Hybrid Network Infrastructure in Microsoft Azure (Part 1)

If you would like to read the other parts in this article series please go to:


It’s been coming for a long time, but I think it’s safe to say that 2015 really, finally is the year of the cloud. You just can’t get away from it now. Even when watching prime time network TV shows, you hear the characters talk about “checking his cloud account” or “putting it in my cloud.” Of course, when you get to the IT press, it’s all cloud, all the time. While cloud computing isn’t, at this time, the predominant compute model, you wouldn’t know it based on the talk, and it’s clear the momentum is there and the velocity of the move to the cloud is only going to increase in the next few years.

This becomes even clearer if you work in the Microsoft space. If you’re a long term IT pro, you’ve seen the writing on the wall. Microsoft spokespersons have officially declared that theirs is a “cloud first, mobile first” company. They’ve completely changed their previous attitude in terms of non-Microsoft operating systems, applications and hardware. Microsoft is now supporting non-Windows devices first with key applications such as Office – something that was unheard of in the days of the old Microsoft.

Azure at the forefront

As I wrote in another venue recently, I remember the days when security was the shining star and Microsoft was highlighting its Forefront products. Now most of those have been discontinued and it’s the Azure teams who are in the limelight.

Azure seems to be the focus of all Microsoft conversations now. Remember a few years ago when there was talk of a yearly cadence of Windows Server? We were all aghast at this! How could we possibly keep up with yearly releases of Windows Server? Even the traditional three to four year release cycle was enough to make our heads spin. So what happened? The last release of Windows Server was in August of 2013. When is the next version of Windows Server coming out? Maybe in 2016, but we don’t know yet.

[Author’s Note: this article was written before the Microsoft Ignite conference, where the company might announce a release date for the next version of Windows Server – so you could possibly have an answer to this question by the time you read this].

Observers within the industry, though, can see where Microsoft’s resources and top talent are concentrated now. It seems pretty obvious that Azure is the new Windows Server – or what will take its place. It’s like back when NT’s appearance on the scene was the beginning of the end for MS-DOS. In the same way, Azure is going to make Windows Server less and less relevant. It’s probably not going to go away completely, because the company is anticipating that large enterprises will continue to need on-premises resources, and it’s highly unlikely that Microsoft is going to say “hey Linux dudes, this is all yours now”.

[Author’s Note: I say this is unlikely, but after all these years in this business, I’ve learned to never say “never.” It could be that in the not so distant future that there just won’t be any money to be made in the on-premises computing market and Microsoft will give away the on-premises server business. Stranger things have happened.]

One thing is certain: the demise of Windows Server is not today, and it’s not going to be next year or the year after that. It might not ever happen, at least in my lifetime, because there are some pretty big potential boat anchors that could weigh down full cloud adoption efforts. Impediments such as government and industry regulatory compliance issues could force some data types to remain off public clouds forever. If that’s the case, on-premises computing will have a very long, and very important – albeit less prominent – role in enterprise computing.

Given these circumstances, hybrid IT should be considered the norm for at least the next decade or so. Hybrid IT is when you distribute your IT organization’s assets between on-premises and public cloud. Most people have heard about “hybrid cloud”, but if we want to be technical (and after all, we’re all technical people here), a hybrid cloud assumes that you have a private cloud on-premises. Of course, almost no one has a real private cloud on-premises. The majority of people who say they have one actually have a virtualization infrastructure. That’s fine, because you don’t have to have a private cloud to reap the benefits of hybrid IT.

Understanding the hybrid IT infrastructure

Although the cloud gets most of the airplay, I think many of us are still trying to wrap our heads around how this hybrid IT thing really works. Specifically, what does a hybrid IT infrastructure look like? As infrastructure people, you probably worry about things such as some or all of the following:

  • Storage
  • Network
  • Compute/server
  • Identity and access management
  • Security
  • Performance
  • Scalability
  • Availability

Most IT teams are pretty good at implementing all of these things on-premises, but are not really sure about the cloud.

If you’re wondering what this all looks like, here’s a hint: it looks like the diagram you can find here, and there will be more about this later in this article. I think that if you take a network-centric approach to thinking about hybrid IT, it will make it easier to put all the other infrastructure components in place.

What your particular hybrid infrastructure looks like is going to depend on the public cloud service provider you’re using. Right now, there are really only two serious players in the hybrid IT market today – Amazon and Microsoft. Google also has a cloud offering but in their 2014 Magic Quadrant, Gartner considered only the “Big Two” to qualify as members of the IaaS Leaders quadrant.

Azure and the hybrid network infrastructure

You can find a wealth of information about Amazon Web Services on our sister site, InsideAWS.com. In this article, we’re going to focus on Azure, since this site is generally about Microsoft products (and after all, that is the public cloud service provider that’s named in the title of this article).

What does Azure have in terms of networking that we can use as we try to get a better idea of what it has to offer in a hybrid IT infrastructure? From what I can tell, here are some of the most important features that Microsoft Azure offers:

  • Site to site VPNs for cross premises connectivity
  • Dedicated WAN links for cross premises connectivity (Microsoft calls these ExpressRoute)
  • Virtual network gateways that are used to connect on-premises networks to Azure virtual networks
  • Azure Virtual Networks where the virtual machines are placed
  • Inter-virtual Network connectivity which allows you to connect Azure Virtual Networks to each other over the Azure network fabric
  • External load balancers allow you to load balancing incoming connection from the Internet
  • Internal load balancers allow you load balancing connections between virtual machines sitting within an Azure Virtual Network
  • Network Security Groups allow you to configure network access controls for connections to virtual machines or subnets within an Azure Virtual Network
  • Virtual machine ACLs allow you to control traffic to and from individual virtual machines
  • Third party proxy firewalls allow you to insert virtual proxy-based firewalls onto a Azure Virtual Network
  • Dual-homed virtual machines
  • Dedicated public IP addresses that allow you to assign a specific public IP address to a virtual machine located on an Azure Virtual Network
  • Static IP addresses on virtual machines allows you to manually assign addresses to virtual machines, instead of using the default addressing behavior, which is to use the built-in Azure DHCP server
  • Public addresses on virtual machines allows you to override the default RFC 1918 addresses that are used on Azure and assign public IP addresses to virtual machines

That’s a list of some of the network features and capabilities that are available on Azure now. In case you haven’t noticed, however, Azure adds features frequently, and then announces them at big conferences. One such event is coming up in the near future as I write this: the first Microsoft Ignite conference (Ignite replaced the venerable Microsoft-sponsored annual gathering known as TechEd, which was discontinued after over thirty years of attendance by Microsoft IT pros). I suspect that Microsoft will have announced some new features that can be added to this list by the time you read this article.


The big question, then, is how do all these networking related features work in a hybrid IT environment? How can you relate these things to what you have on-premises and your understanding of how things work on-premises? If your learning modality is visually oriented, as some studies indicate almost half of us are, then what you really would like to do is see what this looks like. Once you can get that picture in your head, you’ll be ready to dig into each of these features and evaluate which ones you can use to design a hybrid IT infrastructure.

Fortunately for all of us visual learners, Microsoft recently published a document called the Datacenter Extension Reference Architecture Diagram. This diagram is really cool. It’s not just a flat drawing; it’s an interactive diagram. It provides you with a complete view of the infrastructure components of what would go into a hybrid IT infrastructure. When you hover over one of the components, a bubble pops up and shows you the details of the infrastructure element that you hovered over.

The down side to all of this information is that such a diagram can get pretty complex. What if you don’t want to see all the infrastructure components? Maybe you want to focus only on the network. Not only is this diagram interactive; it’s also multi-layered. This allows you to turn off other layers, such as the servers layer, the authentication and authorization layer, the storage layer, and other layers, leaving you with only the networking layer. How amazingly useful is that?

The diagram also includes some other items of really useful information that help you see and understand how all the pieces I’ve mentioned above fit into a hybrid IT infrastructure:

  • The interactive diagram
  • A Visio file that includes not only the diagram, but some other information about networking, name resolution and authentication pieces of the infrastructure
  • An Excel spreadsheet that provides all the details of each of the infrastructure components that are seen in the diagram
  • A video that explains how to use the diagram and how to get the most out of it

Full disclosure here: My husband Tom (whom many of you know and love) is one of the Microsoft employees on the team that put this package together, so maybe I’m a little biased. Check it out yourself and let the team know what you think about it. If you have suggestions as to additional information that should go into the diagram, leave those suggestions in the Comments section. They are currently working on v2 of the diagram and there’s a very good chance that your suggestions will be implemented.

I hope you’ll find the diagram and related files useful. In the second part of this series, I’ll go over some of the details of each of the networking infrastructure pieces I mentioned above, and will include new ones if there are any announced at Ignite. See you then.

If you would like to read the other parts in this article series please go to:

About The Author

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top