Skip to main content

Azure Cloud connectivity - Solution architectures

Welcome to this comprehensive guide that explores the different Azure cloud connectivity options available for accessing your Azure resources.

On Demand Cloud Connect IPSEC – Azure

We provide you with two architecture options for accessing your Azure resources over the internet:

  • Standard Architecture
  • High Availability (HA) Architecture

Both options deploy an Active/Active VPN Gateway on the Azure side, ensuring local redundancy. If one Azure Gateway experiences a failure, the second one will immediately take over.

Standard Architecture

You are a customer that wants to interconnect one site to Azure IaaS through a basic Public Connector, this solution is for you.

Description of the Standard architecture

Standard architecture.

  • A customer IPsec VRF instance is deployed on a unique PoP
  • Two IPSec tunnels are set to reach both Azure VPN Gateways
  • HA : And another two IPSec tunnels are set to the same VPN Gateways

High Availability Architecture

You are a customer that wants to interconnect one site to Azure IaaS through an HA Public Connector, this solution is for you.

Description of the High Availability architecture

High Availability architecture.

  • The architecture brings a redundancy
  • A second customer VRF is deployed on a “backup” PoP
  • And another couple of IPSec tunnels are set to the same VPN Gateways
  • Those tunnels act like those on the nominal PoP
  • But on a global view, we have four levels of backup.

On Demand Cloud Connect Private – Azure

Based on a private circuit directly connected to the Cloud Service Provider and transit over our MPLS network, this solution provides you the best quality and security for a Multi-cloud approach.

Description of the Private Connectivity architecture

Private Connectivity architecture.

This architecture, shared with Business Galerie, is available to reach Azure resources through a private connection. This is done thanks to an ExpressRoute Gateway coupled with an ExpressRoute Circuit on Azure side.
Unlike a public architecture, to connect such a private access, we will use dedicated connections, from our interconnection routers (CDE) in our backbone to Azure Edge routers.