Friday, December 30, 2016

Azure VPN performance

I’ve be working a lot recently with Azure VPNs thanks to the development of my new online course:

CIAOPS Azure VPN course

One of options you need to select when you create a new Azure VPN gateway is the SKU.

image

With all the VPNs I had been working with I’d always just left the option set as Standard but then I wondered whether selecting another VPN SKU made any real difference?

I therefore set out to do some basic testing of the performance of the different Azure VPN SKUs to get an indication of what differences, if any, there was between them.

The place to start if you want more information about Azure VPN Gateways is here:

About VPN Gateway

In my case, I started with 6.9GB of data, composed of a number of large PST files (100 – 500MB each) that I would copy between local and Azure VM’s via an Azure VPN.

I kept the VMs at both ends the same and only recreated the VPN gateway as needed, with a different SKU each time. I did all the transfers using drag and drop from Windows Explorer.

clip_image001

You can see the speed test results from the link that I had my local VM connected to the Internet with.

After copying the 6.9GB of data up from the local VM to Azure and then back down from Azure my results showed that there was no appreciable difference in performance between any of the Azure VPN SKUs. The time taken to upload or download the data was identical at around 12 minutes or around 720 seconds. That is about 9.81 MB/s in my maths (6.9 x 1,024)/720 up and down.

When you look at the quoted VPN gateway throughput you find that Basic and Standard are around 100Mbps, while High Performance is 200Mbps. However, as the Microsoft notes:

“The VPN throughput is a rough estimate based on the measurements between VNets in the same Azure region. It is not a guaranteed throughput for cross-premises connections across the Internet. It is the maximum possible throughput measurement.”

So, based on my rudimentary tests, I didn’t see any difference in performance based on the different VPN SKU’s.

image

Where a major difference surfaces is price. If you go to the Azure pricing calculator and calculate the monthly cost of the different VPN SKUs you find that to run for a full month the Basic VPN SKU costs AU$34.11.

image

The Standard SKU costs AU$180.05 (428% higher) and

image

the High Performance SKU costs AU$464.34 (12,610% higher than the Basic SKU).

Based on my rudimentary transfer tests, and provided you don’t need some of the additional features of the more advanced VPN SKUs (such as additional IPSec tunnels) then I have to say that probably for most cases, the Basic VPN SKU is more than adequate. Thus, from what I can determine, the Basic Azure VPN SKU is the most cost effective option.

However, I’m sure when you get lots of varied traffic, with different file sizes and a more typical work environment the more advanced Azure VPN SKUs shine but as I said, from I see, the Basic SKU is a great place to start when you want to connect your environment securely to Azure.

The other value that I’ll share with you is the fact that creating a VPN Gateway using the Azure Resource Manager (ARM) portal takes about 40 minutes. It is easy enough to change the Azure VPN SKU you use over time but remember that, if you do want to change the Gateway SKU, you’ll need to delete the existing Gateway and create a new one. And that will take about 40 minutes to complete.

In summary, my take aways from this rudimentary testing of the different Azure VPN SKUs is that, in the SMB world, a Basic VPN SKU appears to be the most cost effective, unless you need some specific advanced VPN features. It is also easy enough to upgrade the Azure VPN Gateway at any time but doing so requires about 40 minutes of creation time.

So, for about AU$35 per month (excluding traffic costs out of Azure of course) you can get a secure VPN connection from Azure to your on premises infrastructure, and that ain’t expensive at all for the flexibility it provides!