Barracuda CloudGen Firewall Secure Access Concentrator for Amazon Web Service
Protecting your Digital Assets in Amazon Web Services

Overview:

The growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach - into data centers not owned by your corporate IT group. Beyond its powerful network firewall, IPS, and VPN technologies, the Barracuda CloudGen Firewall F-Series integrates a comprehensive set of next-generation firewall technologies, including comprehensive Application Control, Availability, and Quality of Services (QoS) features.

Moving your IT Infrastructure to the Cloud? Running on Amazon Web Services?

Barracuda Networks is your partner for various kinds of deployments in Amazon Web Services. We understand your IT needs and provide best-of-breed solutions for firewalling, load balancing, web application security, and email security in the public cloud.

Barracuda Networks and Amazon Web Services

Today, many organizations are looking to the cloud to take advantage of the economic gains and operational efficiencies inherent to non-hardware-based solutions. While migrating to the cloud means companies need to adjust to new security threats, the ability to scale according to business needs means that AWS offers a powerful value proposition. The pay-as-you go model Amazon uses enables businesses of all sizes to access just the AWS services they need, and no more.

In the cloud, companies need security that can compensate for a broader attack surface and a new array of threat vectors. As Amazon seeks to provide more options for hybrid cloud and pay-as-you-go subscriptions, Barracuda’s security services have moved hand-in-hand with Amazon’s values. Not only is Barracuda committed to providing total threat protection to AWS customers, but we’re taking steps to emulate Amazon’s methodologies within our product offerings. Barracuda and Amazon work well together because we have the same end user in mind: A person Amazon calls the “whole stack professional” and Barracuda describes as a “mid-market IT professional who wears a lot of hats.”

Move Your Physical Data Center to the Cloud with Amazon Web Services

Get Secure Connectivity with Visibility and Control by using the industry's most advanced next-generation firewall solution for deployments in Amazon Web Services. The Barracuda CloudGen Firewall ensures highly secure, encrypted traffic from, to, and within AWS, provides secure remote and site-to-site access, and centralized management.

The growth in cloud computing capabilities and services has driven more data into places where traditional IT security measures cannot reach - into data centers not owned by your corporate IT group. Securing applications and data in AWS is far easier with tools that are dedicated to the task. Deploying the Barracuda CloudGen Firewall in the cloud is very similar to running local network firewalls, and provides the advantages of common policy enforcement and distributed security management in a hybrid-IT environment. It provides next generation firewalling and secure remote access to AWS. It enables organizations to deploy sophisticated multi-zone network architecture in the cloud, just like their on-premises networks. By using the proprietary high-performance VPN protocol extension TINA (Transport Independent Network Architecture), the Barracuda CloudGen Firewall deployment enables secure high speed site-to-site and client-to-site connectivity between on-premises networks and mobile-user devices. The Barracuda NextGen Control Center adds a powerful and intuitive centralized management portal that makes it extremely simple to deploy, configure, update, and manage multiple units from a single location, while also providing comprehensive, real-time network visibility and reporting.

	Securing the Internet of Things The Barracuda CloudGen Firewall F-Series is designed and built from the ground up to provide comprehensive, next-generation security while being simple to deploy and maintain, and highly scalable. Need to connect micro-offices, point of sales and machine-to-machine business? With the F-Series you're all set!
	Easy to setup and maintain: SC1 The Secure Connector (SC1) is a hardware appliance purposebuilt to be an on-premises connectivity device that ensures high-performance and tamper-proof VPN connections to protect the data flow and, thus, guarantee data continuity.
	Bundling the data stream: SAC The Secure Access Concentrator is the collecting point for the data stream. This fully fledged CloudGen Firewall acts as VPN gateway for the SC1 deployments. SACs can be run on VMware, Hyper-V, XenServer, or KVM environments as well as directly in Microsoft Azure.
	Grows with your needs Integration within the Barracuda NextGen Control Center architecture ensures that your deployment can grow with your needs without technical or financial trapdoors. The template-based configuration ensures easy rollout of additional devices and maintain compliance.

Deployment:

The Secure Access Concentrator can be deployed in Azure and AWS if your FSCs are geographically dispersed and/or your backend systems hosted in Azure and/or AWS. The FSAC connects your Secure Connectors with your cloud resources and allows you to monitor the traffic between the FSC and the private subnets. If VPN connectivity is required, the FSAC is used in combination with an F-Series Firewall. You have two options for setting up the Secure Access Concentrator. The deployment steps are the same as the steps required for an on-premises FSAC.

FSAC and F-Series Firewall in the Public Cloud, Control Center located on-premises

In this scenario, the FSCs connect to the public IP address of the FSAC. In Azure, traffic to the backend subnets is routed over the F-Series Firewalls; in AWS, the FSAC connects directly to the backend subnets. The F-Series Firewall handles the VPN tunnels to the on-premises networks. Configuration data from the FSAC to the Control Center is sent through this site-to-site tunnel.

FSAC, F-Series Firewall, and Control Center in Azure and Amazon Web Services

The client connects to the public IP address of the FSAC. Traffic to the backend is routed either through the optional F-Series Firewalls, or directly to the backend subnets. The FSC can connect directly to the Control Center, which is located in another subnet. In Azure, the FSAC can also secure the traffic between the different backend subnets. An F-Series Firewall is required for site-to-site VPN connections to your on-premises networks.

Model Comparison:

¹ The Barracuda CloudGen Firewall F-Series SAC virtual image covers all editions.
² Requires a valid Energize Updates subscription.
³ Barracuda CloudGen Firewall F-Series SAC editions include as many VPN licenses as the number of protected IPs. VPN clients with an active connection to the Barracuda CloudGen Firewall F-Series SAC are counted towards the protected IP limits.
⁴ Including FTP, mail and Web protocols.
⁵ Requires a valid Malware Protection subscription.