Product Description. Product Overview



Similar documents
Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

White Paper. Protect Your Virtual. Realizing the Benefits of Virtualization Without Sacrificing Security. Copyright 2012, Juniper Networks, Inc.

ALTERNATIVES FOR SECURING VIRTUAL NETWORKS

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

NETWORK AND SECURITY MANAGER

Reasons Enterprises. Prefer Juniper Wireless

PRODUCT CATEGORY BROCHURE

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Juniper Networks Solution Portfolio for Public Sector Network Security

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Key Strategies for Long-Term Success

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

Junos Space Virtual Control

Introduction...3. Scope...3. Design Considerations...3. Hardware Requirements...3. Software Requirements...3. Description and Deployment Scenario...

Simplifying the Data Center Network to Reduce Complexity and Improve Performance

Protecting Physical and Virtual Workloads

SECURE ACCESS TO THE VIRTUAL DATA CENTER

White Paper. Juniper Networks. Enabling Businesses to Deploy Virtualized Data Center Environments. Copyright 2013, Juniper Networks, Inc.

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Meeting the Challenges of Virtualization Security

JUNIPER NETWORKS CLOUD SECURITY

JUNIPER NETWORKS FIREFLY HOST ANTIVIRUS ARCHITECTURE

Meeting PCI Data Security Standards with

Voice Modules for the CTP Series

Web Filtering For Branch SRX Series and J Series

Configuring and Implementing A10

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility

JUNIPER NETWORKS WIRELESS LAN SOLUTION

Secure Cloud-Ready Data Centers Juniper Networks

Network Access Control in Virtual Environments. Technical Note

WHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Identity-Based Traffic Logging and Reporting

JUNIPER CARE PLUS ADVANCED SERVICES CREDITS

END-TO-END SECURITY WITH SA SERIES SSL VPN APPLIANCES

CONFIGURATION OPTIONS FOR HARDWARE RULE SEARCH (RMS) AND SOFTWARE RULE SEARCH (SWRS)

Juniper Networks Solution Portfolio for Public Sector Network Security

Learn how the Juniper vgw Virtual Gateway can help organizations meet PCI Compliance for Virtualized Environments

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Netzwerkvirtualisierung? Aber mit Sicherheit!

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

PRODUCT CATEGORY BROCHURE. Juniper Networks Integrated

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

JUNOScope IP Service Manager

Architecting and Building a Secure and Compliant Virtual Infrastructure and Private Cloud

Service Description. Service Overview DATASHEET

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

Security Portfolio. Juniper Networks Integrated Firewall/VPN Platforms. Product Brochure. Internet SRX Fixed Telecommuter or Small Medium Office

AN INTEGRATED SECURITY SOLUTION FOR THE VIRTUAL DATA CENTER AND CLOUD

JUNOS SPACE SECURITY DIRECTOR

How To Protect Your Network From Attack From A Malicious Computer (For A Network) With Juniper Networks)

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS

PRODUCT CATEGORY BROCHURE INTEGRATED FIREWALL/ VPN PLATFORMS

Interoperability Test Results for Juniper Networks EX Series Ethernet Switches and NetApp Storage Systems

Mitigating Information Security Risks of Virtualization Technologies

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Keith Luck, CISSP, CCSK Security & Compliance Specialist, VMware, Inc. kluck@vmware.com

DMZ Virtualization Using VMware vsphere 4 and the Cisco Nexus 1000V Virtual Switch

Demonstrating the high performance and feature richness of the compact MX Series

Deploying IP Telephony with EX-Series Switches

Identity-Based Application and Network Profiling

Limitation of Riverbed s Quality of Service (QoS)

JUNIPER NETWORKS FIREFLY HOST FIREWALL PERFORMANCE

When it Comes to Monitoring and Validation it Takes More Than Just Collecting Logs

VMware Integrated Partner Solutions for Networking and Security

Leveraging Symantec CIC and A10 Thunder ADC to Simplify Certificate Management

How To Protect Your Virtual Infrastructure From Attack From A Cyber Threat

Meeting PCI Data Security Standards with Juniper Networks Security Threat Response Manager (STRM)

Comprehensive Monitoring of VMware vsphere ESX & ESXi Environments

5 Best Practices to Protect Your Virtual Environment

VMware vcloud Networking and Security Overview

HP Virtual Controller and Virtual Firewall for VMware vsphere 1-proc SW LTU

How To Protect Your Cloud From Attack

Symantec Protection Suite Enterprise Edition for Servers Complete and high performance protection where you need it

Juniper Care Plus Services

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

PICO Compliance Audit - A Quick Guide to Virtualization

Overcoming Security Challenges to Virtualize Internet-facing Applications

Transcription:

DATASHEET vgw Gateway Product Overview The vgw Gateway provides a best-in-class virtual firewall to meet the unique security challenges of virtual data centers and clouds. IT teams can now secure their virtual environments by implementing a rule-based firewall for each. Because the vgw has been purpose-built to support virtualization, it synchronizes automatically with ware vcenter, secures otion, and uses safe to provide breakthrough levels of security and performance. The vgw delivers superior protection, throughput, scalability, automated deployment, operational efficiencies, and value for virtualized environments. Enterprises can now achieve the full ROI of virtualization in a secure manner. And for the first time, they can maintain equal security and regulatory compliance across physical and virtual networks. Product Description Juniper Networks vgw Gateway rounds out a virtualization security solution that includes a high-performance hypervisor-based stateful firewall complete virtual network visibility, monitoring, and reporting. The vgw brings forward powerful new features that automate security and compliance enforcement within virtual networks and clouds. By leveraging virtual machine introspection (I) data and intelligence, and coupling it with Juniper s wide-ranging knowledge of the security and virtual network environment, vgw creates an extensive database of control points by which security policies and compliance rules can be defined. The vgw makes this rich data available in intuitive UIs that let administrators build the entire range of policies from corporate rules on global protocol handling (e.g., block Kazaa) to discrete regulatory compliance policies for how virtual machines should be configured (e.g., must have antivirus installed). Compliance assessment and security enforcement happen automatically and in lockstep with changes in the virtual environment. New s, for example, will be scanned and quarantined if out of compliance with policies. The same applies to s whose state changes such that the security posture is weakened. The vgw ware safe-certified security operates from deep within the virtualization fabric as part of the hypervisor. Consequently, the software delivers unprecedented levels of security, far beyond what is possible with traditional physical network security products. Security and compliance concerns are top of mind in virtualization and cloud deployments. Juniper s experience and innovative research in virtualization security has resulted in a powerful software suite capable of monitoring and protecting virtualized environments without negatively impacting performance. A hypervisor-based, safecertified, virtualization security approach, in combination with X-ray level knowledge of each virtual machine through I, gives the vgw a unique vantage point in the virtualized fabric. Here, virtualization security can be applied efficiently and with context about the virtual environment and its state at any given moment.

vgw delivers total virtual data center protection and cloud security through visibility, compliance, and control: Visibility full view to all applications flowing between s and how they are used. Complete and group inventory, including virtual network settings. Deep knowledge of state, including installed applications, operating systems, and patch level, through I. Compliance enforcement of corporate and regulatory policies for the presence of required or banned applications via I. Some practical applications of compliance enforcement such as assurance of segregation of duties to ensure that s are assigned to the right trust zones inside the virtual environment. Pre-built compliance assessment based on common industry best practices and leading regulatory standards. Control a safe-certified, stateful firewall provides access control over all traffic via policies that define which ports, protocols, destination s, etc. should be blocked. Further inspection of allowed traffic can be conducted by protocol or application in order to identify intrusion attempts, malformed packets, or the presence of malware. Figure : A dashboard view of virtual network security and compliance states Architecture and Key Components Center Physical Server # Physical Server #2 Intranet Application Live Migration Database SAP Desktop Desktop 2 Firewall Firewall Physical Network 2 Firewall secure inter- communication, stopping infections. Secure otion by attaching an enforceable policy to the migrating. Figure 2: The vgw secures highly dynamic s through change and motion 2

Features and Benefits ization has brought both economic benefits and new security concerns to enterprises. IT managers often hesitate to virtualize systems with sensitive data or take full advantage of live migration due to security worries. Among their concerns are: Undetected and uncontained malware outbreaks or insider attacks in the virtual environment Lack of visibility into, or control of, traffic between s that never touches the physical network Inability to enforce policies that isolate s, prevent sprawl, or secure features like otion ization compliance gaps and audit data holes Increasing network complexity and administrative burden caused by applying legacy VLAN or firewall technology to the virtual environment Cloud Security API Juniper provides an XML-RPC programming interface that lets service providers and large enterprises customize and automate firewall provisioning. Users of the API can efficiently secure virtualization services for internal or external customers, while ensuring strict isolation of customer s. Compliance The vgw lets administrators, security managers, and compliance auditors define and report on the specific conditions (corporate and regulatory) that constitute compliant operation in their environments. The vgw user interface allows for the building of custom whitelists (desired configurations) and blacklists (unwanted conditions). vgw continuously monitors all s, including newly created ones, to report on the overall compliance posture of the virtual environment. data center and cloud administrators can see their aggregate compliance posture at a glance and drill down on each to identify the exact condition that has triggered a noncompliance alert (e.g., in wrong VLAN, or trust zone has been quarantined). High Availability Using redundant system components, the vgw provides missioncritical reliability. An easily deployed shadow management server immediately takes over if the primary system fails, ensuring uninterrupted policy enforcement and management control. Figure 3: Introspection technology gives the vgw an X-ray view of s Without the means to mitigate risks in a cost-effective manner, many enterprises are not currently realizing the full potential that virtualization technology offers. Automated Deployment and Integration The vgw virtual appliance automatically installs itself and discovers all guest s through integration with vcenter. Unlike using VLANs to isolate s, Juniper s solution is easy to maintain and readily scales as virtualization use grows and new virtual machines are added to the environment. Automated Security The vgw automates the application and enforcement of security rules. This is accomplished in two ways. First, it allows for the creation of highly detailed security policies that dynamically combine desired conditions from a rich database of virtual infrastructure (VI) and information. The dynamic policy groups can then be associated with one or more s. When additional s are created, they can be automatically associated with known groups and policies by matching predefined criteria. Administration overhead is reduced by allowing a build once, apply continuously model to security policy definition and enforcement. High-Performance, Hypervisor-Resident Firewall By processing inspections in the ware hypervisor kernel, vgw provides 0 times the throughput of older, bridge-mode firewalls running in virtual environments. This optimized safe innovation can increase s per host while eliminating network reconfigurations. Firewall protection is continuous as s move from host to host using otion. Unlike traditional firewalls, the vgw keeps the live in live migration by maintaining open connections and security throughout the event. Intuitive Central Management The Web-based central management console displays real-time views of each virtual machine s operating and security status at a glance. And a simple, familiar interface for defining rules and managing policies supports role-based administration, enabling separation of duties. Logging, Reporting, and Alerts System logging output gives security event management systems insight into virtual network activity. Administrators can print reports of historical traffic data and configure SNMP traps to alert them to selected events. Smart Default Policy for New Machines When a new is created, the vgw assigns it an administratordefined default policy. Allowing only admin and Domain Name System (DNS) protocols, for example, mitigates the risks of misconfigured or rogue s with vulnerable or infected workloads. 3

ware Hypervisor Protection By monitoring and storing all network connections to the hypervisor using safe APIs, the vgw creates a new defensive layer that protects hypervisors against unauthorized connection attempts from s. vgw provides a hypervisor-based stateful firewall that inspects all packets to and from s, blocking all unapproved connections and subjecting allowed packets to deeper inspection (e.g., port 80 for Web applications). Administrators can enforce stateful firewall policies for individual s, logical groups of s, or all s. Introspection Machine Introspection (I) is a ground breaking approach, analogous to an X-ray of s and the virtual environment from the hypervisor. I enables information gathering about s, the security of the virtual network, and virtual environment settings without the use of agents. The ability of malware to disable or hide from security agents is a classic unresolved security problem that has plagued the security industry for decades. I offers an innovative new approach to leveraging the hypervisor for an uncompromised X-ray inspection of s, where malware literally has nowhere to hide. vgw incorporates I as part of its security policy definition and enforcement mechanism. By amassing information about the kinds of applications and services running on s, vgw sustains deep knowledge about the internal security state of each virtual device. This information is then made available through vgw s point-and-click dynamic policy editor, so that rules can be easily built to enforce a desired security posture. For example, a security rule could require the presence of antivirus software to be present inside a, or alternatively discover unapproved applications, forcing automated quarantine and alerts for noncompliant machines. vgw s unique vantage point in the hypervisor delivers unprecedented visibility and control over the virtual environment to achieve compliance with corporate standards. Figure 4: Granular virtual firewall policies enforce all access to and from s System Requirements vgw Firewall Operating System Appliance Memory: 52 MB Disk space: GB Infrastructure ware vsphere 4 ware ESX or ESXi 4.0, with vcenter 4 Security Design for vgw Operating System Appliance Memory: GB Disk space: 0 GB Infrastructure Infrastructure 3 ware ESX Server 3.x.x Center 2.x.x Juniper Networks Services and Support Juniper Networks is the leader in performance-enabling services and support, which are designed to accelerate, extend, and optimize your high-performance network. Our services allow you to bring revenue-generating capabilities online faster so you can realize bigger productivity gains and faster rollouts of new business models and ventures. At the same time, Juniper Networks ensures operational excellence by optimizing your network to maintain required levels of performance, reliability, and availability. For more details, please visit www.juniper.net/us/en/ products-services. 4

Ordering Information For more information about Juniper Networks vgw Gateway, please contact www.juniper.net. Model Number Description ALTOR-CENTER- Central management center ALTOR-S-ADD-2 Security license for 2 CPU sockets ALTOR-S-ADD-0 Security license for 0 CPU sockets About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. ALTOR-S-ADD-20 ALTOR-S-ADD-50 ALTOR-S-ADD-00 ALTOR-S-UNL ALTOR-HA-ADD-2 ALTOR-HA-ADD-0 ALTOR-HA-ADD-20 ALTOR-HA-ADD-50 ALTOR-HA-ADD-00 Security license for 20 CPU sockets Security license for 50 CPU sockets Security license for 00 CPU sockets Security license for unlimited CPU sockets High availability license for 2 CPU sockets High availability license for 0 CPU sockets High availability license for 20 CPU sockets High availability license for 50 CPU sockets High availability license for 00 CPU sockets 5

Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc. 94 North Mathilda Avenue Sunnyvale, CA 94089 USA Phone: 888.JUNIPER (888.586.4737) or 408.745.2000 Fax: 408.745.200 www.juniper.net Juniper Networks (Hong Kong) 26/F, Cityplaza One King s Road Taikoo Shing, Hong Kong Phone: 852.2332.3636 Fax: 852.2574.7803 Juniper Networks Ireland Airside Business Park Swords, County Dublin, Ireland Phone: 35.3.8903.600 EMEA Sales: 00800.4586.4737 Fax: 35.3.8903.60 please contact your Juniper Networks representative at -866-298-6428 or authorized reseller. Copyright 20 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 000363-003-EN June 20 Printed on recycled paper 6

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information