WireGuard for the Enterprise

For those who follow all things networking, or keep tabs on the evolution of Linux, the word WireGuard can elicit feelings of excitement and curiosity.

For those who don’t geek out on such things, you may not be as familiar with the word.

Wireguard is a new approach to VPN technology. After years of frustration with OpenVPN / IPSec technology, WireGuard started out as a project to completely rewrite the VPN protocol, focused on simplicity, auditability and of course security.

While the project has been in the works since roughly 2016, it was recently released as a v1.0 into the kernel of Linux 5.6. This means that every updated Linux appliance will now natively contain a highly performant and secure networking tool. Variants of Linux are quickly moving to adopt it as well with Ubuntu planning a long-term support (LTS) release soon and other platforms working in parallel to do the same.

But just because this will now come baked-in to operating systems, don’t get fooled into thinking that this is some second class solution, akin to an integrated video card for gaming (apologies to the Intel integrated GPU team). 

To the contrary, it is actually a step function greater in simplicity and security than its IPSec predecessor. When asked about WireGuard, Linux-founder Linus Torvalds was quoted as saying, “…compared to the horrors that are OpenVPN and IPSec, it’s a work of art.”

And while it’s homebase is Linux, WireGuard is designed to be a VPN for everything from IoT devices to supercomputers and has cross-platform support for MacOS, Windows, Android and iOS.

While the future looks bright for WireGuard, its wide-spread adoption is still in its infancy due to its official release being only about a month ago.

As of today, consumer adoptions are far ahead of enterprise, but this will no doubt evolve quickly. While enterprise adoption of new technologies will usually lag behind consumers, there are also specific reasons why enterprises may be waiting. Namely, the fact that enterprises need management features that are not supported by the protocol itself. That is what makes today’s blog important.

WireGuard for the Enterprise

As a connectivity platform that focuses on connecting centralized applications to remote systems, Trustgrid has been dedicated to building fabrics of connectivity with integrated deployment, management and support tooling.

After deploying more than 1800 Trustgrid endpoints, we have added the management of WireGuard endpoints into our platform.

This integration provides the enterprise-needed features such as:

  • Zero Trust network access (ZTNA) for remote users through Wireguard
  • Single pane of glass visibility of all endpoints (both WireGuard and non-WireGuard)
  • Automated configuration and updating of all endpoints
  • Distribution and management of all public keys
  • Real-time monitoring of traffic flows across the whole hybrid cloud environment
  • Ability to build SOC 2 Type II compliant networks utilizing WireGuard endpoints
  • Advanced network address translation options to create virtual networks
  • Logging of all access and status changes to connected devices

And because WireGuard is supported across multiple platforms, it allows Trustgrid to act as the central authority for a distributed network. It can also act as a ‘no-software’ install option to connect and manage remote sites using the Trustgrid management portal.

Not only does this make WireGuard a quick and inexpensive way to enable connectivity between hybrid, heterogeneous environments using the Trustgrid Connect networking platform, but when used on end-user devices WireGuard becomes a viable solution for remote users with Trustgrid Remote Access.

As this new connectivity solution evolves, we are proud to play a part in enabling WireGuard for the enterprise.