Bigleaf VPN Enhancement

You probably know that Bigleaf is the best way to connect to cloud-based applications like VoIP, VDI, and SaaS, over standard broadband. However, you may not know that many of our customers also use Bigleaf as their foundation for site-to-site connectivity, in combination with VPNs running on their firewalls. This diagram shows what that looks like:

VPN over Bigleaf
Diagram showing how a VPN works with Bigleaf’s overlay tunnels

SD-WAN Complexity and Security Challenges

In the growing SD-WAN space many vendors seek to replace the customer’s firewall and establish site-to-site connectivity using their own equipment. The benefit of this approach is that it makes hybrid WANs leveraging both MPLS and broadband connectivity easier to deploy. This can be a useful design for Enterprise customers with large IT teams that want to keep MPLS as part of their WAN architecture. However, the downside of this approach is that it requires complex deployments and forces the customer to turn their security and firewalling over to their new (and often young) SD-WAN provider.

Bigleaf, Plug-and-Play, Outside the Firewall

Bigleaf provides a plug-and-play implementation that allows for a quick 5-10 minute self-install. Our onsite router drops-in outside of the customer’s existing firewall — no need for complex changes in security policies or equipment. Our philosophy is that most small/mid-sized customers (and many distributed Enterprise customers) would prefer to leave their security policies and firewalling to the trusted vendors that are well-established in the space (Cisco, Juniper, Palo Alto, Barracuda, etc.). We also believe site-to-site connectivity needs are diminishing every day as businesses move more and more of their key applications out to the cloud. Site-to-site connectivity needs that remain can often be addressed through a trusted VPN architecture, with a high-performance Bigleaf foundation.

Bigleaf Directs VPN Traffic

When a customer sets up a traditional VPN architecture via their firewalls, Bigleaf’s SD-WAN optimization directs and controls the tunnel traffic to provide a previously-unachievable level of VPN stability and performance. Bigleaf’s system will:

  • Ensure the customer’s VPN rides the most stable ISP connection
  • Fail-over the VPN tunnels when necessary (during both full outage and brownout situations) without dropping the VPN sessions
  • Prioritize critical traffic within the customer’s VPN tunnels, through coordinated packet marking
  • Prioritize the VPN tunnel traffic above other bulk traffic like Microsoft patch updates and YouTube streaming
  • Provide all this functionality over commodity broadband ISPs with variable bandwidth, like cable

This is a great solution for customers looking to move away from an MPLS network to take advantage of cost savings, WAN redundancy and/or more ubiquitous connectivity options to cloud applications. For customers that don’t have the IT expertise to configure the VPN features on their firewall, there are many quality providers out there that can assist with managed VPN services. Please let us know if you would like us to connect you with one.

Bigleaf is here to make your IT experience easier and less stressful. SD-WAN technologies can be exciting and enable a ton of new capabilities, but if the end result is a complicated mix of expensive equipment and mind-numbing installation procedures and management, it can be a wrong-fit for many customers. At Bigleaf, our use of SD-WAN technology to complement (not replace) traditional VPNs provides a plug-and-play experience, and makes us truly unique in the marketplace.

Related Posts

Introducing Bigleaf Wireless Connect