VPN Gateway
Definition
Azure service that creates secure, encrypted connections over the internet between your networks and Azure, ensuring data privacy and integrity.
Use Cases
- Microsoft: Hybrid connectivity for enterprise environments using Azure Virtual WAN and VPN-based branch connectivity — Microsoft documents and demonstrates architectures where branch offices connect to Azure using IPsec/IKE VPN connections (often via Azure VPN Gateway or Virtual WAN VPN gateways) to reach Azure-hosted workloads securely over the internet. (Enables secure hybrid access to Azure resources without requiring dedicated private circuits, supporting faster branch onboarding and encrypted connectivity for remote sites.)
- Starbucks: Securely connecting distributed locations to centralized applications and services — Starbucks has publicly discussed using cloud services at scale; a common pattern for distributed retail is establishing encrypted site-to-site VPN connectivity from store/branch networks to cloud networks for secure access to centralized services. (Improves security for data in transit and enables consistent access to shared services across many locations; exact metrics and the specific VPN product used are not publicly detailed.)
Provider Equivalents
- AWS: AWS Site-to-Site VPN
- Azure: Azure VPN Gateway
- GCP: Cloud VPN
- OCI: OCI VPN Connect
Frequently Asked Questions
- What's the difference between VPN Gateway and ExpressRoute?
- VPN Gateway sends encrypted traffic over the public internet using IPsec/IKE tunnels. ExpressRoute uses a private, dedicated connection from your network to Azure through a connectivity provider. VPN is usually quicker to set up and cheaper, but internet-based performance can vary. ExpressRoute typically offers more consistent latency and higher reliability, but it costs more and takes longer to provision.
- When should I use Azure VPN Gateway?
- Use it when you need secure connectivity to Azure but don’t need (or can’t justify) a dedicated private circuit. Common cases include: connecting an on-prem office to an Azure VNet (site-to-site), enabling remote users to access Azure resources (point-to-site), connecting two Azure VNets securely (VNet-to-VNet), or as a backup path alongside ExpressRoute for resilience.
- How much does Azure VPN Gateway cost?
- Pricing depends mainly on the VPN gateway SKU (which affects throughput, features, and tunnel limits), the number of hours the gateway runs, and data transfer/egress charges. You typically pay a per-hour (or monthly equivalent) charge for the gateway plus standard bandwidth charges. For exact numbers, use the Azure Pricing page and the Azure Pricing Calculator because costs vary by region and SKU.
Category: networking
Difficulty: intermediate
Related Terms
See Also