CloudBridge Relay: Technologies and Prospects

Image of CloudBridge Relay: Technologies and Prospects

CloudBridge Relay: Technologies and Prospects

CloudBridge Relay is conceived as a cloud-based, API-oriented platform for secure TCP traffic tunneling in the Zero Trust paradigm. While based on SoftEther VPN principles, its reimagining allows us to go far beyond the classic “virtual private channel” and approach a next-generation flexible access infrastructure.

1. What We Take from SoftEther - and Where We’re Heading

SoftEther Principle How It Works Today What’s Planned in CloudBridge Relay
Ethernet Frame Encapsulation over TLS/HTTPS Single TLS tunnel, up to 32 parallel TCP streams, DPI/NAT bypass Asynchronous TLS sessions, zero-copy buffering, dynamic stream routing - higher performance, lower latency
ICMP/DNS Fallback Switching when TCP/UDP is blocked “Light” auto-fallback in strict filter mode, extended coverage area
VNet via Virtual Ethernet Bridge + L3 Routing Requires manual configuration Integrated IP router: each agent assigned an IP, network and ACL management - via UI/API
TLS 1.3, PFS Security ChaCha20-Poly1305, perfect forward secrecy Optional mTLS and JWT authorization for fine-grained RBAC
JSON-RPC API Console-oriented management Full REST / JSON-RPC / WebSocket stack, tailored for CI/CD and IaC
Horizontal Scaling Manual node deployment Clusters with load balancing and geo-distribution, Go/Rust implementation with multicore-TLS

2. Intelligent Security of the Future

CloudBridge Relay evolves not just as a transport, but as a traffic guardian:

  • ML Engine UEBA Builds profiles based on geolocation, User-Agent, time patterns. Anomalies are flagged and sent for automated response.
  • Keycloak IAM + MFA Centralized identification and administrative zone segmentation.
  • Real-time Threat Monitoring Clusters, hubs, and key metrics collected in “single pane of glass” mode.

3. MVP Architecture


┌─────────────┐
│ Client /    │  TLS over
│Relay Agent ─┼─────────┐
└─────────────┘          │
      TCP-multiplex      │
                          ▼
                 ┌────────────────┐
                 │  Relay Server  │
                 │ • TLS Termination
                 │ • IP Routing (VNet)
                 │ • JSON-RPC API
                 │ • ML Engine & ACL
                 └────────────────┘
                          │
        Internal cluster  │    Heartbeat / Syslog
         communication    ▼
                 ┌────────────────┐
                 │  Dashboard UI  │
                 │ • Tunnel Mgmt  │
                 │ • VNet View    │
                 │ • Threat Alerts│
                 └────────────────┘
                          │
             REST / WebSocket API
                          │
                       Backend
                          ▼
                 ┌────────────────┐
                 │  Django + DB   │
                 │ • Users        │
                 │ • Servers      │
                 │ • VNet, ACL    │
                 └────────────────┘
  • Agents (Go/Rust) - establish TLS channel, multiplex streams, transmit heartbeat.
  • Relay Server - terminates TLS, routes packets within VNet, stores logs and ML features.
  • Dashboard - React-SPA, displays real-time statistics.
  • Backend (Django) - stores entities, issues JWT, serves REST/WebSocket.

4. API Examples

Create Tunnel


POST /api/v1/tunnels
Content-Type: application/json

{
  "server_id": "5f2a-…-c431",
  "ports": [22, 3389],
  "vnet_id": "a17d-…-1b22"
}

Response:


{
  "tunnel_id": "6b3d-…-e9af",
  "endpoint": "relay.example.com:443",
  "agent_token": "eyJhbGciOiJIUzI1NiIs..."
}

Tunnel Status


GET /api/v1/tunnels/{tunnel_id}/status


{
  "status": "active",
  "bytes_in": 102400,
  "bytes_out": 204800,
  "uptime": 3600
}

Agent Heartbeat


{
  "type": "heartbeat",
  "tunnel_id": "6b3d-…-e9af",
  "stats": {
    "bytes_in": 102400,
    "bytes_out": 204800,
    "client_ip": "10.12.0.2",
    "timestamp": "2025-06-18T12:00:00Z"
  }
}

VNet Management


POST /api/v1/vnets
{ "name": "office-net", "cidr": "10.12.0.0/24" }

POST /api/v1/vnets/{vnet_id}/members
{ "server_id": "5f2a-…-c431", "ip": "10.12.0.4" }

5. MVP Roadmap

Phase Timeline Key Milestones
MVP Release Q3 2025 TLS tunnels, JSON-RPC, basic UI, JWT, heartbeat
VNet & ACL Q4 2025 Virtual subnets, ACL, RDP/SSH tunneling
Firewall-fallback Q1 2026 HTTPS/ICMP/DNS tunnel under blocking conditions
ML Modules Q2 2026 Behavioral feature collection, anomaly classification
IAM Integration Q3 2026 Keycloak, MFA, RBAC UI
Geo-clusters Q4 2026 Distributed clusters, SLA tools

6. Key Advantages

  1. Adaptive Tunnel - resilient to NAT, DPI, and strict filters.
  2. Centralized IP Router with manageable ACLs.
  3. ML Behavior Analytics in real-time.
  4. Cloud Zero Trust Infrastructure with “click-to-scale” capability.

Conclusion

CloudBridge Relay is forming as an ecosystem for companies that value:

  • simplicity in deploying secure tunnels without VPN clients;
  • transparent access management through API and UI;
  • built-in threat analysis with instant response.

Ready to share detailed technical schematics, extended API examples, and discuss the MVP architecture - just let us know!