Accelerating Your Journey to a Safe CloudBarracuda Security Solutions for Microsoft Azure

+

Today’s Discussion

It’s all about securing workloads in Microsoft Azure

• Moving applications to the cloud• Building out data center capacity• The logistics of remote connectivity of workloads in the cloud• How to ensure security across common scenarios

You define controls and security IN the Cloud

Your company

Customer’s Responsibility in a Shared Security Model

Azure takes care of the SecurityOF the Cloud

Azure Platform

Physical Infrastructure

Network Infrastructure

Virtualization Layer

Customer Applications & Content

Network Security

Identity & Access Control

Operating Systems / Platform

Data Encryption

Barracuda Web Application Firewall

Complete Application Protection

Outbound InspectionInbound Inspection

Comprehensive Application SecurityOWASP Top-10 AttacksApplication DDOS

Proactive DefenseGeo-IP ControlApplication Cloaking

Data Loss PreventionCredit Card Numbers

Social Security NumberCustom Patterns

Authentication & Access

Control

Logging &

Reporting

Azure AD IntegrationAzure Active Directory integration for identity

and access management for the cloud

Application SecurityProtecting custom apps from SQL injection, cross-site scripting, application distributed denial-of-service (DDoS)

Load BalancingLoad balancing with persistence for highly secure and scalable application infrastructure

Data Loss PreventionInspecting all inbound traffic for attacks and outbound traffic for sensitive data

ADFSMicrosoft Active Directory Federation Services (ADFS) can provide security as well as pre-authentication

Most Common Use Cases

Dynamic Scaling in AzureProtect Multiple Applications with Single Cluster of WAFs

Barracuda NextGen Firewall F

Multi-Tier ArchitectureBuild secure multi-tier architecture in Azure to keep a level of segregation between tiers

VPN TunnelsUnlimited site-to-site VPN tunnels with SD-WAN functionality to connect and optimize networks protected byF-Series Firewalls

Traffic ControlInbound/outbound traffic control while providing IPS/IDS functionality and control traffic based on application, URL, AV, user

Access to ResourcesAccess to resources in Azure (unlimited client-to-site VPN, SSL VPN)

ExpressRouteVisibility and control on all traffic coming across the ExpressRoute connection

Most Common Use Cases

Real Life Use Cases

Agriculture services - NL• Customer wants to deploy different services into Azure in

different zones with different levels of risk• Users come from outside and inside the corporate network• Need logging, visibility and centralized control

Agriculture services - NL

Deployed NGFW to secure communications from HQ

• Customer wants to deploy different services into Azure in different zones with different levels of risk

• Users come from outside and inside the corporate network• Need logging, visibility and centralized control

Agriculture services - NL

Deployed NGFW to secure communications from HQDeployed WAF in Azure to secure apps & NGFW to

separate zones

• Customer wants to deploy different services into Azure in different zones with different levels of risk

• Users come from outside and inside the corporate network• Need logging, visibility and centralized control

Agriculture services - NL

Deployed NGFW to secure communications from HQDeployed WAF in Azure to secure apps & NGFW to

separate zonesCREATE A DMZ IN AZURE

• Customer wants to deploy different services into Azure in different zones with different levels of risk

• Users come from outside and inside the corporate network• Need logging, visibility and centralized control

Agriculture services - NL

WAF Tier Red Tier Orange Tier

FW Tier

Green Tier

VNET

Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-

sign-on)• Concerned about security of AD credentials

Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-

sign-on)• Concerned about security of AD credentials

Secured ADFS in Azure with WAF

Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-

sign-on)• Concerned about security of AD credentials

Secured ADFS in Azure with WAFand connectivity with NextGen F-Series

Food ingredient manufacturer - BE• Migrating to Office 365• Want to use ADFS (Active Directory Federation Services single-

sign-on)• Concerned about security of AD credentials

ACCELERATE OFFICE 365 MIGRATION

Secured ADFS in Azure with WAF and connectivity with NextGen F-Series

Food ingredient manufacturer - BE

WAF Tier ADFS Tier

FW Tier

DC Tier

VNET

DC Tier

Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop

Services systems• Secure remote access to the Remote Desktop Services

Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop

Services systems• Secure remote access to the Remote Desktop Services

Outbound Filtering with NGFW

Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop

Services systems• Secure remote access to the Remote Desktop Services

Outbound Filtering with NGFWSecure publishing of RDS using WAF

Health Insurance - NL• Remote Desktop Services for external staff• Concerned about outbound traffic from the Remote Desktop

Services systems• Secure remote access to the Remote Desktop Services

Outbound Filtering with NGFWSecure publishing of RDS using WAF

Traffic inspection

Health Insurance - NL

Access Layer

On-Premise

WAF Tier

RD GW Tier

FW Tier INFRA Tier

Data Layer

RDC Tier

Data / Code Tier

FW Tier DB Tier

Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance

reasons.• Requires encrypted, accelerated and prioritized traffic from

on-prem to Cloud

Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance

reasons.• Requires encrypted, accelerated and prioritized traffic from

on-prem to Cloud

They deployed NGF in Azure

Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance

reasons.• Requires encrypted, accelerated and prioritized traffic from

on-prem to Cloud

They deployed NGF in Azure And On-Premise using TINA and ExpressRoute

Gaming - FR• Customer is deploying web services into Azure to scale. • Main databases services will remain in house for compliance

reasons.• Requires encrypted, accelerated and prioritized traffic from

on-prem to Cloud

They deployed NGF in Azure And On-Premise using TINA and ExpressRoute

OPTIMIZE HYBRID CONNECTIVITY

ExpressRoute Architecture with F-Series

LAN / DC

Public Internet router

networkER local network

Transport networks (public / private) Azure VNet

MPLS Router

NGFon-prem

AzureGateway

Web Tier

App Tier

FW Tier DB Tier

Express Route

ExpressRoute Architecture with F-Series

LAN / DC

Public Internet router

networkER local network

Transport networks (public / private) Azure VNet

MPLS Router

NGFon-prem

Express Route

AzureGateway

Internet

Internet RouterWeb Tier

App Tier

FW Tier DB Tier

ExpressRoute Architecture with F-Series

LAN / DC

Public Internet router

networkER local network

Transport networks (public / private) Azure VNet

MPLS Router

NGFon-prem

AzureGateway

Internet RouterWeb Tier

App Tier

FW Tier DB Tier

Internet

Next Steps and Resources

1. Learn moreFor a rich library of resources, visit the Barracuda Azure website www.barracuda.com/azure

2. Contact Barracudaazure_support@barracuda.com

3. Start a 30-day free trial4. Ask for a demo and proof-of-concept

AskTryContactLearn

Videos Technical Briefs

Deployment Architecture Diagrams

You define controls and security IN the Cloud

Your company

Wrap up

Azure takes care of the SecurityOF the Cloud

Azure Platform

Physical Infrastructure

Network Infrastructure

Virtualization Layer

Customer Applications & Content

Network Security

Identity & Access Control

Operating Systems / Platform

Data Encryption

Thank you

Other architectures

Automotive - France• Customer has already deployed an Azure Infrastructure using

multiple VNET’s• Current On-Premise firewall is not able to establish IPSec tunnels to

multiple VNET’s using IPSec IKEv2 and Route-Based VPN

Automotive - France

NGF installed in a Gateway VNET

• Customer has already deployed an Azure Infrastructure using multiple VNET’s

• Current On-Premise firewall is not able to establish IPSec tunnels to multiple VNET’s using IPSec IKEv2 and Route-Based VPN

Automotive - France

NGF installed in a Gateway VNET

ENABLE CONNECTIVITY TO ON-PREMISE

• Customer has already deployed an Azure Infrastructure using multiple VNET’s

• Current On-Premise firewall is not able to establish IPSec tunnels to multiple VNET’s using IPSec IKEv2 and Route-Based VPN

Gateway Tier

On-Premise

Gateway TierTINAIPSEC

Multi VNET with Azure GW IPSECWeb Tier

App Tier

DB Tier

Web Tier

App Tier

DB Tier

Web Tier

App Tier

DB Tier