Providing private, encrypted connectivity to Azure Virtual Networks.
Virtual Private Network
...
We can use VPN technology to secure VNet in Azure.
...
VNet Peering | VPN |
|---|---|
Designed to VNet-to-VNet connectivity | Designed for hybrid connectivity (site-to-site, point-to-site) |
Supports cross-subscription, cross-region, cross-Azure AD tenant | Similar experience (cross-subscription, cross-region) |
Leverages Microsoft Backbone for private IP address connectivity | Requires a public IP address for VPN termination point |
Used for private, low-latency limitless bandwidth connectivity | Used where encryption and/or transitive routing is needed |
ExpressRoute
It can provide a more direct and secure connection to Microsoft Cloud Services. It does not go over the public internet.
...
ExpressRoute | VPN |
|---|---|
Provides secure connectivity to VNet and Microsoft 365 | Provides secure connectivity to VNet only |
Does not traverse public internet | Traverses public internet (between point/site and Azure) |
Does not leverage encryption by default (IPsec & MACsec) | Traffic is encrypted by default as part of an end-to-end tunnel (IPsec) |
Supports up to 100 Gbps per second connectivity with ExpressRoute Direct | Supports up to 10 Gbps per second only |
Virtual WAN
It helps to automate and optimize connectivity using the Hub-and-Spoke network architecture and we can connect that with VNet Peering. Finally, we can combine that architecture with ExpressRoute into a larger hybrid integrated virtual network.
...
We don’t need to manage the architecture, Microsoft does it with Azure Virtual WAN because it’s becoming too complex. So, to simplify that, we can use Azure Virtual WAN.
...