Applies to: Office 365
Topic Last Modified: 2014-01-08
Because the Microsoft Office 365 network is designed to manage multiple customer environments from a single management space, network infrastructure controls are specifically implemented to help ensure the confidentiality and integrity of your organization's data through strict compartmentalization. Under no circumstances is access from one organization's Office 365 environment to another permitted. The Microsoft network also enables reliable data availability through equipment redundancy, resiliency, and industry-standard high-availability design practices.
Microsoft Internet connections are used to transport email on your organization's behalf, and for access from mobile and Internet-connected employees. Working with your organization, Microsoft applies a rich set of security controls and optimizes routing to ensure the desired level of performance. In particular, the following three levels of security are implemented to prevent unwanted traffic from entering the Office 365 network or your dedicated virtual local area network (VLAN).
As traffic heads toward the VLAN, two sets of network filters allow only authorized networks on given ports and protocols to reach the servers for a specific Office 365 service.
At the router, security by abstraction obscures the routes and allows only authorized traffic to pass through. Because virtualization is used on the router level, only the needed routes are present in your organization's routing table.
All unrecognized traffic is routed to the firewall, where specific rules govern the type of traffic that is allowed to pass through on a stateful basis. Any traffic that does not meet the firewall’s rule list is simply dropped.
In addition to this three-tiered security, there is a final checkpoint in data centers: only servers that are managed by Microsoft and configured for Internet access can receive Internet traffic; reverse access from the Internet to the Customer Network is blocked entirely.
One key strategy that Microsoft uses to maintain the confidentiality and integrity of your Office 365 data is compartmentalization. Multiple techniques are used to control information flows between the Management Network, the Managed Network, and the Customer Network. They include the following:
Physical separation. Network segments are physically separated by routers that are configured to prevent communications between the Managed Network and the Management Network, and between the Management Network and the Customer Network.
Logical separation. Virtual LAN (VLAN) technology is used to further separate communications between Customer Network and Managed Network segments.
Firewalls. Firewalls and other network security enforcement points are used to limit data exchanges with systems that are exposed to the Internet, and to isolate systems from back-end systems managed by Microsoft.
One-way trusts. Active Directory one-way trusts are used to prevent systems or users in the Managed Network from authenticating to resources on the Management Network. A similar trust prevents these entities from authenticating to the Customer Network.
Protocol restrictions. Only Terminal Services can be used to access systems on a Managed Network from the Management Network.
The figure below illustrates the network information flows and associated restrictions for Office 365 Dedicated plans.
The following figure illustrates the separation of the Office 365 network from other networks and enforcement points.
Office 365 cloud-based services are designed to be highly available through the use of redundancy throughout all layers of the network. Two devices are used for routing and switching, and all connections are on a redundant basis. Firewall and load-balancer deployments use duplicate systems with automatic failover. Each customer environment in the Managed Network has two separate network connections and two individual power feeds to ensure availability. Each data center network stamp has redundant, high-capacity (n x 10GE) links into the Microsoft backbone. These links provide protected connectivity to the Internet edge and to other Microsoft locations.
Server racks are built with multiple top-of-rack (TOR) switches to provide redundancy. Servers utilize network interface card (NIC)-teaming to ensure rapid failover.
The following diagram provides an overview of the redundancy of the Office 365 network infrastructure.