We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byDianna Onion
Modified about 1 year ago
| Copyright © 2009 Juniper Networks, Inc. | 1 Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe The most flexible, cost-effective solution for mid to large enterprises and service providers
| Copyright © 2009 Juniper Networks, Inc. | 2 NS-5400 Juniper Networks - Leadership & Expertise 1G FW & 1G VPN 100 VSYS 2G FW & 1G VPN 250 VSYS A/A-Full Mesh HA 10G & 30G FW 6M & 18M PPS 10 GigE interfaces Jumbo Frames Hardware AES 2000 Now NS1000 NS1000 w Switch 2 4G & 12G FW 3M & 9M PPS 500 VSYS <78 interfaces & 4000 VLANs Source: Infonetics, Jun 2008 Juniper Networks “Upper-right” Firewall & IPSec VPN Gartner’s Magic Quadrant NS-5200 SRX 5600 SRX G & 100+G FW 20G & 40+G IPS 4M & 8M Sessions ISG 2000
| Copyright © 2009 Juniper Networks, Inc. | 3 Deliver a superior user experience Faster application and service deployment Total cost of ownership advantage Integrated Services FAST RELIABLE SECURE Operational Simplicity Scalable Performance What customers expect...
| Copyright © 2009 Juniper Networks, Inc. | 4 VPN IPSec IPS Core / Infrastructure: 10 GigE –More traffic, new/next gen apps, video and other streaming media Customers demand full-fledged security posture for network performance –Deliver all security services at scale 10+ Gbps FW Today’s Enterprise Requirements Enablement versus Constraint
| Copyright © 2009 Juniper Networks, Inc. | 5 Business Challenges Performance and Flexibility Compromise Traditional solutions based on performance/flexibility tradeoff Limited performance options –Deploy more platforms –Disable “expensive” features Limited flexibility options –Deploy dedicated appliances Flexibility Performance
| Copyright © 2009 Juniper Networks, Inc. | 6 Pitfall of Today’s Security Adaptability Limited flexibility in adapting to business requirements Poor service integration resulting in poor business operations –Complex rack space planning –Installation, management and maintenance overhead Network Traffic Requirements Time TODAYFUTURE Security Requirements FW, IPS & VPN (Gbps) 10 5 Rack Space Planning: High CAPEX: High OPEX: High ASA 5540
| Copyright © 2009 Juniper Networks, Inc. | 7 Fabric Dynamic Services Architecture ™ Dedicated Control Plane Built-on Terabit Fabric –Interchangeable I/O and processing cards –Any service, any card Feature integration on JUNOS –Fast time to market –Tightest integration between features Carrier-class Reliability Interface Scalability Processing Scalability Dedicated Management Service Integration via JUNOS ™ QoSDoS NATVPN FWIDP
| Copyright © 2009 Juniper Networks, Inc. | 8 Dynamic Services Consolidate Management Framework App Layer Forwarding Threat Prevention Access Control SRX Dynamic Services Gateway RoutingFirewallIPS IPSec VPN NAT SRX Services Gateway Family of JUNOS-based Dynamic Services Gateways
| Copyright © 2009 Juniper Networks, Inc. | 9 SRX5000 Series Services Gateway Revolutionary Architecture Integrated Services Scalable Performance Operational Simplicity World’s Fastest Security Solution The heritage of ScreenOS on JUNOS SRX Dynamic Services Gateways Sept 2008 Market Introduction
| Copyright © 2009 Juniper Networks, Inc. | 10 Juniper (mid to high-end) Enterprise Security Portfolio 10 Gbps 30 Gbps 50 Gbps 150 Gbps FW and Integrated Security Designed for enhanced perimeter and DC security Products addressing this segment? ISG/IDP SRX5600 SRX5800 NS5400 Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery
| Copyright © 2009 Juniper Networks, Inc. | 11 No Compromise Security: SRX3000-line: The most cost-effective network security solution Maximum Flexibility without Sacrificing Security Unmatched Price / Performance Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA) Based on Dynamic Services Architecture™ for accelerated new service deployment
| Copyright © 2009 Juniper Networks, Inc. | 12 SRX3400 Hardware Modular chassis –7 slots (4 front, 3 rear) –MGT module – dual, hot swap –3U chassis height Fixed Interfaces –12 built-in (8-10/100/ SFP) –2 Ethernet Management Ports Modular Interfaces –16-10/100/1000 –16-SFP –2-XFP Performance & Capacities FW – 10/20 Gbps VPN – 6 Gbps IDP – 6 Gbps Concurrent sessions – 1M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 10k Front Rear
| Copyright © 2009 Juniper Networks, Inc. | 13 SRX3600 Hardware Modular chassis –12 slots (6 front, 6 rear) –MGT module – dual, hot swap –5U chassis height Fixed Interfaces –12 built-in (8-10/100/ SFP) –2 Ethernet Management Ports Modular Interfaces –16-10/100/1000 –16-SFP –2-XFP Performance & Capacities FW – 10/20/30 Gbps VPN – 10 Gbps IDP – 10 Gbps Concurrent sessions – 2M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 20k Front Rear
| Copyright © 2009 Juniper Networks, Inc. | 14 Sample SRX3000 Base Configurations SRX3400 –Minimal Configuration SRX 3400 Chassis 1 SPC 1 NPC SRX3600 –Minimal Configuration SRX 3600 Chassis 1 SPC 1 NPC
| Copyright © 2009 Juniper Networks, Inc. | 15 System configuration flexibility Flexible configuration of IOCs, NPCs and SPCs: –SRX3400: 7 slots for Common Form-factor Modules (CFMs): –4 in the front for IOCs and SPCs –3 in the rear for NPCs and SPCs 4 SPCs max (1 min) 2 NPCs max (1 min) 4 IOCs max –SRX3600: 12 slots for Common Form-factor Modules (CFMs): –6 in the front for IOCs and SPCs –6 in the rear for NPCs and SPCs 7 SPCs max (1 min) 3 NPCs max (1 min) 6 IOCs max SRX 3400-DC is limited by power supply capacity. No HA limitations.
| Copyright © 2009 Juniper Networks, Inc. | 16 Services Processing Cards Flow Lookup Classification DoS/DDoS Policing Ingress Packet Egress Packet Services FW/VPN/IDP NAT/Routing RE Routing / Device MGT QoS/Shaping Fabric Integrated in SRX 5000 IOC Network Processing Cards Oversubscrptn. Control 1.5 Input/Output Cards SRX 3K Packet Flow – Fully Integrated
| Copyright © 2009 Juniper Networks, Inc. | 17 Juniper SRXTraditional Appliances Dedicated Control Plane Buildable I/O Pool Buildable Processing Pool Single device to manage Single policy/configuration Scalable Service Engine Integrated Services Dynamic Services Architecture Differentiator
| Copyright © 2009 Juniper Networks, Inc. | 18 Adapting to Changing Security Requirements High integration supporting wide range of services Scales as your business grows Minimal/No policy changes required Rack Space Planning: NONE CAPEX: LOW OPEX: LOW Network Traffic Requirements Time TODAYFUTURE Security Requirements FW, IPS & VPN (Gbps) 10 5
| Copyright © 2009 Juniper Networks, Inc. | 19 Price per FW Gbps 44%SAVINGS Price per Gbps FW/IPS/IPSec VPN 83%SAVINGS Power Savings 84%SAVINGS Cisco ASA 5580 Juniper SRX % SPACE SAVINGS 10 Gbps FW, IPS & IPSec VPN Solution 31 Appliances Cisco ASA 5540Juniper SRX 3600 Industry’s Most cost-effective security solution
| Copyright © 2009 Juniper Networks, Inc. | 20 Juniper (mid to high-end) Enterprise Security Portfolio 10 Gbps 30 Gbps 50 Gbps 150 Gbps FW and Integrated Security Designed for enhanced perimeter and DC security Services Gateway Designed for integration and scalability Dynamic Services Architecture Terabit Fabric Technology Dynamic Processing Pool Dynamic I/O Pool JUNOS SW feature delivery ISG/IDP SRX5600 SRX5800 NS5400 SRX3400 SRX3600
| Copyright © 2009 Juniper Networks, Inc. | 21 Juniper Networks Security Manager A comprehensive approach to security management Device-lifecycle management –Manages through every phase of device lifecycle: design, deploy, configure, monitor, maintain, upgrade, adjust Manage all aspects of configuration –Manage configuration tasks at device, networking and security levels Delegation of administrative access –Provides needed power and tools to the right groups (access and control) –Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions The Device Lifecycle
| Copyright © 2009 Juniper Networks, Inc. | 22 NSM Management Features FeaturesDescription Scheduled Security UpdatesAutomatically update devices with new attack objects Domains Service providers and distributed enterprises may use this mechanism to logically separate devices, policies, reports, objects, etc… Role-based Administration Granular approach in which all 100+ activities in the system may be assigned as a separate permissions Object Locking Multiple administrators can safely and concurrently modify different objects in the system at the same time Audit Logs Sort-able and filterable record of who made which changes to which objects in the system Device TemplatesManage shared configuration such as sensor settings in one place Job Manager View pending and completed directives (such as device update) and their status High AvailabilityActive/passive high availability of the management server Scheduled Database BackupsCopies of the NSM database may be saved on a daily basis
| Copyright © 2009 Juniper Networks, Inc. | Tier Management Network-Security Manager (NSM) IDP Appliances ISG / ISG with IDP Centralized NSM Server Common User Interface NSM SSG Series NS-5000 Series
| Copyright © 2009 Juniper Networks, Inc. | 24 Future Direction Best-in-Class Routing Best-in-Class Security Continued leadership in networking Continued leadership in security Integrated security and networking on JUNOS JUNOS
| Copyright © 2009 Juniper Networks, Inc. | 25 The High-Value Branch When remote sites are essential to the organization’s strategic mission, you can WIN! Ministry of Foreign Affairs
| Copyright © 2009 Juniper Networks, Inc. | 26 RoleMissionChanges The Humble Storefront Revenue Gateway Create new sources of revenue and operational efficiencies Support partners, guests, and devices Reputation and compliance The Mission Critical Clinic Service Gateway Attract and retain valuable clients Centralization of applications and databases; SaaS Privacy and compliance The High-Powered Center of Excellence Innovation Gateway Retain and activate a high quality workforce Advanced collaboration Unrestricted Internet access for employees What Are High-Value Remote Locations? Gateways to Better Businesses
| Copyright © 2009 Juniper Networks, Inc. | 27 THANK YOU
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 1 1 Chapter 1: Routing Services CCNP ROUTE: Implementing IP Routing.
Copyright© 2003 Avaya Inc. All rights reserved Transforming the Contact Center Speed, Simplicity, Evolution, Growth For use by Analyst Not to be Distributed.
Joey Snow Technical Evangelist Microsoft Corporation Session Code: WSV207.
Network Services for Enhanced Cloud Computing T. V. Lakshman Bell Labs (Jointly with F. Hao, S. Mukherjee, H. Song)
Microsoft Dynamics AX Name Title Microsoft Corporation Industrial Equipment Manufacturing.
OpenScape Business A unified business solution for small and mid-size companies Oct
Branch Repeater 5.6, 5.7 & VPX Technical Presentation.
Copyright 2002, Computer Associates International, Inc CA Products for z/VM – Old Dogs with New Tricks Yvonne DeMeritt Sr. Sustaining Engineer CA.
All Rights Reserved © Alcatel-Lucent 2006, | NMS OmniVista 2500 and 2700| December 2006 Alcatel-Lucent NMS OmniVista 2500 and 2700 Delivering the.
1 EMC CONFIDENTIALPARTNER USE ONLY EMC Solutions Overview Building the next generation data centre Chris Ralston EMC Field Technical Consultant.
© 2009 VMware Inc. All rights reserved VMware vShield – Foundation for the Most Secure Cloud Deployments.
INTRODUCTION In business today, the formula for success includes two vital ingredients, effectively utilizing the latest technologies and proper information.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enabling Cloud with SDN/Virtual.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
Field TDM Deck Optimize and Secure Your Core Infrastructure for Midsize Businesses.
Technical Track n – Wireless Performance for Control? Paul Brooks, Rockwell Automation Paul Didier, Cisco.
Michael Leworthy Senior Product Manager Windows Server & Management.
© 2011 VMware Inc. All rights reserved VMware Sales Byte Net New Customer Improve Business Continuity and Disaster Recovery (BCDR) with Managed Virtualization.
What happened to IPv5? and other oft asked IPv6 questions The Internet Society, IPv6 and You Susan Estrada.
©Siebel Systems 2003 – Do not distribute or re-use without permission Implementing Siebel 7 for High Availability Richard Sands Siebel Expert Services.
Fortinet Confidential. 2 Fortinet Overview Market-Leading Provider of End-to-End IT Security Solutions Company Stats Founded in 2000 Silicon Valley-based,
V © 2009 IBM Corporation Systems & Technology Group Cloud computing for System z.
Page 1 Virtual Tape Library for Open Systems Gavin Cole Storage Consultant
Presented by Terry C. Shannon to HP Marketing & BeLux User Group , Shannon Knows HPC Publisher, Shannon Knows HPC
Windows Server 2012: New Features. Administering Servers with Server Manager Using Server Manager, you can: Manage multiple servers from one instance.
© 2016 SlidePlayer.com Inc. All rights reserved.