Architecture

Both options deploy an Active/Active VPN Gateway on the Azure side, ensuring local redundancy. If one Azure Gateway experiences a failure, the second one will immediately take over.

Standard Architecture

You are a customer that wants to interconnect one site to Azure IaaS through a basic Public Connector, this solution is for you.

Description of the Standard architecture

Standard architecture.

  • One customer IPsec VRF instance is deployed on a unique PoP
  • A couple of IPSec tunnels are set to reach both Azure VPN Gateways
  • The first tunnel acts like the nominal one. The second is there as a backup one

High Availability Architecture

You are a customer that wants to interconnect one site to Azure IaaS through an HA Public Connector, this solution is for you.

Description of the High Availability architecture

High Availability architecture.

  • The architecture brings a redundancy
  • A second customer VRF is deployed on a “backup” PoP
  • And another couple of IPSec tunnels are set to the same VPN Gateways
  • Those tunnels act like those on the nominal PoP
  • But on a global view, we have four levels of backup.

Azure Cloud connectivity Private

Based on a private circuit directly connected to the Cloud Service Provider and transit over our MPLS network, this solution provides you the best quality and security for a Multi-cloud approach.

Description of the Private Connectivity architecture

Private Connectivity architecture.

This architecture, shared with Business Galerie, is available to reach Azure resources through a private connection. This is done thanks to an ExpressRoute Gateway coupled with an ExpressRoute Circuit on Azure side.
Unlike a public architecture, to connect such a private access, we will use dedicated connections, from our interconnection routers (CDE) in our backbone to Azure Edge routers.