Azure IaaS/PaaS Connectivity Options?

Anonymous
2020-11-24T22:12:41.067+00:00

Hi,

Hoping someone may be able to help please.

I am working on a project where we have stood up a new MS tenant to act as a central collaboration platform for a number of suppliers. Each supplier has their own tenant and we would like to utilise their tools (software) to bring into the central tenant to reduce costs. The tools range from 365 tools to Autodesk products.

We have successfully invited each of the suppliers into the central tenant where we are using 365 tools successfully. The issue we are having is when building PaaS and IaaS in Azure, we have issues connecting to this level of configuration and authenticating using the Guest account in AAD. One of the suppliers has an always on VPN which routes traffic through and to the internet, so we are considering a site-to-site VPN for this. The other supplier routes Microsoft traffic over the internet, whilst utilising VPN to licence their Autodesk tools.

My question is, what is the best way to connect these two suppliers to the central platform?

A site-to-site VPN will involve reviewing IP ranges so there is no overlap, which will take time, or is there another solution?

For the second supplier, we aren't sure on the solution. Global peering has been considered but again this will require a review of IP ranges to ensure no overlap.

Can anyone help with these queries?

Regards
Ben

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,379 questions
Azure NetApp Files
Azure NetApp Files
An Azure service that provides enterprise-grade file shares powered by NetApp.
83 questions
Microsoft Entra External ID
Microsoft Entra External ID
A modern identity solution for securing access to customer, citizen and partner-facing apps and services. It is the converged platform of Azure AD External Identities B2B and B2C. Replaces Azure Active Directory External Identities.
2,639 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SaiKishor-MSFT 17,181 Reputation points
    2020-11-25T07:30:11.087+00:00

    @bc-consultancy

    Thanks for your question. Based upon your network setup and how you want them to connect to your network, here are some available options-

    • If you have clients connecting from remote locations and from their individual client computers, Azure P2S VPN would work. This is a client-server based VPN which lets your customers connect from anywhere without needing any specific VPN device but from an individual client computer to Azure network directly. Here are more details regarding the same.
    • You can also have your customers setup AOVPN using the same Point to Site VPN setup as given in the document here. AOVPN works similar to Point to Site VPN but just has some added advantages to it. Here is information regarding feature of AOVPN.
    • If you want your on-premise network or customers on-premise network to connect to Azure Virtual Network, you would implement a Site to Site VPN. This type of connection is built over an IPsec/IKE (IKEv1 or IKEv2) VPN tunnel and requires a VPN device located on-premises that has an externally facing public IP address assigned to it. More details are here.
    • If you want connectivity between your virtual network and your customers virtual networks on Azure, you can use Global peering which lets you connect across subscriptions, tenants and regions. Here are more details.
    • Lastly, you also have the option to use ExpressRoute that lets you extend your on-premises networks into the Microsoft cloud over a private connection with the help of a connectivity provider. Here is information on the same.

    Hope this helps. As you mentioned, all of the VPN solutions require that there is no overlapping of the local network with the virtual networks. If you have any further questions regarding these options or any other questions, please feel free to let us know and we will be glad to assist you further. Thank you!

    0 comments