X

Move your VMware and KVM applications to the cloud without making any changes

  • April 22, 2015

Running Barracuda Firewalls in AWS or Google for Testing, Training, and POCs

Training. POCs. Testing. These are use cases where the ability to create multiple copies of the same environment quickly is key to success. Barracuda has recently announced their plans to expand the partner channel, and has historically provided virtual appliances which can be run in AWS or Google Cloud. However, these providers don’t support IPv6 or Layer 2 networking functionality such as multicast, VMACs, Gratuitous ARP or VLAN tagging. Ravello’s nested virtualization technology solves these problems by offering a fast way to replicate environments while maintaining full Layer 2 networking in AWS/Google.

Running Barracuda Firewalls in Ravello vs. Data Center vs. AWS/Google

  Ravello on top of AWS/Google Data center AWS/Google
Layer 2 networking support
SMTP port 25 enabled Manual Process
IPv6 Support
High fidelity environment copies
Usage based pricing
No migration required
1-click environment replication
Share blueprints/snapshots
Worldwide deployment

 

The purpose of this article is to showcase how to take an existing environment running in VMware ESXi™ and run it in Ravello.

Sample Deployment

The deployment we used for this example is a typical environment consisting of the NG Firewall, the Spam Firewall, and an Exchange environment.

Deployment characteristics

  • VMware ESXi 5.5.0
  • Barracuda Spam Firewall Virtual Appliance
  • Barracuda NG Firewall Virtual Appliance
  • Microsoft Exchange Server 2013 environment
  • Windows Server 2012 Domain Controller
  • Windows Server 2012 Client Access Server
  • Windows Server 2012 Database
  • Windows 7 client

 
Network setup
The network configuration is comprised of two components:

  • Internal network → 192.168.68.0
    This includes the Barracuda Spam Firewall, as well as the Microsoft Exchange environment.
  • External network → 192.168.168.0
    This includes the Barracuda NG Firewall, and the Windows 7 VM. All internet traffic will pass through this firewall, while the Windows 7 VM is used to connect to the NG Firewall dashboard, and test the connectivity.

 
Setup steps
1. Import your VMs into Ravello
2. Create your Ravello application using the imported VMs
3. Set up networking in Ravello to match your existing environment
4. Test your setup
5. (Optional): Create a blueprint to easily replicate the environment as many times needed.
 

Step 1: Import your VMs into Ravello

At this step, you can either import your VMs directly from VMware vSphere™, or get the fresh virtual appliances from the Barracuda website, which you can also import into Ravello. For this example, we created an environment in VMware, which we used to then import into Ravello.

In order to import the VMs from vSphere, simply log into the Ravello product, navigate to Library > VMs, and then click on Import VM. This will open the Import Tool.

Once the Import Tool loads in your web browser, choose the option “Extract and upload directly from VMware vCenter™ or vSphere”. This will prompt you to connect to your vSphere environment, where you can select the VMs to be imported.

Step 2: Create your Ravello application using the imported VMs

Once you log into Ravello, click on “Applications” and then select “Create Application”
Import your VMs by clicking on the “+” sign, after which you can filter the list by VM name. Simply drag and drop the VMs onto the canvas to add them to your application.

There should be 6 VMs: Barracuda NG Firewall, Barracuda Spam Firewall, Windows 7, and 3 Windows Server 2012 for the Exchange environment.

Step 3: Set up networking in Ravello to match your existing environment

For each of the VMs, you’ll need to match the network configuration in Ravello to be the one you had in your data center. To do so, simply click on each of the VMs, then navigate to the Network tab.

The IP addresses configuration & services are as follows:

Barracuda NG Firewall

  • Elastic IP used to connect to the Internet: 85.190.178.53
  • External IP used by the Win 7 VM to connect to the firewall: 192.168.168.50
  • Internal IP used by the Spam Firewall & Exchange environment: 192.168.68.1. The Barracuda NG Firewall will be the gateway for the Spam Firewall.
  • The NG Firewall services will also need to be updated in order to allow for inbound email traffic, and access to Exchange OWA from the Internet. To do so, click on the Services tab, and then add Supplied Services for 192.168.168.50: one for TCP port 25, and one for HTTPS port 443.

Windows 7
IP: 192.168.168.70. Gateway: 192.168.168.1

Barracuda Spam Firewall
IP: 192.168.68.55. Gateway: 192.168.68.1

Windows Server 2012 - Domain Controller
IP: 192.168.68.52. Gateway: 192.168.68.1

Windows Server 2012 - Client Access Server
IP: 192.168.68.53. Gateway: 192.168.68.1

Windows Server 2012 - Mail Database
IP: 192.168.68.54. Gateway: 192.168.68.1

Step 4: Test your setup

In order to test the setup, log into Exchange OWA for one of the users, and try sending an outbound email. After receiving the email, try replying back to it, in order to test the inbound traffic.

Testing outbound email traffic

 

Testing inbound email traffic - reply to the email and verify that you received it in the Ravello Exchange environment

Step 5 (Optional): Create a blueprint to easily duplicate the environment as many times needed.

The purpose of this step is to highlight how easy it is to replicate the environment in Ravello once it has been created. This process makes it incredibly easy to create environments needed for training, POCs, and upgrade testing. The flow below describes how to do this in the Ravello UI, but the same functionality is also available through APIs, in order to do this programmatically, for hundreds and even thousands of environments.

In your Ravello application, click on “Save as Blueprint”. This will create a snapshot/copy of the environment, which can then be used to create other identical environments.

Now, create another application based on the blueprint. Navigate to Library > Blueprints. Select the blueprint, and then click on Actions > Create Application

At this point, you can cloned the existing Ravello capsule/application. This can be done repeatedly through the UI, or programmatically through the APIs. More information on the APIs functionality can be found here.

Conclusion

The goal of this tutorial was to exhibit how simple it is to replicate environments in Ravello for training, POCs and testing. What used to take weeks, even months, can now be done within minutes using Ravello’s first-in-kind nested virtualization technology. Simply run your entire environment in a Ravello capsules, without having to worry about provisioning, complex network configuration setup, or expensive licenses.

For more information, we've put together a presentation highlighting the main use cases and benefits of using Ravello with Barracuda appliances here.
Or if you'd prefer something more engaging, here you can find a recording of our webinar on how to use Barracuda with Ravello.

You can learn more about Ravello's overlay network capabilities and set up your free trial to create your own Barracuda environment in the cloud.

Be the first to comment

Comments ( 0 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.Captcha