1 / 26

The most flexible, cost-effective solution for mid to large enterprises and service providers

Securing the Enterprise - new trends on networking security SCOP / Bucharest 15th April 2009 Uwe Richter Sr. SE Manager Eastern Europe. The most flexible, cost-effective solution for mid to large enterprises and service providers. NS1000 w Switch 2. NS1000. NS-5200. NS-5400. ISG 2000.

phil
Download Presentation

The most flexible, cost-effective solution for mid to large enterprises and service providers

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Securing the Enterprise - new trends on networking securitySCOP / Bucharest 15th April 2009Uwe Richter Sr. SE Manager Eastern Europe The most flexible, cost-effective solution for mid to large enterprises and service providers

  2. NS1000 w Switch 2 NS1000 NS-5200 NS-5400 ISG 2000 SRX 5600 SRX 5800 Juniper Networks - Leadership & Expertise 4G & 12G FW 3M & 9M PPS 500 VSYS <78 interfaces & 4000 VLANs 10G & 30G FW 6M & 18M PPS 10 GigE interfaces Jumbo Frames Hardware AES 2G FW & 1G VPN 250 VSYS A/A-Full Mesh HA 1G FW & 1G VPN 100 VSYS 60G & 100+G FW 20G & 40+G IPS 4M & 8M Sessions 2000 Now Gartner’s Magic Quadrant • Juniper Networks“Upper-right” • Firewall & IPSec VPN Source: Infonetics, Jun 2008

  3. FAST SECURE RELIABLE What customers expect... Deliver a superior user experience Integrated Services Faster application and service deployment Scalable Performance Operational Simplicity Total cost of ownership advantage

  4. IPSec VPN IPS FW Today’s Enterprise RequirementsEnablement versus Constraint • Core / Infrastructure: 10 GigE • More traffic, new/next gen apps, video and other streaming media • Customers demand full-fledged security posture for network performance • Deliver all security services at scale 10+ Gbps

  5. Traditional solutions based on performance/flexibility tradeoff Limited performance options Deploy more platforms Disable “expensive” features Limited flexibility options Deploy dedicated appliances Flexibility Performance Business ChallengesPerformance and Flexibility Compromise

  6. Pitfall of Today’s Security Adaptability • Limited flexibility in adapting to business requirements • Poor service integration resulting in poor business operations • Complex rack space planning • Installation, management and maintenance overhead • Rack Space Planning: High • CAPEX: High • OPEX: High 10 Security Requirements FW, IPS & VPN (Gbps) ASA 5540 5 Network Traffic Requirements TODAY Time FUTURE

  7. Dedicated Control Plane Built-on Terabit Fabric Interchangeable I/O and processing cards Any service, any card Feature integration on JUNOS Fast time to market Tightest integration between features Carrier-class Reliability Fabric Dynamic Services Architecture ™ Service Integration via JUNOS ™ Dedicated Management FW IDP NAT VPN DoS QoS Interface Scalability Processing Scalability

  8. SRX Services GatewayFamily of JUNOS-based Dynamic Services Gateways Dynamic Services Consolidate Management Framework App LayerForwarding ThreatPrevention Access Control Routing Firewall IPS IPSec VPN NAT SRX Dynamic Services Gateway

  9. SRX Dynamic Services Gateways Sept 2008 Market Introduction SRX5000 Series Services Gateway • Revolutionary Architecture • Integrated Services • Scalable Performance • Operational Simplicity • World’s Fastest Security Solution • The heritage of ScreenOS on JUNOS

  10. Juniper (mid to high-end) Enterprise Security Portfolio ISG/IDP SRX5800 • Services Gateway • Designed for integration and scalability • Dynamic Services Architecture • Terabit Fabric Technology • Dynamic Processing Pool • Dynamic I/O Pool • JUNOS SW feature delivery 150 Gbps SRX5600 50 Gbps 30 Gbps Products addressing this segment? 10 Gbps NS5400 • FW and Integrated Security • Designed for enhanced perimeter and DC security

  11. Maximum Flexibility without Sacrificing Security Unmatched Price / Performance Powered by JUNOS and Juniper’s Dynamic Services Architecture (DSA) No Compromise Security:SRX3000-line: The most cost-effective network security solution Based on Dynamic Services Architecture™ for accelerated new service deployment

  12. SRX3400 Hardware • Modular chassis • 7 slots (4 front, 3 rear) • MGT module – dual, hot swap • 3U chassis height • Fixed Interfaces • 12 built-in (8-10/100/1000 + 4-SFP) • 2 Ethernet Management Ports • Modular Interfaces • 16-10/100/1000 • 16-SFP • 2-XFP Performance & Capacities • FW – 10/20 Gbps • VPN – 6 Gbps • IDP – 6 Gbps • Concurrent sessions – 1M • New and sustained CPS – 175k • Concurrent IPSec VPN tunnels – 10k Front Rear

  13. Hardware Modular chassis 12 slots (6 front, 6 rear) MGT module – dual, hot swap 5U chassis height Fixed Interfaces 12 built-in (8-10/100/1000 + 4-SFP) 2 Ethernet Management Ports Modular Interfaces 16-10/100/1000 16-SFP 2-XFP Performance & Capacities FW – 10/20/30 Gbps VPN – 10 Gbps IDP – 10 Gbps Concurrent sessions – 2M New and sustained CPS – 175k Concurrent IPSec VPN tunnels – 20k SRX3600 Front Rear

  14. Sample SRX3000 Base Configurations SRX3400 • Minimal Configuration • SRX 3400 Chassis • 1 SPC • 1 NPC SRX3600 • Minimal Configuration • SRX 3600 Chassis • 1 SPC • 1 NPC

  15. RE 1.5 Network Processing Cards Fabric Fabric Services Processing Cards Input/Output Cards SRX 3K Packet Flow – Fully Integrated Flow Lookup Classification DoS/DDoS Policing Routing / Device MGT Services FW/VPN/IDP NAT/Routing Integrated in SRX 5000 IOC Oversubscrptn. Control  Ingress Packet  Egress Packet QoS/Shaping

  16. Integrated ServicesDynamic Services Architecture Differentiator Juniper SRX Traditional Appliances Dedicated Control Plane     Buildable Processing Pool   Buildable I/O Pool Scalable Service Engine   Single policy/configuration   Single device to manage  

  17. High integration supporting wide range of services Scales as your business grows Minimal/No policy changes required Adapting to Changing Security Requirements • Rack Space Planning: NONE • CAPEX: LOW • OPEX: LOW 10 Security Requirements FW, IPS & VPN (Gbps) 5 Network Traffic Requirements TODAY Time FUTURE

  18. Power Savings Price per FW Gbps 44% SAVINGS 83% SAVINGS 84% SAVINGS 84% SPACE SAVINGS Industry’s Most cost-effective security solution 10 Gbps FW, IPS & IPSec VPN Solution Price per Gbps FW/IPS/IPSec VPN 31 Appliances Cisco ASA 5580 Juniper SRX 3600 Juniper SRX 3600 Cisco ASA 5540

  19. Juniper (mid to high-end) Enterprise Security Portfolio SRX5800 • Services Gateway • Designed for integration and scalability • Dynamic Services Architecture • Terabit Fabric Technology • Dynamic Processing Pool • Dynamic I/O Pool • JUNOS SW feature delivery 150 Gbps SRX5600 50 Gbps SRX3600 30 Gbps SRX3400 10 Gbps NS5400 • FW and Integrated Security • Designed for enhanced perimeter and DC security ISG/IDP

  20. Monitor / Maintain Upgrade / Adjust Configure Design / Deploy Juniper Networks Security Manager A comprehensive approach to security management • Device-lifecycle management • Manages through every phase of device lifecycle: design, deploy, configure, monitor, maintain, upgrade, adjust • Manage all aspects of configuration • Manage configuration tasks at device, networking and security levels • Delegation of administrative access • Provides needed power and tools to the right groups (access and control) • Control to provide/restrict information to different people within the organization, allowing them to make appropriate decisions TheDeviceLifecycle

  21. NSM Management Features

  22. NSM 3-Tier ManagementNetwork-Security Manager (NSM) NS-5000 Series ISG / ISG with IDP SSG Series CentralizedNSM Server Common UserInterface IDP Appliances

  23. JUNOS Future Direction Continued leadership in security Integrated security and networking on JUNOS Best-in-Class Security Continued leadership in networking Best-in-Class Routing

  24. The High-Value Branch When remote sites are essential to the organization’s strategic mission,you can WIN! Ministry of Foreign Affairs

  25. What Are High-Value Remote Locations?Gateways to Better Businesses

  26. THANKYOU

More Related