Upload
calvin-rogers
View
236
Download
1
Embed Size (px)
Citation preview
Copyright © 2015 Juniper Networks, Inc. 1
High End SRX SeriesSecuring the Data Center
Copyright © 2015 Juniper Networks, Inc. 2
Cybercrime on the Rise… Business Profits and Productivity in Peril
Results in:
• Increased costs
• Lost revenue
• Reputation damage
• Performance degradation
• Heavy fines
• Career limiting
60%Of initial compromises took 1 minute or less time – there is a security incident every 7 minutes
43%Of companies experienced a data breach in the past year – on average, now 6 successful data breaches occurring a day
$20mAverage cost due to data breach – these costs are increasing 10% a year
Source: Verizon 2015 Data Breach Investigations Report(worldwide findings)
Copyright © 2015 Juniper Networks, Inc. 3
Data Center Customer Challenges
Keeping up with unpredictable traffic volumes
Ensuring application availability and business continuity
Securing against cyber attacks
Copyright © 2015 Juniper Networks, Inc. 4
Solving the ProblemTailored Security for Critical Assets in the Data Center
Get maximum PERFORMANCE & easily SCALE to adapt to the future
Stop all types of attacks with BEST-IN-CLASS SECURITY
Ensure your network is always AVAILABLE with easy, secure ACCESS to optimize productivity
Copyright © 2015 Juniper Networks, Inc. 5
CARRIER-GRADE AVAILABILITY
SRX Series Services Gateways for the High EndTailored Security for Critical Assets
BEST-IN-CLASS SECURITY
MAXIMUM PERFORMANCE AND SCALE
Copyright © 2015 Juniper Networks, Inc. 6
100G
Up to 2Tbps IMIX throughput and 100 million concurrent sessions scaling
Common Junos Operating System
Unprecedented ScaleIntegrated Routing, Switching and Security
1G
10G
SRX3400
SRX100SRX210
SRX220SRX240
SRX650
SRX110
SRX550
SRX1400
vSRX (Virtual SRX)
Branch
1T
2T
SRX Series Services GatewaysC
ap
acity
Edge Data Center Data Center Core
SRX3600
SRX5600
SRX5800
SRX5400
SRX300 SRX320SRX340
SRX345
SRX550-M
SRX1500vSRX 2.0
(Virtual SRX)
Copyright © 2015 Juniper Networks, Inc. 7
BEST-IN-CLASS SECURITY
• Enables complete application visibility and control
• Strong, dynamic content security: leveraging intelligence from best-of-breed partners
• Integrates security for physical and virtual data centers
• Open, threat intelligence platform
Copyright © 2015 Juniper Networks, Inc. 8
MAXIMUM PERFORMANCE AND SCALE
• Delivers high-performance, massive session volumes and flexible, large-scale connectivity
• Add security services without service interruptions for business continuity
• Enables “pay as you grow” approach
Copyright © 2015 Juniper Networks, Inc. 9
CARRIER-GRADE AVAILABILITY
• Delivers uptime continuity with in-service hardware and software upgrades
• Enables high availability with redundant components and links
• Built on a carrier-class hardware foundation
• Industry leading six-nines reliability
Copyright © 2015 Juniper Networks, Inc. 10
High End SRX Value
• Carrier grade NGFW• Open Threat
Intelligence platform
• Integrated in network
• Up to 240G per slot• Up to 2TBPS FW
Throughput• Express Path
Software
• Control/Data Plane separation
• Stateful HA• In-service SW/HW
upgrades• Six 9’s reliability
• Low upgrade cost • Operational
Simplicity – No change to security configuration
• Automation
Operational Efficiency
High Resiliency
Best in Class
SecurityHigh
Performance
Copyright © 2015 Juniper Networks, Inc. 11
Advanced Security Solutions
Copyright © 2015 Juniper Networks, Inc. 12
SRX Series Differentiators
HIGH PERFORMANCE and SCALE with
maximum throughput,
session scale, ISSU, and ISHU
OPEN THREAT INTELLIGENCE leveraging threat
feeds from multiple sources
to deliver automated
enforcement
SECURE AND RESILIENT
under attack with separate control and data planes
and multiple processing cores
INTEGRATION of physical and virtual solutions
(vSRX) to deliver visibility, security, and compliance
APPLICATION AWARENESS
with AppSecure and IPS to stop
application borne security threats
and manage application usage
Copyright © 2015 Juniper Networks, Inc. 13
SRX Series: Breadth and Depth of Defense
Enhanced Web Filtering
Stops viruses, file-based trojans or spread of spyware, adware, keyloggers
SSL Proxy
IPS
Firewall, VPN, NAT, UserID tied to FW policiesAllows UserID to apply to all L7 Security
Internal Threats
External ThreatsINTERNET
IDP detects/stops Worms, Trojans, exploits, shellcode, Scans
AppSecure
Core Security with User Role FW
Application level visibility and classificationApplication security policies tied to user roles
Inspect Encrypted Traffic
Antivirus
Block access to unapproved sitesReal time threat score for each URL
Copyright © 2015 Juniper Networks, Inc. 14
APPSECURE:Next Generation Firewall Overview
• Intelligent software services delivers smarter NGFW policies on SRX gateways
• Integrates application traffic control, with user control, and threat remediation
• Provides network visibility with correlated application and threat event tracking
• Application Identification 2.0• 3000+ applications• Detects evasive, P2P, nested apps• Best accuracy
Copyright © 2015 Juniper Networks, Inc. 15
Application Identification 2.0
AppID 1.0 AppID 2.0
Applications ~1700 3000+
Implementation Pattern Matching Decoder (loadable)
Evasive Apps (TOR, UltraSurf etc) No Yes
P2P Apps (Bit torrents etc) Limited Yes
Accuracy Good Best
Nested App for non HTTP No Yes
App ALGs (SIP, RTP codecs) No Yes
Copyright © 2015 Juniper Networks, Inc. 16
Integrated User Firewall
Windows ADs
Client
SRX Series
Corporate Data CenterApps
Data
Finance
Video
Internet
1 2
3
4
1Doman user logins into domain from domain member device
User attempts to make a connection through SRX
1. SRX checks local tables to see if user is already authenticated.
2. If so user continues. 3. No local auth, SRX queries AD4. AD has an entry it will be used. 5. No AD entry, fallback to captive portal
Authenticated user traffic is evaluated against configured policy for that user
2
3
4
17 Juniper Networks Confidential
Best of Breed UTM Security
• Protection from respected AV experts
• Reputation-enhanced capabilities
• Filter out extraneous or malicious content
• Maintain bandwidth for essential traffic
• Multilayered spam protection from security experts
• Protection against APTs
• Block malicious URLs
• Prevent lost productivity
Anti-Virus Web Filtering Content FilteringAnti Spam
Copyright © 2015 Juniper Networks, Inc. 18
SRX Series
SRX
Hypervisor
vSRX
VM VM VM VM
Virtual Network
MANAGEMENT AND SECURITY SERVICES
SecurityDirector
Juniper Secure Analytics JSA
SERVICES VSRX
Firewall
UTM
DoS Prevention
AppSecure, IPS
DoS
Integrated Physical and Virtual Security
Copyright © 2015 Juniper Networks, Inc. 19
Firewall management
IPsec VPN management
Network Address Translation (NAT) management
Intrusion prevention (IPS) signature management
Application-level and UTM policy management
Publish WorkFlow: Manage policy work by role for better accuracy+
Scalable Security Management• Security Director
• Delivers scalable, responsive, and accurate policy management
• Enables intuitive web-based policy lifecycle management
• Secure Analytics• Collects, archives, reports and correlates
events, flow data, and application data• Analyzes network behavior for anomalies
AUTOMATES
Threat intelligence enforcement
Copyright © 2015 Juniper Networks, Inc. 20
Security Director – Newly Enhanced
Firewall Policy
Threat Map
Events and Logs
Application Visibility
Dashboard
Copyright © 2015 Juniper Networks, Inc. 21
Juniper Secure AnalyticsExtensive analysis of data and events for real time analysis and anomaly detection in the network
Servers and mainframes
Network and virtual activity
Application activity
Data activity
Configuration information
Vulnerabilities and threats
Users and identities
Global threat intelligence
Security devices
Embedded Intelligence
AutomatedOffense
Identification
Extensive Data Sources… … Suspected Incidents
True Offenses• Automated data collection, asset discovery and profiling
• Automated, real-time, and integrated analytics
• Massive data reduction
• Activity baselining and anomaly detection
• Out-of-the box rules and templates
Copyright © 2015 Juniper Networks, Inc. 22
Open Threat Intelligence Platform
Copyright © 2015 Juniper Networks, Inc. 23 Copyright © 2015 Juniper Networks, Inc. 23
Sources of Threat Intelligence
On-Premises Appliances/Services(Best of Breed)
SIEM AnalyticsCustom Whitelist/Blacklist
(e.g., CSIRT-generated Data)
Malware Sources
Copyright © 2015 Juniper Networks, Inc. 24 Copyright © 2015 Juniper Networks, Inc. 24
Delivering Open, Actionable Intelligence
Meaningful coverage
across use cases with data
relevant to enforcement
Capacity that can meet the customer’s demand for
high volumes of intelligence.
Solutions that scale
Confidence in feed data & reduced noise due to
fewer false positives/negatives
Feeds that are Optimized for SRX lead to
efficient resource utilization
BREADTH SCALE ACCURACY PRIORITIZATION
Closing the loop with policy enforcement on the SRX Firewall
Copyright © 2015 Juniper Networks, Inc. 25 Copyright © 2015 Juniper Networks, Inc. 25
Threat Intelligence Platform
Customer-provided or3rd Party Threat Data
Command & ControlGeoIP
Additional Intelligence
Local Applianceor Service
1
2
3
45
SRX Firewalls
Aggregated & optimized cloud-based threat intelligence1
Juniper-provided threat intelligence to customer premise2
Local/Customer data incorporated into solution3
Centrally managed by Junos Space Security Director4
Intelligence distributed to SRX enforcement points5
Spotlight Secure
Security Director
a framework that uses information frommultiple sources to deliver improved security
Copyright © 2015 Juniper Networks, Inc. 26 Copyright © 2015 Juniper Networks, Inc. 26
Optimizing Threat Intelligence for the SRX
• Consolidate data• Weed out false positives• Add/normalize threat scores• Prioritize based on current
threat landscape
192.168.3.101 10
BadGuy.com 5
http://xyz.com/exploit 3…
The Juniper Threat Feed
• Juniper threat feeds are designed to maximize enforcement point resources
• Policy can be fine-tuned using threat scores
• Robust coverage IP, Domain Name, URL
Not all threat intelligence is created equal
The Optimization Process
Threat intelligence iscollected from a
variety of sources
Sourcing Threat Data
• Juniper is committed to delivering focused threat intelligence (C&C, botnet)
• We utilize a variety of threat data sources and techniques to ensure intelligence is current and actionable
• All data sources are carefully evaluated by Juniper’s threat research team
Rinse & Repeat
Optimize
Generate Feed
Source Data
• Threats change often• Refresh all data sources at
regular intervals• Spotlight Secure ensures that
data is fresh and actionable
Copyright © 2015 Juniper Networks, Inc. 27
Spotlight Secure Cloud
Threat Intelligence Architecture
Command & ControlOther threat intelligence
Security Director
Spotlight Secure Connector
Firewall estate
GeoIP feed
Open platform delivers more value
Scalable to ensure full enterprise or service provider deployment
Built for expansive data capacity
Improved efficacy through threat scores and tuning
Adaptive: from the data source, to data normalization, to syndication at the firewall
Copyright © 2015 Juniper Networks, Inc. 28
High End SRX Solutions
Copyright © 2015 Juniper Networks, Inc. 29
Juniper Security Architecture Overview
VR
VR
Virtualized ServersMulti Tenant
Hypervisor
VM VM
vSRXvSRX
Virtualized HostSingle Tenant
vSRX
VR
Hypervisor
MX
Enterprise Branch SRXWAN
Hybrid Cloud
MX
Security Director/ Virtual Director/Log Director
Internet
OSS/BSS
High End SRX Cluster
VM VM
CustomerPortal
VM VM
Copyright © 2015 Juniper Networks, Inc. 30
Architecture:Separate Data and Control Plane
Con
trol
Pla
neD
ata
Pla
ne
Physical Interfaces
PACKET FORWARDING
DOS & DDOS ATTACKS
Attacks overwhelm the boxAdministrator loses management access – your network is down
Attacks can be thwartedUnder attack, administrator maintains management access to modify policy, disallow bad traffic, and process good traffic – your network stays up
SHARED PLANE
MO
DU
LE
N
INT
ER
FA
CE
S
MA
NA
GE
ME
NT
RO
UT
ING
…KERNEL
DA
TA
MA
NA
GE
ME
NT
RO
UT
ING
DOS & DDOS ATTACKS
Copyright © 2015 Juniper Networks, Inc. 31
SRX1400
• Ideal for small to mid-size data centers, enterprise, and Service Provider networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Combination IOC/SPC card
SRX1400
On-board Ethernet 6 10/100/1000 + 6 SFP or 6 10/100/1000 + 3 SFP and 3 10GbE (on board) 16 SFP
GbE, 16 10/100/1000, or 2 XFP 10GbE
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 10 Gbps
Firewall Performance (IMIX) 5 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
1.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
4 Gbps
AppSecure 6.5 Gbps
Intrusion Prevention System 3 Gbps
Connections Per Second (CPS) 70 K
Maximum Concurrent Sessions 1.5 M
High Availability A/A or A/P
fan vent slot coverline cards
Copyright © 2015 Juniper Networks, Inc. 32
SRX3400 • Ideal for medium to large enterprises
and Service Provider networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Combination IOC/SPC card
SRX3400
On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,
16 10/100/1000, or 2 XFP 10 GB (SR or L)
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 30 Gbps
Firewall Performance (IMIX) 10 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
3.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
8 Gbps
AppSecure 16 Gbps
Intrusion Prevention System 8 Gbps
Connections Per Second (CPS) 150 K
Maximum Concurrent Sessions 3 M
High Availability A/A or A/P
line cards
slot coverpower supply
Copyright © 2015 Juniper Networks, Inc. 33
SRX3600 • Ideal for medium to large enterprises
and Service Provider networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Combination IOC/SPC card
SRX3600
On-board Ethernet 8 10/100/1000 + 4 SFP (on-board) 16 SFP GbE,
16 10/100/1000, or 2 XFP 10 GB (SR or LR)
JUNOS Software Version Support JUNOS 12.1X46
Firewall Performance (Large Packets) 55 Gbps
Firewall Performance (IMIX) 20 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
6.5 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
15 Gbps
AppSecure 24 Gbps
Intrusion Prevention System 15 Gbps
Connections Per Second (CPS) 270 K
Maximum Concurrent Sessions 6 M
High Availability A/A or A/P
line cards slot cover
power supply
Copyright © 2015 Juniper Networks, Inc. 34
SRX5400 • Ideal for medium to large enterprises
and Service Provider networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Next-generation, high-performance line cards
SRX5400
On-board Ethernet 10X10GE-SFPP
Optional Ethernet
1GE - SFP10GE – SFPP40GE – QSFP100GE - CFP
JUNOS Software Version Support JUNOS 15.1X49-D10
Firewall Performance (large Packets)* 480 Gbps
Firewall Performance (IMIX)* 468 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
9.9 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
40 Gbps
AppSecure (NGFW) 50 Gbps
Intrusion Prevention System 22 Gbps
Connections Per Second (CPS) 420 K
Maximum Concurrent Sessions 28 M
High Availability A/A or A/P
slot cover
power supply
SPC2 Card
IOC2 card
SCB and RE card
*Performance with Express Path enabled; throughput without Express Path: 65 Gbps
Copyright © 2015 Juniper Networks, Inc. 35
SRX5600 • Ideal for large enterprise, Service Provider,
and public sector networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Next-generation, high-performance line cards
SRX5600
Optional Ethernet
1GE - SFP10GE – SFPP, XFP
40GE – QSFP100GE - CFP
Onboard Ethernet None
JUNOS Software Version Support JUNOS 15.1X49-D10
Firewall Performance (large Packets)* 960 Gbps
Firewall Performance (IMIX)* 936 Gbps
Firewall Performance (Firewall + Routing PPS 64byte)
20 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
75 Gbps
AppSecure (NGFW) 80 Gbps
Intrusion Prevention System 50 Gbps
Connections Per Second (CPS) 420 K
Maximum Concurrent Sessions 76 M
High Availability A/A or A/P
SPC2 Card
IOC2 card
SCBE and RE card
*Performance with Express Path enabled; throughput without Express Path: 130Gbps
Copyright © 2015 Juniper Networks, Inc. 36
*
SRX5800
• Ideal for large enterprise, Service Provider, and public sector networks
• Software Security Services• AppSecure and IPS• AV and web filtering• Threat intelligence
• Next-generation, high-performance line cards
SPC2 card
SRX5800
Optional Ethernet
1GE - SFP10GE – SFPP, XFP
40GE - QSFP100GE – CFP
Onboard Ethernet None
JUNOS Software Version Support JUNOS 15.1X49-D10
Firewall Performance (Large Packets)* 2 Tbps
Firewall Performance (IMIX)* 2 Tbps
Firewall Performance (Firewall + Routing PPS 64byte)
50 Mpps
VPN Performance – AES256+SHA-1 or 3DES+SHA 1
130 Gbps
AppSecure (NGFW) 160 Gbps
Intrusion Prevention System 100 Gbps
Connections Per Second (CPS) 420 K
Maximum Concurrent Sessions 100 M
High Availability A/A or A/P
IOC2 Card
SCBE and RE card
*Performance with Express Path enabled; throughput without Express Path: 320 Gbps
Copyright © 2015 Juniper Networks, Inc. 37
High Availability: Chassis Clustering
Features• Single System View
• Stateful fail-over
• Monitoring
Cluster
Primary Node1Node0
Control Plane
Data Plane
Secondary
The estimated hardware downtime per pair corresponds to an availability of greater than 99.9999% (six-nines)
*Telcordia Reliability Analysis Report
Copyright © 2015 Juniper Networks, Inc. 38
Ease of Hardware and Software Upgrades
• ISHU – In Service Hardware Upgrade• Replace hardware or add/remove cards on cluster• Example: Adding SPC to SRX
• ISSU – In Service Software Upgrade• SRX node SW upgrade while it is in service• Upgrade software to higher version, no hardware change• Single command to trigger ISSU (without manual intervention)• Minimal traffic loss (~1sec*) at every failover
Copyright © 2015 Juniper Networks, Inc. 39
SRX5000 – New Announcements in 2015
Copyright © 2015 Juniper Networks, Inc. 40
Express Path for SRX5000 Series
• Now available on SRX5000 Series next generation IOC hardware Provides low latency and high throughput solution• 7 – 9.5 microseconds latency• Scales up to 2Tbps on SRX5800• Support for Big Data Flows of 40 Gbps and 100Gbps
• Prioritization of certain traffic types for very high speeds• Both latency-sensitive and normal traffic can be mixed on the same platform• Express Path is configurable per I/O Card:
• Can run certain physical ports in Express Path mode• Other ports in regular firewall mode with high touch services (IPS, IPSec, etc.)
running on SPCs
Copyright © 2015 Juniper Networks, Inc. 41
Industry leading 2 Terabits per Second IMIX Throughput Third generation IOC3
240Gbps Fabric and 2X bandwidth increase over prior card SCB3 Enhanced midplane Express Path
Differentiated throughput levels delivered by custom HW and optimized SW
Operational simplicity and agility Deployed in mixed configurations with existing and new cards Modular throughput and scale for investment protection
Introducing Industry’s Fastest Firewall SRX5800
Copyright © 2015 Juniper Networks, Inc. 42
Why It’s Important
This unprecedented increase in throughput and scale enhances the ability of enterprises and service providers to securely deploy high performance and latency sensitive business applications
at the speed of the business, simply and cost effectively.
The SRX5000 Series achieves 7 µsec latency, 100 million concurrent sessions, six-nines reliability and 2Tbps throughput.
Copyright © 2015 Juniper Networks, Inc. 43
Financial Data Center Challenges
• High MTBF: Downtime is not an option
• Low Latency & Jitter: Every micro-second counts• High frequency trading, Algorithmic trading
• Small packet size and Micro-bursts
41%
35%
6% 5%
3%
2%9% 0-64
65-128
129-256
257-512
513-1024
1025-1480
1481-1520
Sample Packet Distribution
Copyright © 2015 Juniper Networks, Inc. 44
Low Latency, Predictable Performance Solution
• Business objectives• High frequency trading,
equities and market data systems
• Unique needs• Low latency & highly reliable• Predictable/scalable
performance
• SRX differentiators• Express Path solution• Six-nines reliability
Copyright © 2015 Juniper Networks, Inc. 45
Increased Security for High Performance Computing Applications
• Dramatically increasing secured traffic flow with extremely high capacity flows for express downloads and data transfer
• Firewalls traditionally support only small flows
• SRX supports big data flows of up to 100 Gbps!
10G/40G/100G links
Site/Campus LAN
Data Transfer Cluster
SRX5000
Project Y DTN
Project X Data Transfer Node
Science DMZ Switch/Router
Area Border Router Enterprise Border Firewall
Site/Campus Access to Science DMZ resources
10G/40G/100G links
Copyright © 2015 Juniper Networks, Inc. 46
Secure Transfer of Big Data Flows
• SRX supports high bandwidth data flows of 100 Gbps/40Gbps• Dramatically increasing secured traffic flow with extremely high capacity
flows for express downloads and data transfer
• No Sacrifice of Security• SRX inspects the traffic to ensure policy compliance• No sacrifice of policy enforced security for performance
• Meets Govt/Public sector, Research, Pharmaceuticals and Energy requirements to secure fast transfers of very large amounts of data
Copyright © 2015 Juniper Networks, Inc. 47
Dramatically increases secured traffic with extremely high bandwidth flows
Suitable for express downloads and data transfers of large amounts of data
Reduces packet path latency
Price/Performance gains
Example Deployment (Science DMZ)
10G/40G/100G links
Site/Campus LAN
Data Transfer Cluster
SRX5000
Project Y DTN
Project X Data Transfer Node
Science DMZ Switch/Router
Area Border Router Enterprise Border Firewall
Site/Campus Access to Science DMZ resources
10G/40G/100G links
Copyright © 2015 Juniper Networks, Inc. 48
Data Center Use Cases
Copyright © 2015 Juniper Networks, Inc. 49
Enterprise IT Datacenter
• Business objectives• Corporate cost center delivering
internal business applications and services
• Unique needs• I/O convergence at the rack• Robust HA and multi-site business
continuity• Traffic isolation and security services
• SRX strengths:• IPSEC with automatic route insertion
or AutoVPN• Full suite of NGFW capabilities; IPS
DMZ
Applications
IPS/AppID
Log Director/JSA
Internet
Secure from outside to inside
High End SRX
Secure from internal threats
Internal LAN
User
Policy
USE CASE
Copyright © 2015 Juniper Networks, Inc. 50
High Performance Computing Data Center
• Business objectives• Dedicated application
compute network
• Unique needs• High throughput; low latency• System resiliency and reliability
• SRX differentiators• 99.99995% system availability • HA with in-service software/
hardware upgrades• Single, high bandwidth flows of
40G, 100G
USE CASE
VR
VR
Virtualized ServersMulti Tenant
Hypervisor
VM VM
FireflyFirefly
Virtualized HostSingle Tenant
VR
Hypervisor
MX
EnterpriseBranch
SRXWAN
Hybrid Cloud
MX
Security Director/Virtual Director/Log Director
Internet
OSS/BSS
High End SRX Cluster
VM VM
CustomerPortal
VM VM
Firefly
Copyright © 2015 Juniper Networks, Inc. 51
Transactional Data Center
• Business objectives• Financial trading and market
data systems, high speed transactions
• Unique needs• Low latency and highly reliable• Logical/virtual security separation
• SRX differentiators• Express path low latency solution• Logical separation;
routing-instances, LSYS
VR
VR
Virtualized ServersMulti Tenant
Hypervisor
VM VM
FireflyFirefly
Virtualized HostSingle Tenant
Firefly
VR
Hypervisor
MX
EnterpriseBranch
SRXWAN
Hybrid Cloud
MX
Security Director/Virtual Director/Log Director
Internet
OSS/BSS
High End SRX Cluster
VM VM
CustomerPortal
VM VM
USE CASE
Copyright © 2015 Juniper Networks, Inc. 52
Content/Service Delivery Datacenter
• Business objectives• Revenue-generating content
and service delivery
• Unique needs• Modular Scalability without redesign• HA and QoS to enable SLAs• Advanced and virtualized security
• SRX strengths• 40G-100G modular scalability• Open IPS signature set and threat
intelligence• Comprehensive QoS feature set• Full suite of security services
DMZ
Applications
IPS
Log Director/JSA
Internet
Secure from outside to inside
High End SRX
Secure from internal threats
Internal LAN
User
Policy
USE CASE
Copyright © 2015 Juniper Networks, Inc. 53
IDENTIFY NEW OPPORTUNITIES
Realize Networks That Know with Juniper Professional Services
ACCELERATE INNOVATION
ACCELERATE DEPLOYMENT
LEVERAGE PROVEN EXPERTISE
CREATE ROADMAP FOR EVOLUTION
PLAN FOR THE FUTURE
PROTECT YOUR INVESTMENT
MITIGATE RISK
Copyright © 2015 Juniper Networks, Inc. 54
Juniper Professional Services
Accelerate innovation
Plan for the future
Leverage Proven Expertise
Design an effective network
Maximize performance
Mitigate risk
Juniper Professional Services help you to identify new opportunities for creating a foundation for innovation across your business.
Your network needs to do more than meet your needs of today. We assist you in building a roadmap for how your system can evolve and grow over the long term.
Juniper Professional Services provide the assessment, design, deployment, and migration expertise on how you can optimize your selected technology. We follow proven methodologies that accelerate the process without compromising quality. As you move forward, Juniper PS is available to provide assistance in areas such as high and low-level design, migration planning and execution.
We understand how to integrate and optimize solutions from other vendors into an open, cohesive networking environment that enables innovation
We can configure your entire network for optimal resiliency, reliability, security and speed. We create effective multi-vendor networks that work seamlessly.
We understand that with innovation may come concerns about risk - Juniper PS services enable you to optimize your potential for innovation while mitigating the risk to:• Your investment • Disruption to your existing infrastructure• Disruption to existing services
Copyright © 2015 Juniper Networks, Inc. 55
Automation: Unique to SRX
OSS integrationWorkflow automationNetOps & SecOps tools
“off-box”
Audits & complianceChange controlTroubleshooting & event response
“on-box”
XML API
On the Device Across the Network
Copyright © 2015 Juniper Networks, Inc. 56
Automation: Why It Matters
Provisioning and deployment
Change management
Event response
Uses
Deliver new services faster
Improve staff efficiency
Simplify auditing
Reduce downtime from human errors
Drivers / Benefits
Core Junos Differentiation
Copyright © 2015 Juniper Networks, Inc. 57
What Analysts Are Saying…
MAXIMUM PERFORMANCE AND SCALABILITY
OPERATIONAL EFFICIENCY
“Good options exist for high-throughput, purpose-built appliances, especially in the higher end SRX models.”
Greg Young, Gartner MQ for Enterprise Network Firewalls 2013
“Junos “achieved a 40% reduction in operation costs…[including] planning and provision, deployment, and planned and unplanned network events…Positive financial payback within 0.8 years or 9 months.”
“The Total Economic Impact of Juniper Networks JUNOS Network Operating System,” Michael Speyer, Forrester Research
COMPREHENSIVE THREAT PREVENTION“Juniper is also the only solution with all the advanced features in this evaluation.”
Info-Tech, “Vendor Landscape: Next Generation Firewalls,” James Quin
Copyright © 2015 Juniper Networks, Inc. 58
ESG Lab Review
“Juniper is focused on delivering comprehensive security services that provide the maximum amount of performance and scale, while optimizing productivity in a highly available, always-on cluster with easy, secure access. ESG Lab validated that the latest release of the Juniper SRX5400, with its unique architectural approach, next-generation IOCs and SPCs, and Express Path, achieves just that. If you’re considering a next-generation data center firewall and have strict performance requirements for throughput and latency, ESG Lab suggests taking a look at the Juniper SRX5400.”
Jon Oltsik, ESG Senior Principal Analyst
*ESG Lab Review - Juniper SRX5400 – March 2015
PERFORMANCE AND SCALABILITY WITH THE SRX5400*
Copyright © 2015 Juniper Networks, Inc. 59
THE POWER OF A CONNECTED WORLDCONNECT EVERYTHING. EMPOWER EVERYONE.
THANK YOU