vsrx Services Gateway: Protecting the Hybrid Data Center

Similar documents
Juniper Solutions for Turnkey, Managed Cloud Services

Customer Benefits Through Automation with SDN and NFV

White Paper. Five Steps to Firewall Planning and Design

Service Automation Made Easy

Transforming Service Life Cycle Through Automation with SDN and NFV

vsrx Services Gateway

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

How To Secure Your Network With Juniper Networks

vsrx Services Gateway

Secure Cloud-Ready Data Centers Juniper Networks

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

Juniper Networks MetaFabric Architecture

SECURE CLOUD CONNECTIVITY FOR VIRTUAL PRIVATE NETWORKS

The Global Attacker Security Intelligence Service Explained

Junos Space Virtual Control

JUNIPER NETWORKS CLOUD SECURITY

JUNOS PULSE APPCONNECT

SOFTWARE DEFINED NETWORKING

How To Make A Cloud Service More Profitable

Networks that know data center virtualization

VM-Series for VMware. PALO ALTO NETWORKS: VM-Series for VMware

Networks that virtualization

VMware vcloud Networking and Security Overview

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Latest Changes in Healthcare Regulations and the IT Solutions Needed to Address Them

Product Description. Product Overview

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

EVOLVED DATA CENTER ARCHITECTURE

AN INTEGRATED SECURITY SOLUTION FOR THE VIRTUAL DATA CENTER AND CLOUD

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

JUNIPER CARE PLUS ADVANCED SERVICES CREDITS

Junos Space for Android: Manage Your Network on the Go

Security Services Gateways PRODUCT CATEGORY BROCHURE

COORDINATED THREAT CONTROL

Networks that know data center automation

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

Scott Lucas: I m Scott Lucas. I m the Director of Product Marketing for the Branch Solutions Business Unit.

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

JUNIPER. One network for all demands MICHAEL FRITZ CEE PARTNER MANAGER. 1 Copyright 2010 Juniper Networks, Inc.

The Advanced Attack Challenge. Creating a Government Private Threat Intelligence Cloud

Reasons to Choose the Juniper ON Enterprise Network

PRODUCT CATEGORY BROCHURE

Reasons Enterprises. Prefer Juniper Wireless

McAfee Next Generation Firewall Optimize your defense, resilience, and efficiency.

JUNOS SPACE SECURITY DIRECTOR

Networks that security

VIRTUALIZATION TO TRANSFORM SERVICE PROVIDER BUSINESS AND OPERATIONAL ECONOMICS

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

Solution Brief. Secure and Assured Networking for Financial Services

Payment Card Industry Data Security Standard

Unified Threat Management, Managed Security, and the Cloud Services Model

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

Securing Virtual Applications and Servers

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

White Paper. Time for Integrated vs. Bolted-on IT Security. Cyphort Platform Architecture: Modular, Open and Flexible

Contrail Networking. Product Description. Your ideas. Connected. Data Sheet. Product Overview

Key Strategies for Long-Term Success

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Enabling Solutions in Cloud Infrastructure and for Network Functions Virtualization

VMware vcloud Networking and Security

Achieve Deeper Network Security

Delivering Managed Services Using Next Generation Branch Architectures

the Data Center Connecting Islands of Resources Within and Across Locations with MX Series Routers White Paper

Juniper Care Plus Services

Netzwerkvirtualisierung? Aber mit Sicherheit!

The Dirty Secret Behind the UTM: What Security Vendors Don t Want You to Know

Achieve Deeper Network Security and Application Control

How To Protect Your Cloud From Attack

Meeting the Challenges of Virtualization Security

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

Secure Virtualization in the Federal Government

Improving Profitability for MSSPs Targeting SMBs

Sourcefire Solutions Overview Security for the Real World. SEE everything in your environment. LEARN by applying security intelligence to data

Juniper Networks Solution Portfolio for Public Sector Network Security

Unlock the full potential of data centre virtualisation with micro-segmentation. Making software-defined security (SDS) work for your data centre

Juniper Networks Automated Support and Prevention Solution (ASAP)

PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS

Juniper Networks, Ruckus Wireless Deliver Carrier-Class Performance for Enterprise Networks

Safeguarding the cloud with IBM Security solutions

Five Steps For Securing The Data Center: Why Traditional Security May Not Work

Juniper Networks Secure

SINGLE-TOUCH ORCHESTRATION FOR PROVISIONING, END-TO-END VISIBILITY AND MORE CONTROL IN THE DATA CENTER

Network Virtualization Solutions - A Practical Solution

Technology Brief Demystifying Cloud Security

NETWORK AUTOMATION AND ORCHESTRATION

Customizing the Customer Experience

SDN Unlocks New Opportunities for Cloud Service Providers

JUNIPER NETWORKS SPOTLIGHT SECURE THREAT INTELLIGENCE PLATFORM

Simplifying the Data Center Network to Reduce Complexity and Improve Performance

Security is a top priority. The reasons for reliable network security keep growing.

Firewall Migration. Migrating to Juniper Networks Firewall/VPN Solutions. White Paper

Simplify Your Network Security with All-In-One Unified Threat Management

USING SOFTWARE-DEFINED DATA CENTERS TO ENABLE CLOUD ADOPTION

Enabling Business Beyond the Corporate Network. Secure solutions for mobility, cloud and social media

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

On-Premises DDoS Mitigation for the Enterprise

Introducing IBM s Advanced Threat Protection Platform

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

Transcription:

Services Gateway: Protecting the Hybrid Data Center Extending Juniper Networks award-winning security products to virtualized, cloud-based, and hybrid IT environments Challenge Virtualization and cloud computing technologies are introducing new security vulnerabilities that physical legacy security systems cannot adequately protect against. Solution brings the power of Juniper s award-winning SRX Series Services Gateways to virtual, cloud, and hybrid IT environments. Delivering a complete virtual solution to enterprises and service providers, includes core firewall, robust networking, advanced security, and automated management. Benefits Extends SRX Series capabilities to your virtualized and cloud environments, directly addressing the new security vulnerabilities introduced by those technologies Enables you to rapidly provision security infrastructure, wherever and whenever it s needed on your network Implements critical security controls within your virtual infrastructure, not just at the perimeter, eliminating blind spots The last few years have seen a rapid move to virtualization and cloud technology. According to Gartner, organizations had virtualized 50 percent of their server workloads by mid- 2014, a number that is expected to increase to 86 percent by 2016. And the global cloud market is maturing quickly. IDC predicts it will reach $118 this year and $200 by 2018, and it is small wonder that organizations are eagerly adopting these technologies, given their proven benefits. They can achieve tremendous reductions in capital expenses by eliminating extra hardware and excess data center space. They can also significantly reduce operational expenses due to lower power and cooling requirements, as well as simplified infrastructure maintenance that frees up IT staffs for more important duties. The Challenges In most cases, your physical data center will not disappear as these growth trends play out. Instead, it will evolve into a hybrid environment, incorporating a mixture of physical and virtual computing technologies including both public and private clouds. You ll face even more challenging security risks within these hybrid environments than you have protecting your physical data center today. And you won t be alone with these challenges when making the shift to a hybrid data center architecture. The problem is that today, many organizations still rely exclusively on physical security. As hackers and malware grow more sophisticated, the stopgap measure of trying to protect virtual assets with physical security mechanisms becomes increasingly ineffective, undermining your ability to fully leverage the new computing paradigms and achieve high ROI. For example, when physical firewalls are used to address virtual traffic, this traffic must be routed out of the virtual environment, passed through the physical security infrastructure, and then redirected back into the virtual environment. This kind of hairpinning adds complexity, increases instability, and decreases your ability to move workloads Virtualization around. is Exploding at Enterprises Around the World 50% 86% 2014 2016 Source: Gartner Figure 1. Global explosion in virtualization. 1

Services Gateway: Protecting the Hybrid Data Center Cloud is Quickly Moving from an Emerging to a Mainstream Technology $200 Virtualized Servers + Non Virtualized Security = Hairpinning Physical Firewall Hairpinning $76.1 $95.8 $118 Source: IDC 2013 2014 2015 2018 Figure 2. Cloud is quickly becoming a mainstream technology. Security Risks Unique to Virtual Environments The security risks that impact physical environments impact virtualized environments to the same or an even greater extent. In addition, security professionals must address new risks that are unique to virtualized environments, and which exist within each layer of the virtualization stack: the host, the hypervisor, and guest layers. Recent high profile attacks have shown that cyberthreats exploit common applications to bypass controls; then, once inside your network, they move with little resistance while hiding in plain sight. An attack on or compromise of your virtualized environment is arguably even more serious than an incident in a physical environment. Your workloads and associated data which can possess different trust levels are centralized, with no security barriers in between to keep them segmented. So if your virtual environment is compromised, the attacker has access to everything. An additional challenge to securing your data center workloads is the fact that security policies and associated updates cannot keep pace with the speed of your workload (or ) changes, resulting in a weakening of your overall security posture. $ $ 2013 2018 Global revenue for virtual security appliances is forecast by Infonetics to more than double between 2013 and 2018. Figure 3. Global revenue forecast for virtual security appliances (Source: Infonetics). Figure 4. Virtualized servers + non virtualized security = hairpinning Table 1. Security Risks Unique to Virtual Environments Mixed-trust workloads Self-service virtual provisioning Compromised virtualization layer Host hypervisor (the new attack target) Traditional network security tools in virtual environments Sensitive data, previously restricted to trust domains, now coexists with other data, increasing the risk of data loss. Security is left to nontraditional security staff. One compromised layer can immediately impact all hosted workloads. An attack on the host s hypervisor can potentially compromise all workloads delivered by that host. Network tools that rely on physicalor network-layer attributes to protect servers and applications are particularly vulnerable to security breaks. What s needed to overcome these many challenges is a new kind of security a virtual one that can scale as easily as the virtualized and cloud-based resources themselves. Such a solution needs to provide robust defense against a variety of sophisticated threats, yet still achieve desired performance, scalability, availability, and visibility. Juniper Networks Services Gateway (formerly Firefly Perimeter) is that new kind of virtual security solution. The Juniper Networks Services Gateway Solution Services Gateway is a virtual firewall that offers the rich functionality of Juniper s award-winning SRX Series Services Gateways in a virtual machine () format. Powered by Juniper Networks Junos operating system, the virtual firewall delivers a complete, integrated virtual security solution that includes core firewall, robust networking, L4-L7 advanced security services, and automated life cycle management capabilities for organizations. The automated life cycle management capabilities, enabled through Junos Space 2

Services Gateway: Protecting the Hybrid Data Center Virtual Director, allow network and security administrators to quickly and efficiently provision and scale firewall protection to meet the dynamic needs of virtualized and cloud environments. By combining the management application with the power of Junos Space, security administrators can quickly manage all phases of security policy life cycle for physical and virtual assets from a common, centralized platform. Moreover, the portfolio of virtualized network and security services supports a variety of Network Functions Virtualization (NFV) use cases. The also supports Juniper Networks Contrail, OpenContrail, and third-party SDN solutions, and it can be integrated with next-generation cloud orchestration tools such as OpenStack, either directly or through rich APIs. is a flexible solution designed to keep your s secure while addressing the operational challenges raised by virtualized and cloud environments. In many cases, organizations wish to replace physical with virtual appliances, and can deliver the more agile virtual infrastructure that service providers or cable operators need in their data centers. NFV Internet Features and Benefits The Services Gateway combines core firewall, robust networking, advanced security services, and automated management in a format. It provides virtualization defense that is unmatched by other solutions in terms of reliability, scalability, efficacy, and visibility. The : Extends proven SRX Series capabilities to a virtual platform Delivers robust connectivity and routing features based on the power of Junos OS Provides mission-critical reliability for business continuity Integrates virtualization-specific advanced security services for a comprehensive threat management framework Automates the life cycle, from provisioning to decommissioning Unifies security policy management across physical and virtual environments Supports a variety of SDN and NFV solutions Solution Components Nonintegrated legacy systems built around traditional firewalls and individual standalone point solutions can no longer protect against today s sophisticated attacks. The all-in-one virtual firewall provides core firewall, rich networking, and L4 to L7 advanced security services so that you can protect your virtual assets from the evolving threat landscape. Juniper s solution includes the following components: Carrier PTX Series (or ) SDN Driven x86 Compute with Contrail Firewalls Complete Firewall Includes stateful packet processing and an applicationlayer gateway for virtualized and cloud environments Supports active/passive and active/active high availability (HA) deployment options for ware and K Carrier Backbone Carrier POPs Firewalls Figure 5. supports SDN and NFV solutions Rich Connectivity and Routing Features Includes IPsec VPN, Network Address Translation (NAT), and advanced routing in a flexible format based on the proven Junos OS foundation Advanced Security Features Provides virtualization-specific L4 to L7 advanced security services that incorporate unified threat management (UTM), intrusion prevention system (IPS), and AppSecure 2.0 services for a comprehensive threat management framework Unified Threat Management Encompasses comprehensive content security with best-inclass antivirus, antispam, Web filtering, and content filtering features to protect against: Malware attacks that can lead to data breaches and lost productivity Advanced persistent threats perpetrated through social networks and the latest phishing scams Malicious URLs that can significantly reduce the network bandwidth for business-essential traffic 3

Services Gateway: Protecting the Hybrid Data Center Intrusion Prevention System Inspects attack data and takes an action such as blocking the intrusion as it develops or creating a series of rules in the firewall to help you: Minimize false positives by offering flexible signature development Improve accuracy of signatures through precise context of protocols Accurately identify attacks Overcome attempts to bypass other IPS detections using obfuscation methods Simplify installation and maintenance while ensuring the highest network security Perform active/active IPS monitoring AppSecure 2.0 for Provides application visibility and control features that help protect virtualized and cloud environments from sophisticated application-based threats. supports AppSecure 2.0 capabilities such as AppTrack, AppFW, and AppQoS that, working together: Track application usage to identify high-risk applications and analyze traffic patterns, improving network security Enhance security policy creation and enforcement based on applications rather than traditional port and protocol management and analysis Prioritize traffic as well as limiting and shaping bandwidth Flow Processing based on application information and context to improve overall performance Input AppSecure 2.0 for Application Identification Engine Output Junos Space Virtual Director As a full life cycle management application for, Junos Space Virtual Director enables organizations to automate provisioning and resource allocation of s. The application runs on top of Juniper s well-established Junos Space Network Management Platform and supports the design, deployment, monitoring, grouping, and reporting of instances. Network and security administrators will benefit from rapid service rollouts and error-free deployments by using Virtual Director s predefined configuration templates, automation tools, workflow-based tasks, and intuitive GUI. Virtual Director s open set of RESTful APIs provides a single interface to all third-party orchestration tools and custom applications for end-to-end configuration and management. Unified Management By combining the power of Junos Space with Junos Space Virtual Director, administrators can significantly improve policy configuration, management, and visibility into both physical and virtual assets from one common, centralized platform. Use Cases Real-Life Applications for the Services Gateway can be used in a broad range of virtualized or hybrid data centers. Here are some of the most common use cases for this flexible and integrated network security solution: Private cloud is ideal for private cloud environments in which the cloud and the equipment it runs on are internal to an organization, such as a large enterprise, a university, or a financial institution. In private clouds, the administrators want to rapidly provide their employees or partners with s, and segment and secure them within groups such as departments and lines of business. Private Cloud Infrastructure Agility Virtual Director vcenter or vcloud Director or Open Contrail or Contrail Controller AppTrack Application ID Result IPS Physical Servers SRX enables security policy configuration and management across physical and virtual environments Key Need Isolation Department 1 Department 2 AppFW Department 3 Department 4 AppQoS Figure 6. AppSecure 2.0 is tightly integrated with Juniper s IPS solution to further mitigate threats and protect against a wide range of attacks and vulnerabilities. Figure 7. Private cloud use case 4

Services Gateway: Protecting the Hybrid Data Center Public cloud (cloud-hosting providers) is also useful in public clouds in which the cloud hosting providers must deliver strong security for their tenant customers. Public cloud service providers can deploy to protect their customers by placing the virtual firewall in front of each customer s individual hosting environment, keeping the hosting environments separate from each other. Summary Protects the Data Center in an Increasingly Virtualized World The virtual firewall offers the rich functionality of Juniper s award-winning SRX Series Service Gateways in a virtual machine () format. Powered by Junos OS, the extends Juniper s best-in-class security products to virtualized cloud-based and hybrid IT environments. Premises 1 Premises 2 Premises 3 IPSec VPN Public Cloud (Cloud-Hosting Providers) 1 2 3 4 Public Cloud Providing protection and connectivity to customer hosted s IPSec VPN Cloud Hosting Environment 1 dedicated to gives organizations a complete, integrated virtual security solution that includes core firewall, robust networking, L4- L7 advanced security services, and automated life cycle management capabilities. It provides mission-critical reliability for business continuity and unifies security policy management across physical and virtual environments. can be used in a broad range of virtualized or hybrid data centers that include private cloud infrastructure, public cloud (cloud hosting providers), and public cloud (managed security service providers). Premises 4 Figure 8. Public cloud (cloud-hosting providers) use case Public cloud (managed security service providers) can provide the virtual protection required by managed security service providers (MSSPs) that deliver cloud services with tenant s and manage dedicated firewalls and secure VPNs. Unlike cloud hosting providers, MSSPs do not host their end customers s, yet still want the ability to quickly create virtual firewalls and connectivity rather than procure physical equipment for each new request. Public Cloud (Managed Security Service Providers) Next Steps To learn more about how your organization can benefit from the Services Gateway, please visit www.juniper.net or contact your Juniper Networks representative. About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Premises 1 Premises 2 1 2 Virtual Director vcenter or vcloud Director or Management and Orchestration Platform Open Contrail or Contrail Controller Premises 3 3 4 MSSP 3 Operator Network Premises 4 1 2 4 MSSP s Virtual Environment Figure 9. Public cloud (managed security service providers) use case Corporate and Sales Headquarters Juniper Networks, Inc. 1133 Innovation Way Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or +1.408.745.2000 Fax: +1.408.745.2100 www.juniper.net APAC and EMEA Headquarters Juniper Networks International B.V. Boeing Avenue 240 1119 PZ Schiphol-Rijk Amsterdam, The Netherlands Phone: +31.0.207.125.700 Fax: +31.0.207.125.701 Copyright 2015 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos and QFabric are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 3510547-001-EN June 2015

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information