We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Web Application Firewall

Azure VMSS Deployment with Consolidated ARM Template

  • Last updated on

Before proceeding with deploying the Barracuda CloudGen WAF VMSS template for PAYG/BYOL instance, do the following:

Step 1. Create a Resource Group

To create a resource group, perform the following steps:

  1. Log into the Microsoft Azure Portal.
  2. Click Resource groups in the left panel.

    Resource_Group.png
  3. In the Resource groups page, click Add and specify values for the following:
    1. Resource group name: Enter a name for the resource group.
    2. Subscription: Select the subscription in which you want to create the resource group.
    3. Resource group location: Select a location for the resource group.
    4. Click Create.
      Createresourcegrp.png

Step 2. Create a Storage Account

Perform the following steps to create a storage account:

  1. Log into the Microsoft Azure Portal.
  2. Click Storage accounts in the left panel.
  3. Click Add
  4. In the Create storage account page:
    1. Subscription: Select the subscription in which you want to create the storage account. Note: Ensure that the subscription for the storage account and the resource group is same.
    2. Resource group: Select the resource group created in Step 1. Create a Resource Group.
    3. Deployment model: Ensure the deployment model is set to Resource Manager.
    4. Storage account name: Enter a name for the storage account.
    5. Location: Select the location for the storage account. Note: Ensure that the location for the storage account and the resource group is same.
    6. Performance: Select the performance tier as required.
    7. Account kind: Select the type of storage account that needs to be created. Default: General purpose
    8. Replication: Select the replication option for the storage account.
    9. Secure transfer required: Select Enabled if you want to transfer the data into or out of storage account. Default: Disabled.
    10. Click Create.
      createaccount.png

Step 3. Create and upload license file

Step 3 must be performed only when you are deploying the Barracuda CloudGen WAF VMSS template BYOL instance.

Perform the following steps to create and upload a license file:

Create a container
  1. Click the storage account that you have created.
  2. Click Blobs.
  3. Click +Container under Blob service.
  4. Name: Enter a name for the container. The container name must be lowercase and must start with a letter or a number. They must contain only letters, numbers, and the dash (-) character.

  5. Public access level: Set the level of public access to the container. The default level is Private (no anonymous access) and it is recommended to use the default level.
  6. Click OK to create the container.
Create a License file

A license file contains licenses that can be used. This file should be created in the valid JSON format and should be saved in the name “barracuda-byol-license-list.json”.

  1. Open notepad or any text editor. Type the licenses in the format illustrated below.
    image2019-7-11 16:1:1.png

     

    It is recommended that you validate the JSON file using JSONLint or any other online validator before uploading the license file. The created WAF instances might fail during provisioning if the JSON file is not valid.

  2. Save the license file. Note that you save the file with the name "barracuda-byol-license-list.json" as mentioned earlier.
Upload the license file 
  1. To upload a license file, select the container you created.
  2. Click Upload.
  3. In the right pane, click the browse button and then select the license file you created.
  4. Click Upload to upload the license file to the container.

Deploying the Barracuda CloudGen WAF VMSS - PAYG

Perform the following steps to deploy the Barracuda CloudGen WAF VMSS instance:

  1. Log into the Microsoft Azure Portal.
  2. Click Marketplace at the bottom of the screen.
  3. In the Everything page, type Barracuda CloudGen WAF VMSS Template in the Search text field.
  4. In the search results, select Barracuda CloudGen WAF VMSS Template (PAYG/BYOL).
    1VMSSTempSelection.png
  5. In the Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) page:
    1. Read the product overview.
    2. Click Create.
      2CreatePage.png
  6. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 1 Basics page:
    1. Barracuda CloudGen WAF VMSS Set Name: Enter a name for the Barracuda CloudGen WAF VMSS.
    2. Password: Enter a password for authentication. This will be your password to access the Barracuda CloudGen WAF web interface.
    3. Confirm Password: Re-enter the password for confirmation.
    4. Billing Method: Select Pay as You Go (Hourly Billing) form the drop-down list as your billing method.
    5. Firmware Version: From the drop-down list, select the firmware version on which your instance is deployed.
    6. Subscription: Select the subscription from the drop-down list.
    7. Resource group: Create a new resource group or select a resource group that is empty from the existing Resource group list.
    8. Location: Select a location for the Barracuda CloudGen WAF VMSS.
    9. Click OK.
      3Basics.png
  7. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 2 Deployment Options page:
    1. Barracuda CloudGen WAF Instance Size: Select a size for the instance.
    2. Storage Account: Create a new storage account or select a storage account from the existing Storage account list.

      The storage account should be in the same region where the Barracuda CloudGen WAF VMSS instance needs to be deployed.

    3. Virtual network: Create a new virtual network, or select a virtual network from the existing Virtual network list in which you want to deploy the Barracuda CloudGen WAF VMSS.
    4. Subnets: Review the subnet configuration and modify if required.
    5. New Public IP address name: Enter a name for the public IP address associated with the Barracuda CloudGen WAF VMSS.
    6. Domain name for accessing the Barracuda CloudGen WAF: Enter the domain for the Barracuda CloudGen WAF VMSS.
    7. Boot diagnostics: When Enabled, the boot up debug logs gets saved in the specified storage account.
    8. Click OK.
      4DeploymentOptions.png
  8. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 3 Azure Auto scaling Configuration page:
    1. Instance Count
      1. Initial Instances: Enter the number of instances to be deployed initially to serve the traffic. Default: 2
      2. Maximum Instances: Enter the maximum number of instances to be scaled up to handle the traffic when required. Default: 5
      3. Minimum Instances: Enter the minimum number of instances to be scaled down when the traffic less. Default: 2

        - Ensure that the Minimum Instances are lesser than or same as the Initial Instances.

        - If the Initial Instances value is less than the Minimum Instances, the deployment of instances will fail.

      4. Overprovisioning: When set to Enable, the VMSS spins up more number of virtual machines than what is required to handle the traffic.

    2. Scale Up Thresholds
      1. CPU%: Enter the scale up threshold for CPU utilization. Default: 85%
      2. Network In: Enter the scale up threshold for NetworkIn throughput. Default: 9175040
      3. Network Out: Enter the scale up threshold for NetworkOut throughput. Default: 9175040
    3. Scale Down Thresholds
      1. CPU%: Enter the scale down threshold for SPU utilization. Default: 60%
      2. Network In: Enter the scale down threshold for NetworkIn throughput. Default: 5242880
      3. Network Out: Enter the scale down threshold for NetworkOut throughput. Default: 5242880
    4. Notification Email ID(s) in CSV Format: Enter the email address to which the auto scaling event notification emails needs to be sent.
    5. Click OK.
      5AutoScale.png
  9. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 4 Azure API Configuration page:
  10. Authentication Method: Select the authentication method to authenticate to Azure Active Directory (AAD).
    1. Azure AD Credentials
      1. Azure User ID: Enter the user name to authenticate to the AAD.
      2. Azure User Password: Enter the password associated with user.
      3. Confirm Password: Re-enter the password to confirm.
    2. Azure Service Principal
      1. Client ID: Enter the ID of the application in AAD.
      2. Tenant ID: Enter the ID of the Active Directory tenant.
      3. Secret Key: Enter the secret key generated.
      4. Confirm Secret Key: Reenter the secret key to confirm.
    3. Click OK.
      6AzureAPIConf.png
  11. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 5 Barracuda CloudGen WAF Bootstrap Settings page.
    1. Cluster Shared Secret: Enter a password to be used by the Barracuda CloudGen WAF instances in the VMSS group.
    2. Confirm Shared Secret: Re-type the shared secret password.
    3. Bootstrap Method: Select the method (NONE, BASIC or BACKUP) for bootstrapping.
    4. Basic Bootstrap Configuration
      1. WAF Service Name: Enter a name for the service that needs to be created on the Barracuda CloudGen WAF instances.
      2. WAF Service Port: Enter the port number on which the service is listening to.
      3. Backend Servers (IP:PORT): Enter the IP address of the server followed by the port that needs to be protected by the Barracuda CloudGen WAF. Use comma (,) as a separator to specify multiple server IP addresses.
    5. Backup Bootstrap Configuration
      1. Azure Storage Account Name: Enter the name of the storage account.
      2. Azure Storage Account Key: Enter the key of the storage account.
      3. Azure Storage Blob Name: Enter the name of the blob configured in the storage account.
      4. Type of Backup File: Select the appropriate backup file from the drop-down list
      5. Barracuda CloudGen WAF Backup File Name: Enter the name of the backup file that you want to use for bootstrapping the instances.
    6. OMS Workspace Details
      1. OMS Workspace ID: Enter the workspace ID of the OMS server (if any).
      2. OMS Workspace Primary Key: Enter the primary key of the OMS server.
    7. Click OK.

      7WAFBootstrapping.png
  12. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 6 Azure Load Balancer Configuration page:
    1. Health Probe Settings
      1. Protocol: Select TCP or HTTP. It is recommended to use the TCP protocol.
      2. Port: Enter the port to be used when probing the instance.
      3. Interval: Enter the interval time to probe the instance.
      4. Unhealthy threshold: Enter how many attempts can fail before the backend instance is marked as unhealthy.
    2. Load Balancer Rule Settings
      1. Port: Enter the port on which the load balancer is listening.
      2. Backend Port: Enter the port on which the Barracuda CloudGen WAF is listening.
      3. Session Persistence: Select the persistence type.
    3. EULA Acceptance Details
      1. User Name: Enter the username of the user signing the EULA agreement.
      2. Email ID: Enter the Email ID of the user signing the EULA agreement.
      3. Company Name: Enter the user's company name.
      4. Domain Name: Enter the domain name for the Barracuda CloudGen WAF VMSS.
    4. Click OK.
      8AzureLoadBalancer.png
  13. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 7 Summary page, verify the values you entered and click OK.

    9Summary.png
  14. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 8 Buy page, read the Terms of use | privacy policy and click Create.

    10buy.png

Deploying the Barracuda CloudGen WAF VMSS - BYOL

Perform the following steps to deploy the Barracuda CloudGen WAF VMSS instance:

  1. Log into the Microsoft Azure Portal .
  2. Click Marketplace at the bottom of the screen.
  3. In the Everything page, type Barracuda CloudGen WAF VMSS Template in the Search box.
  4. In the search results, select Barracuda CloudGen WAF VMSS Template (PAYG/BYOL).
  5. In the Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) page,
    1. Read the product overview.
    2. Click Create.
  6. In the Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 1 Basics page,
    1. Barracuda CloudGen WAF Virtual Machine Scale Set Name: Enter a name for the Barracuda CloudGen WAF VMSS.
    2. Password: Enter a password for authentication. This will be your password to access the Barracuda CloudGen WAF web interface.
    3. Confirm Password : Re-enter the password for confirmation.
    4. Billing Method : Select Bring your own License (BYOL) form the drop-down list as your billing method.
    5. Firmware Version : From the drop-down list, select the firmware version on which your instance is deployed.
    6. Subscription : Select the subscription from the drop-down list.
    7. Resource group : Create a new resource group or select a resource group that is empty from the existing Resource group list.
    8. Location : Select a location for the Barracuda CloudGen WAF VMSS.
    9. Click OK .
      1Basics_BYOL.png
  7. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 2 Deployment Options page:

    1. Barracuda CloudGen WAF Instance Size : Select a size for the instance.
    2. Storage Account : Create a new storage account or select a storage account from the existing Storage account

      The storage account should be in the same region where the Barracuda CloudGen WAF VMSS instance needs to be deployed.
    3. Virtual network : Create a new virtual network, or select a virtual network from the existing Virtual network list in which you want to deploy the Barracuda CloudGen WAF VMSS.
    4. Subnets : Review the subnet configuration and modify if required.
    5. New Public IP address name: Enter a name for the public IP address associated with the Barracuda CloudGen WAF Firewall VMSS.
    6. Domain name for accessing the Barracuda CloudGen WAF: Enter the domain for the Barracuda CloudGen WAF VMSS.
    7. Boot diagnostics: When Enabled, the boot up debug logs gets saved in the specified storage account.
    8. Specify storage account where license file is stored: Enter the name of the storage account where your license file is store.

      Ensure that the license file is created in the valid JSON format and named as “barracuda-byol-license-list.json”. Refer to Step 3. Create and upload license file to know more about the license key and how to generate and upload them.

    9. License Storage Account Key: Enter the account key for your storage account. The key is available in the path - "Storage account" > Access keys > Key1, Key2. You are provided with two access keys so that you can maintain connections using one key while regenerating the other.
    10. License Storage Blob Name: Enter the path of the storage Blob where the license file is stored.

      Ensure that the license file is created in the valid JSON format and named as “barracuda-byol-license-list.json”. Refer to Step 3. Create and upload license file to know more about the license key and how to generate and upload them.
    11. License Storage Account Key: Enter the account key for your storage account. The key is available in the path - "Storage account" > Access keys > Key1, Key2. You are provided with two access keys so that you can maintain connections using one key while regenerating the other. 
    12. License Storage Blob Name: Enter the path of the storage Blob where the license file is stored. 
    13. Click OK.
      2DeploymentOptions_BYOL.png
  8. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 3 Azure Auto Scaling Configuration page,
    1. Instance Count
      1. Initial Instances: Enter the number of instances to be deployed initially to serve the traffic. Default: 2
      2. Maximum Instances: Enter the maximum number of instances to be scaled up to handle the traffic when required. Default: 5
      3. Minimum Instances: Enter the minimum number of instances to be scaled down when the traffic less. Default: 2

        - Ensure that the Minimum Instances are lesser than or same as the Initial Instances.

        - If the Initial Instances value is less than the Minimum Instances, the deployment of instances will fail.

      4. Overprovisioning: When set to Enable, the VMSS spins up more number of virtual machines than what is required to handle the traffic.

    2. Scale Up Thresholds
      1. CPU%: Enter the scale up threshold for CPU utilization. Default: 85%
      2. Network In: Enter the scale up threshold for NetworkIn throughput. Default: 9175040
      3. Network Out: Enter the scale up threshold for NetworkOut throughput. Default: 9175040
    3. Scale Down Thresholds
      1. CPU%: Enter the scale down threshold for SPU utilization. Default: 60%
      2. Network In: Enter the scale down threshold for NetworkIn throughput. Default: 5242880
      3. Network Out: Enter the scale down threshold for NetworkOut throughput. Default: 5242880
    4. Notification Email ID(s) in CSV Format: Enter the email address to which the auto scaling event notification emails needs to be sent.
    5. Click OK.
      3autoscaling.png
  9. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 4 Azure API Configuration page,
    1. Authentication Method: Select the authentication method to authenticate to Azure Active Directory (AAD).
    2. Azure AD Credentials
      1. Azure User ID: Enter the user name to authenticate to the AAD.
      2. Azure User Password: Enter the password associated with user.
      3. Confirm Password: Re-enter the password to confirm.
    3. Azure Service Principal
      1. Client ID: Enter the ID of the application in AAD.
      2. Tenant ID: Enter the ID of the Active Directory tenant.
      3. Azure Secret Key: Enter the secret key generated.
    4. Click OK.
      6AzureAPIConf.png
  10. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 5 Barracuda CloudGen WAF Bootstrap Configuration page,
    1. Cluster Shared Secret: Enter a password to be used by the Barracuda CloudGen WAF instances in the VMSS group.
    2. Confirm Shared Secret: Re-type the shared secret password.
    3. Bootstrap Method: Select the method (NONE, BASIC or BACKUP) for bootstrapping.
    4. Basic Bootstrap Configuration
      1. WAF Service Name: Enter a name for the service that needs to be created on the Barracuda CloudGen WAF instances.
      2. WAF Service Port: Enter the port number on which the service is listening to.
      3. Backend Servers (IP:PORT): Enter the IP address of the server followed by the port that needs to be protected by the Barracuda CloudGen WAF. Use comma (,) as a separator to specify multiple server IP addresses.
    5. Backup Bootstrap Configuration
      1. Azure Storage Account Name: Enter the name of the storage account.
      2. Azure Storage Account Key: Enter the key of the storage account.
      3. Azure Storage Blob Name: Enter the name of the blob configured in the storage account.
      4. Type of Backup file: Select the type of the backup file that you want to use for bootstrapping the instances.
      1. Barracuda CloudGen WAF Backup file Name: Enter the name of the backup file.
    6. OMS Workspace Details
      1. OMS Workspace Primary Key: Enter the primary key of the OMS server.
      2. OMS Workspace Primary Key: Enter the primary key of the OMS server.
    7. Click OK.
      7WAFBootstrapping.png
  11. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 6 Azure Load Balancer Configuration page.
    1. Health Probe Settings
      1. Protocol: Select TCP or HTTP. It is recommended to use the TCP protocol.
      2. Port: Enter the port to be used when probing the instance.
      3. Interval: Enter the interval time to probe the instance.
      4. Unhealthy threshold: Enter how many attempts can fail before the backend instance is marked as unhealthy.
    2. Load Balancer Rule Settings
      1. Port: Enter the port on which the load balancer is listening.
      2. Backend Port: Enter the port on which the Barracuda CloudGen WAF is listening.
      3. Session Persistence: Select the persistence type.
    3. EULA Acceptance Details
      1. User Name: Enter your user name.
      2. Email ID: Enter your Email address.
      3. Company Name: Enter your company name.
      4. Domain Name: Enter the domain name.
    4. Click OK.
      8AzureLoadBalancer.png
  12. In the Create Barracuda WAF VMSS Template - BYOL > 7 Summary page, verify the values you entered and click OK.
  13. In the Create Barracuda CloudGen WAF VMSS Template (PAYG/BYOL) > 8 Buy page, read the Terms of use | privacy policy and click Create.

 

Last updated on