ExpressRoute : ExpressRoute provides direct connectivity to Azure cloud services and connecting Microsoft’s global network. All transferred data is not encrypted, and do not go over the public Internet.
connections use a private, dedicated connection through a third-party connectivity provider to provide a direct connection between on-premises network and Azure.
Using express route organizations/users can connect to several Microsoft cloud services (cloud products e.g. Microsoft dynamics 365, Microsoft Azure and Office 365)
Key Points & Benefits :
ExpressRoute uses layer 3 connectivity and security standards.
ExpressRoute connects the edge router of the on-premise network and Azure infrastructure with redundancy capabilities.
Express route allows organizations to connect to Microsoft cloud services anywhere in the world.
Express route improves security and privacy by avoiding sensitive traffic going over the public internet
- Microsoft uses BGP to establish routing between the local network, Microsoft public addresses, and Azure.
Much higher bandwidth available (up to 10 Gbps).
ExpressRoute provides dynamic scalability to help meet organizational needs (from 50 Mbps to 10 Gbps).
Supports dynamic scaling of bandwidth to help reduce costs during periods of lower demand.
99.9% availability SLA across the entire connection.
Considerations :
- The setup and configuration for ExpressRoute is more complex, and will require collaboration with the connectivity provider.
- ExpressRoute requires the on-premises installation of high-bandwidth routers.
ExpressRoute circuit is handled and managed by the connectivity provider.
ExpressRoute doesn’t support the Hot Standby Router Protocol (HSRP). You’ll need to enable a Border Gateway Protocol (BGP) configuration.
VPN Gateway : VPN Gateway provides secured connectivity to Azure cloud services over public Internet. All transferred data is encrypted in a private tunnel as it crosses the internet.
Key Points & Benefits :
Gateway Routing of VPN gateways is based on Dynamic and static routing.
It supports Secure Socket Tunneling Protocol, IP Sec protocol.
Much higher bandwidth available (up to 10 Gbps depending on the VPN Gateway SKU)
- Connect your datacenter to Azure (Azure VPN Gateway connects your on-premises networks to Azure through Site-to-Site VPNs).
- Connect to your Azure virtual networks from anywhere (Point-to-Site VPN lets you connect to your virtual machines on Azure virtual networks from anywhere).
Considerations :
Requires an on-premises VPN device.
Although Microsoft guarantees 99.9% availability for each VPN Gateway (SLA only covers the VPN gateway, and not your network connection to the gateway).
- Select proper Gateway SKU. (Bandwidth depends on SKU selection).
Key Difference :
Conclusion :
ExpressRoute is better suited to high-speed and critical business operations. VPN Gateway is cheaper than ExpressRoute and suitable for the small organization.