Azure Connectivity Types

Using Windows Azure, one of the most important aspect during SDLC is the secure connectivity to the cloud service provider. Two main aspects in relation to the connectivity are security and productivity and they should be addressed as early in the process of SDLC to avoid any impact on the expected deliverables.

In this blog we would be addressing the most basic connectivity type i.e. point to site setup and also to allow SQL Azure connectivity to the on-prem SQL Server Management Studio as this is very common issue while getting on with the Azure cloud development.

Azure has provided the following three types of connectivity options:


Virtual Network Point-to-site
A point-to-site VPN also allows you to create a secure connection from your Windows-based computer to your virtual network without having to deploy any special software.

Virtual Network Site-to-site
A site-to-site VPN allows you to create a secure connection between your on-premises site and your virtual network.

ExpressRoute lets you create private connections between Azure datacenters and infrastructure that’s on your premises or in a co-location environment. ExpressRoute connections do not go over the public Internet, and offer more reliability, faster speeds, lower latencies and higher security than typical connections over the Internet

Comparison Table

Here is the table based on different uses cases which is very useful and let’s you determine which type of connectivity would be applicable for your environment.

Virtual Network(Point-to-site) Virtual Network (Site-to-site) ExpressRoute – Exchange Provider ExpressRoute – Network Service Provider
Azure services supported Cloud Services, Virtual Machines Cloud Services, Virtual Machines Refer tovalidated list. Refer tovalidated list.
Typical Bandwidths Typically < 100 Mbps aggregate Typically < 100 Mbps aggregate 200 Mbps, 500 Mbps, 1 Gbps and 10 Gbps 10 Mbps, 50 Mbps, 100 Mbps, 500 Mbps, 1 Gbps
Protocols Supported Secure Sockets Tunneling Protocol (SSTP) IPsec (Refer to VPN page for more details) Direct connection over VLANs NSP’s VPN technologies (MPLS, VPLS, …)
Routing Static Static – We support policy—based (static routing) and route-based (dynamic routing VPN) BGP BGP
Connection resiliency Active-passive Active-passive Active-active Active-active
Typical use cases
  • Prototyping, dev / test / lab scenarios for cloud services and virtual machines
  •  Dev / test / lab scenarios and small scale production workloads for cloud services and virtual machines
  • Access to all Azure services (validated list)· Enterprise-class and mission critical workloads.
  • Backup
  • Big Data
  • Azure as a DR site
  • Access to all Azure services (validated list)· Enterprise-class and mission critical workloads.
  • Backup
  • Big Data
  • Azure as a DR site
SLA Link Link Link Link
Pricing Link Link Link Link
Technical Documentation OverviewHow to guide OverviewHow to guide OverviewHow to guide OverviewHow to guide
FAQs Link Link Link Link

Azure Connectivity type to get developers started

The most basic connectivity to kick start the cloud development process is the point-to-site as it’s satisfies the basic requirements in terms of security and productivity scenarios

For detailed steps to setup point-to-site VPN can be found here.

Connecting to SQL Azure from SQL Management Studio

This is the most important aspect from the development perspective as without this connectivity the development can’t proceed.

In order to connect to SQL Azure here are high level key steps or pre-requisites to be configured, for detailed instructions please visit this blog.

  1. Static IP Address for on-prem machine
  2. Logging on to Azure Management Portal and under database servers section adding the static IP Address of the on-prem machine to the firewall rules allowed
  3. connecting to azure  In a corporate environment you would either need to raise a request with the infrastructure team or Network  Administrator in a small to medium size organisation to allow the outbound traffic from the on-prem machine for port 1433 to the Azure datacentre in whichever region your cloud services are provisioned. As part of the request the destination IP’s needs to be provided for Azure Datacenter which can be downloaded from here: 
  4. From security standpoint any connectivity to SQL Azure happens over SSL enabled endpoint as Azure          doesn’t allow un-encrypted traffic.

Note: once firewall rules are in place connect to SQL Azure from Management Studio and enable the Encrypt Connection option under “Connection Properties” tab for secure connection.

See the image below to setup the encryption option from SSMS:


This pretty much should get you started with the basic connectivity to sql azure without involving your network teams.

In order to explore or find out about other Azure connectivity types and the setup details please refer to the technical documentation section in the above comparison table.

Useful Links

Site-to-Site Connectivity

ExpressRoute Connectivity