Share via

How to choose azure region for s2s?

Khushboo Kumari 107 Reputation points
2023-08-29T16:12:10.41+00:00

Hi,

I want to know how to choose the best azure region for s2s. Let's suppose my on-prem set up is in India and want to access the resources of azure, so in this scenario how to select the best azure region,like we have to select the nearest auzre region to on-prem or we can also go for the other regions as well. And what are the things we have to keep in mind before select the azure region?

Azure VPN Gateway
Azure VPN Gateway
An Azure service that enables the connection of on-premises networks to Azure through site-to-site virtual private networks.
1,795 questions
Azure
Azure
A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.
1,455 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,773 questions

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jackson Martins 10,606 Reputation points MVP Volunteer Moderator
    2023-08-29T16:19:40.2933333+00:00

    Hi @Khushboo Kumari
    Choosing the appropriate Azure region for a Site-to-Site (S2S) VPN connection involves several factors that you need to consider.

    you can try using the azure latency website to check the lowest latency next to your environment:

    https://www.azurespeed.com/Azure/Latency

    User's image

    Get in touch if you need more help with this issue.

    --please don't forget to "[Accept the answer]" if the reply is helpful--

  2. ChaitanyaNaykodi-MSFT 27,476 Reputation points Microsoft Employee Moderator
    2023-08-29T17:52:47.9466667+00:00

    @Khushboo Kumari

    Thank you for reaching out.

    In order to choose an Azure region for your S2S VPN you can consider following points.

    • Latency: The closer the Azure region is to your on-premises setup, the lower the latency will be. This can result in better performance and faster data transfer rates. For example, if your on-prem set-up is closer to Central India region but you are also accessing some resources deployed in Virtual Network in UK West via VNET Peering. Then the traffic from your on-prem to the VPN Gateway (in Central India) will utilize the public internet bandwidth and then the traffic from your Central India VNET and UK WEST VNET (Peered Virtual Networks) will go over Microsoft Backbone Network which will have the least latency and will be more secure as the traffic is not exposed to public Internet. You can use the Azure Internet Analyzer to check the Azure region with the least latency. You can also check this document for Azure network round-trip latency statistics between Azure regions.
    • Cost: The cost of data transfer between Azure regions can vary. You should consider the cost of data transfer when selecting an Azure region for S2S connectivity. Based on the example shared above Cross-region VNet-to-VNet egress traffic is charged with the outbound inter-VNet data transfer rates based on the source regions. For more information, see this FAQ. From cost perspective, it will help save some cost if the VPN Gateway is deployed in a region where majority of your Azure resources reside.
    • Compliance: Depending on your industry or regulatory requirements, you may need to select an Azure region that complies with specific regulations or standards.
    • Availability: Azure regions have different levels of availability and resiliency. You should select an Azure region that provides the level of availability and resiliency that meets your business needs. More information can be found here. Central India region has availability zone support.

    Hope this helps! Please let me know if you have any additional questions. Thank you!

    ​​Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments
  3. msrini-MSFT 9,291 Reputation points Microsoft Employee
    2023-08-31T05:39:14.11+00:00

    Hi,

    Since IPSEC tunnel is itself takes care of encryption and encapsulation, it brings latency in sending data from On-Prem to Azure. It is always recommended to choose a region close to On-Prem to establish Site to Site.

    From the VNET to other azure service interaction will happen over Azure backbone which is better and faster.

    Regards,

    Karthik Srinivas

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.