Network Service Description

Similar documents
Oracle Cloud. Using Oracle Network Cloud Service - FastConnect Standard Edition E

GÉANT L3VPN Service Description. Multi-point, VPN services for NRENs

XO Wide Area Network ( WAN ) Services IP Virtual Private Network Services Ethernet VPLS Services

AT&T NetBond for SoftLayer

Features. HDX WAN optimization. QoS

COMCAST ENTERPRISE SERVICES PRODUCT-SPECIFIC ATTACHMENT SOFTWARE-DEFINED WIDE AREA NETWORKING (SD-WAN)

MPLS in the DCN. Introduction CHAPTER

Oracle Cloud Using Oracle Cloud Infrastructure FastConnect Classic

Managed WAN SLA. Contents

Managed WAN SLA. Contents

Deploying Windows Server 2003 Internet Authentication Service (IAS) with Virtual Local Area Networks (VLANs)

Cloud Operations for Oracle Cloud Machine ORACLE WHITE PAPER MARCH 2017

Building Infrastructure for Private Clouds Cloud InterOp 2014"

SERVICE DESCRIPTION MANAGED FIREWALL/VPN

Introduction to iscsi

Managed Internet Service (MIS) gives you these features:

Barracuda Link Balancer

Truffle Broadband Bonding Network Appliance

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Transform your network and your customer experience. Introducing SD-WAN Concierge

Tunneling Configuration Guide for Enterprise

Address new markets with new services

Viewing IP and MPLS Multicast Configurations

RACKCONNECT GLOBAL PRODUCT DEEP DIVE:

Cloud Leased Line (CLL) for Enterprise to Branch Office Communications

MASERGY S MANAGED SD-WAN

Technical Overview of DirectAccess in Windows 7 and Windows Server 2008 R2. Microsoft Windows Family of Operating Systems

Product Technical Specification

West AT&T TXT Power Service Guide

Exam: : VPN/Security. Ver :

Network Configuration Example

GÉANT IP Service Description. High Performance IP Services to Support Advanced Research

AT&T SD-WAN Network Based service quick start guide

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

Unity EdgeConnect SP SD-WAN Solution

Transform your network and your customer experience. Introducing SD-WAN Concierge

ALCATEL Edge Services Router

Q-Balancer Range FAQ The Q-Balance LB Series General Sales FAQ

Configuration Example

MPLS VPN--Inter-AS Option AB

How Cisco ASR 1000 Enables Cisco Business Strategies by Providing Capacity and Resiliency for Collaborative Applications

Cisco Dynamic Multipoint VPN: Simple and Secure Branch-to-Branch Communications

India Operator BNG and IP Router

Microsoft RemoteFX for Remote Desktop Virtualization Host Capacity Planning Guide for Windows Server 2008 R2 Service Pack 1

VMware vcloud Air Accelerator Service

SLA. Service Level Agreement v1.0. Published: September 2014

Open Text Notice. Deployment Guidance Solutions for Microsoft Office SharePoint Server 2007 and Open Text Services A Joint White Paper

Network Services Internet VPN

Service Description Safecom Customer Connection Version 3.5

MANAGED WAN SERVICE GENERAL Service Definition Standard Service Features. Monitor and Notify Service Level Monitoring Notification

Digital Advisory Services Professional Service Description SIP SBC with Field Trial Endpoint Deployment Model

AT&T NetBond User Guide

Cisco Group Encrypted Transport VPN

Small Enterprise Design Profile(SEDP) WAN Design

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

90 % of WAN decision makers cite their

Media Flow Around (MFA)

Edge for All Business

Customer Onboarding with VMware NSX L2VPN Service for VMware Cloud Providers

Delivering the Wireless Software-Defined Branch

Virtualized Network Services SDN solution for service providers

Pass-Through Technology

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills CA USA White Paper

SPECIFIC SERVICE TERMS FOR GLOBAL CROSSING ENTERPRISE VoIP TOLL-FREE SERVICES

Implementing Cisco IP Routing (ROUTE)

4.1.2 NETWORK-BASED IP VIRTUAL PRIVATE NETWORK SERVICES (NBIP-VPNS) (L , C.2.7.3, M.2.1.2)

MPLS VPN Inter-AS Option AB

Digital Advisory Services Professional Service Description SIP IP Trunk with Field Trial for Legacy PBX Model

The Learning Network of Minnesota Blueprint for Higher Education

LMEnet. Market Participant Connectivity Guide. Please respond to: Technical Account Management LME.COM

SD-WAN Transform Your Agency

SD-WAN Solution How to Make the Best Choice for Your Business

Citrix CloudBridge Product Overview

Campus Network Design. 2003, Cisco Systems, Inc. All rights reserved. 2-1

For Ethernet and IP/MPLS networks

Campus Network Design

For Ethernet and IP/MPLS networks

BGP Case Studies. ISP Workshops

Connectivity FastConnect Level 200. Jamal Arif November 2018

Configuring Cisco IOS IP SLAs Operations

Virtualized Network Services SDN solution for enterprises

NOAA TICAP. Robert Sears NOAA/OCIO/SDD/N-Wave

3/10/2011. Copyright Link Technologies, Inc.

SERVICE DESCRIPTION DEDICATED SERVER

Designing Windows Server 2008 Network and Applications Infrastructure

3.4 NON-DOMESTIC SERVICES (L )(C.2.1.9)

31270 Networking Essentials Focus, Pre-Quiz, and Sample Exam Answers

E1-E2 (EB) Chapter 7 NIB II

How Teridion Works. A Teridion Technical Paper. A Technical Overview of the Teridion Virtual Network. Teridion Engineering March 2017

Digital Advisory Services Professional Service Description SIP Centralized IP Trunk with Field Trial Model

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Sage 200 Online. System Requirements and Prerequisites

Sample excerpt. HP ProCurve Threat Management Services zl Module NPI Technical Training. NPI Technical Training Version: 1.

Veritas Access Enterprise Vault Solutions Guide

Managing Site-to-Site VPNs: The Basics

CCNA and CCNP (Routing) with 12 years of experience Networking/Security Domain, Currently working with Cognizant as a Infra Ops SpecialistPune.

Configuring Servers and Services in Helm A guide to configuring Helm to effectively use your multi-server environment.

WorldExtend Environment Preparation Guide

Network Design with latest VPN Technologies

CLOUD GATEWAY USER GUIDE

Transcription:

Network Service Description Applies to: Office 365 Dedicated Topic Last Modified: 2015-09-03 Contents... 1 Network Architecture... 2 Customer Connectivity to Services... 5 Customer-Owned Private Network Connection... 6 Internet IPsec VPN... 8 Connectivity Design Principles... 9 IP Addressing... 10 Important: The content of this description applies only to existing Office 365 Dedicated customers with established private networking services. Prospective customers will use the Office 365 Dedicated vnext release and its networking implementation. Contact your Microsoft account team for more details. Note: Unless otherwise indicated, the information in this service description also applies to the International Traffic in Arms Regulations (ITAR-support) version of Office 365. Page 1 of 10

This service description presents the Microsoft networking infrastructure components and features that support the delivery of services for the Dedicated plans of Office 365 for enterprises. The information applies to the following services: Exchange Online Dedicated SharePoint Online Dedicated Lync Online Dedicated Network engineers and system integrators who work with your organization to deploy Office 365 services should review this service description. Network Architecture The network architecture for Office 365 Dedicated is divided into three distinct security zones: Customer Network, Managed Network, and Management Network. Each security zone is implemented as a virtual network. Customer Network The Customer Network represents your organization's on-premises enterprise network environment. The Customer Network elements include the router and network security enforcement point (NSEP) equipment. They are installed between your on-premises environment and the Microsoft data center. Managed Network There is a Managed Network provided for each organization with an Office 365 Dedicated plans subscription. The network is a separate, dedicated security zone that contains the Microsoft hosted systems that provide your Office 365 Dedicated services and store your email and data. This network also contains an Active Directory forest that includes a replication of your organization's Active Directory user, contact, and distribution group objects. The Managed Network includes two gateway networks (GNs): one associated with the Internet (GN/I) and the other with the Customer Network (GN/C). Page 2 of 10

GN/I: This is a load-balancing hardware component. The devices deployed here are represented by virtual IP (VIP) addresses hosted on a hardware load balancer s network interface. These devices are usually deployed in conjunction with servers on the Managed Network and are protected using NSEP equipment for external (Internet) traffic. GN/C: This is utilized to implement your enterprise-facing hardware load-balancing solutions that replicate the functionality implemented in the GN/I. GN/C traffic uses the private network connectivity between your on-premises environment and the Microsoft data center. Management Network The Management Network contains the infrastructure elements that are shared across multiple organizations subscribing to Office 365 Dedicated such as Office 365 Dedicated monitoring systems. It includes components such as the Microsoft backup and monitoring systems. It also includes an Active Directory forest that contains the user accounts that are required to operate the services and servers for the Management Network and Managed Network security zones. The following diagram illustrates the Microsoft network architecture and security zone components for Office 365 Dedicated. Page 3 of 10

Virtualization is used throughout the network architecture to maintain separation and abstraction on a per-customer basis. Implementation involves using virtual local area networks (VLANs) at Layer 2 (switching), virtual routing and forwarding (VRF) at Layer 3 (routing), and Layer-3 VPNs at the transport layer. The transport layer relies on the extensive use of Multiprotocol Label Switching (MPLS) within the Microsoft backbone network. Customer Responsibilities Maintain your internal IT infrastructure and network. Provide connectivity to the Microsoft data centers. Maintain the Customer Forest in Active Directory which hosts the primary user accounts used for authentication, contacts, and distribution groups. Page 4 of 10

Customer Connectivity to Services Microsoft supports both public and private networks to access and consume Office 365 Dedicated services as demonstrated in the following illustration. Private network The private network offering is the default method of service consumption. It offers the greatest variety of service options. Private network connectivity helps enable the direct extension of your corporate/enterprise network environment into the Microsoft datacenter environment. Public network The Internet is the public network. An Internet Protocol security (IPsec) virtual private network (VPN) connection provides secure connectivity between your on-premises environment and the Microsoft data center. Internet-based clients can connect to applicable services directly from public Internet locations, like hotspots, hotels, or airports. Page 5 of 10

The following sections describe the two connectivity options in more detail. Connectivity design principles and IP addressing are also covered. Customer-Owned Private Network Connection Your organization can connect to Office 365 Dedicated services using connections that (a) you own and operate or (b) are supplied by your designated provider. Private networking is the primary Office 365 Dedicated connectivity option and gives you the ability to host equipment within a Microsoft designated peering point, referred to as an edge site. An edge site is a third-party carrier meet-me Room (MMR) facility associated with a carrier hotel or anchor site. Edge sites have ubiquitous connectivity to the Microsoft global backbone. Microsoft provides only the rack, space, power, cooling, and access to the equipment. You are responsible for ownership and management of the equipment. Customer Responsibilities Provide a 1 or 10 gigabit (GB) single mode fiber optic Ethernet hand-off from a Layer-3 peering device to Microsoft. Own and manage all aspects of connectivity including equipment and circuits. This includes ensuring that you provide Microsoft with clear, consistent, and updated documentation of deployed hosted network equipment and connectivity. Ensure that your provisioned transport is symmetric to each peering location within a region where hosted data centers are deployed. This symmetry implies mirroring of capacity and capability in the peering locations. For more information, see the Office 365 Dedicated Network Connectivity Guidance document within the Release Documentation area of the Customer Extranet site (available only to Office 365 Dedicated customers). Provide Microsoft with the port and access speed as well as any type of rate limits, like the committed information rate (CIR). Provide Microsoft with periodic (monthly) updates on capacity and utilization for use by Microsoft as input for network capacity planning. Page 6 of 10

Microsoft Responsibilities Enable your organization to host network equipment inside an Office 365 Dedicated edge site. Microsoft provides power, space, and cooling for the hosted equipment and access to the equipment. Hosting of your network equipment is limited to a standard network deployment pod. This pod consists of: A pair of industry standard 2-rack unit routers. Layer-2 switches. Firewalls. Other networking equipment that you provide. The total allowance for the pod is 12 rack units (12U). The maximum allowed power consumption of a pod is 1650 watts per edge site. Hosting of network equipment variants that do not fit within this pod design are considered an exception. Exceptions approved by Microsoft will incur additional service fees. Work with you and your carrier personnel to terminate circuits at, and enable connectivity with, the Microsoft data centers serving your region. Provide ongoing support for you or your carrier personnel to access equipment that is located in an Office 365 Dedicated edge site. Limitations Microsoft does not provide support for customer-owned wide-area network (WAN) acceleration and caching devices used with Office 365 Dedicated services. If you use a WAN optimization controller to improve performance under conditions of high latency or low bandwidth, you will need to disable it during service request troubleshooting with Microsoft. If the added WAN equipment causes network problems, you must seek support from your device vendor. For more information, see Using WAN Optimization Controller devices with Office 365. Page 7 of 10

Internet IPsec VPN Internet IPsec VPN is an Internet-based, encrypted VPN that uses the same Internet service provider (ISP) on both sides of the VPN to optimize performance and reliability. The Internet IPsec VPN should only be used during the deployment process to mitigate long lead time Multiprotocol Label Switching (MPLS) connections and as a redundancy solution paired with the customer-owned connection. While Internet IPsec VPN is a viable transport technology, experience has shown that interoperability and operational issues reduce its use to a support role and not as the primary means of connectivity. Microsoft places a limit of six (6) VPNs per customer at each peering location. If more than six VPNs are required, Microsoft allows your organization to host equipment inside an Office 365 Dedicated edge site to provide additional VPN capacity. For assistance with setting up a VPN solution for your environment, contact your Microsoft service delivery manager (SDM). Customer Responsibilities Confirm that the ISP connects to Microsoft. Ensure that your provisioned transport is symmetric to the primary and secondary data center. This symmetry implies mirroring of capacity and capability in both Office 365 Dedicated edge sites. For more information, see the Office 365 Dedicated Network Connectivity Guidance document within the Release Documentation area of the Customer Extranet site (available only to Office 365 Dedicated customers) for more information. Provide Microsoft with the port and access speed as well as any type of rate limits, such as the CIR. Provide Microsoft with periodic (monthly) updates on network capacity and utilization for use by Microsoft as input for network capacity planning. Provide router equipment at your sites. Microsoft Responsibilities Provide the terminating router and ISP connectivity for six VPNs. Page 8 of 10

Connectivity Design Principles As an Office 365 Dedicated plans customer, your organization is required to support the following design factors when planning network connectivity to Microsoft data centers: Bandwidth. It is critical that your organization perform initial planning and ongoing capacity analysis to ensure that adequate bandwidth is available to reach Office 365 Dedicated services at all times. These processes require accurately predicting bandwidth demand and ensuring that proper measuring tools are in place to monitor usage. We recommend that you provision a separate link for Internet access if the Internet IPsec VPN option is used as a primary connection link. Latency. Latency is a critical network factor that directly affects perceived and actual performance for a specific Office 365 Dedicated service. Each Office 365 Dedicated service provides general guidance for acceptable round-trip time (RTT) between your data center and the Microsoft data centers. When provisioning VPNs, tests must be conducted ahead of time to ensure that RTT is within acceptable tolerances. Reliability. Microsoft requires that all connectivity is provisioned in a redundant manner. For your customer-owned private connection, this is expected to be accomplished by providing connections relative to the service provisioning points. When selecting Internet-based VPNs, Microsoft does not offer a service-level agreement (SLA) for availability on networks that it does not directly own or operate. A multiple-vpn configuration is required to provide increased reliability and redundancy. Microsoft connectivity. To enable Internet IPsec VPN connections to as many ISPs as possible, Microsoft has a policy of open peering with any carrier that wishes to connect with it. This policy has enabled peering relationships with thousands of ISPs, and has positioned Microsoft in the top five of the best-connected networks in the world. Microsoft actively manages capacity for its owned connections and equipment to ensure that there are no capacity-related outages. Links that are starting to saturate are proactively upgraded as needed. BGP peering. The Border Gateway Protocol (BGP) is used for route exchange over all peering sessions used for connectivity via customer-owned circuits. As part of the networking activation process, information is required about the number of prefixes that your organization plans to advertise. Microsoft requires route summarization or aggregation to limit the number of prefixes received. We also deploy the BGP maximum-prefix feature to ensure that a sudden spike in advertisements does not adversely impact equipment and peering. The maximum number of prefixes allowed for the peering session is set to 5000. In addition to providing prefix information, your organization is required to summarize all routing announcements to ensure optimal routing table size. Page 9 of 10

IP Addressing Microsoft network configuration work includes allocation of IP address space in order to deploy Office 365 Dedicated services to your organization. Microsoft provides publically registered IP addresses from the address space allocated for your organization. You will need to configure routing on your internal network to route traffic to Microsoft over your private connection. For more information, See the Office 365 Dedicated Network Connectivity Guidance document within the Release Documentation area of the Customer Extranet site (available only to Office 365 Dedicated customers) for more information. Note: For the Office 365 Dedicated offering, only the IPv4 protocol is supported at this time. The information contained in this document represents the current view of Microsoft Corporation on the topics described as of the date of publication. Because Microsoft must respond to changing market conditions, the content of this document should not be interpreted to be a commitment on the part of Microsoft. The accuracy of any information presented after the date of publication cannot be guaranteed by Microsoft. The Information is provided for marketing purposes only and cannot be incorporated within, or attached to, any type of agreement. This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give the user (you) any license to these patents, trademarks, copyrights, or other intellectual property. Page 10 of 10

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback