Project Barracuda - Cleveland Institute of Art
Securely connecting remote users to files, applications, and secure sites - residing behind the firewall - is vital for worker mobility as well as for business continuity and data loss prevention (DLP).
The Barracuda SSL VPN is a powerful plug-and-play appliance purpose-built to provide remote users with secure access to internal network resources. It does this while giving administrators unrivaled insight and tools for managing remote network access.
The Barracuda SSL VPN is an integrated hardware and software solution enabling secure, clientless remote access to internal network resources from any Web browser. Designed for remote employees and road warriors, the Barracuda SSL VPN provides comprehensive control over file systems and Web-based applications requiring external access. The Barracuda SSL VPN integrates with third-party authentication mechanisms to control user access levels and provides single sign-on.
- Enables access to corporate intranets, file systems or other Web-based applications
- Tracks resource access through auditing and reporting facilities
- Scans uploaded files for viruses and malware
- Leverages multi-factor, layered authentication mechanisms, including RSA SecurID tokens
- Integrates with existing Active Directory and LDAP directories
- Utilizes policies for granular access control framework
- Supports any Web browser on PC or Mac
Powerful, Complete Solution
Installed in a matter of minutes, the Barracuda SSL VPN enables complete control over the resources designated for external access, such as internal Web applications, file systems and other applications. From any Web browser, users connect to internal Web sites through a built-in reverse proxy for access to network file shares. Richer support for SSL tunneling is enabled through the Barracuda SSL VPN Agent, a lightweight Java client that supports common remote applications, including Remote Desktop, VNC, NX, SSH and Telnet.
For complete network layer access, the Barracuda SSL VPN includes the Barracuda Network Connector, an installable VPN client for TCP or UDP connectivity. With the Barracuda Network Connector, users gain SSL access to legacy client/server application during a VPN session.
With robust security and auditing features, administrators define custom policies to govern resource access to particular users or groups while tracking user activity. For added security, files uploaded during a VPN session to network file shares or internal Web sites are scanned for viruses and other malware to prevent infections of critical network resources.
Best-of-Breed Access Control
Remote access by nature can be risky exposing network resources across the Internet. However the Barracuda SSL VPN mitigates these risks by tightly controlling user access through a full suite of authentication mechanisms and support for third-party authentication, such as Active Directory or LDAP. Administrators have the option to layering security by enforcing the use of PIN numbers, hardware tokens, client certificates and other forms of secure authentication on top of AD or LDAP.
By restricting usage to internal resources upon presenting the correct credentials and token code, an organization securely manages external access to network resources. The policy-based access control framework integrates into existing AD or LDAP schema to grant users rights and permissions. For added granularity, administrators have the option of setting policy to set and limit network resources by AD or LDAP rights. Once access is granted, the adminstrator monitors resource access from VPN clients by the use of the auditing feature.
Easy to Use
With no software to install and minimal configuration of the firewall, installation of the Barracuda SSL VPN is quick and easy. Once installed, the system administrator uses the intuitive Web user interface for monitoring and maintenance. With Barracuda Energize Updates, the Barracuda SSL VPN is continuously updated with the latest virus and application definitions every hour keeping maintenance at a minimum and eliminating administrative overhead. Updates are provided by Barracuda Central, an advanced 24x7 security operations center that works to continuously monitor and block the latest Internet threats.
Affordable
With no per user fees, the Barracuda SSL VPN is the most affordable enterprise-class SSL VPN solution available.
Link Balancer Key Features
The Barracuda Link Balanceris an affordable and powerful solution for routing and managing traffic across multiple Internet connections.
Designed to scale for high bandwidth requirements and provide business continuity for an organization of any size, the Barracuda Link Balancer optimizes the use of multiple Internet links, such as T1s, T3s, DSL and cable connections from one or multiple Internet service providers. Capable of automatic failover in the event of link failure, the Barracuda Link Balancer helps assure that your network is always connected to the Internet.
Aggregating Link Bandwidth
The Barracuda Link Balancer automatically aggregates Internet bandwidth from multiple connections. Administrators can choose multiple connections to the same or different ISPs for the purposes of consolidating access to affordable Internet bandwidth.
Link Failover
In the event of Internet link failure, the Barracuda Link Balancer automatically sends traffic to an available Internet connections without administrator intervention. During a link failure, Barracuda Link Balancer regularly checks the health of a given connection, assuring fast reconnection when Internet service is restored. By automatically detecting link health and failure, the Barracuda Link Balancer assists administrators by providing a worry-free redundant connectivity to the Internet.
Bandwidth Management and Quality of Service (QoS)
The Barracuda Link Balancer provides administrators with tools to automatically prioritize critical Internet applications. For example, Web browsing and email can be guaranteed bandwidth while peer-to-peer applications and media streaming can be assigned a lower priority. The flexibility to manage priority of Internet usage ensures low-priority bandwidth-intensive applications never interfere with business-critical operations.
Traditional Firewall
Installed at the network perimeter, administrators can deploy the Barracuda Link Balancer as a network firewall to consolidate the management of network security. The Barracuda Link Balancer incorporates firewall functionality, including:
- Network address translation (NAT). NAT allows the Barracuda Link Balancer to isolate internal network traffic from the Internet.
- 1:1 network address translation (NAT). The 1:1 NAT differs by allowing administrators to directly assign external addresses to internal clients. Ideal for hosting internal applications or services requiring regular outbound requests, such as SMTP, 1:1 NAT provides a secure method to facilitate approved traffic.
- Port forwarding. Port forwarding allows the same external addresses used for Internet and WAN bandwidth aggregation to be used for network access. This is designed for administrators to gain access to management interfaces, VPN gateways and terminal servers.
- IP access lists. The use of IP access lists enable administrators to allow or deny access, either inbound or outbound, to remote networks, clients, applications, services and ports.
Local Network Services
Addressing common network needs for the mid-market organization, the Barracuda Link Balancer includes traditional network services.
- DHCP server. The Barracuda Link Balancer automatically assigns client IP addresses using the DHCP protocol. Along with defining traditional DHCP options, administrators view active leases in real time.
- DNS caching server. The Barracuda Link Balancer is configured to query the domain name server systems or proxy DNS requests to your ISP's DNS servers. With DNS caching enabled, frequent DNS requests are served quickly and locally from the Barracuda Link Balancer's internal DNS processes.
SSL VPN Administration
Configuration of the Barracuda SSL VPN is accomplished through a simple Web user interface. All that is required is a Web browser on a system with network access to the Barracuda SSL VPN - there is no software to install or any media to lose.
Once the product is installed on the network, it is a simple process to configure resources, such as file systems and intranet Web sites for secure remote access. In the Barracuda SSL VPN, there are two distinct classes of administrator each with different responsibilities: the appliance administrator and the SSL VPN administrator.
The appliance administrator's responsibility spans network and system management functions from setting the IP address and upgrading firmware to backing up and restoring the system.
The SSL VPN administrator is responsible for configuration of the resources, access control rules and policies as well as the features available to the end users. The SSL VPN administrator also has the ability to delegate certain responsibilities to other users, such as the ability to create or delete Web forwards or network places to allow for the administrative workload to be shared among multiple users.
Resource Creation
Configuring an intranet Web site for remote access is simple by setting it up as a Web forward.
Once configured, the Web forward can be assigned to a policy, making it available for access by users of the Barracuda SSL VPN.
The Web forward can also be configured for single sign-on access by integrating with authentication mechanisms such as Active Directory to pass through the Active Directory credentials of the active user to the intranet Web site.
Standard Deployment
The standard deployment consists of the Barracuda SSL VPN receiving incoming connections on port 443 forwarded from the network firewall. This is the simplest configuration and sets up the Barracuda SSL VPN in minutes.
Deployment in the Demilitarized Zone
An alternative deployment option is placing the Barracuda SSL VPN in the demilitarized zone (DMZ). Deploying in the DMZ requires opening ports on the internal firewall to allow access to services via the Barracuda SSL VPN. An administrator need to open ports 80 or port 443 if it's HTTPS to grant access to the intranet Web site, enabling the Barracuda SSL VPN to act as a secure proxy for the intranet.
SSLVPN Documentation
DataSheets
Guides:
SSL VPN Screenshots
 |
My Account -> My Favorites (Main view)
Displays the user console where applications are configured by the administrator for remote access. |
 |
Resources -> Network Places
Displays how users would conduct a Web-based file transfer. Secure remote access to Windows SMB, SFTP and FTP file systems is available. |
 |
My Account -> My Favorites (Remote Desktop)
Remote desktop to a Windows server. Users can use remote desktop to connect to Microsoft Windows, Linux and Mac OS X operating systems.
|
 |
My Account -> My Favorites (SSH)
Users launch an SSH session using the provided SSH application. |
 |
Basic -> Status
Displays usage statistics. From this page, the administrator can monitor the status
of the appliance in real time. Statistics are provided for logged on users, network utilization and virus detection. |
 |
Access Control -> Policies
Displays the policies used to define the access control framework. Policies bind users and groups of users together with permissions attached to the policies in order to grant access to resources. |
 |
Access Control -> Access Rights
Displays the available access rights. This is where access rights are defined and attached to policies. |
 |
Resources -> Applications (Details)
Displays the configuration of applications. Remote access applications include SSH, SFTP, Remote Desktop, VNC, NX and more. |