HAProxy Fusion Control Plane gives you power to simplify, scale, and secure your HAProxy Enterprise infrastructure using a centralized orchestration solution, making it easier to extend HAProxy Enterprise’s security and performance across on-premises and cloud-hosted applications. With the release of version 1.1, HAProxy Fusion is more secure, more flexible, and even easier to use.
What’s New in HAProxy Fusion 1.1?
Improved security with mTLS between HAProxy Fusion and load balancer nodes
With the server and load balancer nodes verifying each other, we further protect against unauthorized nodes joining the cluster.
New dark mode theme
The new theme decreases screen brightness for more comfortable viewing at night or in dark rooms.
Filtering options when selecting snapshots
Snapshots let you revert your configuration to an earlier point in time. The new filtering options help you find the snapshot you need.
The ability to install on a single server
For smaller footprint deployments, where simplicity and low resource use are more important than resilience, you can install a single node of HAProxy Fusion. This has all the same capabilities as a multi-node cluster of HAProxy Fusion, lacking only the high availability of the cluster.
Improvements to the interface for a better user experience
With feedback from customers in hand, we've found ways to make the user experience better, including the ability to test RBAC permissions with a built-in checker.
Improved stability and refinement of the codebase
We've strengthened our codebase and eliminated bugs.
What is HAProxy Fusion?
HAProxy Fusion provides a modern, centralized load balancing and security infrastructure that works for your whole organization. The UI makes HAProxy Enterprise more accessible, while the API enables advanced workflows and rapid integration with automation pipelines and customized applications. Role-based access helps Ops, AppDev, and Security teams get the control and visibility they need while maintaining guardrails and reducing human error.
What does this mean for application delivery in your organization? HAProxy Fusion makes load balancing, traffic routing, and security policies easier to manage at scale. Centralized control across distributed environments helps smooth digital transformation, promotes resilience, and improves observability. As a self-hosted Load Balancing as a Service (LBaaS) solution, HAProxy Fusion promotes DevOps, fostering collaboration between traditional Ops teams and developers to deliver faster, while sidestepping the problems that can occur when developer and operations teams don't work together, such as shadow IT.
To learn more about our vision for HAProxy Fusion and the emergence of a unified enterprise application delivery platform, read our blog post “HAProxy Fusion Has Landed”.
What Can You Do With HAProxy Fusion?
HAProxy Fusion contains many features that we’re excited to showcase, especially its ability to roll out changes across a cluster of load balancers in a way that’s superior to third-party configuration management tools. I’ll highlight this and other aspects that will be most useful to our customers.
Configuration management
Perhaps you already use a configuration management tool such as Ansible or Puppet to deploy your HAProxy Enterprise instances. Configuration management tools work well for automating server changes, preventing configuration drift, and ensuring that services stay running, but they come with a steep learning curve and the responsibility for operating them typically falls to the Operations team alone.
HAProxy Fusion, on the other hand, is focused on managing your HAProxy Enterprise load balancers. By specializing in this way, we have optimized it for the workflows that are most important to HAProxy users – including experts and novices. Unlike a generalized config management tool, users can learn to use HAProxy Fusion to manage their HAProxy Enterprise load balancers quickly.
HAProxy Fusion also has features that aim to make routine configuration changes safe. Instant config validation limits the risk of human error. Snapshots keep a history of changes you've made and let you revert to an earlier point in time to restore a past configuration. Snapshots store not only the HAProxy Enterprise configuration, but also WAF rules, active-standby cluster settings, and changes to TLS certificates and other files. There's also a diff viewer for checking the differences between snapshot versions. Furthermore, as a change propagates across the load balancing cluster, HAProxy Fusion monitors it for failures and rolls back changes automatically if it detects a widespread problem.
Role-based access control (RBAC)
Ops teams can delegate load balancing tasks to other teams because HAProxy Fusion Control Plane provides, essentially, self-hosted LBaaS. With LBaaS, Ops teams can provision the load balancer infrastructure, while application development teams focus on setting load balancing and security rules appropriate for their applications.
Here the principle of least privilege thrives because Fusion administrators can create users and assign permissions that allow fine-grained access within the system. Policies are categorized into roles that you can then apply to one or more users, and this extends to using the API as well. Audit logs capture all the important details about the changes, and you can forward these logs to platforms such as Splunk and Elastic Stack for querying and reporting.
Also, HAProxy Fusion integrates with identity providers like Azure Active Directory, allowing you to manage who can access HAProxy Fusion with third-party services. Users are created dynamically in the Fusion system with read-only privileges, after which you can modify their permissions depending on their team or job.
Built-in monitoring dashboards
HAProxy Enterprise provides a broad set of metrics about the traffic flowing through to your applications. By connecting HAProxy Enterprise servers to HAProxy Fusion’s dashboards, visualizing this information in the aggregate becomes possible. Requests-per-second, server response time, number of active connections, and the rate of new SSL sessions all give you insight into the health of your application delivery infrastructure.
Beyond monitoring, you can also make instant changes to your load balancers. For example, pause the flow of traffic to any server. HAProxy Fusion integrates with the HAProxy Enterprise Data Plane API on each node, so changes are executed quickly, helping you implement scheduled server maintenance or remove misbehaving servers from the load balancer at a moment's notice.
In addition, HAProxy Fusion's Request Explorer improves how you work with traffic access logs. Providing details such as the page requested, the client's user-agent, and whether the request got a response successfully, the Request Explorer can shrink the time it takes to resolve issues. You can also discover which server handled a client's request and, by viewing the waterfall analysis, break down how long each task took.
Secure applications
Security professionals get a hub for managing features such as the web application firewall. The firewall protects against common Layer 7 threats, such as SQL injection and cross-site scripting attacks, with the ability to customize rules.
API-first model
Every feature available in the user interface is also available in the RESTful Fusion API. This enables you to integrate load balancing tasks with custom application code, continuous delivery automation, modules for configuration management tools, and other solutions. HAProxy Fusion's API is built using OpenAPI, which lends itself to straightforward generation of client libraries in a variety of programming languages including Go, Java, Python, and PHP. Or if you prefer the ease of using cURL, that's available too, since the API is RESTful.
Use the API to deploy nodes, add routes, and retrieve metrics programmatically. By staying true to an API-first approach, HAProxy Fusion gives equal power to those users who prefer integration and automation and those who prefer the ease of a graphical user interface.
Conclusion
HAProxy Fusion is a critical component in our vision for unifying HAProxy’s enterprise application delivery platform for next-level scale and innovation. The release of version 1.1 brings improved security with mTLS, a new dark mode theme, filtering of snapshots, support for single server installations, and enhanced usability and stability.
As we continue to develop HAProxy Fusion, we will give our users even more power and make HAProxy Enterprise more accessible to new users. We’ll be relying on customer feedback to help prioritize the evolution of HAProxy Fusion. If you want to learn more about taking control of your fleet of HAProxy Enterprise load balancers, go to the HAProxy Fusion Control Plane product page and request a demo to see it in action.
Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.
