Barracuda SecureEdge offers a range of Edge Services to organizations with the aim of enhancing their network security and simplifying their mode of operation. SecureEdge currently allows you to create either an Edge Service that is managed by Barracuda Networks, an Edge Service connected to a vWAN hub, or an on-prem Edge Service known as Private Edge that is hosted in the customer's own data center.
To reach a maximal homogeneous SecureEdge network, newly deployed sites will automatically update/align their firmware version to the SecureEdge Edge Services they are connecting to. This will happen regardless of the defined update window on the Barracuda SecureEdge Manager. This mechanism is in place to prevent attaching sites to the SecureEdge network with potentially outdated and/or incompatible firmware versions.
The following types of Edge Services are available:
- Edge Service (hosted) – The Edge Service is a Barracuda Networks-hosted SaaS solution. The architecture of Barracuda SecureEdge follows a classic hub-and-spoke topology. The hub is referenced as an Edge Service in SecureEdge, and the spokes are referenced either as site, IoT, or SDWAN Connector. To use the Edge Service, you must first subscribe to the Barracuda Networks for SaaS Edge Service. After deployment, you can resize and update the SaaS Edge Service. You can deploy an Edge Service in five distinct bandwidth ranges: 50 Mbps, 100 Mbps, 200 Mbps, 500 Mbps, and 1000 Mbps. For more information on how to get started with the SaaS Edge Service, see How to Create an Edge Service.
- Private Edge Service – Barracuda SecureEdge supports a private Edge Service for hybrid deployments. The Private Edge deployment option can be hosted by enterprises. When creating a private Edge Service, you can either create a new Edge Service from scratch, or promote an existing site to an Edge Service. Features like Firewall-as-a-Service and comprehensive SD-WAN functionality are required in different locations, both on-premises and in the cloud, in order to establish a secure connection from your sites and devices. You need an ISP with a static public IPv4 address. High availability is recommended. For more information, see How to Create a Private Edge Service in Barracuda SecureEdge.
- Edge Service for Virtual WAN – This allows you to easily connect all your locations to the Microsoft Global Network via Azure Virtual WAN. It provides optimal security and SD-WAN capabilities in an easy-to-use solution that is explicitly built to bring you all the benefits of the cloud. As a cloud platform, it connects and secures any type of edge device. You can deploy as many as the number of sites you have both quickly and easily – just plug them in and they will be auto-configured. For more information, see How to Create a SecureEdge for Virtual WAN Edge Service in Microsoft Azure
SecureEdge Deployment
You can deploy multiple virtual WANs (e.g., production and testing) with multiple Edge Services and multiple sites connected to each service. You can also integrate the Barracuda CloudGen Firewall with Barracuda SecureEdge. Each site is connected to Barracuda SecureEdge using TINA, the Barracuda VPN protocol. TINA is a proprietary extension of the IPsec protocol developed to improve VPN connectivity and availability over the standard IPsec protocol and uses AES256 cipher for the VPN encryption. Barracuda SecureEdge uses BGP for routing.
In the Barracuda SecureEdge user interface, you can easily switch between the virtual WANs and display associated Edge Services and connected sites by clicking on the name assigned to the virtual WAN during deployment.
Before You Begin
- Create a Barracuda Cloud Control Account. For more information, see Create a Barracuda Cloud Control Account.
For Microsoft Azure:
- Create a Microsoft Azure account.
- Subscribe to the Barracuda SecureEdge service in Microsoft Azure if you are using Barracuda SecureEdge for the first time. For more information, see Getting Started.
For instructions on how to set up the basic configuration in Barracuda SecureEdge, see Getting Started.
For information on hardware deployment, see Hardware Deployment and Hardware Models.
For information on virtual deployment and virtual models, see Virtual Systems (VTx) Deployment.