Upload
philippe-michiels
View
48
Download
0
Embed Size (px)
Citation preview
Accelerating Your Journey to a Safe CloudBarracuda Security Solutions for Microsoft Azure
+
Today’s Discussion
It’s all about securing workloads in Microsoft Azure
• Moving applications to the cloud• Building out data center capacity• The logistics of remote connectivity of workloads in the cloud• How to ensure security across common scenarios
You define controls and security IN the Cloud
Your company
Customer’s Responsibility in a Shared Security Model
Azure takes care of the SecurityOF the Cloud
Azure Platform
Physical Infrastructure
Network Infrastructure
Virtualization Layer
Customer Applications & Content
Network Security
Identity & Access Control
Operating Systems / Platform
Data Encryption
Barracuda Web Application Firewall
Complete Application Protection
Outbound InspectionInbound Inspection
Comprehensive Application SecurityOWASP Top-10 AttacksApplication DDOS
Proactive DefenseGeo-IP ControlApplication Cloaking
Data Loss PreventionCredit Card Numbers
Social Security NumberCustom Patterns
Authentication & Access
Control
Logging &
Reporting
Azure AD IntegrationAzure Active Directory integration for identity
and access management for the cloud
Application SecurityProtecting custom apps from SQL injection, cross-site scripting, application distributed denial-of-service (DDoS)
Load BalancingLoad balancing with persistence for highly secure and scalable application infrastructure
Data Loss PreventionInspecting all inbound traffic for attacks and outbound traffic for sensitive data
ADFSMicrosoft Active Directory Federation Services (ADFS) can provide security as well as pre-authentication
Most Common Use Cases
Dynamic Scaling in AzureProtect Multiple Applications with Single Cluster of WAFs
Barracuda NextGen Firewall F
Multi-Tier ArchitectureBuild secure multi-tier architecture in Azure to keep a level of segregation between tiers
VPN TunnelsUnlimited site-to-site VPN tunnels with SD-WAN functionality to connect and optimize networks protected byF-Series Firewalls
Traffic ControlInbound/outbound traffic control while providing IPS/IDS functionality and control traffic based on application, URL, AV, user
Access to ResourcesAccess to resources in Azure (unlimited client-to-site VPN, SSL VPN)
ExpressRouteVisibility and control on all traffic coming across the ExpressRoute connection
Most Common Use Cases
Real Life Use Cases
Agriculture services - NL• Customer wants to deploy different services into Azure in
different zones with different levels of risk• Users come from outside and inside the corporate network• Need logging, visibility and centralized control
Agriculture services - NL
Deployed NGFW to secure communications from HQ
• Customer wants to deploy different services into Azure in different zones with different levels of risk
• Users come from outside and inside the corporate network• Need logging, visibility and centralized control
Agriculture services - NL
Deployed NGFW to secure communications from HQDeployed WAF in Azure to secure apps & NGFW to
separate zones
• Customer wants to deploy different services into Azure in different zones with different levels of risk
• Users come from outside and inside the corporate network• Need logging, visibility and centralized control
Agriculture services - NL
Deployed NGFW to secure communications from HQDeployed WAF in Azure to secure apps & NGFW to
separate zonesCREATE A DMZ IN AZURE
• Customer wants to deploy different services into Azure in different zones with different levels of risk
• Users come from outside and inside the corporate network• Need logging, visibility and centralized control
Agriculture services - NL
WAF Tier Red Tier Orange Tier
FW Tier
Green Tier
VNET
Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-
sign-on)• Concerned about security of AD credentials
Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-
sign-on)• Concerned about security of AD credentials
Secured ADFS in Azure with WAF
Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-
sign-on)• Concerned about security of AD credentials
Secured ADFS in Azure with WAFand connectivity with NextGen F-Series
Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-
sign-on)• Concerned about security of AD credentials
ACCELERATE OFFICE 365 MIGRATION
Secured ADFS in Azure with WAF and connectivity with NextGen F-Series
Food ingredient manufacturer - BE
WAF Tier ADFS Tier
FW Tier
DC Tier
VNET
DC Tier
Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop
Services systems• Secure remote access to the Remote Desktop Services
Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop
Services systems• Secure remote access to the Remote Desktop Services
Outbound Filtering with NGFW
Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop
Services systems• Secure remote access to the Remote Desktop Services
Outbound Filtering with NGFWSecure publishing of RDS using WAF
Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop
Services systems• Secure remote access to the Remote Desktop Services
Outbound Filtering with NGFWSecure publishing of RDS using WAF
Traffic inspection
Health Insurance - NL
Access Layer
On-Premise
WAF Tier
RD GW Tier
FW Tier INFRA Tier
Data Layer
RDC Tier
Data / Code Tier
FW Tier DB Tier
Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance
reasons.• Requires encrypted, accelerated and prioritized traffic from
on-prem to Cloud
Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance
reasons.• Requires encrypted, accelerated and prioritized traffic from
on-prem to Cloud
They deployed NGF in Azure
Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance
reasons.• Requires encrypted, accelerated and prioritized traffic from
on-prem to Cloud
They deployed NGF in Azure And On-Premise using TINA and ExpressRoute
Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance
reasons.• Requires encrypted, accelerated and prioritized traffic from
on-prem to Cloud
They deployed NGF in Azure And On-Premise using TINA and ExpressRoute
OPTIMIZE HYBRID CONNECTIVITY
ExpressRoute Architecture with F-Series
LAN / DC
Public Internet router
networkER local network
Transport networks (public / private) Azure VNet
MPLS Router
NGFon-prem
AzureGateway
Web Tier
App Tier
FW Tier DB Tier
Express Route
ExpressRoute Architecture with F-Series
LAN / DC
Public Internet router
networkER local network
Transport networks (public / private) Azure VNet
MPLS Router
NGFon-prem
Express Route
AzureGateway
Internet
Internet RouterWeb Tier
App Tier
FW Tier DB Tier
ExpressRoute Architecture with F-Series
LAN / DC
Public Internet router
networkER local network
Transport networks (public / private) Azure VNet
MPLS Router
NGFon-prem
AzureGateway
Internet RouterWeb Tier
App Tier
FW Tier DB Tier
Internet
Next Steps and Resources
1. Learn moreFor a rich library of resources, visit the Barracuda Azure website www.barracuda.com/azure
2. Contact [email protected]
3. Start a 30-day free trial4. Ask for a demo and proof-of-concept
AskTryContactLearn
Videos Technical Briefs
Deployment Architecture Diagrams
You define controls and security IN the Cloud
Your company
Wrap up
Azure takes care of the SecurityOF the Cloud
Azure Platform
Physical Infrastructure
Network Infrastructure
Virtualization Layer
Customer Applications & Content
Network Security
Identity & Access Control
Operating Systems / Platform
Data Encryption
Thank you
Other architectures
Automotive - France• Customer has already deployed an Azure Infrastructure using
multiple VNET’s• Current On-Premise firewall is not able to establish IPSec tunnels to
multiple VNET’s using IPSec IKEv2 and Route-Based VPN
Automotive - France
NGF installed in a Gateway VNET
• Customer has already deployed an Azure Infrastructure using multiple VNET’s
• Current On-Premise firewall is not able to establish IPSec tunnels to multiple VNET’s using IPSec IKEv2 and Route-Based VPN
Automotive - France
NGF installed in a Gateway VNET
ENABLE CONNECTIVITY TO ON-PREMISE
• Customer has already deployed an Azure Infrastructure using multiple VNET’s
• Current On-Premise firewall is not able to establish IPSec tunnels to multiple VNET’s using IPSec IKEv2 and Route-Based VPN
Gateway Tier
On-Premise
Gateway TierTINAIPSEC
Multi VNET with Azure GW IPSECWeb Tier
App Tier
DB Tier
Web Tier
App Tier
DB Tier
Web Tier
App Tier
DB Tier