Among the slew of announcements Microsoft unleashed during its AzureCon event earlier this week was the announcement that ExpressRoute, the service that connects customers’ data centers to Azure cloud servers directly and privately, is now available to government agencies using Azure Government, the cloud availability regions hosted in data center halls built specifically for government clients, isolated from infrastructure supporting Azure services for the private sector both physically and logically.
Direct network connectivity to cloud services is a quickly growing market, because it allows users to take advantage of the infrastructure flexibility cloud provides without sacrificing application performance and increasing attack exposure by using cloud services over the public internet. Previously available to customers using Azure’s non-government availability regions, the service is now available to agencies who opt for hosting their cloud infrastructure in data centers designed specifically for government customers and staffed by personnel that goes through special security screening.
Microsoft data centers that host Azure Government, launched in December 2014, are in Virginia and Iowa, but ExpressRoute service for the government cloud is available out of Equinix data centers in Chicago and Ashburn, Virginia. Direct connectivity between Equinix and Microsoft data centers and, if necessary, agencies’ own facilities is enabled by network carriers AT&T, Verizon, and Level 3.
Microsoft chose Ashburn because of its proximity to its own Azure data center in Virginia and to Washington, D.C., John Harvey, director of business development for national cloud programs at Microsoft, said. Chicago is close to the Microsoft data center in Iowa, and he expects most ExpressRoute customers in Ashburn to use Chicago as the fail-over site.
Gov. Cloud Traction with Local Law Enforcement
Driven by a number of IT reform initiatives launched over the past five years, cloud services are in demand by federal agencies. Microsoft, because of its long history as a vendor to the federal government, has gotten a lot of traction in that market, and so have Amazon and VMware.
However, Azure Government is for all public-sector agencies; not just the federal government. Microsoft is working with Riverside County officials in California, for example, to migrate infrastructure from the county’s own data center to the government cloud.
Together with Vievu, a body-worn camera vendor, Microsoft is in talks with Oakland Police Department in California about setting up cloud infrastructure to transport and store video shot by police officers’ body cameras, Harvey said.
Interest in police body cameras is on the rise, following recent police violence incidents around the US that sparked mass protests. If more police officers wear body cameras, however, police departments will have to make major investments in IT infrastructure to transport and store the video those cameras collect. Cloud infrastructure, accessible through trustworthy private connections, can be an effective solution for them.
“We are working with a number of agencies directly on body camera initiatives,” Harvey said.
Generally, Microsoft has put a lot of effort into courting local law enforcement agencies as cloud customers. Earlier this year, the International Association of Chiefs of Police issued a formal recommendation that cloud storage services for all criminal-justice data, including video, comply with the Justice Information Services Security Policy devised by the FBI. Microsoft, in response, has made sure Azure Government complies with the FBI’s guidelines.
Answers to the Big Cloud Questions
Harvey expects most government agencies that use Azure Government to opt for ExpressRoute. Security is an important driver, but it’s also about performance. Core enterprise applications simply don’t perform well enough if hosted in the public cloud.
“When you start talking about enterprise workloads, having that level of connectivity is going to allow you to do more interesting things,” he said.
Brian Hoekelman, VP of business and cloud ecosystem development at Level 3, one of the network service providers enabling ExpressRoute for Azure, said enterprises usually start using Azure over the internet for development and testing, but once they’re ready to deploy in production, they turn to ExpressRoute. The dynamics are similar for AWS, which has a similar service called Direct Connect, he said.
ExpressRoute takes more time and money to set up than simply provisioning VMs through a web browser. But “the performance benefits outweigh the flexibility of going over the internet,” Hoekelman said.
And enterprises seem to be catching on. For service providers like Level 3 and Equinix, providing direct private links to public cloud services is a new and rapidly growing source of revenue. “From a [business] unit percentage growth perspective, it’s one of our fastest growing products,” Hoekelman said.
Security and performance were the two most frequently cited impediments to adoption of public cloud services by enterprises about five years ago, when cloud hype was really picking up. The standard line was that while infrastructure elasticity and the pay-as-you-go model of public cloud were attractive, security and performance weren’t good enough for serious enterprise workloads in production; only for test and dev.
With services like ExpressRoute, Direct Connect, or Google’s Carrier Interconnect cloud service providers seem to have found a way to address those concerns. Customers don’t get quite the ease of use of provisioning VMs through a browser and paying with a credit card – the initial setup takes some time and professional services – but what they get is close to that and at the same time more secure and with more predictable performance.