Providing private, encrypted connectivity to Azure Virtual Networks.
Virtual Private Network
We can use VPN technology to secure VNet in Azure.
VNet Peering | VPN |
|---|---|
Designed to VNet-to-VNet connectivity | Designed for hybrid connectivity (site-to-site, point-to-site) |
Supports cross-subscription, cross-region, cross-Azure AD tenant | Similar experience (cross-subscription, cross-region) |
Leverages Microsoft Backbone for private IP address connectivity | Requires a public IP address for VPN termination point |
Used for private, low-latency limitless bandwidth connectivity | Used where encryption and/or transitive routing is needed |
ExpressRoute
It can provide a more direct and secure connection to Microsoft Cloud Services. It does not go over the public internet.
ExpressRoute | VPN |
|---|---|
Provides secure connectivity to VNet and Microsoft 365 | Provides secure connectivity to VNet only |
Does not traverse public internet | Traverses public internet (between point/site and Azure) |
Does not leverage encryption by default (IPsec & MACsec) | Traffic is encrypted by default as part of an end-to-end tunnel (IPsec) |
Supports up to 100 Gbps per second connectivity with ExpressRoute Direct | Supports up to 10 Gbps per second only |
Virtual WAN