Today, we announce the release of HAProxy Fusion 2.0. This release marks a generational leap for the authoritative control plane that orchestrates HAProxy Enterprise’s high-performance application delivery and security. With a combination of new headliner features, structural changes, and improvements to the performance of the underlying API, HAProxy Fusion has jumped from version 1.3 to version 2.0.
HAProxy Fusion 2.0 enables modern security management, cloud-native deployment and service discovery, and numerous enhancements to automation, access management, and scalability that will propel HAProxy One — and the innovative applications that depend on it — into a new era.
Experience the new features firsthand by joining our webinar, Centralized Security and Management at Scale: Introducing HAProxy Fusion 2.0.
New to HAProxy Fusion?
HAProxy Fusion provides full-lifecycle management, monitoring, and automation of multi-cluster, multi-cloud, and multi-team HAProxy Enterprise deployments. HAProxy Fusion combines a high-performance control plane with a modern GUI and API, enterprise administration, a comprehensive observability suite, and infrastructure integrations including AWS, Kubernetes, Consul, and Prometheus.
Together, this flexible data plane, scalable control plane, and secure edge network form HAProxy One: the world’s fastest application delivery and security platform that is the G2 category leader in load balancing, API management, container networking, DDoS protection, and web application firewall (WAF).
To learn more, contact our team for a demonstration.
What’s new in HAProxy Fusion 2.0
This release introduces significant enhancements to security, automation, and scale, and support for HAProxy Enterprise load balancer versions 3.1 and 3.2.
|
Feature |
Benefit |
Impact |
|
|
Security management |
Global security policy, Security Profiles, and the innovative Threat-Response Matrix |
Unified, visual orchestration of multi-layered security |
Simplified and intuitive policy enforcement and reduced configuration risk |
|
Service discovery |
New Consul Enterprise integration, enhanced Kubernetes integration |
Use Consul Enterprise partitions, namespaces, and key-value stores; use variable and map transformers to extract Consul and Kubernetes metadata and apply it to configuration directives |
Scalable multi-tenancy, reduced management overhead |
|
Native Kubernetes deployment |
New HAProxy Fusion Operator |
Fully provisions the control plane and databases in under five minutes |
Accelerated deployment and operational consistency |
|
Automation and infrastructure as code |
Official Terraform Provider and enhanced Ansible modules |
Granular, declarative management of clusters and individual configuration objects |
Consistency, reproducibility, and operational efficiency |
|
Identity and access management |
Automatic OpenID Connect (OIDC) role mapping |
Dynamic translation of Identity Provider groups to internal RBAC roles |
Automated zero-touch onboarding and robust security |
|
Performance and scalability |
HAProxy Fusion API v2 and intuitive user interface improvements |
Handles hyperscale bursts and streamlines complex configuration workflows |
Superior operational performance at massive scale |
Upgrade to HAProxy Fusion 2.0
When you're ready to start the upgrade process, please carefully read our HAProxy Fusion upgrade documentation (customer login required).
Modern security management
HAProxy Fusion 2.0 introduces a unified “security control plane” to orchestrate the multi-layered security capabilities in HAProxy Enterprise. This architecture combines the next-gen performance of HAProxy Enterprise’s security layers — powered by threat intelligence enhanced by machine learning — with a next-gen security UX.
This powerful combination makes it simple to implement common security patterns (such as Web App and API Protection), or add edge security to complex traffic management solutions (such as Universal Mesh and Load Balancing as a Service (LBaaS), while providing easy access to flexible building blocks and deep customization for those who need it.
Centralized security policy
HAProxy Fusion includes centralized security policy to orchestrate the multi-layered security capabilities of HAProxy Enterprise, in any environment or form factor, including:
HAProxy Enterprise Bot Management Module, powered by the new Threat Detection Engine, which uses reputational and behavioral signals to accurately identify humans, verified bots (such as search engine and AI crawlers), and malicious bots; and detect and label complex and high-impact threats, including application layer DDoS attacks, brute force attacks, web scrapers, and vulnerability scanners.
HAProxy Enterprise WAF, powered by the Intelligent WAF Engine, which detects and mitigates application attacks, such as SQL injection, XSS, CSRF, and more.
HAProxy Enterprise’s security building blocks, such as the Global Profiling Engine (GPE), ACLs, CAPTCHA Module, allow-lists and deny-lists, and more.
Security Profiles
HAProxy Fusion makes centralized security policy fast and easy to deploy with “Security Profiles”. Security Profiles provide preset security policies that administrators can apply in just a few clicks to simplify configuration and secure traffic into new applications.
HAProxy Fusion provides a default Security Profile to help administrators to get started quickly. The default Security Profile includes intelligent presets suitable for common application types. Administrators can easily create customized Security Profiles, tailored to particular use cases, that can be reused or further customized as new use cases emerge.
Security Profiles in HAProxy Fusion 2.0
Threat-Response Matrix
HAProxy Fusion’s Security Profiles make it simple to create and customize full-spectrum security policies with an intuitive visual policy builder called the “Threat-Response Matrix”. Part of HAProxy Fusion’s modern web GUI, the Threat-Response Matrix enables administrators to orchestrate the multi-layered security capabilities in HAProxy Enterprise without requiring detailed knowledge of HAProxy’s configuration language or the underlying modules.
Using the Threat-Response Matrix, administrators can:
combine Monitored Signals and Decisions, using a response framework based on simple thresholds and standard logical operators;
view and apply a recommended Decision for each Monitored Signal (recommendations provided by HAProxy Fusion);
see a clear visual representation of how the Monitored Signals and Decisions are connected;
see how a new Security Profile will affect real-time traffic in Learning Mode;
seamlessly toggle between Learning Mode and Enforcement Mode when a Security Profile is ready for production traffic.
Threat-Response Matrix in HAProxy Fusion 2.0
Enhanced service discovery
HAProxy Fusion 2.0 introduces deep support for Consul Enterprise, including partitions, namespaces, and the key-value store. Consul support now also includes the key-value store. This enhanced service discovery natively understands complex Consul and Consul Enterprise architectures.
This release adds variable and map transformers, allowing users to extract specific Consul and Kubernetes metadata and map them directly to HAProxy configuration directives. This includes Consul tags and meta key-value pairs, and Kubernetes annotations, version tags, and canary labels.
Conditional automation also allows for logic-based configuration generation. These enhancements enable true multi-tenancy, allowing HAProxy Enterprise deployments to securely manage traffic for disparate teams across complex architectures.
Kubernetes and Consul service discovery in HAProxy Fusion 2.0
Native Kubernetes deployment
HAProxy Fusion 2.0 introduces the HAProxy Fusion Operator, which allows the control plane to be deployed natively inside Kubernetes clusters, as part of our broader Kubernetes solution. The HAProxy Fusion Operator deploys directly into your cluster via a manifest applied using kubectl.
The operator automates image configuration and orchestrates essential services. This fully provisions the control plane and its databases in under five minutes.
Full-lifecycle automation
HAProxy Fusion 2.0 introduces an official Terraform Provider and enhanced Ansible Playbook support specifically for managing HAProxy Fusion resources.
Administrators can now declare the desired state of their HAProxy Enterprise clusters, groups, and configurations. This enables granular configuration as code, effectively managing individual configuration objects like frontends and backends.
Zero-touch user provisioning
HAProxy Fusion 2.0 enables automatic role mapping. Administrators can configure HAProxy Fusion to read group claims from the OpenID Connect (OIDC) token and automatically assign the corresponding internal RBAC role.
This dynamically translates Identity Provider groups to HAProxy Fusion roles, automating onboarding and offboarding. This integration ensures users immediately have the correct permissions upon login.
Mapping HAProxy Fusion roles to OIDC roles in HAProxy Fusion 2.0
High-performance API and enhanced GUI
The new HAProxy Fusion API v2 is re-engineered for higher performance at scale. It is designed to handle hyperscale bursts without increasing latency. The API supports order-of-magnitude larger configurations and a significantly higher number of frontends and backends.
Additionally, the user interface has been reorganized to create a more intuitive workflow. Configuration fields are now logically grouped by section into tabs. Frontend and backend templates include tabs for general properties, performance and stability, traffic management, and security and advanced settings.
Extended product lifecycle
Starting with HAProxy Fusion 2.0, every release is now a Long-Term Support (LTS) version. This provides a standardized lifecycle of two years of active support followed by six months of migration support, during which customers will be guided by our support team to upgrade their infrastructure to the latest version before the end of the support period.
This extended commitment offers the stability and predictability enterprise teams need to plan infrastructure updates on their own terms and maximize the return on investment for each deployment.
Try HAProxy Fusion 2.0
If you haven’t tried the power of HAProxy Fusion, this is the perfect time to schedule a demo with our team. We’ll talk you through the basics of how to manage, observe, and automate your HAProxy Enterprise deployment, and show you how HAProxy Fusion 2.0 takes things to the next level, with modern security management, cloud-native deployment and service discovery, full-lifecycle automation, and zero-touch user provisioning. SecOps and DevOps teams — this one’s for you!
There has never been a better time to start using HAProxy Fusion. Request a demo or visit our documentation to begin your upgrade.
Subscribe to our blog. Get the latest release updates, tutorials, and deep-dives from HAProxy experts.
