Here’s a question I get quite often during my compliance and data protection presentations. I thought about writing this post so I can easily redirect folks here. I am all about reusing explanations
Is it Possible to Have a Secure Tunnel Connection to SharePoint Online? My Own Private Connection?
Yes, it is. Using Express Route. Not only to SharePoint Online, but to the whole Office 365. I would say, 80% of the time when folks are looking for this answer is because they are talking about a hybrid environment where they want to integrate their SharePoint on-premise with SharePoint Online and normally involved handling sensitive data.
What is Express Route and What it Does?
ExpressRoute initially was an Azure-only solution that got expanded to Office 365. It’s goal is to establish a private and managed connection to Office 365. What it does is to provide a dedicated network connectivity through a private connection from their (users) network to Microsoft Azure or Office 365.
How Does it Look Like from a Helicopter View?
Here’s a simple diagram of how ExpressRoute can be used with Office 365.
Will Having my Own Private Network to Office 365 Impact Performance?
Yes and No. Network performance will be as predictable as your own on-premises environments, it is up to you then to take care of your own network performance, of course. In some ways this is like having an Office 365 environment in your own datacenter. One added benefit you will certainly have is that using ExpressRoute most Office 365 network traffic can be configured to avoid the public Internet, providing additional data privacy. And here is your answer for privacy and sensitivity concerns.
As usual, your data is still your data.
Who Are the Best Candidates to Use Express Route with Office 365?
Organizations that require a higher class, premium managed connectivity to the cloud. Governments also can use it. Actually Microsoft did this as a development of the famous Safe Harbour case issue.
What if my Company has Multiple Locations Across the Globe?
No worries. ExpressRoute offers something called “circuits” that applies the traffic to different geographic locations with redundancy and geo-resiliency.
Explain a Bit More What these Circuits are…
OK, so these ExpressRoute Circuit are geographically distributed connections that delivers by default 2 active physical connections for high availability. The networking elements are still backed by Microsoft’s connection uptime SLA (99.9 %). On a cool note, as of today, Microsoft is the only public cloud provider to offer this level of guaranteed availability for the connection. An additional benefit is that if you have Azure applications, you can this same single ExpressRoute connection.
How Do I Buy ExpressRoute?
There is no additional licensing costs to use ExpressRoute, however not everyone can guarantee these circuits for you, so you will have to work with the Microsoft Cloud Approved Providers. These guys can guarantee the premium network connectivity required by Microsoft and they have their own price list. Here’s a list of the MS Cloud Approved Providers for your query.
I Want It!! What Should I Do?
Network capacity plan. I mean, you are deciding to setup your own private connection to the public cloud, you’ve got to do your homework Here’s a good link with some guidelines for your network infrastructure plan then contact one of the Approved Providers.
Good Luck. If you’ve done an ExpressRoute for Office 365 project, share your thoughts with the wider community. Love to hear from you.