Unlocking the power of Barracuda WAF-as-a-Container

Get seamless web application protection with flexible, cloud-hosted deployment

Takeaways

• Barracuda WAF-as-a-Container offers seamless web application protection with flexible, cloud-hosted deployment options.
• Users benefit from a hybrid model combining centralized, SaaS-based management with the flexibility of containerized security engines.
• The solution delivers comprehensive security for web apps, APIs and microservices, including protection against OWASP Top 10 threats and advanced DDoS attacks.
• Organizations can deploy close to their applications in any environment — on premises, cloud, or hybrid — while meeting strict data residency and compliance needs.
• Centralized updates, analytics and policy management ensure consistent and high-performance protection across all environments.

Barracuda Web Application Firewall users already know how easy it can be to protect web apps and APIs against all manner of application-based threats, including the OWASP Top 10, volumetric and application-based DDoS attacks, the most sophisticated new malicious bots, and more, all while ensuring optimal app delivery and performance.

However, many of you may not be aware that the cloud-hosted Barracuda WAF-as-a-Service can be deployed as a container that protects and isolates your applications, data and microservices.

Benefits of containerized WAF

Barracuda WAF-as-a-Container uses a hybrid model that gives you the best of both worlds. A centrally managed, cloud-hosted control plane ensures continuous updates, built-in analytics, policy centralization and high availability — without the overhead of maintaining your own WAF management infrastructure. Security policies, threat intelligence and configuration changes are managed centrally and propagated seamlessly to all deployed Security Engine instances, ensuring consistent protection across environments.

The containerized Security Engine, meanwhile, gives you unparalleled flexibility in where you can deploy it and what you can protect. It provides comprehensive security — including monitoring of east-west traffic among your containers and microservices — without connecting your apps, traffic or data to any cloud or SaaS service.

Barracuda WAF-as-a-Container is a deployment option that’s available to anyone with an active WAF-as-a-Service subscription.

Who needs it

No matter what your app infrastructure, you can deploy the traffic-inspecting reverse proxy component close to your applications, whether on premises, in your own cloud environment or in a hybrid setup. Meanwhile you still gain all the benefits of centralized SaaS-based management.

This flexibility is especially valuable for:

• Enterprises with strict data residency or compliance requirements, where outbound traffic to a cloud-hosted Security Engine is not permitted
• Organizations with existing private infrastructure investments, who prefer to keep traffic processing within their network perimeter
• Customers deploying at the edge or in multi-cloud environments, who want localized enforcement while maintaining centralized policy control
• Latency-sensitive applications, where local inspection is preferred to reduce round-trip time to a cloud-based WAF
• Managing traffic spikes and minimizing costs by controlling your own on-demand WAF auto-scaling in real time

By running the Security Engine within your own environment, you maintain control over traffic flow and deployment location — while still leveraging the ease, automation and visibility of a centrally managed SaaS control plane.

Setting up your containerized WAF

For complete information about creating and deploying your containerized version of the WAF-as-a-Service Security Engine, visit this section of Barracuda Campus documentation.

If you have Barracuda WAF-as-a-Service, the basic steps of setting up a containerized Security Engine are straightforward. The first thing you’ll have to do is request access, which includes signing a mutual NDA with Barracuda to protect any data or information that either of us may expose to the other during implementation.

Within the WAF-as-a-Service portal, here are the steps you’ll need to take to create your own container and then configure Barracuda WAF-as-a-Service to protect your web applications within that container.

1. Create your own container key — Create a secure container key to use with the deployment of a container.
2. Create a new container — This container can be hosted in your infrastructure.
3. Create a container deployment file — The file serves as a configuration blueprint during deployment.
4. Deploying your own container — Build out the container in your infrastructure.
5. Assign an application to your container — One or more applications can run in your container.
6. Mapping custom container ports — Set the port mapping for your container.
7. Configure applications for your container
8. Routing traffic through your container

Note: Changing or deleting a container key will stop HTTPS traffic — update your apps if you do this.

Container environment variables

When deploying your WAF container, you’ll need to provide certain environment variables. Some are required for the container to run, while others are optional for customization.

Note: Always keep your private key secure — it’s never stored by Barracuda and is required for deployment.

Get all the details

Make sure you’re getting the full value of your app security investment. Find out exactly how to use WAF-as-a-Container to take full, private control of security policies, keep sensitive data and traffic entirely within your environment, boost performance, secure air-gapped environments, and more.

If you’re not using Barracuda WAF-as-a-Service yet, here’s how to request a free trial.