It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Campus Barracuda Campus
Barracuda Web Application Firewall
Overview Documentation Training Certification Materials

Azure VMSS Deployment with Consolidated ARM Template

  • Last updated on

Before deploying the Barracuda Web Application Firewall VMSS template for PAYG/BYOL instance, do the following:

Step 1. Create a Resource Group

To create a resource group, perform the following steps:

  1. Log into the Microsoft Azure Portal.
  2. Click Resource groups under Azure services.

    Azure_services.png
  3. In the Resource groups page, click Create and specify values for the following:
    1. Resource group name: Enter a name for the resource group.
    2. Subscription: Select the subscription in which you want to create the resource group.
    3. Resource group location: Select a location for the resource group.
  4. Click Review + create.
  5. Review the resource group details and click Create.
    Create_RG.png

Step 2. Create a Storage Account

Perform the following steps to create a storage account:

  1. Log into the Microsoft Azure Portal.
  2. Click Storage accounts under Azure services.
  3. Click Create.
  4. In the Create storage account page, specify values for the following:
    1. Subscription: Select the subscription in which you want to create the storage account. Note: Ensure that the subscription for the storage account and the resource group are same.
    2. Resource group: Select the resource group created in "Step 1. Create a Resource Group".
    3. Deployment model : Ensure the deployment model is set to Resource Manager.
    4. Storage account name: Enter a name for the storage account.
    5. Location : Select the location for the storage account. Note: Ensure that the location for the storage account and the resource group are same.
    6. Performance : Select the performance tier as required.
    7. Account kind: Select the type of storage account that needs to be created. Default: General purpose
    8. Replication: Select the replication option for the storage account.
    9. Secure transfer required: Select Enabled if you want to transfer the data into or out of storage account. Default: Disabled.
  6. Click Review + create.
  7. Review the storage accounts details and click Create.
    Create_storage_account.png

Step 3. Create and Upload License File

Step 3 must be performed only when you are deploying the Barracuda Web Application Firewall VMSS template BYOL instance.

Perform the following steps to create and upload a license file:

Create a container
  1. Click the storage account that you have created.
  2. Under Properties, click Blob service.
  3. Click + Container..

  4. In the New Container window, specify values for the following:

    1. Name: Enter a name for the container. The container name must be lowercase and must start with a letter or a number. They must contain only letters, numbers, and the dash (-) character.

    2. Public access level: Set the level of public access to the container. The default level is Private (no anonymous access) and it is recommended to use the default level.
  5. Click Create to create the container.
Create a License File

A license file contains licenses that can be used. This file should be created in the valid JSON format and should be saved in the name “barracuda-byol-license-list.json”.

  1. Open Notepad or any text editor. Type the licenses in the format illustrated below.
    image2019-7-11 16:1:1.png

     

    It is recommended that you validate the JSON file using JSONLint or any other online validator before uploading the license file. The created WAF instances might fail during provisioning if the JSON file is not valid.

  2. Save the license file. Note that you save the file with the name "barracuda-byol-license-list.json" as mentioned earlier.
Upload the License File 
  1. To upload a license file, select the container you created.
  2. Click Upload.
  3. In the right pane, click the browse button and select the license file you created.
  4. Click Upload to upload the license file to the container.

Deploying the Barracuda Web Application Firewall for Azure Templates - BYOL

Perform the following steps to deploy the Barracuda Web Application Firewall instance:

  1. Log into the Microsoft Azure Portal.
  2. On the Home page, click Create a resource.

    Create_a_Resource.png
  3. In the Search services and marketplace text box, type and search Barracuda Web Application Firewall for Azure Template.
  4. On the Barracuda Web Application Firewall for Azure Templates page:
    1. Select Barracuda Web Application Firewall VMSS Template (PAYG/BYOL) from the Select a plan drop-down list.
    2. Read the product overview and click Create.

      CloudGen_WAF_for_Azure_Templates.png
  5. In the Create Barracuda Web Application Firewall for Azure Templates page, Basics tab:
    1. Project details
      1. Subscription: Select the subscription from the drop-down list.
      2. Resource group: Create a new resource group, or select a resource group that is empty from the existing Resource group list.
    2. Instance details
      1. Region: Select a region for the Barracuda Web Application Firewall for Azure Template.
      2. Barracuda Web Application Firewall Virtual Machine Scale Set Name: Enter a name for the Barracuda Web Application Firewall.
      3. Password: Enter a password for authentication. This will be your password to access the Barracuda Web Application Firewall web interface.
      4. Confirm Password: Re-enter the password for confirmation.
      5. Billing Method: Select Bring your own License (BYOL) from the drop-down list as your billing method.
      6. Firmware Version: From the drop-down list, select the firmware version on which your instance is deployed.
  6. Click Next Deployment Options.

    Basic_Config.png
  7. In the Create Barracuda Web Application Firewall for Azure Templates page, Deployment Options tab:
    1. Barracuda Web Application Firewall Instance Size: Select a size for the instance.

    2. Storage Account that will be used to store data for this deployment: Create a new storage account, or select a storage account from the existing Storage account list.

      The storage account should be in the same region where the Barracuda Web Application Firewall VMSS instance needs to be deployed.

    3. Virtual network to be created for this deployment: Create a new virtual network, or select a virtual network from the existing Virtual network list in which you want to deploy the Barracuda Web Application Firewall VMSS.
    4. Barracuda Web Application Firewall Subnet: Review the subnet configuration and modify if required.
    5. New Public IP address name: Enter a name for the public IP address associated with the Barracuda Web Application Firewall.
    6. Domain name for accessing the Barracuda Web Application Firewall: Enter the domain for the Barracuda Web Application Firewall.
    7. Boot diagnostics: When Enabled, the bootup debug logs get saved in the specified storage account.

    8. Specify storage account where license file is stored: Enter the name of the storage account where your license file is stored.

      Ensure that the license file is created in the valid JSON format and named as “barracuda-byol-license-list.json”. Refer to Step 3. Create and upload license file ;">to learn more about the license key and how to generate and upload it.

    9. License Storage Account Key: Enter the account key for your storage account. The key is available in the path - "Storage account" > Access keys > Key1, Key2. You are provided with two access keys so that you can maintain connections using one key while regenerating the other.

    10. License Storage Blob Name: Enter the path of the storage Blob where the license file is stored.

      Ensure that the license file is created in the valid JSON format and named as “barracuda-byol-license-list.json”. Refer to Step 3. Create and upload license file to learn more about the license key and how to generate and upload it.

  8. Click Next : Azure Auto scaling Configuration Details.

    DeploymentOptions.png
  9. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure Auto scaling Configuration Details tab:
    1. Instance Count
      1. Initial Instances: Enter the number of instances to be deployed initially to serve the traffic. Default: 2
      2. Maximum Instances: Enter the maximum number of instances to be scaled up to handle the traffic when required. Default: 5

      3. Minimum Instances: Enter the minimum number of instances to be scaled down when the traffic is less. Default: 2

        - Ensure that the Minimum Instances are fewer than or the same number as the Initial Instances.

        - If the Initial Instances value is less than the Minimum Instances value, the deployment of instances will fail.

    2. Scale Up Thresholds
      1. CPU%: Enter the scale up threshold for CPU utilization. Default: 85%
      2. Network In: Enter the scale up threshold for NetworkIn throughput. Default: 9175040
      3. Network Out: Enter the scale up threshold for NetworkOut throughput. Default: 9175040
    3. Scale Down Thresholds
      1. CPU%: Enter the scale down threshold for SPU utilization. Default: 60%
      2. Network In: Enter the scale down threshold for NetworkIn throughput. Default: 5242880
      3. Network Out: Enter the scale down threshold for NetworkOut throughput. Default: 5242880
    4. Notification Email ID(s) in CSV Format: Enter the email address to which the auto scaling event notification emails needs to be sent.
  10. Click Next : Azure API configuration.

    Autoscaling_Config.png
  11. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure API Configuration tab:

  12. Authentication Method: Select the authentication method to authenticate to Azure Active Directory.

    1. Azure AD Credentials
      1. Azure User ID: Enter the user name to authenticate to the Azure Active Directory.
      2. Client ID: Enter the ID of the application in the Azure Active Directory.
      3. Azure User Password: Enter the password associated with user.
      4. Confirm Password: Re-enter the password to confirm.
    2. Azure Service Principal
      1. Client ID: Enter the ID of the application in Azure Active Directory.
      2. Tenant ID: Enter the ID of the Active Directory tenant.
      3. Secret Key: Enter the secret key generated.
      4. Confirm Secret Key: Re-enter the secret key to confirm.
  13. Click Next : Barracuda Web Application Firewall Bootstrap Configuration.
    API_Configuration.png
  14. In the Create Barracuda Web Application Firewall for Azure Templates page, Barracuda Web Application Firewall Bootstrap Configuration tab:
    1. Cluster Shared Secret: Enter a password to be used by the Barracuda Web Application Firewall instances in the VMSS group.
    2. Confirm Shared Secret: Re-type the shared secret password.
    3. Bootstrap Method: Select the method (NONE, BASIC or BACKUP) for bootstrapping.
    4. Basic Bootstrap Configuration
      1. Barracuda Web Application Firewall Service Name: Enter a name for the service that needs to be created on the Barracuda Web Application Firewall instances.
      2. Barracuda Web Application Firewall Service Port: Enter the port number on which the service is listening to.
      3. Backend Servers (IP:PORT): Enter the IP address of the server followed by the port that needs to be protected by the Barracuda Web Application Firewall. Use comma (,) as a separator to specify multiple server IP addresses.
    5. Backup Bootstrap Configuration
      1. Azure Storage Account Name: Enter the name of the storage account.
      2. Azure Storage Account Key: Enter the key of the storage account.
      3. Azure Storage Blob Name: Enter the name of the blob configured in the storage account.
      4. Type of Backup File: Select the appropriate backup file from the drop-down list
      5. Barracuda Web Application Firewall Backup File Name: Enter the name of the backup file that you want to use for bootstrapping the instances.
    6. OMS Workspace Details
      1. OMS Workspace ID: Enter the workspace ID of the OMS server (if any).
      2. OMS Workspace Primary Key: Enter the primary key of the OMS server.
  15. Click Next : Azure Load Balancer Configuration.

    WAF_Bootstrap_Configuration.png
  16. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure Load Balancer Configuration tab:
    1. Health Probe Settings
      1. Protocol: Select TCP or HTTP. Recommended: TCP.
      2. Port: Enter the port to be used when probing the instance.
      3. Interval: Enter the interval time to probe the instance.
      4. Unhealthy threshold: Enter how many attempts can fail before the backend instance is marked as unhealthy.
    2. Load Balancer Rule Settings
      1. Port: Enter the port on which the load balancer is listening.
      2. Backend Port: Enter the port on which the Barracuda Web Application Firewall is listening.
      3. Session Persistence: Select the persistence type.
    3. EULA Acceptance Details
      1. User Name: Enter the username of the user signing the EULA agreement.
      2. Email ID: Enter the email ID of the user signing the EULA agreement.
      3. Company Name: Enter the user's company name.
      4. Domain Name: Enter the domain name for the Barracuda Web Application Firewall VMSS.
  17. Click Next : Review + create.

    Load_Balancer_Configuration.png
  18. In the Create Barracuda Web Application Firewall for Azure Templates page, Review + create tab, verify the values you entered and click Create.

    Review.png

Deploying the Barracuda Web Application Firewall for Azure Templates - PAYG

Perform the following steps to deploy the Barracuda Web Application Firewall instance:

  1. Log into the Microsoft Azure Portal .
  2. On the Home page, click Create a resource.
  3. In the Search services and marketplace text box, type and search Barracuda Web Application Firewall for Azure Templates.
  4. On the Barracuda Web Application Firewall for Azure Templates page:
    1. Select Barracuda Web Application Firewall VMSS Template (PAYG/BYOL) from the Select a plan drop-down list.
    2. Read the product overview and click Create.
  5. In the Barracuda Web Application Firewall for Azure Templates page, Basics tab:
    1. Project details
      1. Subscription : Select the subscription from the drop-down list.
      2. Resource group : Create a new resource group, or select a resource group that is empty from the existing Resource group list.
    2. Instance details
      1. Region: Select a location for the Barracuda Web Application Firewall VMSS.
      2. Barracuda Web Application Firewall Virtual Machine Scale Set Name: Enter a name for the Barracuda Web Application Firewall VMSS.
      3. Password: Enter a password for authentication. This will be your password to access the Barracuda Web Application Firewall web interface.
      4. Confirm Password : Re-enter the password for confirmation.
      5. Billing Method : Select Pay as You Go (Hourly Billing) from the drop-down list as your billing method.
      6. Firmware Version : From the drop-down list, select the firmware version on which your instance is deployed.
  6. Click Next : Deployment Options .

    Basic_Settings.png

  7. In the Create Barracuda Web Application Firewall for Azure Templates page, Deployment Options tab:

    1. Barracuda Web Application Firewall Instance Size : Select a size for the instance.

    2. Storage Account that will be used to store data for this deployment : Create a new storage account or select a storage account from the existing Storage account .

      The storage account should be in the same region where the Barracuda Web Application Firewall VMSS instance needs to be deployed.
    3. Configure virtual networks
      1. Virtual network to be created for this deployment : Create a new virtual network, or select a virtual network from the existing Virtual network list in which you want to deploy the Barracuda Web Application Firewall VMSS.
      2. Subnets : Review the subnet configuration and modify if required.
      3. New Public IP address name: Enter a name for the public IP address associated with the Barracuda Web Application Firewall Firewall VMSS.
      4. Domain name for accessing the Barracuda Web Application Firewall: Enter the domain for the Barracuda Web Application Firewall VMSS.
      5. Boot diagnostics: When Enabled, the bootup debug logs get saved in the specified storage account.
  8. Click Next : Azure Auto scaling Configuration Details.

    Deployment_Options.png

  9. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure Auto Scaling Configuration tab:
    1. Instance Count
      1. Initial Instances: Enter the number of instances to be deployed initially to serve the traffic. Default: 2
      2. Maximum Instances: Enter the maximum number of instances to be scaled up to handle the traffic when required. Default: 5

      3. Minimum Instances: Enter the minimum number of instances to be scaled down when the traffic is less. Default: 2

        - Ensure that the Minimum Instances are few than or the same number as the Initial Instances.

        - If the Initial Instances value is less than the Minimum Instances, the deployment of instances will fail.

      4. Overprovisioning: When set to Enable, the VMSS spins up a greater number of virtual machines than what is required to handle the traffic.

    2. Scale Up Thresholds
      1. CPU%: Enter the scale up threshold for CPU utilization. Default: 85%
      2. Network In: Enter the scale up threshold for NetworkIn throughput. Default: 9175040
      3. Network Out: Enter the scale up threshold for NetworkOut throughput. Default: 9175040
    3. Scale Down Thresholds
      1. CPU%: Enter the scale down threshold for SPU utilization. Default: 60%
      2. Network In: Enter the scale down threshold for NetworkIn throughput. Default: 5242880
      3. Network Out: Enter the scale down threshold for NetworkOut throughput. Default: 5242880
    4. Notification Email ID(s) in CSV Format: Enter the email address to which the auto scaling event notification emails needs to be sent.
  10. Click Next : Azure API configuration.

    Azure_Autoscaling_Config.png
  11. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure API Configuration tab:

    1. Authentication Method: Select the authentication method to authenticate to Azure Active Directory.

      It is recommended to use "Azure Service Principal" as the Authentication Method . The "Azure Active Directory" option may soon be deprecated by Microsoft.

    2. Azure AD Credentials
      1. Azure User ID: Enter the user name to authenticate to the Azure Active Directory.
      2. Client ID: Enter the ID of the application in the Azure Active Directory.
      3. Azure User Password: Enter the password associated with user.
      4. Confirm Password: Re-enter the password to confirm.
    3. Azure Service Principal
      1. Client ID: Enter the ID of the application in Azure Active Directory.
      2. Tenant ID: Enter the ID of the Active Directory tenant.
      3. Azure Secret Key: Enter the secret key generated.
  12. Click Next : Barracuda Web Application Firewall Bootstrap Configuration.

    Azure_API_Config.png
  13. In the Create Barracuda Web Application Firewall for Azure Templates page, Barracuda Web Application Firewall Bootstrap Configuration tab:
    1. Cluster Shared Secret: Enter a password to be used by the Barracuda Web Application Firewall instances in the VMSS group.
    2. Confirm Shared Secret: Re-type the shared secret password.
    3. Bootstrap Method: Select the method (NONE, BASIC or BACKUP) for bootstrapping.
    4. Basic Bootstrap Configuration
      1. Barracuda Web Application Firewall Service Name: Enter a name for the service that needs to be created on the Barracuda Web Application Firewall instances.
      2. Barracuda Web Application Firewall Service Port: Enter the port number on which the service is listening to.
      3. Backend Servers (IP:PORT): Enter the IP address of the server followed by the port that needs to be protected by the Barracuda Web Application Firewall. Use comma (,) as a separator to specify multiple server IP addresses.
    5. Backup Bootstrap Configuration
      1. Azure Storage Account Name: Enter the name of the storage account.
      2. Azure Storage Account Key: Enter the key of the storage account.
      3. Azure Storage Blob Name: Enter the name of the blob configured in the storage account.
      4. Type of Backup file: Select the type of the backup file that you want to use for bootstrapping the instances.
      1. Barracuda Web Application Firewall Backup file Name: Enter the name of the backup file.
    6. OMS Workspace Details
      1. OMS Workspace Primary Key: Enter the primary key of the OMS server.
      2. OMS Workspace Primary Key: Enter the primary key of the OMS server.
  14. Click Next : Azure Load Balancer Configuration.

    CloudGen_WAF_Bootstrap_Config.png
  15. In the Create Barracuda Web Application Firewall for Azure Templates page, Azure Load Balancer Configuration tab:
    1. Health Probe Settings
      1. Protocol: Select TCP or HTTP. Recommended: TCP.
      2. Port: Enter the port to be used when probing the instance.
      3. Interval: Enter the interval time to probe the instance.
      4. Unhealthy threshold: Enter how many attempts can fail before the backend instance is marked as unhealthy.
    2. Load Balancer Rule Settings
      1. Port: Enter the port on which the load balancer is listening.
      2. Backend Port: Enter the port on which the Barracuda Web Application Firewall is listening.
      3. Session Persistence: Select the persistence type.
    3. EULA Acceptance Details
      1. User Name: Enter your user name.
      2. Email ID: Enter your Email address.
      3. Company Name: Enter your company name.
      4. Domain Name: Enter the domain name.
  16. Click Next : Review + create.

    LB_Configuration.png
  17. In the Create Barracuda WAF for Azure Templates page, Review + create tab verify the values you entered and click Create.

    Review_Config.png

Bootstrapping configuration cannot be updated for VMSS deployments after it is launched.