Connectivity and SD-WAN
CloudGen WAN brings full SD-WAN functionality to Azure Virtual WAN, Microsoft’s native hybrid cloud service. Secure SD-WAN dynamically selects the most suitable uplink for each application in real time, based on traffic characteristics, available bandwidth, and latency between VPN endpoints. This lets you replace MPLS lines by globally connecting your sites via the Microsoft Global Network, the world’s fasted private network. Purpose-built for the cloud, CloudGen WAN provides seamless, automated access to your business-critical resourses, leveraging a rich feature-set including:
- Adaptive bandwidth protection
- Adaptive session balancing
- Forward error correction (FEC)
- SD-WAN breakout
- Dynamic bandwidth and latency detection
- Performance-based transport selection
- TINA—Barracuda’s proprietary VPN protocol
- Site-to-site connectivity
- Failover link support
- Dynamic quality of service
- WAN compression
Directly deployed from Azure marketplace, the CloudGen WAN gateway becomes a part of Microsoft’s Azure Virtual Hub and, together with CloudGen WAN site devices, ensures optimized connectivity from every branch office to the nearest Azure Cloud entry point. Barracuda supports dynamic path selection across multiple ISPs for Azure Virtual WAN, giving you failsafe, always-on cloud connectivity. The close integration with native Azure services seamlessly integrates Barracuda CloudGen WAN into your Azure cloud infrastructure.
To achieve the best possible user experience across the WAN, CloudGen WAN onsite devices proactively measure the available bandwidths and quality of all internet uplinks and between VPN endpoints. The results are directly available to the security and SD-WAN policy engine to select the best suitable uplink per application or to disqualify an uplink if the bandwidth or latency fall outside of acceptable limits.
A unique combination of next-generation security and adaptive WAN routing technology allows Barracuda CloudGen WAN to dynamically assign available bandwidth, uplink, and routing information based on protocol, user, location, and content as well as application, application categories, and even web content categories. This keeps expensive, highly available lines free for business- and mission-critical applications, while significantly reducing response times and freeing up additional bandwidth.
To view a current list of applications and sub-applications that ClouGen WAN recognizes for application-based routing, please visit the Online Application Explorer.
Barracuda CloudGen WAN uses dynamic bandwidth and latency detection to automatically balance existing sessions inside logical VPN tunnels across all available uplinks. This real-time balancing optimizes network efficiency and bandwidth usage at any given moment.
If dynamic bandwidth and latency detection indicates that the measured bandwidth of an uplink is too low to support certain kinds of business-critical traffic (e.g., VoIP), Barracuda CloudGen WAN automatically shifts sessions for non-business-critical traffic to secondary links to free up bandwidth for critical traffic.
Barracuda CloudGen WAN enhances the WAN performance of cloud-connected network environments by reducing transmission delays and boosting throughput, to improve the availability, performance, and responsiveness of business-critical applications. Using enterprise-grade WAN acceleration features such as forward error correction, data deduplication, traffic compression, and protocol optimization, CloudGen WAN can significantly improve site-to-cloud WAN traffic and accelerate the delivery of business applications.
Secure SD-WAN connections with Barracuda CloudGen WAN are designed for high-speed networking across shared lossy lines such as internet broadband or 4G/5G. The underlying forward error correcting (FEC) technology to remediate packet loss is based on a new set of algorithms in the category of random linear network codes (RLNC). Algorithms based on RLNC codes react much faster to losses, remediate these faster on the fly, requiring fewer packet retransmissions and reducing overhead on the devices. This results in high quality voice and video calls even in high packet loss scenarios and with many subscribers on the shared line.
Secure SD-WAN between Barracuda Networks devices uses TINA (Transport Independent Network Architecture) by default, an enhanced version of the IPsec protocol designed to overcome the inherent limitations of IPsec. The TINA protocol uses a combination of TCP, UDP, and ESP for high-speed VPN connections, substantially improving VPN connectivity. It also adds default endpoint-to-endpoint (not network-to-network) connectivity, built in NAT-friendliness, built in HTTPS and SOCKS4/5 proxy compatibility, dynamic address support, and better VPN tunnel quality via advanced dynamic tunnel heartbeat monitoring.
Personal Access with Barracuda CloudGen WAN is the most convenient way to provide endpoint connectivity to workloads in Azure. Personal Access for CloudGen WAN lets remote users access company resources in Azure over an encrypted VPN tunnel directly from work-at-home environments or on the go. The high-performance TINA VPN protocol allows much more stable and resilient always-on connections from remote devices.
CloudGen WAN Personal Access benefits compared to other client VPN to Azure solutions:
- No need to deploy additional VPN gateways or services—Personal Access uses the existing CloudGen WAN Gateway infrastructure
- Fast and easy self-enrollment for end users
- High-performance connectivity to cloud-hosted resources using TINA protocol—faster, more stable, and more resilient
- Integration with your existing Azure Active Directory
- Lower cost compared to built-in Azure Virtual WAN point-to-site connectivity.
- Lower cost compared to dedicated VPN services—only pay for actual usage
Usually, user-generated office network and web traffic is protected by a CloudGen WAN site device. With site authentication, the identity of the user (and the associated privileges and valid logins) is preserved when switching from a direct remote connection to Azure to the office network. The CloudGen WAN client automatically detects the change and asks for re-authentication. It then updates user information on the CloudGen WAN Gateway accordingly and allows user-based access control.
With the optional USB LTE modem, CloudGen WAN onsite devices can leverage 4G/LTE connectivity and the cellular infrastructure to provide broadband speeds either in failover or load-balancing configuration. For locations without wired broadband options and sufficient cellular connectivity the USB LTE modem may serve as the primary internet connection. The Barracuda USB LTE modem can even be used for zero-touch deployment of CloudGen WAN appliances in areas where wired internet connectivity is not yet available.
To extend the SASE service at line speed to every site device and overcome limitations introduced by traditional SD-WAN technology based on shared uplinks like broadband, CloudGen WAN features uplink optimization technology with Forward Error Correction and self-healing traffic intelligence. This allows using the available physical bandwidth more effectively and expanding the benefits of SD-WAN to sites with single uplinks as well as optimized utilization of shared uplinks.
Adaptive Session Balancing technology ensures using the best available uplink for the application profile, for all encrypted tunnels across SD-WAN sites. If the health state of the initial uplink recovers, encrypted SD-WAN traffic transparently switches back to this uplink. Application-based routing, factoring in the results of Dynamic Bandwidth and Latency Detection, applies the same concept for outbound internet traffic, ensuring that SaaS applications like Office 365 are always leveraging the best available uplink, even when conditions change frequently.