ExpressRoute for Azure: Will the UK be left out?
There's a disconnect in the way Microsoft talks about ExpressRoute and how its partners will likely talk about it, worries Steve Cassidy...
For IT professionals, the current round of announcements from Microsoft can feel like a bit of a betrayal. Certainly judging by Twitter reactions to the keynote addresses at TechEd 2014 last week in Houston, there were a lot of people in the audience who thought their investment in current on-premises high-performance server software was being under-addressed by a series of big presentations on all the changes and smart new features in Windows Azure.
I wasn't at TechEd that pleasure was reserved for Caroline Donnelly of these cloisters but I was in Redmond the preceding week, evidently mixing up the role of sage commentator with an unexpected side-job of Keynote Rehearsal audience and feedback provider. As is normal for these briefings, it was two solid days of end-to-end PowerPoint (and sometimes, Powershell) presentations and demonstrations, with a heckling rate of about one question per 10 minutes, just to keep us all awake and alert as the narrative wandered about. That's how we discovered that the implausibly high number of Azure Active Directory authorisations (up in the billions) were actually a measure of bugs in Outlook rather than a sign that several planets-worth of humans were checking their emails.
As a grey-haired techie who has to make this stuff work for real, I was quite interested by the obvious lessons Microsoft has learned from the School of Hard Knocks when it comes to gluing together the quite different worlds of corporate computing: the Azure Cloud and hosted web-spaces. The output of those lessons are in quite diverse areas if you are sitting inside a large IT department with separate roles embodied by different teams or individuals. Which is to say, it's not going to be easy to mount a one-man Azure feasibility study if you want to take it all in, without getting your firewall, telecoms, Corporate Data Security and Governance teams all "bought in" (I promised to write this without appearing to sneer at the buzzwords of 2014 IT management speak).
You may not be too amazed to hear that I am not proposing to fit two days of Powerpoint into one article. I want to focus mainly on an issue which IT people often find is poorly received by cloud people; the non-trivial problem that if you are not already in the cloud, it can be the absolute devil of a job to actually get all your data moved there.
Often, I find, cloud people think that all there is to a company's data is their website, and that all those heavy metal servers whirring away in office blocks all across the planet are actually redundant, or from years past and can be safely turned off if only the empire-building insiders faced up to the new wave of technology. In reality, there's a whole lot of large and poorly curated corporate data, and the upload or recovery time to a cloud service in these cases can be measured in weeks or months.
In the past, Microsoft didn't really discuss this in its Azure presentations. The attitude was that if you have an IP address, and your Azure VMs and other resources have some too, then that's all you need to move your stuff between the two repositories. This time round, though, it was different. Discussions about where and how Azure's own internal network touches other networks were being driven by experiences of moving terabytes of company data up into the cloud something that is only possible if you put a stack of hard disks in some appropriately squishy containers and drive to the actual point-of-presence routing centre, or get yourself a relationship with one of the shadowy companies which own and operate the big fat pipes that underpin all our internet traffic.
This is great, so long as you are already familiar with the careful selection of network partners. Microsoft was clearly best schooled in the services provided by predominantly US-centred operations including Equinix and Verizon. In these cases, you can either land a full-fat Ethernet equivalent point to point circuit in the nearest hosting centre run by one of these businesses, or go about it the opposite way, commissioning them to run a dedicated Internet link to your offices, most likely using a service called MPLS.
I have to say, as soon as I saw those initials on screen, I started covering my face with my hand. And sure enough, once the splat-panel of corporate partner logos was up on screen, I was right the UK partner for this style of connection is BT.
MPLS is not without its downsides, BT or no BT: It is presented as nearly perfect, being a means of tying together widely separated internet resources into a much more deeply secured and separated VPN than can be achieved with the more commonly encountered public net-traversal technologies such as IPSEC or SSL. Internet companies love it, because once inside an MPLS contract it is remarkably difficult to get out you'd have to move all your endpoint connections at once, and re-direct any incoming traffic. It's a tall order and these days Net-dependent businesses are being much more wary of a single source of service than they were a few years ago when MPLS was all the rage with every white-shirted salesman.
Where my fears for UK adoption really take off isn't with the technology. I can well see how a business intending to spend at least 18,000 ($30,000) on Azure Cloud wouldn't balk at a 10,000 p.a. extra internet pipeline, no matter who it comes from.
My concern is that the BT that talks to Microsoft is most certainly not the BT that comes out and talks to customers. This part of the empire isn't even part of the empire it will more often than not be a BT Local Business operation. These are a very mixed bag: I am sure there are good ones, but I haven't met them yet. They tend to be extremely sales-oriented, and they have a brief that ranges far wider than the narrow scope of specialisation which high-performing Internet links demand. The worst thing they can do to a business is bundle up all the services landlines, mobile contracts, and internet connections as if a company is just like a private individual, only more profitable. Then on top of that goes usage clauses, setting out penalty payments if you fail to reach the level of charges which they estimate you will need to support your various types of communications.
This is a world away from what Microsoft expects to see realised by implementing just ExpressRoute to make your hybrid cloud deployment a reality. Yet its ExpressRoute FAQ encourages the hardcore techie changed with an Azure interlink to make contact with one of their partners, and sort out the WAN topology as a pre-requisite to provably secure high performance cloud-to-premises linkups. Advice which manages to pack a huge amount of negotiating, comfort-zone desertion, blind alleys, entrapment, budgetary meltdown and plain ordinary confusion into a few short words of mission statement like saying that building the Eiffel Tower started by buying a spanner.
I think the architecture options for midsized networks offered by Azure are exceedingly clever, and will mature rapidly where fast internet pipelines are easily presented but I am very concerned by the narrowness of the partner choices within the UK. History shows that BT can sink an offering it feels is not in their interests, unless there is a realistic competitor in the same sector, there to chivvy them along and give the customer some choices. Microsoft is at risk here, in my opinion, of entrusting one of its smartest moves to one of the least smart players in our market right now.
Key considerations for implementing secure telework at scale
Identifying the security risks and advanced requirements of a remote workforceDownload now
The State of Salesforce 2020
Your guide to getting the most from SalesforceDownload now
Fast, flexible and compliant e-signatures for global businesses
Be at the forefront of digital transformation with electronic signaturesDownload now
Rethink your cybersecurity strategy for the new world
5 steps to secure the enterprise and be fit for a flexible futureDownload now