Embed Size (px)
Citation preview
Copyright © 2015 Juniper Networks, Inc. 1
Juniper vSRX - Virtual SRX
Shishir Agrawal Sr. Manager, Product Management, vSRX Wenyu Zhang Sr. Technical Marketing Engineer, vSRX
#NFD10
Copyright © 2015 Juniper Networks, Inc. 2
vSRX – Security & Routing
Junos Rou(ng Protocols and SDK
Junos Rich and Extensible Security Stack
Junos Space – Security Director & Virtual Director, CLI, JWEB, SNMP, HA
Firewall
VPN
NAT
Rou(ng
An(-‐Virus
IPS
Web Filtering
An(-‐Spam
AppID
AppFW
AppQoS
AppTrack
Perimeter Security Content Security Applica(on Security
Shipping
Copyright © 2015 Juniper Networks, Inc. 3
vSRX - Industry’s Fastest Virtual Firewall
• 17G FW Large packet (1514B), 4G FW Imix • 2 vCPU (cores), Lowest TCO • Highest Perf/Core
• ~80G FW (8 instances) Large packet per server • VMware5.5+SRIOV -‐ 8 vSRX instances on a 2.4GHz Dell server
• VMware5.5+SRIOV –1 vSRX instance on a 3.4GHz Dell server
Copyright © 2015 Juniper Networks, Inc. 4
vSRX – Fits into the virtualization ecosystem
• JSpace – SD, CLI, JWeb • Self Care via NetConf* • Contrail Service
Chaining, VMware NSX*
• VMware vCloud Air • Amazon AWS* • Microsoft Azure*
• VMware – vRealize Orchestrator
• Open Stack -‐ Plugin • Cloud Stack -‐ Plugin
• VMware ESXi 5.x, 6.0* • KVM - Centos & Ubuntu • Microsoft - HyperV*
*Short term roadmap
Platforms
IaaS Policy & SDN
Orchestration
Copyright © 2015 Juniper Networks, Inc. 5
Use Case #1: Enterprise Private Cloud
Security Director enables security policy configuration and management across physical & virtual environments
Key Need
VM Isolation
Department 2 Department 1
Department 3 Department 4
Other VM
Web VM
APP VM
DB VM
Other VM
Web VM
APP VM
DB VM
Other VM
Web VM
APP VM
DB VM
Other VM
Web VM
APP VM
DB VM
vSRX vSRX
vSRX vSRX
vCenter Security Director
Virtual Director
Virtual Environment/Private Cloud
Physical Servers
WAN • VMWare • Flat Network • Unified
Policy • Hybrid Cloud
Copyright © 2015 Juniper Networks, Inc. 6
Providing protection and connectivity to customer hosted VMs
Customer Premise 2
Other VM
Web VM
APP VM
DB VM
IPSec VPN
Customer Premise 3
Other VM
Web VM
APP VM
DB VM
IPSec VPN
Other VM
Web VM
APP VM
DB VM
Customer Premise 4
IPSec VPN
Customer 2 Customer 3 Customer 4
IPSec VPN IPSec VPN IPSec VPN
Other VM
Web VM
APP VM
DB VM
IPSec VPN
Customer Premise 1
Customer 1
IPSec VPN
vSRX dedicated to each
customer
Use Case #2: Public and Hybrid Cloud
• AWS/Azure/vCloud Air
• Utlity Pricing • Hybrid Cloud
Copyright © 2015 Juniper Networks, Inc. 7
Use Case #3: Service Provider vCPE
MPLS VPN
Customer Premise 1
Customer Premise 2
Customer Premise 4
MX L2/L3 Switch SRX QFX
Customer 1 UTM
vSRX
Customer 2 IPS+AppSecure
vSRX
Customer 4
vSRX
MSSP’s Virtual Environment
Customer 3 All-in-One
vSRX
Customer 2
Customer Premise 3
Customer 3
Customer 4
Customer 1 Operator Network
NID
NID
NID
NID
Management & Orchestration Platform
Contrail Security Director Service
Maestro Junos Space
• Distributed deployments • Opex reduction • Service Agility/Time to
market • Broadband access
Copyright © 2015 Juniper Networks, Inc. 8
Use Case #4: Service Provider uCPE
MPLS VPN
Customer Premise 1
Customer Premise 2
Customer Premise 4
MX L2/L3 Switch SRX QFX
MSSP’s Virtual Environment
Management & Orchestration Platform
Contrail Security Director
Customer 2
Customer Premise 3
Customer 3
Customer 4
Customer 1 Operator Network
uCPE HW
vSRX
uCPE HW
vSRX
uCPE HW
vSRX
uCPE HW
vSRX
Addi(onal Services Delivered from Cloud
Service Maestro Junos Space
• Distributed deployments • Opex reduction • Service Agility/Time to
market • Compliance restrictions • Slower internet access
Copyright © 2015 Juniper Networks, Inc. 9
Monetizing Juniper Security Services Imagine It
HOME ABOUT US PRODUCTS SERVICES NEWS CONTACTS SEARCH
Advanced Voice Services Security Services Connectivity Services Business Applications
Private Policy Find & Store Support Chat with Agent Contact Us
UNIFIED THREAT MANAGEMENT
SERVICES
SECURITY SERVICES BUNDLES
APPLICATION CONTROL SERVICES
NETWORK PROTECTION
SERVICES
Copyright © 2015 Juniper Networks, Inc. 10
Monetizing Juniper Security Services Imagine It
HOME ABOUT US PRODUCTS SERVICES NEWS CONTACTS SEARCH
Advanced Voice Services Security Services Connectivity Services Business Applications
Private Policy Find & Store Support Chat with Agent Contact Us
Security Services Silver Gold Platinum1
Net
wor
k Pr
otec
tion Base Virtual Firewall
Network Address Translation
IPSec VPN
Advanced Routing and Multicast
Uni
fied
Thre
at
Man
agem
ent (
UTM
)
Intrusion Prevention System (IPS)
Anti-virus
Anti-spam
Web-filtering
Content-filtering
App
licat
ion
Con
trol
Application Tracking
Application Firewall
Application QoS
User-role Firewall
Copyright © 2015 Juniper Networks, Inc. 11
Monetizing Juniper Security Services Imagine It
HOME ABOUT US PRODUCTS SERVICES NEWS CONTACTS SEARCH
Advanced Voice Services Security Services Connectivity Services Business Applications
Private Policy Find & Store Support Chat with Agent Contact Us
Service
High Availability
Support
Consulting Services
Service Upgrade
OPTION PRICE SELECT
Cart: 0
$0.00 QTY Add to Cart
$0.00 QTY Add to Cart
$0.00 QTY Add to Cart
$0.00 QTY Add to Cart
$0.00 QTY Add to Cart
Checkout
Base Firewall
AV + AS + WF
Yes
Standard 8x5
Security Assessment
Copyright © 2015 Juniper Networks, Inc. 12
Orchestration & Management
Copyright © 2015 Juniper Networks, Inc. 13
Junos Space Security Director & Virtualization
Security Director
Virtualization Automation (Virtual Director)
Firewall Management IPsec VPN management Network Address Translation (NAT) management
Intrusion prevention (IPS) management
Application-level policy management UTM unified threat management Security Services
• Delivers scalable and responsive security management
• Improves the reach, ease, and accuracy of security policy administration
• Enables quick and intuitive web-based management of security policy lifecycle
• Deploys and manages lifecycle of Virtual Firewalls
Copyright © 2015 Juniper Networks, Inc. 14
Junos Automation APIs
Secure and connection oriented … SSH as transport
Structured and transaction based … XML as RPC request / response
User-class privilege aware … Role Based Access Controls in Junos
Comprehensive & Consistent ... Automate everything
Management System
Automate config changes, remote invocation of operational commands, collection of logs
NETCONF XML PROTOCOL (RFC4741)
Uniform Virtual or Physical
Management
SECURITY
NETCONF client libraries exist for a number of programming languages such as Java, Perl, Ruby, Python, and even SLAX !
XML XML
Secure TCP/IP connections via SSHv2 (RFC4742)
SRX3600
SRX5600
SRX5800 T Series MX Series EX8216
EX8208
SRX100 SRX210 SRX240
SRX650
M Series
EX 4200
EX3200 EX2200 J Series
ROUTERS SWITCHES
vSRX
Copyright © 2015 Juniper Networks, Inc. 15
Service Chaining with Contrail
• Increased agility and velocity of network services supporting critical business processes
• Reduced capital and operational expense via network simplification
• Simplified tenant isolation for security and regulation compliance
BENEFIT
CONTRAIL SDN CONTROLLER
Orchestrator
HUMAN RESOURCES
FINANCE
ENGINEERING
Dynamic Service Chain
Configuration
Pool of x86 Appliances
Copyright © 2015 Juniper Networks, Inc. 16
Rapid deployment and management (SDN Integration & Unified Policy Mgmt.)
Simple, scalable, flexible licensing models and price performance advantages
Flexibility across multiple use cases (Datacenters and MSSPs)
Advanced security, rich networking, and routing features all-in-one
vSRX – Securing Virtualized Environments
Industry’s fastest virtual firewall (highest perf per core)
Thank you!
