Академический Документы
Профессиональный Документы
Культура Документы
Yousef Khalidi
CVP, Microsoft Azure Networking
@YousefkAzure
Our mission
To provide the most secure, trusted, reliable
and performant network for customer
workloads, delivered and managed from Intelligent Cloud
the Intelligent Cloud to the Intelligent Edge
Intelligent Edge
Organizations are hitting a tipping
point where more traffic is going to
the cloud than to on-premises
datacenters
Intelligent Cloud
Computing at edge is driving new
connectivity and compute models
Intelligent Edge
Requires foundational changes
• a new network design
• a new network security approach
• a new application delivery
model
• a comprehensive monitoring approach
Intelligent Cloud
Network Carriers
Intelligent Edge
Network infrastructure
Microsoft global network
Region
Edge
Network
54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
Microsoft global network
Region
Edge
Network
54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
Microsoft global network
Region
Edge
Network
54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
Satellite connectivity
Connecting Azure regions to the global network
Edge
PRIVATE PUBLIC
Internet peers
Enterprise peering ExpressRoute Internet peering
Regional Gateways
DC DC DC
DC DC DC DC DC DC
Azure Region
The Azure Network Edge
Internet and private network
Target
Today: Within 50 ms
47% of users worldwide
56.6% of users in established markets
30.6% of users in emerging markets
62% of users in United States
1ST party
Intelligent Cloud
NEC
MEC
Intelligent Edge
Microsoft Azure Network Edge Compute Offerings
NEC & MEC bring the Azure experience closer to the user
The cloud computing continuum
< 30 ms
< 5 ms
Multi-access Edge
Compute at Network Edge Compute at the edge of
customer premises Telco or Microsoft network
Bandwidth
Latency
MEC and NEC Features
MEC NEC
Develop 1 2 Package
DevOps
4 3
Deploy Push
Container registry
MEC and private mobile networks
Managed Compute and Managed from Mobile networks as a service Integration with
Network as a Service Azure from VNF vendors and MSPs Azure Services
+
Edge Compute Private Mobile
Local compute and private mobile networks together enables new use cases
Building blocks and partners of MEC solution
Spectrum
Devices SIM RAN
Internet
Use Cases
Retail e-fulfillment - Attabotics
Agriculture – FarmBeats
Microsoft + Operators better together
Microsoft’s value to Telcos Operator’s value to Microsoft
GA
•ExpressRoute Integration
Point-to-site VPN
•Point to site VPN Integration Region 2 Region 3
P R E VI E W
•Hub/Any-to-any connectivity
•Azure Firewall integration
Branch Branch Branch Branch
Virtual WAN partner ecosystem
AVAILABLE NOW COMING SOON
Azure Networking Managed Services Partners (MSP)
MSP offerings available in Azure Marketplace
Microsoft Peering Service
Delivering optimal public Internet
connectivity to Microsoft Cloud MS Peering
Enterprise grade partner
Internet connectivity
P R E VI E W
Connectivity partners
Peering service platform
• Local and geo peering redundancy
• High capacity peers
• Optimized Internet traffic routing
Central network security policy and route management Azure region 1 Azure region N
ROADMAP
Can
cause
this
The proliferation of drone use is disrupting many industries, from security & privacy to the delivery of
goods. Air Traffic Control operations is on the cusps of one the largest disruptive events in the field, going
from monitoring dozens or air vehicle to thousands
AT&T, Microsoft and
Vorpal Collaboration
Drone monitoring as a service
NEC
environmental impact
Heat Map
Algorithms
process data
White Space creating
detailed field
Unlicensed, long-range low-cost TV White Space heat-map
radios connect sensors and capture data
TYE Balloons Drones
hybridpm@microsoft.com
Low-cost Tethered Eye Autopilot
helium balloons stream drones gather
images and video to aerial imagery
Azure IoT Edge where (visible and
drones not permitted multi-spectral)
Local Farm
Computer
Windows 10 IoT based
Farmer
Azure IoT Edge performs Heat map data
computations and AI at sent to farmer
the FarmBeats Edge in who applies
the farmer’s house/office insight to
increase
efficiency and
Soil Sensor conserve
resources
Solar-powered
sensors for
moisture, soil
chemistry,
temperature
Azure Peering Service
Delivering optimal public Internet
connectivity to Microsoft Cloud MS Peering
Enterprise grade partner
Internet connectivity
P R E VI E W
Connectivity partners
Peering service platform
• Local and geo peering redundancy
• High capacity peers
• Optimized Internet traffic routing
Defense-in-depth
+
PREVIEW
Deny Internet
Private
Link
On-premises Private
endpoint Storage SQL SQL DW Marketplace
Private Link for Azure Storage, SQL DB and data exfiltration protection
GA
•ExpressRoute Integration
Point-to-site VPN
•Point to site VPN Integration Region 2 Region 3
P R E VI E W
•Hub/Any-to-any connectivity
•Azure Firewall integration
Branch Branch Branch Branch
Azure Firewall Manager Global admin
Central network security policy and route management Azure region 1 Azure region N
ROADMAP
Procedural 3D rendering
Remote assistance
TAQTILE - MANIFEST
Can
cause
this
The proliferation of drone use is disrupting many industries, from security & privacy to the delivery of
goods. Air Traffic Control operations is on the cusps of one the largest disruptive events in the field, going
from monitoring dozens or air vehicle to thousands
AT&T, Microsoft and
Vorpal Collaboration
Exploring drone monitoring as a service
• Low latency for real time • Reduces the cost and form
tracking factor of the sensors
• Deployment on Azure cloud • Leverage cloud capabilities
• 5G throughput for large scale • Highly enhances scaling up
drone monitoring capabilities
NEC = 50% improvement NEC = Country and State deployment with
in data processing latency performance a fraction of the costs
Vorpal VigilAir on Network Edge Compute
NEC
MACsec encryption
• Secures physical links at ExpressRoute sites
• Bring-your-own-key, store keys in Azure Key Vault
• Available on ER Direct
ExpressRoute Remote
mine
Energy
farm
Oil/gas
rig
Defense and
peacekeeping
Remote
factory
for satellites
Directly connect ground stations to Microsoft
GA
C Commercial
OMMERCIAL
IPv6
"We've grown to value and trust the stability and IPv4
reliability of IPv6 connectivity in Azure. As we look to Load
expand our cloud-based portfolio and offer additional Windows VM Balancer
services for the 65 million endpoints we manage
globally, IPv6 capability is a key enabler for adapting
DDoS Protection
our IoT framework to the cloud.”
IPv6 IPv6
Greg Richards, SVP, Technology & Research, Itron Internet
Internet
Connect & Extend Protect
Azure
Networking
services
Modernizing your
network
Monitor Deliver
Azure Private Link
Azure Firewall Manager
Protect
Azure Bastion
Azure WAF
Cloud-native network security services
Defense-in-depth
+
Achieving Zero Trust with Azure Networking
Cloud-native network security services
Defense-in-depth
+
PREVIEW
Deny Internet
Private
Link
On-premises Private
endpoint Storage SQL SQL DW Marketplace
Private Link for Azure Storage, SQL DB and data exfiltration protection
Central network security policy and route management Azure region 1 Azure region N
ROADMAP
Azure VM
Azure Portal
Resources can be accessed without public IP
addresses SSL
443,
Azure VM
Internet Azure Bastion
Supported Azure resources include VMs, VM Scale
AzureBastionSubnet Target VM Subnet(s)
Sets, Dev-Test Labs
Azure WAF
OWASP rules
Bot management
WAF policy Custom rules
Web Application Firewall
Uniform policy
Unified WAF offering
• Protect your apps at network edge or in Azure regions
Site and URI path specific WAF policies PaaS, IaaS and on-premises backends
Customize WAF policies at regional WAF for finer grained protection
at each host/listener or URI path level
Azure
Networking
services
Modernizing your
network
Monitor Deliver
Application Gateway
Deliver Azure Front Door
Azure CDN
Application Gateway Azure Kubernetes
Application Delivery Controller Services (AKS)
GA
Azure Key Vault Commercial
Pods
AKS API
Azure Kubernetes Services (AKS) Ingress Controller server
• Ingress for one or more AKS clusters in backend
• Enhanced performance - use private IP of AKS pods
Azure Key Vault integration
• Centrally manage SSL certificates in Azure Key Vault Application
Gateway
Enhanced Metrics
AG Ingress
• End to end latency, backend latency, backend error code, Controller
RPS/node metrics
COMING SOON
Wildcard listener
• Listeners enhanced to accept wildcards. No need to create
Application Gateway routing rules
new listener for each subdomain Azure ARM
Single region apps
Fail over
Azure region 2
www.contoso.com
Accelerate
Azure Region
Azure CDN
Cost efficient, reliable global content distribution
Media App service
Mobile
Azure
Networking
services
Modernizing your
network
Monitor Deliver
Internet Analyzer
Monitor
Azure Monitor for Networks
Internet Analyzer
Deploy internet Your real end users,
1
analyzer client your customers around the globe
Delivered with
Easily measure and compare end user your app
P R E VI E W
ACTIVE
PERFORMANCE
Cloud migration MEASUREMENTS
Measure the impact of moving the web app to cloud The
internet
Configure your Test
CDN and app acceleration 2 tests configuration
Measure the performance impact of Front Door and CDN
Your current “What-if”
Perform A/B measurements application application
architecture architecture
Measure end user performance of two versions of app
or impact of multiple region deployments
Measurement data
PREVIEW
Network insights
• Single health console for the entire cloud network
• No agent/configuration required
GA
Enhanced troubleshooting
• Improved connectivity checks for load balancers, global peering,
cross region connectivity, User Defined Routes, NVAs, ExpressRoute
Azure region to
region round
trip latency
The inter-region average
latency measurements on a
monthly basis
Full Report:
https://docs.microsoft.com/en-us/a
zure/networking/azure-network-lat
ency
Summary Ignite 19 - Azure Networking Announcements
BRK2144 Selecting the correct network connectivity service for your workloads 11/05 - 3:30 – 4:15 PM
BRK3138 Global transit network architectures with Virtual WAN 11/06 - 9:15 – 10 AM
BRK3172 Advanced networking best practices with Azure ExpressRoute 11/06 - 3:30 – 4:15 PM
BRK3185 Securing your cloud perimeter with Azure Network Security 11/06 - 2:15 – 3 PM
BRK3168 Delivering services privately in your VNet with Azure Private Link 11/07 - 9:15 – 10 AM
BRK2146 Taking applications and content to the edge 11/07 - 11:45 AM – 12:30 PM
Deliver highly available and secure web applications with Azure Application Gateway & Web Application Firewall
BRK3169 11/07 - 2:15 – 3 PM
(WAF)
BRK3170 Building and Managing distributed micro-perimeters with Azure Firewall 11/07 - 3:30 – 4:15 PM
BRK3171 Using Azure Web Application Firewall to protect your web applications and web APIs 11/08 - 9:15 – 10 AM
BRK2207 The journey to enable mobile edge compute, VNFs and 5G with Azure 11/06 - 11:45 AM – 12:30 PM
WRK3015R Private PaaS with Private Link and DNS integration (Workshop/Instructor Led Lab) 11/07 - 4 – 5:15 PM
© Copyright Microsoft Corporation. All rights reserved.