Cross-border connectivity and interoperability

Cross-border connectivity

Network latency in China

In general, network latency between China and the rest of the world is inevitable, because of the unpredictable network connection. For cross-border data transfer, typically there is latency of about three times than the normal distance. It's a best practice to:

• Host the workload targeting Chinese users on Azure in China.
• Deploy the workload to the closest Azure region for users located outside of China.

Through VPN site-to-site or ExpressRoute

If you host your workload within China, please consider global connectivity and interoperability from a hybrid cloud scenario. For more information, see Performance and connectivity considerations.

Azure Active Directory federation

Azure Active Directory (Azure AD) has features to support all common scenarios. The guides Authentication with on-premises Active Directory and Azure AD Connect show recommended ways and mechanisms for cloud authentication with on-premises Active Directory. It supports:

• Multi-national corporations that have multiple domains.
• Multi-national corporations that have a unified domain. Please note this solution does not support Dynamics 365 F&O Cross-Tenant integration services with O365, Power BI or Azure Services.

Implementation and considerations

• Managing custom domain names in your Azure Active Directory
• Custom installation of Azure AD Connect
• Configuring federation with AD FS

Cross-border interoperability

Although Azure in China regions are disconnected with Azure global regions, you can still link between cross-border regions, via the below solutions.

1. Connection via two individual ExpressRoute circuits

The link across both the infrastructure as a service (IaaS) and the platform as a service (PaaS) could be supported.

2. Connection via China Express model

The model just supports a link between the infrastructure as a service (IaaS). China Express provide will offer one-stop service for customers, and only one contract with the selected telecommunications operator is needed, which reduces the business complexity.

3. Connection via VPN model

The link across both the infrastructure as a service (IaaS) and the platform as a service (PaaS) could be supported.

If you need support, contact your Microsoft representative.