Skip to main content
For Cybersecurity & IT Solutions Call (310) 955-1600
  • Contact Us
search
  • About Us
    • Message from the President

      Shamrock exists as a trusted ally to enterprise IT leaders responsible for making the most difficult and sensitive decisions related to technology procurement.

      We provide comprehensive and objective analysis at no cost to our customers, helping you make the right decisions on any product from any provider at the guaranteed best price.

      Paul Cooney
      President


      Contact me for a FREE on-site walk through.

      Schedule Now
    • Our Company
    • In The News
      News Press Release

      CIO Review Awarded Shamrock as “20 Most Promising AWS Solution Providers” for 2019

      We are proud to announce that Shamrock has been recognized by CIO Review at one of the “20 Most Promising AWS Solution Providers” for 2019! Check out the article on how our AWS solutions are changing the game for IT decision makers around the globe.
      News Press Release
      Shamrock & Google Come Together to Talk Cloud Computing
      News Press Release
      Insight Success: Shamrock Consulting Group: The 10 Most Innovative Telecom Solution Providers 2018
  • Solutions
      • Cloud Services
        • cdc-wide-v2Cloud Direct Connect

          Connect From Any Location To Any Cloud.

          AWS Direct Connect | Azure ExpressRoute | Google Cloud Interconnect | IBM Cloud Direct Link

          Shamrock can reduce your cloud egress costs by up to 80%

          Learn More
        • cloud-migration-v2Cloud Migration

          Proven leader with successful hands-on cloud deployments, systematically analyzing every aspect of your cloud infrastructure to avoid wasted dollars.

          34% Average Savings on Cloud Services through Shamrock

          Learn More
        • cloud-security-1000×500(2)Cloud Security

          Whether your company is premise-based, in a private cloud, hybrid cloud, or multi-cloud, Shamrock has you covered. We will help you secure and easily monitor your corporate environment in real-time.

          An industry leader in corporate security

          Learn More
        • cloud-cost-optCloud Cost Management

          Shamrock has carefully vetted the top performing tools for public and private cloud orchestration and cost management to service deployments of any size, on any budget at guaranteed best rates.

          Shamrock can reduce your public cloud spend by 40%

          Learn More
        • Platinum Public Cloud Services
          • aws-plat-v2

            Whether you’re looking to migrate to AWS, better manage your current AWS environment, or expand your capabilities within AWS, Shamrock can help.

            We’re top rated AWS consultants for a reason – because we’re a team of vendor-neutral, award-winning cloud experts who always act in the best interests of our clients, and we always guarantee the best price on AWS products and services.

            Learn More
          • azure-plat

            We’ll help you maximize your Azure experience and take your business to the next level by designing, deploying and managing scalable infrastructure and application-based solutions. We’ll even facilitate your migration from your on-prem or environment or from another cloud provider to Azure, in whatever capacity you choose.

            Shamrock is a Certified MS Azure Partner, offering expert consulting services at the guaranteed best price.

            Learn More
          • gcp-plat

            Google’s Partner Network is one of the most prestigious in the industry, and Shamrock is honored to be a part of it. As a Google Partner, Shamrock is your go-to resource for support in GCP. We provide free 24/7 US-based support, migration support, scalable solutions, cloud cost management and more within GCP, all for the guaranteed best price.

            Shamrock is the market leader in GCP cost reduction, GCP migration services, GCP Interconnect direct connects and much more.

            Learn More
      • Data Center
        • cloud-security-1000×500(2)Cloud Security

          Whether your company is premise-based, in a private cloud, hybrid cloud, or multi-cloud, Shamrock has you covered. We’ll help you secure and easily monitor your environment in real-time to ensure proactive protection of your corporate IT environment. Join our growing list of Fortune 500, Fortune 100 and Fortune 50 customers and see why Shamrock is an industry leader in corporate security.

          Join our growing list of Fortune 500 and see why Shamrock is an industry leader in corporate security.

          Learn More
        • data-center-colocation-v2(1)Colocation

          We’ve been recognized as an industry leader in data center sourcing and procurement on a global scale. We represent every major data center operator both domestically and globally, so no matter the size, scope or area of your needs, we’ve got you covered. With over 1,200 major networks, enterprises, and business partners available for interconnection and traffic exchange via direct cross connects, peering and Ethernet services

          We Sell Data Center Space!

          Learn More
        • cdc-wide-v2Cloud Direct Connect

          Shamrock is an industry leader in provisioning cloud direct connects from any business or data center location, anywhere in the world, at any speed (10 Mbps to 100Gbps).

          We’re also the exclusive solution provider for 100G cloud direct connects into Google Cloud Interconnect and AWS Direct Connect.

          Join Out 100GIG Pilot Program.

          Learn More
      • Telecom Solutions
        • tem-squareTelecom Expense Management (TEM)

          Our portfolio of services includes business process outsourcing (BPO), telecommunication audit, procurement advisory, and wireless expense management. We strive to produce sustained results for your organization.

          Learn More
        • ent-mob-squareEnterprise Mobility Management

          Shamrock’s mobile cost management experts can help you drastically reduce your enterprise mobility costs without any provider or contract changes. Our technology uses patented algorithms and machine learning. The result: instant and tangible savings!

          Learn More
        • art1-new-1-smallVoice Services

          Shamrock Consulting provides Long Distance Services with cost-effective in-state, state-to-state, international and toll-free calling for businesses. International or Domestic Toll-Free Numbers, Conferencing Services, powerful cost-management options.

          Learn More
        • ucaas-thumb-optUCaaS / Hosted PBX

          As industry-leading UCaaS consultants, Shamrock has negotiated direct partnerships with every major UCaaS provider to ensure that our clients receive the best possible solution at the best possible price. Guaranteed.

          Learn More
        • 3-new-smallAnalog Line Consolidation

          Dynamically manage traffic pattern changes and get high-quality, reliable voice services that leverage your existing PBX investment. Pbx Service Providers, SIP Service, Pbx Pricing, Cloud Pbx and more.

          34% Average Cost Savings with Shamrock

          Learn More
      • WAN Solutions
        • 2-new-1Broadband Aggregation

          The need to future proof your network has created an unprecedented demand for fiber to the premise. Dark Fiber, Fiber Ethernet, DS3, OC-x, Fixed Wireless (Microwave, lazer, WIMAX), Ethernet over Copper (EOC), T1, NxT1, Cable, DS, Shamrock Consulting Group has all of your options in one place.

          Let's Start With Understanding Your Internet Access Options!

          Learn More
        • art2-1-new-smallInternet Access

          The need to future proof your network has created an unprecedented demand for fiber to the premise. Dark Fiber, Fiber Ethernet, DS3, OC-x, Fixed Wireless (Microwave, lazer, WIMAX), Ethernet over Copper (EOC), T1, NxT1, Cable, DS, Shamrock Consulting Group has all of your options in one place.

          Let's Start With Understanding Your Internet Access Options!

          Learn More
        • art8-new-smallPrivate WAN (MPLS / VPLS)

          Global enterprises, financial institutions, the largest networks and the Internet’s foremost content companies trust us with what matters most to them—their information assets. Shamrock Consulting Group can design wide area networks for any size, any budget, anywhere.

          Let's Start With Understanding Your WAN Objectives!

          Learn More
        • art3-new-smallDark Fiber

          We partner directly with every major Dark Fiber providers in the U.S., Europe and Asia-Pacific. We also work with cities and municipalities such as Los Angeles County, Orange County, the San Francisco Bay Area, New York City and elsewhere to find you the best possible solution at the guaranteed best price.

          Looking for fiber providers in your area?

          Learn More
        • art7-new-smallSD-WAN

          As top-rated SD WAN consultants who partner directly with every leading SD WAN provider in the industry, Shamrock is committed to helping you make well-informed procurement decisions at the guaranteed best price. We offer a free consultation to identify the best solution for your needs and budget.

          Considering an SD-WAN solution for your company?

          Learn More
      • Cybersecurity
        • crowd-strikeCrowdstrike EDR/MDR

          As a CrowdStrike partner, the Shamrock team as a whole are big fans of the company’s cloud native endpoint protection platform. But don’t take our word for it – we’ve had hundreds of customers using CrowdStrike tell us how much they love the platform, and many of them have said that they have no idea how they ever lived without it.

          Licensing discounts of up to 50 percent below market rates.

          Learn More
        • penntesting-v2Penetration Testing

          We’ve formed deep partnerships with the most trustworthy cybersecurity vendors in the industry, and we guarantee the best price from every single one of them. Black, White & Gray Box Testing, Cloud Pentesting, Mobile & Web App Pentesting, Wireless Pentesting, Physical Pentesting, Client-Side Pentesting. In addition to pentesting, we can also help you out with next-generation firewalls, endpoint protection and corporate email security.
          Schedule Your Free Pentest Analysis.

          Learn More
        • vulnerability-testingVulnerability Management

          We take a look at some great security solutions that achieve real time visibility into all aspects of a corporate network, even reaching the most remotely deployed endpoints. If you’re interested (and you probably should be), Shamrock Consulting Group can secure these cutting-edge tools for you at the best prices.

          We can offer the best prices on CrowdStrike products and can also provide a free security assessment.

          Learn More
        • ngfwNGFW & Software Defined Perimeter

          How can companies be both agile and secure in these unprecedented times? For help with empowering your WFH teams with the tools and processes they need, speak to a Shamrock consultant today.

          Our strategic partners are comprised of the very best in the industry from a security standpoint (Trustwave, AlertLogic, CrowdStrike, Fortinet, PaloAlto, Carbon Black, etc.).

          Learn More
        • cloud-security-smallCloud Security

          Whether your company is premise-based, in a private cloud, hybrid cloud, or multi-cloud, Shamrock has you covered. We’ll help you secure and easily monitor your environment in real-time to ensure proactive protection of your corporate IT environment.

          Join our growing list of Fortune 500 and see why Shamrock is an industry leader in corporate security.

          Learn More
  • RFP Services
  • Industries
    • biotech-telecom-consulting-v2Biotech

      Safeguard Proprietary, Mission Critical Data Whether its R&D for a world changing innovation or straightforward emails to accounting, Shamrock provides a comprehensive suite of security services – including Managed Firewall, Intrusion Detection/Prevention, and Vulnerability Scanning – to ensure that your organization’s data is safeguarded and kept out of the wrong hands.

      Let's Start With Understanding Your Biotech Telecom Objectives!

      Learn More
    • real-estate-construction-cloud-solutionsConstruction & Development

      Whether you are looking to increase network uptime, reduce operational expenses, or build a next generation global development company, Shamrock Consulting Group has turnkey solutions tailored to the needs of the Construction and Development industry at guaranteed best rates.

      Let's Start With Understanding Your Telecom Objectives for Construction & Development sites!

      Learn More
    • finance-cloud-solutionsFinance

      Shamrock Consulting Group’s Financial Services practice offers customers robust custom architected network, cloud, data center, and unified communications solutions that provide the security, compliance, and uptime their organizations require to function on a day-to-day basis.

      Let's Start With Understanding Your Financial Organization's Telecom Objectives!

      Learn More
    • healthcare-cloud-solutionsHealthcare

      Shamrock has cross-disciplinary knowledge of healthcare-specific IT apps. Shamrock has extensive rural network design and build experience. In addition to 100+ partners, Shamrock has experience, connections and industry tools to identify, design to, spec, procure and project manage complex multi-vendor deployments. Healthcare institutions, financial institutions, the largest networks and the Internet’s foremost content companies trust us with what matters most to them—their information assets.

      Let's Start With Understanding Your Healthcare Telecom Objectives!

      Learn More
    • media-entertainment-cloud-solutionsMedia & Entertainment

      Whether you are looking to increase network uptime, reduce operational expenses, or build a next-generation global studio, Shamrock Consulting Group has turnkey solutions tailored to the needs of the Media and Entertainment industry at guaranteed best rates. Nobody delivers more connectivity solutions to Media and Entertainment companies than Shamrock Consulting Group!

      300+ Media and Entertainment Customers Served!

      Learn More
    • retail-cloud-solutionsRetail / Restaurant

      Shamrock Consulting Group offers its retail customers the best-fit, access technologies at each of their sites to ensure complete coverage and uptime at low costs. We design solutions that provide PCI-compliant security for credit card transactions and support for data communications for key retail applications—including point-of-sale, back-office systems, training, and digital video surveillance.

      Let's Start With Understanding Your Retail Business Operational Objectives!

      Learn More
    • saas-cloud-solutionsSAAS Providers

      Whether you are looking to increase network uptime, reduce operational expenses, or build a next generation global Software as a Service Platform, Shamrock Consulting Group has turnkey solutions tailored to the needs of the SaaS Industry at guaranteed best rates. Low, Mid, and High-density data center options with robust connectivity options to extend service coverage all over the globe.

      Let's Start With Understanding Your SAAS Objectives!

      Learn More
  • Tools
  • Press
  • Contact Us

Configure ExpressRoute: Accessing Office 365 & Connecting Azure VPN

Who doesn’t love a faster, more reliable user experience? It’s a commonality among almost all things, and it’s exactly what you get when connecting to Microsoft services via Azure ExpressRoute.

ExpressRoute by-passes the internet for better speed and reliability, and there are two primary reasons why businesses choose to employ ExpressRoute connectivity: to access Office 365 services and/or to optimize their Azure VPNs.

We’ll walk you through the entire process step-by-step, from setting up and provisioning an ExpressRoute circuit to configuring Microsoft and/or private peering.

Side Note: This article will focus on using the Azure portal, however it’s also possible to achieve the same outcome using either PowerShell or the Azure CLI.

Before You Start

So who’s ready to create your first ExpressRoute circuit?! Eaaasy, tiger. Before you dive in, make sure you’ve already done all the following:

Have a valid and active Microsoft Azure account
Have access to the Azure portal
Selected an ExchangeRoute connectivity partner (Shamrock Consulting Group will get you all the best options at the guaranteed best price)
Set up adequate security on your networks
Have permission to set up new network resources

Important note: Options will vary by location, but Shamrock has your back by helping with the selection process to ensure you’re getting exactly what you need.

Goes without saying, but if you’re intending to connect to Office 365, you’ll also need an active Office 365 subscription. Make sure you also look into how to optimize Office 365 and its individual services for best performance. For example, configuring Skype for Business using QoS standards will ensure call quality is maintained as a priority.

Additionally, if you intend to connect your VPNs to Azure via ExpressRoute, you will need to create VPN gateways for each of your VPNs.

Checked off all the necessary boxes above? Good work. Now you’re officially ready to create your first ExpressRoute circuit.

Step 1: Creating an ExpressRoute Circuit

  1. Navigate to the Azure portal via your browser and log into your Azure account
  2. Select ‘Create a Resource’
  3. Choose ‘Networking’
  4. Click the ExpressRoute icon to bring up the ‘Create ExpressRoute Circuit’ form
  5. Give the circuit a name
  6. Select the service provider you’ve chosen
  7. Select the peering location where you want your circuit set up
  8. Choose the bandwidth you will need. The range is from 50Mbps to 10Gbps, and it’s good practice to start small and scale up since there’s no facility to decrease bandwidth
  9. Select the relevant SKU tier. Keep in mind that you’ll need to pay for the Premium add-on in order to access Microsoft 360 services and/or connect more than 10 VPNs to your circuit
  10. Select the relevant billing model. You can change from metered to unlimited, but not vice versa
  11. Don’t worry about the, ‘Allow Classic Operations’ checkbox – you can leave this empty
  12. Choose which Azure subscription your circuit belongs to
  13. Create and name a new resource group, or add your circuit to an existing resource group
  14. Under ‘location,’ select your Azure region
  15. After a few minutes, you should see your new circuit listed when you select ‘All Resources’ from the main menu
  16. Clicking the new circuit will bring up its properties. Under ‘Circuit Status’ you should see the word ‘Enabled,’ confirming that the circuit is provisioned on Microsoft’s end
  17. Under ‘Provider Status,’ you’ll see the words ‘Not Provisioned’
  18. You should also see a string of characters under the ‘Service Key’ label. To complete provisioning, you will need to send this ‘s-key’ to your ExpressRoute provider via email, phone, or – if you are using your provider’s own portal – by copying and pasting it into the relevant field
  19. Keep checking on the provider status, which will first show up as ‘Provisioning’ and will then change to ‘Provisioned’

Once your ExpressRoute circuit has been provisioned, you can configure your peering. For connecting your VPNs to your ExpressRoute circuit, see Step 2a below. For connecting into Office 365 resources using Microsoft peering, see Step 2b.

If you’re connecting both your VPNs and Office365, it doesn’t matter whether you complete 2a before 2b or vice versa, but make sure you only configure one peering connection at a time.

Step 2a: Configuring Private Peering and Connecting Your VPNs

On the standard SKU, you can connect up to 10 VPNs to one or more ExpressRoute circuits.

The first step in this process is to configure private peering, so let’s run through some important numbers for this:

  • A /30 subnet for both your primary and secondary link
  • A 2 or 4 byte peer autonomous system number (ASN) for your BGP sessions (private or public). Don’t use 65515 as this is reserved for internal Microsoft use
  • A VLAN ID (one that isn’t used for another peering)
  • Optionally, you can specify an MD5 hash for a shared encryption key. If you do provide this, it will have to be used on both sides of the tunnel and contain no more than 25 characters
  1. Click ‘All Resources’ and select the ExpressRoute circuit you want to configure
  2. Below the circuit properties, you’ll see a list of peerings
  3. Select the ‘Azure Private’ row to bring up the ‘Private Peering’ form
  4. Enter the above numbers into their relevant fields
  5. Click the save icon
  6. After a few minutes, the status of the Azure Private peering row should show ‘Enabled’

Next, you need to connect your VPNs to your ExpressRoute circuit(s). Here’s how:

  1. Click ‘All Resources’ and select the ExpressRoute circuit you want to connect your first VPN to
  2. Under the ‘Settings’ menu, select ‘Connections’ and then the ‘Add (+)’ icon
  3. Enter a name for your VPN connection
  4. Under ‘Virtual Network Gateway,’ select the gateway you want to use from the dropdown list
  5. Under ‘Resource Group,’ select the appropriate resource group
  6. Click ‘OK’
  7. Repeat for up to 10 VPNs in total (Remember that for up to 100 VPNs, you’ll need to pay for the Premium add-on SKU)

Step 2b: Configuring Microsoft Peering to Access Office 365

For direct access to Office 365 resources like Exchange Online, SharePoint Online and Skype for Business, you’ll need to configure Microsoft peering. The first step once again entails some important numbers (and acronyms) that you’ll need:

  • A /30 subnet for both your primary and secondary link (both are required to access Azure’s 99.95% availability SLA). These must be public IPv4 addresses registered to the RIR or IRR routing registries (you can use NAT to convert private IP addresses into public ones)
  • Your RIR/IRR name
  • A 2 or 4 byte peer autonomous system number (ASN) for your BGP sessions
  • A VLAN ID (one that isn’t already being used for another peering)
  • A list of prefixes that will be advertised over the BGP session. These will be used by Microsoft to set up an ACL for optimized security
  • Optionally, you can specify an MD5 hash for a shared encryption key. If you do provide this, it will have to be used on both sides of the tunnel and contain no more than 25 characters

To configure your Microsoft peering, do the following:

  1. Click ‘All Resources’ and select the ExpressRoute circuit you want to configure
  2. Below the circuit properties, you will see a list of peerings
  3. Select the Microsoft row to bring up the ‘Microsoft Peering’ form
  4. Enter the above numbers into their relevant fields
  5. If your IP addresses are not registered, select ‘none’ from the ‘Routing Registry Name’ dropdown. You will have to manually validate your ownership for this (see below)
  6. Click the save icon
  7. After a few minutes, the status on the Microsoft Peering form will either show ‘Configured’ or ‘Validation Needed’
  8. If manual validation is needed, go ahead and open a support ticket from the support tab on your Azure portal. Select ‘Technical’ in the ‘Issue Type’ dropdown and ‘ExpressRoute’ under the ‘Service’ dropdown. You’ll also need to choose the relevant subscription, resource and support plan

Optional: Adding Route Filters (Microsoft Peering)

By default, the prefixes for all available Office 365 services are allowed through your peering connection. This means managing a large routing table. If you prefer, it is possible to select a subset of services by applying route filters. This will require pre-authorization by your Microsoft Account provider.

Here’s the rundown:

  1. From the Azure portal, select ‘Create a Resource’
  2. Choose ‘Networking’
  3. Select ‘Route Filter’ to bring up the route filter form
  4. Create a name for the new routing rule you’re about to create
  5. Select the appropriate subscription and existing resource group
  6. Click the ‘Manage Rule’ tab at the top
  7. Under ‘Allowed Service Communities,’ you’ll see a pre-populated list of all Office 365 services and their prefixes. Simply check whichever ones you want to allow
  8. Hit save
  9. Click the ‘Add Circuit’ tab
  10. Select the appropriate circuit from the dropdown list
  11. You’re done!

How Shamrock Can Help

Shamrock is an industry leader when it comes to cloud direct connects, so you know you’re always in great hands regarding your ExpressRoute connection. We have the unique ability to connect you into Azure from any data center or office building, anywhere in the world, at any speed up to 100Gbps and we guarantee the best price in the marketplace.

If you’re looking for a fast, secure and reliable connection over a fully private connection, Shamrock can deliver it with Azure ExpressRoute.

We want your business to thrive, so all of our consultations (including Azure ExpressRoute) are completely free!

Contact us and let’s make some ExpressRoute magic together, shall we?

Ben Ferguson

Ben Ferguson is the Vice President and Senior Network Architect for Shamrock Consulting Group, an industry leader in digital transformation solutions. Since his departure from Biochemical research in 2004, Ben has built core competencies around cloud direct connects and cloud cost reduction, enterprise wide area network architecture, high density data center deployments, cybersecurity and Voice over IP telephony. Ben has designed hundreds of complex networks for some of the largest companies in the world and he’s helped Shamrock become a top partner of the 3 largest public cloud platforms for AWS, Azure and GCP consulting. When he takes the occasional break from designing networks, he enjoys surfing, golf, working out, trying new restaurants and spending time with his wife, Linsey, his son, Weston and his dog, Hamilton.

best-price-guarantee-tick
Learn About Our Best Price Guarantee