Community

Blog Events Webinars Tutorials Forum
  1. Blog
  2. Events
  3. Webinars
  4. Tutorials
  5. Forum
Create Account
×
Community Blog A Technical Look at Smart Access Gateway 2.0

A Technical Look at Smart Access Gateway 2.0

This article will take a look at the major updates to, and technical capabilities behind, Alibaba Cloud Smart Access Gateway (SAG) 2.0.

By Naiwen

What Is Smart Access Gateway?

Smart Access Gateway (SAG) is a software-defined wide area network (SD-WAN) solution developed by Alibaba Cloud based on cloud-native technologies. SAG provides a more intelligent, reliable, and secure approach for enterprises to migrate their workloads to Alibaba Cloud in an all-in-one manner. The important release of SAG 2.0 makes SAG a comprehensive and complete solution. This article will take a look at the major updates to, and technical capabilities behind, Alibaba Cloud Smart Access Gateway (SAG) 2.0.

One Cloud for Multiple Terminals and Internet of Everything: New SAG APP and SAG-vCPE

Alibaba Cloud provides a variety of product forms to support cloud migration in various scenarios. SAG APP was released in SAG 2.0 to enable terminals that run various operating systems to access the cloud. In addition, SAG-vCPE was released in SAG 2.0 to allow third-party cloud resources to access Alibaba Cloud through virtual machines (VMs) or container environments. This release also adds software images and terminal access capabilities, forming a complete cloud access solution.

1

The following table lists the SAG lineup.

2

ZTP Installation and Deployment Enabled by Built-in 4G

All SAG 2.0 devices are equipped with 4G modules and 4G cards, enabling plug-and-play 4G access to the cloud, so that local ZTPs can be uniformly and remotely configured and managed on the cloud. If the local broadband line fails, the 4G line can also be used for configuration, management, and troubleshooting.

With unified monitoring and management on the cloud, the global vision allows you to easily manage a massive number of terminal devices.

3

SAG 2.0 supports remote port allocation, flexible networking and switchover at any time among dedicated lines, broadband, and 4G, and remote switchover at any time between one-arm and inline networking modes.

4

All configurations are sent from the cloud console, so that offline SAG devices are managed like virtual private clouds (VPCs), Elastic Compute Service (ECS) instances, and other cloud resources on the cloud.

5

Richer Network Access Resources

SAG has a cloud-based integrated architecture that combines the cloud, network, and terminal together. It takes the cloud network as the core and focuses on intelligent hardware and software terminals. The richer the network access resources, the better the customers' network experience. With the release of SAG 2.0, 16 new access points are added in China, and seven new access points are added outside China. Therefore, the total number of access points exceeds 40 in China and 10 outside China.

6

Network Optimization

The in-house encryption protocol optimizes the network performance of UDP-based applications.

For ordinary VPN protocols, UDP-based applications often loses packets or encounters increased delay because the Internet usually limits the speed of UDP packets. Security devices including firewalls also intercept IPsec packets from UDP 500 and 4500 ports, resulting in packet loss. SAG 2.0 adopts an in-house encryption tunnel protocol to support TCP camouflage, which effectively reduces the packet loss rate and delay of UDP-based applications and improves network quality. In addition, TCP and UDP encapsulation protocols switch over automatically, effectively improving the escape capability.

As shown in the following figure, the packet loss rate is 5% when the common VPN protocol is used. However, packets are not lost when the in-house encryption tunnel protocol and TCP encapsulation are used.

7

Forward error correction (FEC) is used to optimize network quality in weak network environments.

Real-time application scenarios such as video conference require high network performance. A video may be stuck if the packet loss rate is higher than 5%, and will be interrupted and thus become unavailable if the packet loss rate is higher than 15%. SAG optimizes the network quality in weak network environments. It can guarantee the video conference quality even if the packet loss rate reaches 15%.

If SAG is not adopted, the video is interrupted and unavailable when the packet loss rate reaches 15%.

8

The video becomes normal after SAG is adopted.

9

Implementing decryption

The FEC function caches messages and segments them according to a specified size. After the required number of packets arrive, the FEC function calculates redundant packets according to the redundancy ratio, and then sends the calculated packets and redundant packets to the receiving end. Upon receipt of a message, the receiving end decodes the message based on a specified algorithm, and makes redundancy compensation. The original packet can be recovered if the number of lost packets does not exceed that of redundant packets.

The following figure shows the process.

10

Highly Reliable and More Flexible Hybrid Networking and Backup Modes

SAG 2.0 supports hybrid networking of dedicated lines, broadband, and 4G. This lowers networking barriers for enterprises, saves their costs, and improves the efficiency of network construction. SAG 2.0 supports more flexible networking modes. For example, it supports highly reliable connection to the headquarters over three backup lines: dedicated line, broadband, and 4G. In addition, it supports flexible connection to branches through dual-operator broadband and 4G backup.

11

Centralized DNS Management and No Need for Client Configuration to Accelerate Application Access within Enterprises

SAG 2.0 supports the DNS unified push function. On the centralized DNS server, you can modify clients' DNS configurations in a unified manner. Without any client configurations, all employees can access the applications within your enterprise more securely and quickly, such as Office 365 and internal video conference applications like Webex.

12

To learn more about Smart Access Gateway, visit https://www.alibabacloud.com/product/smart-access-gateway

Hybrid Cloud Networking Cloud Enterprise Network SD-WAN Smart Access Gateway Multi-Region Deployment Hybrid Networking
0 0 0
Share on

Read previous post:

Apsara Cloud Network Platform: The Technology of Application Load Balancer (ALB)

Read next post:

Alibaba Cloud Enhanced NAT Gateway Roll Out

AlibabaCloud_Network

19 posts | 11 followers

You may also like

Comments

AlibabaCloud_Network

19 posts | 11 followers

Related Products

More Posts by AlibabaCloud_Network

See All