Deploying and Provisioning the Barracuda Application Security Control Center in the New Microsoft Azure Deploying and Provisioning the Using the Azure Resource Manager Model Microsoft Azure opens TCP/22 port by default in Inbound security rules under Network security group when the is deployed. For security reasons, ensure it is deleted from the security group after the instance is deployed. Perform the following steps to deploy and provision the using Resource Manager in the new Microsoft Azure portal: 1. 2. 3. 4. Log into the Microsoft Azure. Click Marketplace at the bottom of the screen. In the Everything page, enter in the text field. In the search results, select (BYOL or Hourly as per your requirement). 5. In the Bring Your Own License enabled/free Trial enabled page: 1. Read the product overview. 2. Select Resource Manager as a deployment model from the Select a deployment model dropdown list. 3. Click Create. 6. In the Create virtual machine > 1 Basics page: 1. Name: Enter a name for the virtual machine. 2. User name: Enter a username. Note: This entry is not used by the Barracuda Application Security Control Center. 3. Authentication Type: Choose Password and enter a password for the authentication. Note that this will be your password to access the web interface. 4. Resource Group: Create a new resource group or select a resource group from the existing Resource group list. 5. Location: Select a location for the resource group. 6. Click OK. Deploying and Provisioning the in the New Microsoft Azure 1/9
7. In the Create virtual machine > 2 Size page: 1. Select a size for the instance and click Select. It is recommended to use 4 cores as the instance size for the Barracuda Application Security Control Center. Deploying and Provisioning the in the New Microsoft Azure 2/9
8. In the Create virtual machine > 3 Settings page: 1. Storage 1. Data type: Select Standard/Premium (SSD) as per your requirement. 2. Storage account: Create a new storage account or select a storage account from the existing Storage account list. 2. Network 1. Virtual network: Configure or select the network in which you want to deploy the. 2. Subnet: Configure or select the subnet in which you want to deploy the Barracuda Application Security Control Center. 3. Public IP address: Configure or select the public IP address to the Barracuda Application Security Control Center. 4. Network security group: By default, port 22 (SSH) will be opened in your Security Group to access the web interface of the. Configure additional rules which you want to use for creating services on the Barracuda Application Security Control Center using the steps: 1. Click the +Add an inbound rule in the Create network security group page. Create network security group page opens. Deploying and Provisioning the in the New Microsoft Azure 3/9
2. Enter a name for the inbound security rule in the Name text field. Example: HTTPPort80_access 3. Set the priority for the inbound security rule in the Priority text field. Ex: 100, 101, 102 ( enter any of these values). 4. Select the Any, CIDR Block or Tag option in the Source field, as per your requirement. The Source field specifies the incoming traffic from a specific IP address range that will be allowed or denied by this rule. 5. Select the type of Service of the inbound security rule from the Service dropdown. The service specifies the destination protocol and port range for this rule. You can choose a predefined service, like RDP or SSH, or provide a custom port range. 6. Enter the port range for the inbound security rule in the Port range text field. You can provide a single port, such as 80, or a port range, such as 1024-65535. This specifies on which ports the incoming traffic will be allowed or denied by this rule. Provide an asterisk to allow traffic from clients connecting on any port. Port 22 (SSH) is the default port. Following are the ports with the TCP and UDP Protocols that have to be opened for the : Port 25 - TCP Protocol Port 53 - TCP Protocol Port 80 - TCP Protocol Port 8000 - TCP Protocol Port 123 - UDP Protocol Port 443 - TCP Protocol Port 48320 - TCP Protocol Deploying and Provisioning the in the New Microsoft Azure 4/9
Port 48321 - TCP Protocol Port 2200 - TCP Protocol 7. The Allow option is selected under Action by default. This signifies whether the traffic should be allowed to pass through the new inbound rules that are added or if they should be denied. 8. After all fields are entered, if you want to add more inbound rules, repeat the steps from a. to g and then move to step i. 9. Click the OK button. 10. After adding all the necessary inbound rules, the Create network security group page is as shown: 9. Follow the steps listed to complete setting up the virtual machine: Deploying and Provisioning the in the New Microsoft Azure 5/9
1. Extensions: Do not add any extension, as the does not support extensions. 2. Availability 1. Availability set: Set the availability set to None from the existing Availability set list. 3. In the 4 Summary page, review the configuration settings and click OK. Deploying and Provisioning the in the New Microsoft Azure 6/9
After clicking the OK button, Microsoft Azure begins provisioning the Barracuda Application Security Control Center. You can check the status of the provisioned from the Microsoft Azure Portal. Allow a few minutes before taking any further actions in the Portal. During this time, the Microsoft Azure Linux Agent and image boots up. Also, make sure you do not restart the while it is provisioning. Monitoring is not supported by the Barracuda virtual machines/instances. Enabling Monitoring Diagnostics can cause the deployment to fail or timeout. It is recommended to contact Barracuda Networks Technical Support before enabling Monitoring Diagnostics. Deploying and Provisioning the in the New Microsoft Azure 7/9
Deploying and Provisioning the in the New Microsoft Azure 8/9
Figures Deploying and Provisioning the in the New Microsoft Azure 9/9