JUNIPER PRESENTATION Virginie CHAPUIS-THIANT 12 Avril 2011
AGENDA 1. Company Background 2. Juniper Networks Enterprise Strategy 3. Juniper Solutions Overview 4. Juniper Services and Support 2
MODULES JUNIPER : QUI SOMMES NOUS? 3 8 7 6 5 4 3 2 1
SETTING THE AGENDA FOR THE NEXT DECADE JUNIPER NETWORKS IS TRANSFORMING THE EXPERIENCE AND ECONOMICS OF NETWORKING 4
CLEAR MISSION AND FOCUSED STRATEGY CONNECT EVERYTHING; EMPOWER EVERYONE SILICON SYSTEMS SOFTWARE THROUGH HIGH-PERFORMANCE NETWORKING AND INDUSTRY INNOVATION 5
UNE DÉCADE D INNOVATION 2010 2010 2009 2009 FORTUNE 1 THOUSAND #789 2008 2008 2007 2007 2006 2006 1996 1996 1998 1998 1999 1999 2000 2000 2002 2002 2004 2004 2005 2005 SRX Series IC Series Incorporated VXA Series T1600 J Series T Series SSG Series M Series Revenue Employees 6 TX Matrix Plus MX Series $500M 1000 1500 EX Series Junos Trio Chipset EX4500 MX80 $1.3B $2B $2.3B $2.8B $3.5B $3.32B n/a 2500 3500 4800 5300+ 6500+ 7000+ 8000+
JUNIPER PORTFOLIO Fabric and Switching Technologies (FST) Switching Infrastructure Products Group (IPG) Service Layer Technologies (SLT) Junos Ready Software (JRS) Security Apps Routing Campus (ESBU) Data Center (DCBU) Foundation Technologies (FT) Software 7
JUNIPER NETWORKS: LEADER IN HIGH-PERFORMANCE NETWORKING TOP 100 SERVICE PROVIDERS FORTUNE 100 ENTERPRISES BEST IN CHOICE 8 PUBLIC SECTOR OPERATIONAL EXCELLENCE $3.5B Cash and Investments 7000 Dedicated Employees $800M Annual R&D Engine
MODULES 8 7 6 5 4 3 2 1 JUNIPER FRANCE 9
Équipe Commerciale Entreprise France Grands Comptes Eric BORNET Directeur Grands Comptes Thierry DESTREZ Secteur Public TBH Banque, Assurances Cyrille PIEL Industrie Territory Bruno ROSSI Territorry GB Région Sud Hacen LEDAD Territorry GB Region Nord 10
Équipe Avant-vente Entreprise France Olivier MELWIG Directeur Avant-Vente Entreprise Ghaleb ZHEKRI SE Spécialiste Sécurité Kelil SARTOR SE Spécialiste EX Dhabbiah CHAREF SE Spécialiste Routage Laurent PAUMELLE SE Spécialiste Securité 11
Équipe Channel France Guillaume CHEZEAUD Channel Director South EMEA TBH Channel Sales Manager France Virginie THIANT Distribution Manager, VERIZON, Nomios TBH Partner Account Manager : TELINDUS, AXIANS, INTERDATA, INTEGRALIS DI-DATA, INNEO, BT Loïc LE BOT Partner Account Manager : SPIE, NEXTIRAONE, NES,ALIONIS, EXAPROBE, INTEXAN Pascal ALLOCHON Carrier Resale Account Manager OBS Bruno RIOU Carrier Resale Account Manager OBS 12
Équipe Sédentaire dédiée France Jean-Paul ADAM Commercial Sédentaire Partenaires Frédéric OSIW Commercial Sédentaire Partenaires Yann TARDIVEL Commercial Sédentaire Clients Finaux (hors comptes Channel listés) 13
Commerciaux Alliances Frédéric PETILLON DELL Xavier DUFLOS IBM 14
Équipes SP O.B.S. Luc DUBOIS Directeur Compte OBS WW Rémi POUCALOW Commercial OBS Infrastructure Cedric DERUFFE Commercial OBS Infrastructure Eric SICARD Directeur Avant-vente OBS France Antoine SIBOUT SE OBS Mickael MELLOUL SE OBS Infrastructure Anne Christine RANDRIANALIZAH Support Sales Specialist S.P. ALTERNATES Stéphane LESECQ Stéphane GRASER 15
MODULES MODULE 3 JUNIPER STRATEGY JUNIPER PORTFOLIO 16 8 7 6 5 4 3 2 1
NETWORKS ENABLE IT BUSINESS INITIATIVES Clients Global Network Mobile Home Branch Campus 17 Data Centers
THE DISTRIBUTED ENVIRONMENT IS EQUALLY COMPLEX Switches WAN Management Systems Access Control Routers Switches WAN FW/VPN Access Control Firewall WAN Switch Anti-Spam IPS Router IPS Content Filter Router Firewall OS#1 LARGE OFFICE MID-SIZED OFFICE SMALL OFFICE Too many devices, appliances, operating and management systems Inconsistent features and services Takes too long to deploy anything 18
JUNIPER DISTRIBUTED ENTERPRISE NETWORKS SIMPLIFIED, INTEGRATED, CONSOLIDATED WAN WAN SRX650 WAN EX4200-24F SRX240 EX4200-48P EX4200-48P LARGE OFFICE 19 MID-SIZED OFFICE SRX210 SMALL OFFICE
JUNIPER DISTRIBUTED ENTERPRISE NETWORKS SIMPLIFIED, INTEGRATED, CONSOLIDATED Single Box Integration Router, Switch, PoE Firewall, IPS, VPN UTM, QoS, UAC Consolidate Layers Virtual Chassis technology Single Box Integration Router, Switch, PoE Firewall, IPS, VPN UTM, QoS, UAC Consolidate Layers NSM Virtual Chassis technology WAN Single Box Integration Router, Switch, PoE Firewall, IPS, VPN UTM, QoS, UAC WAN SRX650 WAN EX4200-24F SRX240 EX4200-48P EX4200-48P LARGE OFFICE 20 MID-SIZED OFFICE SRX210 SMALL OFFICE
OUR HIGH-PERFORMANCE NETWORKING PORTFOLIO Juniper Network & Policy Mgmt DATA CENTER BRANCH OFFICES UAC Agent IC6500 EX8208 EX4200-48P T Series EX4200-48P MX Series EX8208 EX4200-48P EX4200-48P EX4200-24F EX8216 EX8208 J Series WX/WXC ISG Series/ IDP Series SA Series EX4200-24F SSG Series EX3200-48P WX Series/WXC Series WAN M Series M Series UAC Agent EX4200-48P EX8208 UAC Agent ISG Series/ IDP Series EX4200-48P WX Series/ WXC Series EX4200-24F EX4200-48P EX3200-48P 21 EX4200-24F SA Agent EX8208 BUILDING CAMPUS REMOTE USERS EX3200-48P
MODULES 8 7 6 5 4 3 2 1 UN SEUL OS : JUNOS 22
JUNOS: POWER OF ONE EX8216 T Series EX8208 MX Series Junos Pulse NSM SRX5000 Line NSMXpress Junos Space SRX3000 Line EX4500 Line SRX650 SRX100 9.6 core One OS 23 EX3200 Line LN1000 SRX210 branch EX4200 Line M Series J Series 10.0 10.1 Frequent Releases One Release Track EX2200 Line Module x API SRX240 One Architecture
WHAT MAKES JUNOS BETTER? One OS SRX TX Matrix Single source code base Consistent implementation of features One Release 10.0 10.1 10.2 Frequent Releases Single software release track of feature supersets Stable, predictable development of new features One Architecture Module x Modular software with resource separation Highly available, secure and scalable software Video: Why is Junos different? 24
ONE OPERATING SYSTEM I Pv 6 MGMT B GP OS P F Single repository of source code One implementation of control plane features Eases training Streamlines testing, qualification and deployment SERVICE PROVIDER ACCESS/EDGE SERVICE PROVIDER CORE NSM Consistent user experience Single common management interface and tools UNIX familiarity Redeploy equipment to new needs BRANCH OFFICE 25 CORPORATE HQ DATA CENTER
ONE RELEASE: STABLE, PREDICTABLE ENHANCEMENTS 9.4 9.5 9.6 10.0 10.1 10.2 Q109 Q209 Q309 Q409 Q110 Q210 Single release track Quality and schedule are the highest priorities Releases are a superset of the previous Achieve zero critical regression errors in each release Fixed schedule; plan with confidence 4 new releases prescheduled per year* All product lines follow the same release schedule Streamlines upgrades and reduces upgrade issues * Junos release data is based on historical information and is not intended to guarantee future deliverables. 26
DATA CENTER NETWORKING SOFTWARE COMPARISON Access Switch Aggregation/Core Security WAN Router L2 Switch L2/L3 Switch L2 Switch Product CAT 4948 or NX2K/5K CAT 6500 NX 7000 ASA 55xx OS IOS-SG, NX-OS IOS-SX, CAT-OS NX-OS PIX-OS 7.x Number of Release Trains Too many releases; inconsistent Too many releases; inconsistent Too many releases; inconsistent Too many releases; inconsistent Product EX4200 EX8200 / MX SRX M OS Junos Junos Junos Junos Number of Release Trains 27 1 FWSM IPS IPS PIX-OS Linux 6.x 7200 ASR IOSmainline IOS-XE
MODULES JUNIPER SOLUTIONS SECURITY PORTFOLIO 28 8 7 6 5 4 3 2 1
THE FUTURE OF SECURITY Mobility Consolidation Visibility 29
CONSOLIDATION Consolidation of security services (everywhere) Global High-Performance Network Branch NAT IPS UTM Firewall IDS VPN NAT Anti-malware Data/App Consolidation NAT Anti-malware IPS Firewall IDS VPN Firewall IDS Campus VPN UAC Mobile Clients 30 Firewall LAN Acceleration Remote Access Anti-virus Remote Lock/wipe Backup & Restore Dat a C ent er IPS
VISIBILITY Consolidation of security services (everywhere) Comprehensive Application Visibility and Control Across Physical and Virtual Global High-Performance Network What User Branch User Location Campus What VM Mobile Clients 31 Dat a C ent er What Application Source to Destination User Device
MOBILITY Consolidation of security services (everywhere) Comprehensive Application Visibility and Control Secure Mobility Global High-Performance Network Notebook Netbook Smartphone Campus Tablet 32 Branch
SECURITY ACROSS PHYSICAL AND VIRTUAL ENVIRONMENTS Physical Virtual Services Firewall VM VM VM vgw Series IPS DoS VM Hypervisor DoS Protection AppSecure SRX Series vgw Virtual Gateway Only solution to integrate physical and virtual network security at scale Secures any flow in the data center as a part of the fabric Adapts security to address changing and moving VMs 33
MODULES 8 7 6 5 4 3 2 1 MODULE 5 SRX SERIES 34
SRX PLATFORM THE FOUNDATION FOR SERVICE INTEGRATION LARGE DATA CENTER CAMPUS 100G SMALL DATA CENTER BRANCH SRX5800 SRX5600 SRX3600 SRX3400 10G SRX650 SRX1400 1G Unprecedented Scale for Service Integration 35
JUNIPER PASSERELLES DE SERVICES SERIE SRX 5 SERIES DE SRX : SRX 100 SRX200-SRX600-SRX3000-SRX5000 Passerelle de services dynamique : routage + sécurité embarquée Gestion UTM (Unified Threat Management) totalement intégrée JUNOS : fiabilité de l OS juniper de type Carrier Class depuis 11 ans Performances évolutives : architecture de services dynamique Résilience du système et du réseau : fiabilité de qualité opérateur Flexibilité de l interface: configuration souple et évolutive pour répondre aux besoins de pratiquement n importe quel environnement réseau. Segmentation du réseau : les administrateurs s'appuient sur une zone de sécurité, des réseaux locaux virtuels (VLAN) et des routeurs virtuels pour configurer les stratégies de sécurité et de réseau 36
SRX SERVICES GATEWAYS Highly configurable Fixed, semi-modular, and modular form factors Choice of WAN, wireless, and LAN interfaces Available voice media gateway Extensive integration Full suite of JUNOS routing and switching capabilities Unmatched security, including FW, VPN, UTM, UAC, and full IPS Exceptional performance and availability Hardware-assisted Content Security Acceleration (CSA) for ExpressAV and IPS Control & data plane separation, Content SIP Security Gateway Acceleration FW/IPS Performance Model Configuration SRX100 Fixed No No 600/60 Mbps SRX210 1 mini PIM slot Optional Optional 750/80 Mbps SRX220 2 mini PIM slots Optional Optional 950/100 Mbps SRX240 4 mini PIM slots Optional Optional 1500/250 Mbps SRX650 Standard 7000/900 Mbps redundant processing and power Priced at $699, $1099, $2199, $2999, and $16000 (list) 37 8 GPIM slots Future
SRX BRANCH PORTFOLIO SRX240 + 4 WAN slots, 16 x GigE, PoE SRX650 + More LAN slots, dual processors, dual P/S SRX220 + 2 WAN slots, 8 x GigE, PoE SRX210 WAN slot, 2 x GigE, PoE SRX100 Small Office 38 Small to Medium Office Large Branch/Regional Office
SRX SERIES SPECIFICATION SUMMARY SRX100 SRX210 SRX220 SRX240 SRX650 On-board Ethernet 8 x FE 2 x GE + 6 x FE 8 x GE 16 x GE 4 x GE Power over Ethernet (802.3af, 802.3at) None 4 ports 50 W total 8 ports GE, 16 ports GE, 48 ports GE, 120 W 150 W 250 W or 500 W WAN slots None 1 x mini PIM 2 x SRX mini PIM 4 x SRX mini PIM 8 x GPIM 1 2 2 2 2 per processor No YES YES YES YES JUNOS 10.3 JUNOS 10.3 JUNOS 10.3 JUNOS 10.3 JUNOS 10.3 75 Kpps 80 Kpps 120 Kpps 200 Kpps 900 Kpps Firewall performance (Large Packets) 650 Mbps 750 Mbps 950 Mbps 1.5 Gbps 7.0 Gbps Firewall performance (IMIX) 200 Mbps 250 Mbps 300 Mbps 500 Mbps 2.5 Gbps VPN Performance AES256+SHA-1 3DES+SHA 1 65 Mbps 75 Mbps 100 Mbps 250 Mbps 1.5 Gbps Intrusion Prevention System 60 Mbps 80 Mbps 100 Mbps 250 Mbps 900 Mbps 2K 2K 2.5K 9K 35K 16 K / 32K 32K / 64K 96K 64K / 128K 512 K 25 Mbps 30 Mbps 35 Mbps 85 Mbps 350 Mbps FEATURES USB ports (flash) Content Security Acceleration ExpressAV and Intrusion Detection and Prevention JUNOS Software version support Routing Performance Connections Per Second (CPS) Maximum Concurrent Sessions (512MB/1GB RAM) Antivirus A/A or A/P, High Availability A/A or A/P A/A or A/P A/A or A/P A/A or A/P Hot swap GPIMs, Dual processors, Dual power 39
SRX100 On-board Ethernet Mini-PIM slot USB ports (flash) 8 x FE No 1 Power over Ethernet No PSTN voice ports No Routing Performance 75 Kpps Firewall Performance 200 Mbps (IMIX) VPN Performance 65 Mbps IDP Performance 60 Mbps High Availability 40 A/A or A/P Ideal for small sites and managed telecommuters Fixed I/O 8 10/100 Ethernet ports Full UTM features: Firewall, antivirus, anti-spam, antispyware, web filtering, IPS (IDP) UTM requires High memory version
SRX210 On-board Ethernet 2 x GE + 6 x FE Mini-PIM slot 1 USB ports (flash) 2 Power over Ethernet PSTN voice ports 4 ports 50 W total Yes Routing Performance 80 Kpps Firewall Performance 250 Mbps (IMIX) VPN Performance 75 Mbps IDP Performance 80 Mbps High Availability 41 A/A or A/P Ideal for Small branches Full UTM features: Firewall, antivirus, anti-spam, antispyware, web filtering, IPS (IDP) UTM requires High memory version Available voice version with mini-pim options Factory-configured voice model
SRX220 On-board Ethernet 8 x GE Mini-PIM slot 2 USB ports (flash) 2 Power over Ethernet PSTN voice ports 8 ports GE, 120 W (Q4 2010) Yes (Q4 2010) Routing Performance 125 Kpps Firewall Performance 300 Mbps (IMIX) VPN Performance 100 Mbps IDP Performance 100 Mbps High Availability A/A or A/P 42 Ideal for small to medium branches Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP) 2 Mini-PIM slots for WAN fail-over High memory version only Factory configured PoE version (Q4 2010) Voice configuration (Q4 2010)
SRX240 On-board Ethernet 16 x GE Mini-PIM slot 4 USB ports (flash) 2 Power over Ethernet PSTN voice ports 16 ports GE, 150 W Yes Routing Performance 200 Kpps Firewall Performance 500 Mbps (IMIX) VPN Performance 250 Mbps IDP Performance 250 Mbps High Availability A/A or A/P 43 Ideal for Small branches Full UTM features: Firewall, antivirus, anti-spam, antispyware, web filtering, IPS (IDP) UTM requires High memory version Available voice version with mini-pim options Factory-configured voice model
SRX650 On-board Ethernet GPIM slot USB ports (flash) Power over Ethernet PSTN voice ports 8 x FE 8 2 per SRE Up to 48 ports GE, 247 W Future Routing Performance 900Kpps Firewall Performance 2.5 Gbps (IMIX) VPN Performance 1.5 Gbps IDP Performance 900 Mbps High Availability A/A or A/P Ideal for regional sites, large branches Modular LAN switching Services Routing Processors with optional redundancy (Future) Power supplies with optional redundancy (at FRS) Voice configurations (Future) Full UTM features: Firewall, antivirus, anti-spam, anti-spyware, web filtering, IPS (IDP) Max GE 52 ports (2 x 24 GE PIM + 4 integrated ports) 44
SRX SERIES FIREWALL, ZONES, AND POLICIES ZONE UNTRUST Originating Zone INTERNET Default Policy Deny All Default Policy Allow All SRX Originating Zone ZONE Trust 45 Originating Zone ZONE Accounting ZONE Guest
UNIFIED THREAT MANAGEMENT (UTM) FEATURES INTERNET External Threats IPS Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Web Filtering Internal Threats Juniper IDP detects/stops Worms, Trojans, DoS (L4 & L7), Scans Websense to block to unapproved site access Antivirus Kaspersky Lab AV stops Viruses, file-based Trojans, Spyware, Adware, Keyloggers Kaspersky Lab AV stops viruses, file-based trojans or spread of spyware, adware, keyloggers Antispam Symantec stops Spam / Phishing Content Filtering SRX Series blocks transmission of files for Data Loss Prevention Core Security Firewall, VPN, Unified Access Control 46 Firewall, VPN, Unified Access Control
SRX3000 LINE FOR THE DATA CENTER Dynamic Services Architecture Wide range of services: FW, IPS, NAT, IPSec VPN, DDoS, QoS, and Routing Apply any service(s) per flow Separation of control and data planes No need for service specific hardware Mid-plane modular chassis design Front and rear expansion slots SRX3600 - up to 12 slots SRX3400 up to 7 slots Interface modules offer GbE and 10GbE Service processing modules provide linear scalability Powered by Junos Software 47 Multi-threaded Modular Scriptable Module Description Max Ports Interface 16-port 10/100/1000 TX 72 or 104 RJ-45 16-port GbE 68 or 100 SFP 2-port 10GbE 8 or 12 XFP Service Processing Cards SRX3400 4 SRX3600 7
SRX5000 LINE FOR THE DATA CENTER Industry s highest performing firewall Dynamic Services Architecture Wide range of services: FW, IPS, NAT, IPSec VPN, DDoS, QoS, and Routing Apply any service(s) per flow Separation of control and data planes No need for service specific hardware Modular chassis design Expansion slots SRX5600 6 slots SRX5800 12 slots Interface modules offer GbE and 10GbE Service processing modules provide linear scalability Powered by Junos Software Multi-threaded Modular Scriptable Module Description Max Ports Interface 40-port GbE 200 or 440 SFP 4-port 10GbE 20 or 44 SFP 16-port GbE FlexIOC 160 or 352 SFP/RJ45 4-port 10GbE FlexIOC 40 or 88 SFP Max SPCs 48 5 SRX5600 11 SRX5800
SRX SERIES FOR THE DATA CENTER COMPARISON CHART SRX3400 SRX3600 SRX5600 SRX5800 Max FW Throughput 20 Gbps 30 Gbps 60 Gbps 150 Gbps Max VPN Throughput 6 Gbps 10 Gbps 15 Gbps 30 Gbps Max IPS Throughput 6 Gbps 10 Gbps 15 Gbps 30 Gbps Max PPS 4 Mpps 7 Mpps 10 Mpps 18 Mpps 2.25 million 2.25 million 9 million 10 million 175,000 175,000 350,000 350,000 8 10/100/1000 + 4 SFP 8 10/100/1000 + 4 SFP 40 x SFP 40 x SFP 16 x SFP module 16 x SFP module 4 x 10GbE XFP 4 x 10GbE XFP 2 x 10GbE module 2 x 10GbE module 16 x TX/SFP FlexIOC 16 x TX/SFP FlexIOC 4 x 10GbE XFP FlexIOC 4 x 10GbE XFP FlexIOC 76 x GbE or 108 x GbE or 200 x GbE or 440 x GbE or 8 x 10GbE 12 x 10GbE 40 x 10GbE 88 x 10GbE Max Sessions New & Sustained CPS Interfaces Max I/O Ports 49
MODULES MODULE 5 SECURITÉ DES ENVIRONNEMENTS VIRTUALISÉS VGW : VIRTUAL GATEWAY ( ALTOR) 50 8 7 6 5 4 3 2 1
THE VIRTUALIZED NETWORK SERVER VIRTUAL MACHINES SERVERS Virtual Switch VMware Physical Network Physical Server is no longer the interesting entity Physical Network Virtual Network has become a new network layer Isolating within physical network doesn t address vnetwork Inter-VM communication is a blind spot for physical tools 51
SECURITY IMPLICATION OF VIRTUALIZATION Physical Network Virtual Network VM1 VM2 VM3 ESX Host Virtual Switch HYPERVISOR Firewall/IDS Sees/Protects All Traffic Between Servers 52 Physical Security is Blind to Traffic Between Virtual Machines
VIRTUALIZATION & CLOUD SECURITY CHALLENGES Database SAP WWW Desktop Virtual Switch Virtual Switch VMware Physical Server Desktop VMware Physical Network Physical Server Threat Mitigation Malware, Internal threats Visibility Inter-VM Traffic, Inappropriate Protocols Control VM Sprawl, Policy Enforcement, vmotion, Isolation Compliance Eliminate Virtualization Compliance Gaps 53 Physical Firewall /IDS
THE GOAL IS SECURE CLOUD COMPUTING Security Layer Security Layer ESX 1 ESX 4 Security Layer Security Layer ESX 2 ESX 5 Internal Cloud Security Layer ESX 3 Virtualization islands can be consolidated by integrating security into the hypervisor! 54 Corporate Backbone Firewall Internet Security Layer ESX 6
SECURITY INTEGRATED INTO THE HYPERVISOR Database SAP WWW Desktop vgw 3.0 vgw 3.0 ESX ESX Physical Network Why it s important! Security for Cloud Implementations - Integrated Intrusion Detection, Firewalling and Network Visibility VMs can be intermingled on shared infrastructure! Kernel Integration is Fast and Secure! - 55 Hypervisor Kernel Firewall (Fast Path) with individual VM security policies Desktop Physical Security Devices
vgw VIRTUAL GATEWAY EXTENDING ENFORCEMENT TO ANY FLOW IN THE DATA CENTER Juniper Switching Juniper SRX Policies vgw Solution Integration Security Design 1. SRX Zone Visibility extends to include VM awareness VM 1 VM 2 VM 3 VM 20 vgw Virtual Gateway VMware vsphere Hypervisor 56 2. Firewall Event Syslogs and Netflow for Inter-VM Traffic to STRM 3. VM Traffic Inspection and Enforcement with selective mirroring to SRX for IPS Copyright 2010Juniper Juniper Networks, Networks, Inc. Copyright 2011 Inc.
INTRODUCING THE VGW Visibility to all inter-vm traffic and VM configuration Compliance with dynamic policies against whitelists, blacklists & VM Introspection data Control of all traffic, of malware proliferation, of policy deviations of VMs on the move 57
VISIBILITY VIRTUAL ENVIRONMENT 58
VISIBILITY APPLICATIONS & USE 59
VGW & THE HYPERVISOR-BASED ARCHITECTURE Enterprise-grade VMware VMsafe Certified Protects each VM and the hypervisor Fault-tolerant architecture (i.e. HA) Virtual Center Security Design for VGW VM VM1 VM2 VM3 Virtualization Aware 1,000+ ESX Auto Secure detects/protects new VMs Partner Server (IDS, SIM, Syslog, Netflow) Packet Data HYPERVISOR VM group, VM, Application, Port, Protocol, Security state ESX Kernal VMWARE VSWITCH OR CISCO 1000V Stateful firewall and integrated IDS Flexible Policy Enforcement Zone, THE vgw ENGINE VMWARE DVFILTER Granular, Tiered Defense 60 ESX Host Secure VMotion scales to
MODULES 8 7 6 5 4 3 2 1 MODULE 5 VPN SSL SA SERIES 61
JUNIPER NETWORKS SSL VPN MARKET LEADERSHIP Juniper maintains #1 market share position worldwide Leader since SSL VPN product category inception Source: 3Q10 Infonetics Research Network Security Appliances and Software Report 62
ANALYST PRAISE & RECOGNITION 2008 Gartner Magic Quadrant for SSL VPN 2010 Magic Quadrant Key Takeaways: Juniper has maintained the product vision, execution and overall momentum so effectively that it has held a Magic Quadrant leadership position continuously entrenched in the Fortune 500 with a track record for large deployments. Juniper is the No. 1 competitive threat cited by peer http://www.gartner.com/technology/media-products/reprints/juniper/vol6/article7/article7.html Source: Gartner (December 2010) vendors 63 Junos Pulse is expected to
ACCESS PRIVILEGE MANAGEMENT 1 USER / 1 URL / 3 DEVICES & LOCATIONS Pre-Authentication Authentication & Role Assignment Resource Policy Authorization Gathers information from user, network, endpoint Managed Laptop Unmanaged (Home PC/Kiosk) Mobile Device 64 Authenticate user Map user to role Host Check: Pass AV RTP On Definitions up to date Machine Cert: Present Device Type: Win XP Auth: Digital Certificate Host Check: Fail No AV Installed No Personal FW Machine Cert: None Device Type: Mac OS Auth: AD Username/ Password Host Check: N/A Auth: Digital Certificate Machine Cert: None Device Type: Win Mobile 6.0 Role Mapping: Mobile Role Mapping: Managed Role Mapping: Unmanaged Assign session properties for user role Applications available to user Access Method: Network Connect File Access: Enabled Timeout: 2 hours Host Check: Recurring Outlook (full version) CRM Client/Server Intranet Corp File Servers Sharepoint Access Method: Core SVW Enabled File Access: Disabled Timeout: 30 mins Host Check: Recurring Outlook Web Access (no file up/download) CRM Web (read-only) Intranet Access Method: WSAM, Core File Access: Enabled Timeout: 30 mins Outlook Mobile CRM Web Intranet Corp File Servers
ONE DEVICE FOR MULTIPLE GROUPS CUSTOMIZE POLICIES AND USER EXPERIENCE FOR DIVERSE USERS partners.company.com Partner Role Authentication Username/Password employees.company.com SA Series Host Check Enabled Any AV, PFW Access Core Clientless Applications MRP, Quote Tool Employee Role Authentication OTP or Certificate customers.company.com Host Check Enabled Any AV, PFW Access Core + Network Connect Applications L3 Access to Apps Customer Role Authentication Username/Password 65 Host Check Enabled Any AV, PFW Access Core Clientless Applications Support Portal, Docs
RECENT UNPLANNED EVENTS - IMPACTING THE GLOBAL BUSINESS Disastrous Events Pandemic H1N1 Virus Avian/Bird Flu SARS Business Continuity Challenges Maintain productivity Bird Flu Outbreaks? Sustain partnerships Continue deliver Asiato Quake Disaster (Dec 04) exceptional service to customers and partners Pakistani with online Earthquake collaboration (Oct 05) Meet government mandates for Disaster Recovery and compliance Social Distancing MTA Strike in NYC (Dec 05) Bird Flu Outbreaks? Natural Earthquakes Hurricanes Other Terror attacks Winter storms Geographical isolation Quarantines Recent examples: Volcanic Ash Event (April 10) Snowstorms in US (Feb 10) 66
JUNIPER NETWORKS ICE FOR BUSINESS CONTINUITY Meeting the peak in demand for remote access in the event of a disaster Juniper Networks ICE delivers Peak Demand Proven market-leading SSL Number of Remote Users VPN Easy deployments Instant activation Investment protection Affordable risk protection What will you do when your nonremote users need access? Average usage Unplanned event 67 Time
JUNIPER SSL VPN PRODUCT FAMILY FUNCTIONALITY AND SCALABILITY TO MEET CUSTOMER NEEDS Breadth of Functionality Options/upgrades: 10-25 conc. users Core Clientless Access Network & Security Manager (NSM) Options/upgrades: 25-100 conc. users Secure Meeting Cluster Pairs EES NSM Options/upgrades: 50-1000 conc. users Secure Meeting Instant Virtual System SSL Acceleration Cluster Pairs EES NSM SA4500 SA6500 SA2500 SA700 Designed for: SMEs Secure remote access Includes: Network Connect Designed for: Medium enterprise Secure remote, intranet and extranet access Includes: Core Clientless Access Designed for: Medium to large enterprise Secure remote, intranet and extranet access Includes: Core Clientless Access Enterprise Size All models are Common Criteria EAL3+ certified: http://www.dsd.gov.au/infosec/evaluation_services/epl/network_security/juniper_networks_saf.html 68 Options/upgrades: Up to 30K conc. users Secure Meeting Instant Virtual System 4-port SFP card 2nd power supply or DC power supply Multi-Unit Clusters EES NSM Designed for: Large enterprises & SPs Secure remote, intranet and extranet access Includes: Core Clientless Access SSL acceleration Hot swap drives, fans
SECURE ACCESS FROM MOBILE DEVICES Junos Pulse for mobile devices enables smartphone and mobile device access to email, Web, and corporate applications Applications Corporate Corporate Apps Apps Web Web Apps Apps Email Email More Applications on More Devices Over Time 69
JUNOS PULSE PLATFORMS SUPPORTED Platforms Junos Pulse 1.0 Windows 7, Windows XP, Windows Vista X iphone ios 4.1 X ipad ios 4.2 X Windows Mobile X 70
MODULES LA GAMME SWITCHES EX SERIES 71 8 7 6 5 4 3 2 1
BUILD HIGH-PERFORMANCE NETWORKS WITH EX SERIES ETHERNET SWITCHES Carrier-class Reliability Integrated Security Operational Simplicity 72 EX4500 EX8208 EX8216 EX2200 EX3200 EX4200
JUNIPER SERIE LAN SWITCHES EX 4 SERIES DE SWITCHES : EX2200 EX3200 EX4200 EX8200 Norme PoE : Technologie permettant de véhiculer sur un cable réseau standard une tension de 48V afin d alimenter les téléphones IP, cameras de vidéo-surveillance ou bornes wi-fi Technologie du Virtual Chassis sur la serie EX4200 JUNOS : fiabilité de l OS juniper de type Carrier Class depuis 11 ans Non Bloquant Niveau 2 & 3 Aggressivité de Juniper pour gagner comme challenger Opportunité de se différencier avec une offre crédible face aux institutionnels 73
EX2200 LINE OF ETHERNET SWITCHES Designed for branch and low-density wiring closets Fixed configuration 24 or 48 ports PoE model options 4 SFP uplinks Junos operating system L2 and RIP in Max Power PoE Fixed Consumption Ports Uplinks (PoE Power) # Ports Port Type Fixed power supply and fans 24 10/100/1000B-T 0 4 SFP 100 (0) W 24 10/100/1000B-T 24 4 SFP 550 (405) W List price starts at $1,995 48 10/100/1000B-T 0 4 SFP 100 (0) W 48 10/100/1000B-T 48 4SFP 550 (405) W base license 74
EX3200 LINE OF ETHERNET SWITCHES Fixed, standalone configuration Flexible uplink modules 4-port GbE (SFP) 2-port 10GbE (XFP) Dual-mode 4-port GbE/2-port 10GbE (SFP+) Modular power and cooling Field-replaceable AC, DC PSU External RPS option # Ports Port Type 24 10/100/1000B-T 8 112 (320) W 24 10/100/1000B-T 24 138 (600) W 48 10/100/1000B-T 8 167 (320) W 48 10/100/1000B-T 48 207 (930) W Field replaceable fan tray Full Class 3 PoE (15.4 W) Runs Junos operating system with full OSPF and IP multicast in base license Roadmap 75 Max Power PoE Ports Consumption (incl. PoE)
EX4200 LINE OF ETHERNET SWITCHES WITH VIRTUAL CHASSIS TECHNOLOGY Virtual Chassis technology 128 Gbps virtual backplane Manage up to 10 as a single device Extend over 10GbE or GbE uplinks Master and backup route engines Flexible uplink modules 4-port GbE (SFP) 2-port 10GbE (XFP) Dual-mode 4-port GbE/ 2-port 10GbE (SFP+) Fully redundant power and cooling Dual, hot-swappable AC, DC PSU External RPS option Fan FRU, multiple blowers Full Class 3 PoE (15.4 W) LCD display Runs Junos operating system with full OSPF and IP multicast in base license # Ports Port Type PoE Ports 24 24 24 48 48 10/100/1000B-T 10/100/1000B-T 100B-FX/1000B-X 10/100/1000B-T 10/100/1000B-T 8 24 N/A 8 48 Roadmap 76 Max Power Consumption (incl. PoE) 129 (320) W 160 (600) W 108 (N/A) W 181 (320) W 224 (930) W
POWER OVER ETHERNET (POE) IN EX3200 & EX4200 24 or 48 PoE ports in the -24P and -48P models 8 PoE ports in the -24T and -48T models Full Class 3 PoE (15.4W per port) Requires only one power supply IP telephony deployments need all PoE ports Lower costs with the T SKUs for low-density PoE Wireless access points Surveillance cameras 77
EX SERIES FIXED-CONFIGURATION COMPARISON Features EX2200 EX3200 EX4200 $1,995 $3,000 $6,000 (License) Advanced features (BGP, IS-IS, MPLS, IPv6 routing) X (License) (License) Modular power supply and fans X Modular uplinks X DC power supply X Fiber aggregation model X X Redundant power and fans X X Virtual Chassis technology X X Acoustic noise 40dB - 45dB 47dB - 55dB 47dB - 54dB Depth (inches) 10 16.4 16.4 30W (405W) 15.4W (740W) 15.4W (740W) List Price (24T) RIP in base image Enhanced L3 features (OSPF, PIM) Max. PoE power per port (total system PoE) Roadmap 78
EX8200 LINE OF MODULAR ETHERNET SWITCHES High-performance chassis platforms EX8208 Eight line cards, 960 Mpps EX8216 Sixteen line cards 1.92 Bpps 100 GbE ready Fully redundant routing engines with N+1 redundant switch fabrics Up to 256 wire-speed, non-blocking 10GbE ports in a rack 320 Gbps capacity per line card Virtual Chassis technology Two-member Virtual Chassis External Routing Engine (XRE) required Fully redundant power and cooling Redundant, load-sharing PSUs (AC, DC) Hot-swap fan tray with redundant fans Proven Juniper technology Switch fabrics, control plane Packet Forwarding Engine (PFE) Junos operating system Module Description Max Ports Interface 48-port 10/100/1000B-T 384 or 768 RJ-45 48-port 100B-FX/1000B-X 384 or 768 SFP 8-port 10GbE 64 or 128 SFP+ 40-port GbE/10GbE Roadmap 79 320 or 640 SFP/SFP+
MODULES MODULE 7 WLC SERIES WIRELESS (EX-TRAPEZE) 80 8 7 6 5 4 3 2 1
NOS PLUS BELLES RÉFÉRENCES 81
RÉFÉRENCES SANTÉ (SECTEUR PUBLIC) 82
RÉFÉRENCES SANTÉ (INSTITUTIONNELS) 83
RÉFÉRENCES COLLECTIVITÉS TERRITORIALES 84
CONCEPTS DE SMART MOBILE SYSTEM Solution totalement intégrée WLM-Location Appliance Disponibilité la plus élevée du marché Management et planning centralisés unique Un seul but: maintenir l utilisateur connecté à son VLAN, où qu il soit, et quoi qu il fasse AAA WLMRingMaster WLC Annexe: transformer sa géographie en donnée dynamique 85 WLA WLC WLA
1: INTÉGRER LES BESOINS APPLICATIFS Architecture centralisée Architecture distribuée Internet 86 Internet Sécurité Management Evolutivité Fiabilité Performance Adaptabilité
2: MULTIPLIER LES MATRICES DE COMMUTATION Le mode centralisé n est pas adapté aux hauts débits du 802.11n Le mode distribué est la bonne réponse pour les hauts débits du 802.11n 10x de trafic dépasse la capacité du contrôleur, de l interface Internet Internet 11n augmente la charge par 10x 87
3: VIRTUALISER LES CONTRÔLEURS WLC 1 Vir tua l Haute Disponibilité Co ntr WLC 2 olle r Clu ste r 3 1 WLC 3 MàJ d un contrôleur WLAs redistribués: 0.1 s Pas d interruption voix 1 2 3 2 2 88 Et aussi: Répartition auto d APs Ajout d APs Meilleure utilisation des licences 2 3
COMPOSANTES OFFRE 89 Trapeze Networks, A BELDEN Brand Proprietary and Confidential 05/16/11 Slide 89
FAMILLE DES CONTRÔLEURS WLC2800 64-512.11n WLAs WLC800 16-128.11n WLAs WLC200 32-64 WLAs (Centralized a/b/g/n) 32-192 WLAs (Distributed a/b/g/n) WLC8 12 WLAs WLC2 4 WLAs 90 4 12 2010 Juniper Networks, 16Copyright 32 64 Inc. 128 WLA Count 192 256 512
FAMILLE DES POINTS D ACCÈS WLA432 Functionalité 802.11n 3x3, 300Mb/s Haut débit WLA522 WLA522E 802.11n Nouvelle génération WLA632 802.11n 3x3, 300Mb/s Haut débit WLA422 802.11a et b/g Local Switching & WLA371 Mesh Simple Radio (a ou b/g) Outdoor Indoor 91
RINGMASTER : CONFIGURATION GRAPHIQUE 92