Enabling and securing ubiquitous

compute from intelligent cloud

to intelligent edge

Yousef Khalidi
CVP, Microsoft Azure Networking

@YousefkAzure
Our mission
To provide the most secure, trusted, reliable
and performant network for customer
workloads, delivered and managed from Intelligent Cloud
the Intelligent Cloud to the Intelligent Edge

Intelligent Edge
Organizations are hitting a tipping
point where more traffic is going to
the cloud than to on-premises
datacenters

Intelligent Cloud
Computing at edge is driving new
connectivity and compute models

Intelligent Edge
Requires foundational changes
• a new network design
• a new network security approach
• a new application delivery
model
• a comprehensive monitoring approach
Intelligent Cloud

• a new set of critical, immersive and collaborative applications

• a new set of terrestrial, wireless, and satellite connectivity options

Intelligent Edge
 Customers

Network Carriers

Network Carriers essential

to enable customers to
consume Microsoft cloud Intelligent Cloud
services

Intelligent Edge
Network infrastructure
 Microsoft global network

Region

Edge

Network

54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
 Microsoft global network

Region

Edge

Network

54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
 Microsoft global network

Region

Edge

Network

54 Azure
regions 130k+ miles of fiber +
subsea cables 160+ edge
sites 500+ network
partners 20k+ peering
connections
Satellite connectivity
Connecting Azure regions to the global network

Edge
PRIVATE PUBLIC

Internet peers
Enterprise peering ExpressRoute Internet peering

Microsoft Wide Area Network

Regional Gateways

DC DC DC

DC DC DC DC DC DC

Availability Zone Availability Zone Availability Zone

Azure Region
 The Azure Network Edge
Internet and private network

Azure Network Edge

WAN Azure Azure Front Door,

core routers ExpressRoute CDN, WAF, DDoS

Traffic to and between DCs

Microsoft Global Network (WAN)

Edge footprint and performance

Target

50% of the world within 50ms

Today: Within 50 ms
47% of users worldwide
56.6% of users in established markets
30.6% of users in emerging markets
62% of users in United States

Goal: 30 ms and 85% coverage

SONiC  Software for Open Networking in the Cloud 
configuration and management tools

1ST party

New More apps SNMP BGP DHCP IPv6 New

Database Platform TeamD LLDP

SWSS Utility RedisDB SYNCD

Switch Abstraction Interface (SAI)

Growing Ecosystem
Connect & Extend Protect
DDoS Protection
Peering Service
Virtual WAN Azure Firewall

ExpressRoute Networking Bastion

Web Application Firewall
VPN
services PrivateLink
Virtual Network
Modernizing your
network
Monitor Deliver
Front Door
Internet Analyzer
CDN, DNS, Traffic Manager
Azure Monitor
Application Gateway
 TECH PREVIEW

Multi-access Edge Compute

Network + Compute at the edge
 Intelligent Edge
Latency is the new currency

Intelligent Cloud

NEC

MEC

Intelligent Edge
 Microsoft Azure Network Edge Compute Offerings

Network Edge Compute (NEC) Multi-access Edge Compute (MEC)

• Azure closer to the end user
• Telcos’ DCs & Microsoft edge sites
• One hop away from Telcos’ 5G core
• Optimized for multitenant deployments
• Larger scale workloads
• Based on Azure Stack Edge
• Customers on-premises
• Runs managed VNFs for private mobile networks
• Optimized for single tenant deployments
• Scales from 1U to racks, other formfactors

NEC & MEC bring the Azure experience closer to the user
 The cloud computing continuum

< 30 ms

< 5 ms

Multi-access Edge
Compute at Network Edge Compute at the edge of
customer premises Telco or Microsoft network

Bandwidth
Latency
MEC and NEC Features

Managed by Same dev-ops Microservices at One hop from

Azure tools the edge the user
Familiar portal, APIs and GitHub, Azure Dev Ops Kubernetes, Functions, Lower latency, higher
tools etc. bitrates
MEC and NEC Deployments Managed from Azure

MEC NEC

Factory floor HQ Branch

 Same DevOps tools and pipeline
Same tools to author and deploy applications in the cloud and the edge

Source code in Git Repository

Develop 1 2 Package

Azure Kubernetes Service (AKS) Azure Docker container

DevOps

4 3
Deploy Push

Container registry
 MEC and private mobile networks

Managed Compute and Managed from Mobile networks as a service Integration with
Network as a Service Azure from VNF vendors and MSPs Azure Services

+
Edge Compute Private Mobile

Built on Azure Stack Edge

Local compute and private mobile networks together enables new use cases
 Building blocks and partners of MEC solution

Spectrum
Devices SIM RAN

Azure Stack Edge

Kubernetes VMs IoT Edge

Internet
Use Cases
Retail e-fulfillment - Attabotics

Mixed Reality – Taqtile

Gaming – Game Cloud Network

Public Safety – Vorpal

Media Streaming – NetInsight

Agriculture – FarmBeats
 Microsoft + Operators better together
Microsoft’s value to Telcos Operator’s value to Microsoft

• Developers & deep technology base • First-mile & spectrum

• Enterprise channel • Network infrastructure & real-estate
• Industry partnerships • Channel
• Intelligent cloud + intelligent edge • Regional coverage
• Network intelligence

Opportunity for telcos to offer higher

Every Microsoft customer is a telco
margin services over their networks
customer
Backup
 Corp HQ VNet

Azure Virtual WAN VNet VNet

Provides optimized and automated ExpressRoute

branch connectivity to, and Datacenter VNet
through Azure
Region 1

GA
 

•ExpressRoute Integration
Point-to-site VPN
•Point to site VPN Integration Region 2 Region 3

•Path selection from branch

P R E VI E W

•Hub/Any-to-any connectivity
•Azure Firewall integration
Branch Branch Branch Branch
 Virtual WAN partner ecosystem
AVAILABLE NOW COMING SOON
Azure Networking Managed Services Partners (MSP)
MSP offerings available in Azure Marketplace
Microsoft Peering Service
Delivering optimal public Internet
connectivity to Microsoft Cloud MS Peering
Enterprise grade partner
Internet connectivity
P R E VI E W

Connectivity partners
Peering service platform
• Local and geo peering redundancy
• High capacity peers
• Optimized Internet traffic routing

Telemetry platform Customer Monitoring Operational

• Latency deviation insights

• BGP route anomalies

• Performance degradation events

Route Anomalies Detection and User telemetry RADAR

Auto Remediation (RADAR)
Internet
 20 million routes monitored for real time BGP
leaks, hijacks or withdrawals
 Azure Peering Service
Launch partners

We invite all carriers to join – reach out to peeringservice@microsoft.com

Azure Firewall Manager Global admin

Central network security policy and route management Azure region 1 Azure region N

for globally distributed, software-defined perimeters Global policy

Local admin
PREVIEW

Central deployment and configuration

VNet
• Deploy and configure multiple Azure Firewall instances
• Optimized for DevOps with Hierarchical policies
3rd party 3rd party
Automated routing partners
Azure Secured Azure Secured
partners
• Easily attract traffic to your secured hub for filtering Firewall vHub Firewall vHub
and logging using central routing configuration

Advanced security with 3rd party SECaaS

• Use best-in-breed third party Security as a Service (SECaaS)
partners for advanced internet security
• Combine with Azure Firewall for private traffic
Virtual WAN VPN Virtual WAN
ER/VPN ER/VPN

ROADMAP

Virtual Network support, Split routing

• Support Azure Firewall in a Virtual Network End-user
HQ/ Datacenter
• Optimized O365 and Azure public PaaS access branch devices
 Azure Firewall Manager
Trusted security partners

Use Azure as your Secured Internet Edge

Use best-in-breed third- Breakout Office 365

party Security-as-a- Protect VNet-to- Combine with Azure traffic directly at branch;
Service (SECaaS) Internet or Branch-to- Firewall for layered filter rest of Internet
partners with Azure Internet user traffic security traffic using SECaaS on
Firewall Manager  Azure

AVAILABLE IN PREVIEW COMING SOON

 The Problem
This

Can
cause
this

The proliferation of drone use is disrupting many industries, from security & privacy to the delivery of
goods. Air Traffic Control operations is on the cusps of one the largest disruptive events in the field, going
from monitoring dozens or air vehicle to thousands
AT&T, Microsoft and
Vorpal Collaboration
Drone monitoring as a service

Enabling us to track thousands

of drone in
real time to keep the skies a
safe place

Vorpal provides the solution. Microsoft and

AT&T provide the infrastructure
Vorpal VigilAir on Network Edge Compute

NEC

VigilAir Command Center

VigilAir Edge Cloud

VM hosted at NEC Coverage Area
FarmBeats: Smart Agriculture
Provides access to Microsoft Azure Cloud
Cloud and AI to improve crop Private LTE Machine learning (ML) algorithms
integrate sensor data with aerial imagery
Azure Data Box Edge with “Mobile
yield, lower costs, and reduce Networking role” runs the EPC and
backhauls data to Azure
and crop predictions

environmental impact
Heat Map
Algorithms
process data
White Space creating
detailed field
Unlicensed, long-range low-cost TV White Space heat-map
radios connect sensors and capture data
TYE Balloons Drones
hybridpm@microsoft.com
Low-cost Tethered Eye Autopilot
helium balloons stream drones gather
images and video to aerial imagery
Azure IoT Edge where (visible and
drones not permitted multi-spectral)
Local Farm
Computer
Windows 10 IoT based
Farmer
Azure IoT Edge performs Heat map data
computations and AI at sent to farmer
the FarmBeats Edge in who applies
the farmer’s house/office insight to
increase
efficiency and
Soil Sensor conserve
resources
Solar-powered
sensors for
moisture, soil
chemistry,
temperature
Azure Peering Service
Delivering optimal public Internet
connectivity to Microsoft Cloud MS Peering
Enterprise grade partner
Internet connectivity
P R E VI E W

Connectivity partners
Peering service platform
• Local and geo peering redundancy
• High capacity peers
• Optimized Internet traffic routing

Telemetry platform Customer Monitoring Operational

• Latency deviation insights

• BGP route anomalies

• Performance degradation events

Route Anomalies Detection and User telemetry RADAR

Auto Remediation (RADAR)
Internet
 20 million routes monitored for real time BGP
leaks, hijacks or withdrawals
 Azure Peering Service
Launch partners

We invite all carriers to join – reach out to peeringservice@microsoft.com

Achieving Zero Trust with Azure Networking
Cloud-native network security services

Azure Azure Web Azure Azure DDoS

Firewall Application Firewall Private Link Protection

Software Defined Network (SDN)

Virtual Network User Defined Load
Networks Security Groups Routes Balancer

Defense-in-depth

+
 PREVIEW

Azure Private Link

Highly secure and private connectivity to Azure services

Deny Internet

Azure PaaS and

marketplace services
10.0.0.5
ER Gateway

Private
Link
On-premises Private
endpoint Storage SQL SQL DW Marketplace

Virtual Network (10.0.0.0/16)

Private Link for Azure Storage, SQL DB and data exfiltration protection

Private access from VNets, Predictable private IP Unified experience across

In-built Data
peered VNets and addresses for PaaS PaaS, Customer Owned
Exfiltration Protection
on-premises resources and marketplace Services
 Corp HQ VNet

Azure Virtual WAN VNet VNet

Provides optimized and automated ExpressRoute

branch connectivity to, and Datacenter VNet
through Azure
Region 1

GA
 

•ExpressRoute Integration
Point-to-site VPN
•Point to site VPN Integration Region 2 Region 3

•Path selection from branch

P R E VI E W

•Hub/Any-to-any connectivity
•Azure Firewall integration
Branch Branch Branch Branch
Azure Firewall Manager Global admin

Central network security policy and route management Azure region 1 Azure region N

for globally distributed, software-defined perimeters Global policy

Local admin
PREVIEW

Central deployment and configuration

VNet
• Deploy and configure multiple Azure Firewall instances
• Optimized for DevOps with Hierarchical policies
3rd party 3rd party
Automated routing partners
Azure Secured Azure Secured
partners
• Easily attract traffic to your secured hub for filtering Firewall vHub Firewall vHub
and logging using central routing configuration

Advanced security with 3rd party SECaaS

• Use best-in-breed third party Security as a Service (SECaaS)
partners for advanced internet security
• Combine with Azure Firewall for private traffic
Virtual WAN VPN Virtual WAN
ER/VPN ER/VPN

ROADMAP

Virtual Network support, Split routing

• Support Azure Firewall in a Virtual Network End-user
HQ/ Datacenter
• Optimized O365 and Azure public PaaS access branch devices
 Azure Firewall Manager
Trusted security partners

Use Azure as your Secured Internet Edge

Use best-in-breed third- Breakout Office 365

party Security-as-a- Protect VNet-to- Combine with Azure traffic directly at branch;
Service (SECaaS) Internet or Branch-to- Firewall for layered filter rest of Internet
partners with Azure Internet user traffic security traffic using SECaaS on
Firewall Manager  Azure

AVAILABLE IN PREVIEW COMING SOON

 Virtual WAN partner ecosystem
AVAILABLE NOW COMING SOON
Azure Networking Managed Services Partners (MSP)
MSP offerings available in Azure Marketplace
Attabotics slides here
Mixed Reality
Immersive Training

Procedural 3D rendering

Personal & equipment safety

Remote assistance
TAQTILE - MANIFEST

Simplify Knowledge Capture

Guided Tasks Improve Learning and Consistency

Improve Worker Safety & Productivity

Easy to Provision Infrastructure

For more information on Manifest reach out to:

Info@taqtile.com or kelly.malone@taqtile.com
Immersive Gaming
Better on mobile
Scalable synchronization
Branded experiences
Tap and Field™

TV App provides broadcast support

and facilitates live casual esports
events and promotions.

Players compete in real-time on their

phones, desktops or consoles.
 Architecture
3. Game Server instance in
the cloud allows
Command and geographically distant
Microsoft Azure Game Server
Azure PlayFab Control players to play and provides
Instance scalability
“The Lobby”

Microsoft Azure NEC Game Server

Instance

4. Game Server instance on

1. Connects to PlayFab for account,
Consumers persistence, progression, voice and Gaming
Gaming
the edge provides LAN or
Gaming
Device
Gaming better play experience for
text chat and the store. Device
Device geographically/topographical
2. Joins the lobby (Command and Devices
ly nearby players – such as
Control) to begin interacting with esport events, friends, arenas,
other players. When ready to race, etc.
C&C spins up an on-demand game
server instance, either in the cloud
or on the edge.
Real Time Drone
Tracking
Distributed sensor network

Low latency real time tracking

Reduced costs and form factors

 The Problem
This

Can
cause
this

The proliferation of drone use is disrupting many industries, from security & privacy to the delivery of
goods. Air Traffic Control operations is on the cusps of one the largest disruptive events in the field, going
from monitoring dozens or air vehicle to thousands
AT&T, Microsoft and
Vorpal Collaboration
Exploring drone monitoring as a service

Enabling us to track thousands

of drone in
real time to keep the skies a
safe place

Vorpal provides the solution. Microsoft and

AT&T provide the infrastructure
 Collaboration

First phase Second phase

Improving Scalability
performance

• Low latency for real time
tracking
• Deployment on Azure cloud
• 5G throughput for large scale
drone monitoring
NEC = 50% improvement
in data processing latency performance
• Reduces the cost and form
factor of the sensors
• Leverage cloud capabilities
• Highly enhances scaling up
capabilities
NEC = Country and State deployment with
a fraction of the costs
Vorpal VigilAir on Network Edge Compute

NEC

VigilAir Command Center

VigilAir Edge Cloud

VM hosted at NEC Coverage Area
NetInsight
Low latency synchronized
media streaming
Create Sticky Experiences ​
Offer an “all inclusive” app
that turns the viewer into the
Producer!

Racing is just one example…

 ​
• Produced Feed​
• Drivers Cams ​
• Guest Commentators ​
• Sponsor Channels ​
• Battle modes​
• Race notifications​
• Leader boards​
• Car and driver data
ExpressRoute
GA

Fast Path ExpressRoute Site

• Improved throughput, packets/sec, connections/sec,
number of flows
ExpressRoute Local
• No egress charges from Azure to local ER site Customer Microsoft
Cage Cage
Continued expansion of ER locations
PREVIEW MACsec

MACsec encryption
• Secures physical links at ExpressRoute sites
• Bring-your-own-key, store keys in Azure Key Vault
• Available on ER Direct
ExpressRoute Remote
mine
Energy
farm
Oil/gas
rig
Defense and
peacekeeping
Remote
factory

for satellites
Directly connect ground stations to Microsoft

GA

C Commercial
OMMERCIAL

Direct private access to Azure

Connect to Azure from anywhere

Ground station ExpressRoute
 VPN
S2S P2S
High throughput VPN – 10Gbps GA
AAD auth + MFA P R E VI E W

• New Azure VPN gateways – VpnGw3/4/5

• Up to 10 Gbps aggregate Azure VPN Client (Windows App) PREVIEW

• Up to 10,000 P2S connections • OpenVPN protocol

• Native AAD authentication with MFA
IKEv1 + IKEv2 on VpnGw1-5 GA
• Client-side Diagnostics, Logs, & Metrics
• IKEv1 on new VpnGw SKUs (1 ~ 5)
• Multiple IKEv1 S2S tunnels
• IKEv1 and IKEv2 on the same VPN gateway Aggregate P2S
SKUs IKEv1/v2
throughput connections

VPN gateway packet capture PREVIEW

VpnGw1 650 Mbps 250 IKEv1+IKEv2

VpnGw2 1 Gbps 500 IKEv1+IKEv2

• With 5-tuple packet filter
• ETW or PCAP formats VpnGw3 2.5 Gbps 1000 IKEv1+IKEv2

VpnGw4 5 Gbps 5,000 IKEv1+IKEv2

Custom IKE traffic selectors C O M I NG S O O N VpnGw5 10 Gbps 10,000 IKEv1+IKEv2

IPv6 in Azure VNETs
GA Azure Virtual Network Dual Stacked (IPv4+IPv6)
IPv6 IPv6
Native IPv6 all the way to the VMs Application
NSG
Rules Front-End
NSG
Rules
Subnet Subnet

Private IPv6 addresses for VMs and NICs IPv6

IPv4
IPv6 User-
Dual stacked IPv4/IPv6 VMs for max flexibility Linux VM
Defined
Routes

IPv6
"We've grown to value and trust the stability and IPv4
reliability of IPv6 connectivity in Azure.  As we look to Load
expand our cloud-based portfolio and offer additional Windows VM Balancer
services for the 65 million endpoints we manage
globally, IPv6 capability is a key enabler for adapting
DDoS Protection
our IoT framework to the cloud.”
IPv6 IPv6
Greg Richards, SVP, Technology & Research, Itron Internet
Internet
Connect & Extend Protect

Azure
Networking
services
Modernizing your
network
Monitor Deliver
 Azure Private Link
Azure Firewall Manager
Protect
Azure Bastion
Azure WAF
 Cloud-native network security services

Azure Azure Web Azure Azure DDoS

Firewall Application Firewall Private Link Protection

Software Defined Network (SDN)

Virtual Network User Defined Load
Networks Security Groups Routes Balancer

Defense-in-depth

+
Achieving Zero Trust with Azure Networking
Cloud-native network security services

Azure Azure Web Azure Azure DDoS

Firewall Application Firewall Private Link Protection

Software Defined Network (SDN)

Virtual Network User Defined Load
Networks Security Groups Routes Balancer

Defense-in-depth

+
 PREVIEW

Azure Private Link

Highly secure and private connectivity to Azure services

Deny Internet

Azure PaaS and

marketplace services
10.0.0.5
ER Gateway

Private
Link
On-premises Private
endpoint Storage SQL SQL DW Marketplace

Virtual Network (10.0.0.0/16)

Private Link for Azure Storage, SQL DB and data exfiltration protection

Private access from VNets, Predictable private IP Unified experience across

In-built Data
peered VNets and addresses for PaaS PaaS, Customer Owned
Exfiltration Protection
on-premises resources and marketplace Services
Azure Firewall Manager Global admin

Central network security policy and route management Azure region 1 Azure region N

for globally distributed, software-defined perimeters Global policy

Local admin
PREVIEW

Central deployment and configuration

VNet
• Deploy and configure multiple Azure Firewall instances
• Optimized for DevOps with Hierarchical policies
3rd party 3rd party
Automated routing partners
Azure Secured Azure Secured
partners
• Easily attract traffic to your secured hub for filtering Firewall vHub Firewall vHub
and logging using central routing configuration

Advanced security with 3rd party SECaaS

• Use best-in-breed third party Security as a Service (SECaaS)
partners for advanced internet security
• Combine with Azure Firewall for private traffic
Virtual WAN VPN Virtual WAN
ER/VPN ER/VPN

ROADMAP

Virtual Network support, Split routing

• Support Azure Firewall in a Virtual Network End-user
HQ/ Datacenter
• Optimized O365 and Azure public PaaS access branch devices
 Azure Firewall Manager
Trusted security partners

Use Azure as your Secured Internet Edge

Use best-in-breed third- Breakout Office 365

party Security-as-a- Protect VNet-to- Combine with Azure traffic directly at branch;
Service (SECaaS) Internet or Branch-to- Firewall for layered filter rest of Internet
partners with Azure Internet user traffic security traffic using SECaaS on
Firewall Manager  Azure

AVAILABLE IN PREVIEW COMING SOON

 Customer’s Virtual Network
Azure Bastion
Secure and seamless RDP and SSH access to your Private IP
virtual machines Port: 3389/22
“AzureBastionSubnet”
GA
Azure VM
SSL
RDP/SSH to your workload using HTML5 standards-
Remote Protocol
based web-browser, directly in Azure Portal (RDP, SSH, et al)

Azure VM
Azure Portal
Resources can be accessed without public IP
addresses SSL
443,
Azure VM
Internet Azure Bastion
Supported Azure resources include VMs, VM Scale
AzureBastionSubnet Target VM Subnet(s)
Sets, Dev-Test Labs
Azure WAF
OWASP rules
Bot management
WAF policy Custom rules
Web Application Firewall
Uniform policy
Unified WAF offering
• Protect your apps at network edge or in Azure regions

Azure Global WAF Azure Regional WAF

P R E V I EW
(Front Door) (Application Gateway)

Microsoft threat intelligence

• Protect apps against automated attacks
• Manage good/bad bots with Azure BotManager RuleSet

Site and URI path specific WAF policies PaaS, IaaS and on-premises backends
 Customize WAF policies at regional WAF for finer grained protection
at each host/listener or URI path level

Geo filtering on regional WAF

 Enhanced custom rule matching criterion includes filtering by
country
Connect & Extend Protect

Azure
Networking
services
Modernizing your
network
Monitor Deliver
 Application Gateway
Deliver Azure Front Door
Azure CDN
Application Gateway Azure Kubernetes
Application Delivery Controller Services (AKS)

GA
Azure Key Vault Commercial
Pods
AKS API
Azure Kubernetes Services (AKS) Ingress Controller server
• Ingress for one or more AKS clusters in backend
• Enhanced performance - use private IP of AKS pods
Azure Key Vault integration
• Centrally manage SSL certificates in Azure Key Vault Application
Gateway
Enhanced Metrics
AG Ingress
• End to end latency, backend latency, backend error code, Controller
RPS/node metrics

COMING SOON

Wildcard listener
• Listeners enhanced to accept wildcards. No need to create
Application Gateway routing rules
new listener for each subdomain Azure ARM
 Single region apps

Azure Front Door

Global Azure region
Network Edge POP Network
/*
Global entry point for high performance, high
availability web applications
www.contoso.com /search/*
GA

Single or multi-region app and API acceleration Accelerate

 Improve HTTP performance and reduce page load times

Load balancing at the Edge and fast-failover

 Build always-on application experiences that fail-fast (safely) Multi-region apps

Integrated SSL, WAF and DDoS Global Azure region 1

Network Edge POP Network
 Protect and scale your application to global users, devices,
traffic and attacks

Fail over
Azure region 2

www.contoso.com

Accelerate
 Azure Region

Azure CDN
Cost efficient, reliable global content distribution
Media App service

Mobile

API Media services

GA

Reduced Azure egress pricing

Storage
• Egress is free from Storage, Compute, Media Services to
www.contoso.com
Azure CDN from Microsoft vod.contoso.com
On-premise/external
P R E VI E W
Files
Easy to use and highly customizable rules engine
Updates
• Few click onboard and common-api-driven everything
• Use Rules Engine to customize CDN IoT

Edge delivery partners

Connect & Extend Protect

Azure
Networking
services
Modernizing your
network
Monitor Deliver
 Internet Analyzer
Monitor
Azure Monitor for Networks
Internet Analyzer
Deploy internet Your real end users,
1
analyzer client your customers around the globe
Delivered with
Easily measure and compare end user your app

experience for your application

P R E VI E W
ACTIVE
PERFORMANCE
Cloud migration MEASUREMENTS
Measure the impact of moving the web app to cloud The
internet
Configure your Test
CDN and app acceleration 2 tests configuration
Measure the performance impact of Front Door and CDN
Your current “What-if”
Perform A/B measurements application application
architecture architecture
Measure end user performance of two versions of app
or impact of multiple region deployments
Measurement data

Get your global

3 perf scorecards
Azure monitor for networks
Monitoring and troubleshooting for cloud and
hybrid networks

PREVIEW

Network insights
• Single health console for the entire cloud network
• No agent/configuration required

GA

Traffic analytics – accelerated processing

 From hours to minutes, faster insights into application and
network activity

Enhanced troubleshooting
• Improved connectivity checks for load balancers, global peering,
cross region connectivity, User Defined Routes, NVAs, ExpressRoute
Azure region to
region round
trip latency
The inter-region average
latency measurements on a
monthly basis

Full Report:
https://docs.microsoft.com/en-us/a
zure/networking/azure-network-lat
ency
 Summary Ignite 19 - Azure Networking Announcements

vWAN – ExpressRoute/P2S GA Azure Bastion GA

Azure Firewall Manager Preview

vWAN - Hub to Hub Preview
Protect PrivateLink – SQL, Storage, Customer PaaS Preview
Azure Peering Service Preview

VNet - IPv6 GA AFD + App Service GA

ER – Satellite GA App Gateway - AKS Ingress Controller GA

ER Enhancements – Monitoring, FastPath, Local for App Gateway – Key Vault GA

GA
Service Providers
CDN - 0-DT GA
Connect ER – MACsec Preview
Deliver
WAF – Metrics GA
&
Extend VPN - High Throughput GA WAF – GeoDB Preview

WAF – BOT Migration & IP Reputation Preview

VPN - IKEv1 GA
WAF - Policy per site Preview
VPN - Packet Capture GA
Net Watcher - Traffic Analytics Accelerated Processing GA
VPN – P2S AAD/MFA Preview
Azure monitor for networks Preview
VPN – Windows Application Preview Monitor
Azure Internet Analyzer Preview

Multi-access Edge Compute (MEC) Tech preview

 Azure Networking Sessions at Ignite
BRK2143 What's new in Azure Networking 11/05 - 11:45 AM –12:30 PM

BRK2144 Selecting the correct network connectivity service for your workloads 11/05 - 3:30 – 4:15 PM

THR3111 GA launch of IPv6 for Azure Vnets 11/05 - 4:20 – 4:40 PM

BRK3138 Global transit network architectures with Virtual WAN 11/06 - 9:15 – 10 AM

BRK3172 Advanced networking best practices with Azure ExpressRoute  11/06 - 3:30 – 4:15 PM

BRK3185 Securing your cloud perimeter with Azure Network Security 11/06 - 2:15 – 3 PM

BRK3168 Delivering services privately in your VNet with Azure Private Link 11/07 - 9:15 – 10 AM

BRK2146 Taking applications and content to the edge 11/07 - 11:45 AM – 12:30 PM

Deliver highly available and secure web applications with Azure Application Gateway & Web Application Firewall
BRK3169 11/07 - 2:15 – 3 PM
(WAF)

BRK3170 Building and Managing distributed micro-perimeters with Azure Firewall 11/07 - 3:30 – 4:15 PM

BRK3171 Using Azure Web Application Firewall to protect your web applications and web APIs 11/08 - 9:15 – 10 AM

BRK2207 The journey to enable mobile edge compute, VNFs and 5G with Azure 11/06 - 11:45 AM – 12:30 PM

WRK3015R Private PaaS with Private Link and DNS integration (Workshop/Instructor Led Lab) 11/07 - 4 – 5:15 PM
© Copyright Microsoft Corporation. All rights reserved.