Hybrid cloud connectivity

In a hybrid cloud, some applications are hosted on-premises, whereas others reside in the cloud. Ideally, where these applications live is transparent to end-users. In other words, cloud-resident applications should appear to be within the on-premises network, with appropriate IP addressing and
routing. Applications in the cloud are configured to be in the same IP range as those in the datacenter
through the Microsoft Azure portal.

There are a number of approaches to achieving this type of location transparency. This section describes four separate ways to connect a datacenter to Azure:

 Point-to-site connectivity
 Site-to-site connectivity
 Azure ExpressRoute (via an Exchange Provider)
 ExpressRoute (via a Network Service Provider)

The choice you make will depend on the how you calculate the bandwidth/cost tradeoff; the need, or
not, to be isolated from the open Internet; and how geographically dispersed your sites are.


Point-to-site
Using the Internet, you can create such a virtual private network (VPN) in two ways. The first is called point-to-site connectivity, in which the VPN is configured through software on individual client computers in the datacenter. The least expensive of all the options, point-to-site connections are useful when only a few machines on-premises need connectivity to the cloud, or when the connection is from a remote or branch office.


Site-to-site
Another approach is called site-to-site connectivity. In this configuration, a datacenter deploys a hardware VPN gateway to link the on-premises datacenter in its entirety with applications and data in
the cloud. The hardware gateway must have a public-facing IP address and a technician must be
available to perform the configuration.


ExpressRoute via an Exchange provider
When it comes to accessing their cloud applications, many enterprises want configurable and deterministic network latency. They might also want their network traffic isolated from the public
Internet. To support these requirements, a direct connection from the datacenter to Azure using a
partner telecommunications carrier, called ExpressRoute, is provided, as depicted in the illustration that follows. Although this is potentially a more expensive solution, ExpressRoute provides the fastest connectivity as well as isolation from the Internet, essentially by connecting via a “dedicated line.” A full list of supported telecom providers for ExpressRoute is available on the Microsoft website at https://azure.microsoft.com/en-us/documentation/articles/expressroute-locations/.


ExpressRoute via network service provider
In addition, it is possible to connect through a telecom network service provider such that Azure
simply appears as another site on the enterprise’s wide area network. As with the previous approach, by using a telecom provider as the transport, you can negotiate bandwidth with the provider and, of course, network isolation is provided. You will need to work with your telecom provider to find the best approach for your organization.

Source of Information : Microsoft Enterprise Cloud Strategy