SECURING THE MULTICLOUD

Similar documents
Zero Trust Security with Software-Defined Secure Networks

Extending Enterprise Security to Multicloud and Public Cloud

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Policy Enforcer. Product Description. Data Sheet. Product Overview

ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

Build a Software-Defined Network to Defend your Business

SECURE HYBRID CLOUD Solution

FUNDAMENTALS FOR RELOADED MPLS-VPN CONNECTIVITY

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

CONTRAIL SECURITY. Contrail Cloud Networking & Security

SDSN: Dynamic, Adaptive Multicloud Security

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

Journey to Secure and Automated Multi-cloud

INTERCONNECTING MULTICLOUD WITH VMX

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Software-Defined Secure Networks in Action

Cisco Cloud Application Centric Infrastructure

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Cisco SD-WAN and DNA-C

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

Remote Access VPN Helping enterprise businesses implement strong authentication for their remote workforce

Advanced CSR Lab with High Availability and Transit VPC

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Juniper Sky Advanced Threat Prevention

Software-Define Secure Networks The Future of Network Security for Digital Learning

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Extending Enterprise Security to Public and Hybrid Clouds

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

Extending Enterprise Security to Public and Hybrid Clouds

Agenda Basecamp The Journey So Far Enhancements Into the Fear Zone Climbing The VM-Series Performance Peak New VM-Series Models and Licensing Best Pra

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

Cloud-Enable Your District s Network For Digital Learning

IBM Cloud for VMware Solutions

JN0-210.juniper. Number: JN0-210 Passing Score: 800 Time Limit: 120 min.

VMware Hybrid Cloud Solution

Benefits of SD-WAN to the Distributed Enterprise

PROTECT WORKLOADS IN THE HYBRID CLOUD

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

VMware Cloud on AWS The Next Generation Hybrid Cloud Architecture

2018 Cisco and/or its affiliates. All rights reserved.

Data Sheet Gigamon Visibility Platform for AWS

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Exploring Cloud Security, Operational Visibility & Elastic Datacenters. Kiran Mohandas Consulting Engineer

AWS Reference Design Document

VMworld disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no

Self-driving Datacenter: Analytics

NGF0502 AWS Student Slides

AlgoSec: How to Secure and Automate Your Heterogeneous Cisco Environment

EBOOK: VMware Cloud on AWS: Optimized for the Next-Generation Hybrid Cloud

Firefly Perimeter ( vsrx ) Technical information 12.1 X47 D10.2. Tuncay Seyran

Cisco Enterprise Cloud Suite Overview Cisco and/or its affiliates. All rights reserved.

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Disclaimer CONFIDENTIAL 2

Overview of the Juniper Networks Mobile Cloud Architecture

Private Cloud Public Cloud Edge. Consistent Infrastructure & Consistent Operations

VM-SERIES FOR VMWARE VM VM

Managed Platform for Adaptive Computing mpac

LINUX, WINDOWS(MCSE),

The intelligence of hyper-converged infrastructure. Your Right Mix Solution

Software Defined Secure Networks

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Agenda. This Session: Azure Networking Basics, On-prem connectivity options DEMO Create VNET/Gateway Cost-estimation for VNET/Gateways

Product Guide Revision B. McAfee Cloud Workload Security 5.0.0

Modelos de Negócio na Era das Clouds. André Rodrigues, Cloud Systems Engineer

Juniper Solutions for Turnkey, Managed Cloud Services

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

NGFWv & ASAv in Public Cloud (AWS & Azure)

Enterprise & Cloud Security

Accelerating the HCLS Industry Through Cloud Computing

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Module Day Topic. 1 Definition of Cloud Computing and its Basics

Solution Overview Gigamon Visibility Platform for AWS

Nutanix and Big Switch: Cloud-First Networking for the Enterprise Cloud

Migrating Enterprise Applications to the Cloud Session 672. Leighton L. Nelson

Securing Your Amazon Web Services Virtual Networks

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

Empowering SDN SOFTWARE-BASED NETWORKING & SECURITY FROM VYATTA. Bruno Barba Systems Engineer Mexico & CACE

Juniper Sky Enterprise

VMware Cloud Provider Platform

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Juniper Sky Advanced Threat Prevention

Software-Defined Secure Networks. Sergei Gotchev April 2016

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

JUNIPER SKY ADVANCED THREAT PREVENTION

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

McAfee Cloud Workload Security Product Guide

OPEN CONTRAIL ARCHITECTURE GEORGIA TECH SDN EVENT

Versa Software-Defined Solutions for Service Providers

Software Defined Broadband Networks. Jon Mischel Director, Product Management

Junos Security Bundle, JSEC & AJSEC

Transcription:

SECURING THE MULTICLOUD Bahul Harikumar and Ali Bidabadi Juniper Networks

This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation. This presentation contains proprietary roadmap information and should not be discussed or shared without a signed non-disclosure agreement (NDA).

We are all living in the wonderful world of digital transformation. No matter the size of your company or the industry you re operating in, there s some company ready to completely disrupt what you re doing. -Richard L. Villars, VP DC & Cloud Research IDC 3

Raising to the Challenge Rapid IT Deployment Continuous Innovation Migrate Workloads Cloud Faster route to Market Reduced Costs 4

Enterprise IT Transformation XaaS Traditional DC PaaS Private Cloud IaaS Multicloud SaaS IaaS Public Cloud 5

6 Cloud Market

Cloud 2.0 Massive Adoption Cloud Adoption is a Strategic Imperative Enterprise IT organizations that will commit to multicloud architecture (IDC) 85% Enterprises identified Security Risks as the biggest barrier in recent IDC survey 7

Multicloud Security - Key Requirements Private Cloud Bare Metal Apps Internet SD & PE Public Cloud 1 Web Server App Server vsrx/csrx Virtualized Apps SRX4100/4200 SRX4600/4800 Transit VPC - vsrx Public Cloud 2 Web Server App Server Micro-Segmentation High performance Automation Visibility & Analytics Hypervisor Support Global Unified Policy Management Secure any-any Connectivity Compliance & Consistent Security Service Specific Clouds Multiple Cloud Integration Policy Automation 8

Juniper Security Portfolio for Multicloud Security Director SDSN Software Defined Secure Networks UNIFIED POLICY Create and centrally manage policy Sky ATP NETWORK WIDE ENFORCEMENT Automatically enforce policy across customer premises and cloud GLOBAL THREAT DETECTION Unify threat intelligence from multiple sources HIGH PERFORMANCE NGFW PHYSICAL & VIRTUAL SDSN ENFORCEMENT POINTS Reduces both opex and capex with better price performance Higher scale with IMIX firewall throughput from 1 Gbps to 320 Gbps Multiple Services: Application Security, IPS, Content Security, ATP SRX345 SRX340 SRX320 SRX300 Branch NGFW SRX4600 SRX4200 SRX4100 SRX1500 Mid-range NGFW SRX5800 SRX5600 SRX5400 High-End NGFW 4Gb/s (2 vcpu) 25Gb/s (16 vcpu) vsrx csrx Virtual & Container NGFW 9

Juniper Private Cloud Security Solution WAN Virtual Environment/Private Cloud SD & PE Ware Headquarters IP/MPLS SRX1K SRX4K SRX5K SRX Enterprise Applications DB APP Web vsrx Department 1 Other DB APP Web Other Department 2 vsrx Remote Office Remote Office Isolation DB vsrx vsrx APP Web Other DB APP Web Other Department 3 Department 4 Juniper Portfolio for Private Cloud Key Requirements Micro-segmentation - vsrx, NSX Integration, Contrail High performance vsrx multicore, SRX1500, SRX4100, SRX4200, SRX 5XXX, SRX4600 Automation SD/PE integration, REST/Netconf, Cheff/Puppet/Ansible, AppFormix Visibility & Analytics Security Director, Jweb, Juniper Secure Analytics (JSA) Hypervisor Support csrx/docker, Ware/NSX, K/Contrail Private Cloud 10

Juniper Public Cloud Security Solution SD & PE AWS Marketplace Internet Public Cloud 1 Web Server App Server Transit VPC - vsrx Azure Marketplace Public Cloud 2 Web Server App Server Juniper Portfolio for Public Cloud Key Requirements Platform Integration vsrx on AWS (BYOL & PAYG), vsrx on Azure (BYOL) Automation PE integration on public cloud, Cloud-Init, Transit VPC, Auto-Scale/ELB Visibility & Analytics Security Director, AppFormix Public Cloud 11

Licensing Based on Features and Throughput 60 Day Evaluation License vsrx - Juniper Virtual NGFW for Multicloud High performance NGFW - Scale up to 100 Gbps - Lowest TCO Rich Firewall Services Unified Threat Management Advanced Threat Prevention (ATP) Application Security Anti-virus Sky ATP Intrusion Prevention Web/Content Filtering GeoIP & Custom feeds User firewall Anti-spam Malware Detection Firewall Foundational Services Firewall VPN NAT Routing Centralized Management Reporting Analytics Automation 12

vsrx - Ideal form factor for Multicloud Ecosystem ware ESXi 5.x, 6.0 K - Centos & Ubuntu Microsoft HyperV ware vcenter Open Stack Plugin Contrail Service Orchestrator (CSO) Platforms Orchestration Amazon AWS Microsoft Azure Google Cloud* IaaS Policy & SDN Contrail Service Chaining ware NSX SD, CLI, Jweb, NetConf/REST API 13 *Roadmap

Juniper Multicloud Security Solution Private Cloud SD & PE Public Clouds Bare Metal Apps SRX1K/4K/5K vsrx/csrx Virtualized Apps Internet IPSec VPN vsrx Transit VPC Web Server App Server Juniper Portfolio for Multicloud Key Requirements Private Cloud Secure Connectivity vsrx in Public cloud (Transit VPC & Full Mesh VPN deployments), Physical/Virtual DC Edge SRX, vsrx Auto-Scale* Compliance & Consistent Security Portable security policies across private/public cloud Unified Management Security Director as single pane of security management Multicloud Public Cloud 14

Unified Management & User Intent Policy ENHANCED VISIBILITY & CONTROL - SD Application Visibility & Control, Firewall Policy, Threat Maps, Events & Logs, Dashboard Automate Operations and Rule Placement, Reduce User errors, Improves Response Time Reduce scope of work by 20x Finance vsrx Predefine Policy Amazon EC2 Security Director Security Director Operations Globally apply policy AWS Lamda Determine Condition SRX ADAPTIVE & AGILE SECURITY POLICY Meta Data Based Policy Allows to create user intent based policy using meta data and helps to be agile in the cloud (Avoids manual workflow) AWS Lamda based sync up of meta data and inventory in a VPC with SD DYNAMIC POLICY ACTIONS Agility of cloud can be preserved by deploying dynamic policy changes in response to a condition (such as an attack) 15

Automate Entire Security Life Cycle Ensure Consistent deployment in multicloud environment Reduces workload Build out from days to minutes Auto Remediation to improve Network Availability and reduces Mean Time To Repair BUILD Initial configuration Software upgrade Space discovery Zero Touch Provisioning CONFIGURE Pre/Post change checks Configuration generation Deployment Archive configurations OPERATE Event Scripts to check health Troubleshoot issues Auto Remediation 16

Multicloud Security Juniper Offerings - Summary Private Cloud Bare Metal Apps Internet SD & PE Public Cloud 1 Web Server App Server vsrx/csrx Virtualized Apps SRX4100/4200 SRX4600/4800 Transit VPC - vsrx Public Cloud 2 Web Server App Server vsrx Cloud Native Ware NSX Integration Contrail Security SRX Encryption IPSec High performance physical Firewalls Global Policy Management Security Director (SD) vsrx Transit VPC vsrx on AWS vsrx on Azure Adaptive Security Policy (Metadata based Policy) 17

Key Takeaways Comprehensive solution for Multicloud deployment helps customers to raise to the challenge of cloud adoption High-performance and scale of Juniper security lowers customers TCO Flexible licensing and business models to match varied customer requirements Unified Management and Network as Enforcement through SDSN 18

Use Cases Micro-segmentation Retail hosting virtual workloads in private DC Differentiated security across various application groups Security as agile as the workloads High performance security cannot be bottleneck to application traffic Compliance & Consistent Security Health Insurance running applications & partner services on AWS Consistent security between DC and public cloud Secure connectivity between VPCs across multiple regions Redundancy in connectivity Secure Connectivity Financial enterprise with a mix of on-prem and AWS assets Secure connectivity between VPCs across multiple regions Secure connectivity from DC to AWS VPCs IPS and Stateful packet inspection between VPCs NSX Integration, Contrail microsegmentation Encryption & Security everywhere, Unified management by SD, Multiple Availability Zones for Redundancy Transit VPC 19

Demo

Multi-region Deployments US West US East VPN gateway Amazon EC2 VPN gateway Amazon EC2 POP 21

Transit VPC Cross-region, cross-account VPCs can connect to the Transit VPC via IPSec tunnels VPC 1 VPC 2 VPC N BGP-based dynamic routing combined with multi-az deployment creates a robust network infrastructure AZ 1 vsrx AZ 2 vsrx Transit VPC Transit VPC can establish VPN connections to VGWs attached to Spoke VPCs automatically with zero touch VPN over Direct Connect Internet Backup VPN 22

Secure Connectivity US West US Central US East VPN gateway Amazon EC2 Amazon EC2 VPN gateway VPN gateway Amazon EC2 Transit VPC vsrx AZ1 vsrx AZ2 AWS Direct Connect 23

Juniper Transit VPC Architecture Deploys two vsrxs (highly available design) The VGW Poller function runs every minute looking for appropriately tagged VGWs A PUT event inside AWS S3 triggers the Juniper Configurator function to generate and push the required configurations to the vsrxs 24

Demo Topology US West (Oregon) US East (N. Virginia) Linux AMI Linux AMI IP Sec Tunnel IP Sec Tunnel vsrx1 vsrx2 25

Resources NXTWORK 2017 - SECURITY SESSIONS Zero Trust Security with Software-Defined Secure Networks (Technical Deep Dive) Security NOW: Stop Threats Faster. (Business Solutions) Extending Enterprise Security to Multicloud and Public Cloud (Technology Focus) BYOL Juniper Transit VPC is now in the Marketplace: https://aws.amazon.com/marketplace/pp/b077nr8g4q?qid=1512381707615&sr=0-6&ref_=srh_res_product_title Juniper Transit VPC implementation guide: https://www.juniper.net/assets/jp/jp/local/pdf/implementation-guides/8010096-en.pdf 26

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback