SECURING THE MULTICLOUD - Marketplace Azure Marketplace ... Firewall VPN NAT Routing Application Security User firewall ... (Technical Deep Dive)

Embed Size (px)

Text of SECURING THE MULTICLOUD - Marketplace Azure Marketplace ... Firewall VPN NAT Routing Application...

  • SECURING THE MULTICLOUD

    Bahul Harikumar and Ali Bidabadi

    Juniper Networks

  • This statement of direction sets forth Juniper

    Networks current intention and is subject to

    change at any time without notice. No purchases

    are contingent upon Juniper Networks delivering

    any feature or functionality depicted in this

    presentation.

    This presentation contains proprietary roadmap

    information and should not be discussed or shared

    without a signed non-disclosure agreement (NDA).

  • 3

    We are all living in the wonderful world of digital transformation. No matter the size of your company or the industry youre operating in, theres some company ready to completely disrupt what youre doing.

    -Richard L. Villars, VP DC & Cloud Research IDC

  • 4

    Raising to the Challenge

    Migrate WorkloadsCloud

    Rapid IT Deployment

    Continuous Innovation

    Faster route to Market

    Reduced Costs

  • 5

    Enterprise IT Transformation XaaS

    Traditional DCPrivate Cloud

    Public Cloud

    PaaS

    IaaS

    IaaS

    SaaS

    Multicloud

  • 6

    Cloud Market

  • 7

    Enterprise IT organizations that will commit to multicloud architecture

    (IDC)85%

    Cloud Adoption is a Strategic Imperative

    Cloud 2.0 Massive Adoption

    Enterprises identified Security Risks as the biggest barrier in recent IDC survey

  • 8

    Multicloud Security - Key Requirements

    SD & PE

    Transit VPC - vSRX

    Virtualized Apps

    Bare Metal Apps

    SRX4100/4200

    SRX4600/4800

    vSRX/cSRX

    Private Cloud

    Public Cloud 2

    Public Cloud 1

    Internet

    App Server

    Web Server

    App Server

    Web Server

    Micro-Segmentation

    High performance

    Automation

    Visibility & Analytics

    Hypervisor Support

    Global Unified Policy

    Management

    Secure any-any Connectivity

    Compliance & Consistent

    Security

    Service Specific Clouds

    Multiple Cloud Integration

    Policy Automation

  • 9

    Juniper Security Portfolio for Multicloud

    Sky ATP

    SDSN Software Defined Secure Networks

    Security Director

    Virtual & Container NGFW

    vSRX

    4Gb/s (2 vCPU)25Gb/s (16 vCPU)

    cSRX

    Branch NGFW

    SRX300

    SRX320

    SRX340

    SRX345

    Mid-range NGFW

    SRX1500

    SRX4100

    SRX4200

    SRX4600

    High-End NGFW

    SRX5400SRX5600

    SRX5800

    Mid-range NGFW

    SRX1500

    SRX4100

    SRX4200

    SRX4600

    UNIFIED POLICYCreate and centrally manage policy

    GLOBAL THREAT

    DETECTIONUnify threat intelligence from multiple sources

    NETWORK WIDE ENFORCEMENTAutomatically enforce policy across customer premises and cloud

    HIGH PERFORMANCE NGFW PHYSICAL & VIRTUAL SDSN ENFORCEMENT POINTS Reduces both opexand capex with better price performanceHigher scale with IMIX firewall throughput from 1 Gbps to 320 GbpsMultiple Services: Application Security, IPS, Content Security, ATP

  • 10

    Juniper Private Cloud Security Solution

    Juniper Portfolio for Private Cloud Key Requirements

    Micro-segmentation - vSRX, NSX Integration, Contrail

    High performance vSRX multicore, SRX1500, SRX4100, SRX4200, SRX 5XXX, SRX4600

    Automation SD/PE integration, REST/Netconf, Cheff/Puppet/Ansible, AppFormix

    Visibility & Analytics Security Director, Jweb, Juniper Secure Analytics (JSA)

    Hypervisor Support cSRX/Docker, VMWare/NSX, KVM/Contrail

    WAN

    VM Isolation

    Department 2Department 1

    Department 3 Department 4

    Other VM

    Web VM

    APPVM

    DBVM

    Other VM

    Web VM

    APPVM

    DBVM

    Other VM

    Web VM

    APPVM

    DBVM

    Other VM

    Web VM

    APPVM

    DBVM

    vSRX vSRX

    vSRX vSRX

    VMWare

    Virtual Environment/Private Cloud

    Enterprise Applications

    SRX1K

    SRX4K

    SRX5K

    SRX

    SD & PE

    Remote Office

    Headquarters

    Remote Office

    IP/MPLS

    Private Cloud

  • 11

    Juniper Public Cloud Security SolutionAWS Marketplace

    Azure Marketplace

    Juniper Portfolio for Public Cloud Key Requirements

    Platform Integration vSRX on AWS (BYOL & PAYG), vSRX on Azure (BYOL)

    Automation PE integration on public cloud, Cloud-Init, Transit VPC, Auto-Scale/ELB

    Visibility & Analytics Security Director, AppFormix

    Public Cloud

    SD & PE

    Transit VPC - vSRX

    Public Cloud 2

    Public Cloud 1

    Internet

    App

    Server

    Web

    Server

    App

    Server

    Web

    Server

  • 12

    vSRX - Juniper Virtual NGFW for Multicloud

    High performance NGFW - Scale up to 100 Gbps - Lowest TCO

    Firewall Foundational Services

    Rich Firewall Services

    Firewall VPN NAT Routing

    Application Security

    User firewall

    Unified Threat Management

    Anti-virus

    Intrusion Prevention Web/Content Filtering

    Anti-spam

    Advanced Threat Prevention

    (ATP)

    Sky ATP

    GeoIP & Custom feeds

    Malware Detection

    Centralized Management Reporting Analytics Automation

    Lic

    en

    sin

    g B

    ase

    d o

    n F

    ea

    ture

    s

    an

    d

    Thro

    ugh

    pu

    t

    60

    Day E

    valu

    ation

    Lic

    en

    se

  • 13

    Contrail Service Chaining

    VMware NSX

    SD, CLI, Jweb, NetConf/REST API

    Amazon AWS

    Microsoft Azure

    Google Cloud*

    VMware vCenter

    Open Stack Plugin

    Contrail Service Orchestrator (CSO)

    VMware ESXi 5.x, 6.0

    KVM - Centos & Ubuntu

    Microsoft HyperV

    Platforms

    IaaS Policy & SDN

    Orchestration

    vSRX - Ideal form factor for Multicloud Ecosystem

    *Roadmap

  • 14

    Juniper Multicloud Security Solution

    Internet

    Public

    Clouds

    App Server

    Web Server

    Virtualized Apps

    Bare Metal Apps IPSec VPN

    SRX1K/4K/5K

    vSRX

    vSRX/cSRX

    Private CloudSD & PE

    Transit VPC

    Juniper Portfolio for Multicloud Key Requirements

    Secure Connectivity vSRX in Public cloud (Transit VPC & Full Mesh VPN deployments),

    Physical/Virtual DC Edge SRX, vSRX Auto-Scale*

    Compliance & Consistent Security Portable security policies across private/public cloud

    Unified Management Security Director as single pane of security management

    Private Cloud

    Public Cloud

    Multicloud

  • 15

    Unified Management & User Intent Policy

    ENHANCED VISIBILITY & CONTROL - SD Application Visibility & Control, Firewall Policy, Threat Maps, Events & Logs,

    Dashboard Automate Operations and Rule Placement, Reduce User errors , Improves

    Response Time Reduce scope of work by 20x

    ADAPTIVE & AGILE SECURITY POLICY Meta Data Based Policy Allows to create user intent based policy using meta

    data and helps to be agile in the cloud (Avoids manual workflow) AWS Lamda based sync up of meta data and inventory in a VPC with SD

    DYNAMIC POLICY ACTIONS Agility of cloud can be preserved by deploying dynamic policy changes in response

    to a condition (such as an attack)

    SecurityDirector

    Amazon EC2

    Finance Operations

    vSRX AWS Lamda

    SecurityDirector

    Predefine

    Policy

    DetermineCondition

    SRXGlobally apply policy

  • 16

    Automate Entire Security Life CycleEnsure Consistent deployment in multicloud environment

    Reduces workload Build out from days to minutes

    Auto Remediation to improve Network Availability and reduces Mean Time To Repair

    BUILD Initial configuration Software upgrade Space discovery Zero Touch Provisioning

    CONFIGURE Pre/Post change checks Configuration generation Deployment Archive configurations

    OPERATE Event Scripts to check health Troubleshoot issues Auto Remediation

  • 17

    Multicloud Security Juniper Offerings - Summary

    SD & PE

    Transit VPC - vSRX

    Virtualized Apps

    Bare Metal Apps

    SRX4100/4200

    SRX4600/4800

    vSRX/cSRX

    Private Cloud

    Public Cloud 2

    Public Cloud 1

    Internet

    App Server

    Web Server

    App Server

    Web Server

    vSRX Cloud Native

    VMWare NSX Integration

    Contrail Security

    SRX Encryption IPSec

    High performance physical

    Firewalls

    Global Policy Management

    Security Director (SD)

    vSRX Transit VPC

    vSRX on AWS

    vSRX on Azure

    Adaptive Security Policy

    (Metadata based Policy)

  • 18

    Comprehensive solution for Multicloud deployment helps customers to raise to the challenge of cloud adoption

    High-performance and scale of Juniper security lowers customers TCO

    Flexible licensing and business models to match varied customer requirements

    Unified Management and Network as Enforcement through SDSN

    Key Takeaways

  • 19

    Use Cases

    Micro-segmentationRetail hosting virtual workloads in private DC

    Differentiated security across various application groups

    Security as agile as the workloads

    High performance security cannot be bottleneck to application traffic

    NSX Integration, Contrail micro-segmentation

    Compliance & Consistent SecurityHealth Insurance running applications & partner services on AWS

    Consistent security between DC and public clou