Extending Enterprise Security to Multicloud and Public Cloud

Similar documents
SECURING THE MULTICLOUD

INTERCONNECTING MULTICLOUD WITH VMX

Disaggregation and Virtualization within the Juniper Networks Mobile Cloud Architecture. White Paper

SECURE HYBRID CLOUD Solution

Transit VPC Deployment Using AWS CloudFormation Templates. White Paper

Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Extending Enterprise Security to Public and Hybrid Clouds

Extending Enterprise Security to Public and Hybrid Clouds

Build a Software-Defined Network to Defend your Business

Best Practices for Extending the WAN into AWS (IaaS) with SD-WAN

ANIKET DAPTARI & RANJINI RAJENDRAN CONTRAIL TEAM

Overview of the Juniper Networks Mobile Cloud Architecture

Policy Enforcer. Product Description. Data Sheet. Product Overview

Multicloud Networking: An Overview. Shannon McFarland CCIE #5245 Distinguished

Security Everywhere Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Oracle IaaS, a modern felhő infrastruktúra

Journey to Secure and Automated Multi-cloud

Creating Your Virtual Data Center

Junos Security Bundle, JSEC & AJSEC

FUNDAMENTALS FOR RELOADED MPLS-VPN CONNECTIVITY

Cloud-Ready WAN For IAAS & SaaS With Cisco s Next- Gen SD-WAN

NGF0502 AWS Student Slides

Transit Network VPC. AWS Reference Deployment Guide. Last updated: May 10, Aviatrix Systems, Inc. 411 High Street Palo Alto, CA USA

Zero Trust Security with Software-Defined Secure Networks

Session objectives and takeaways

Overview of the Juniper Mobile Cloud Architecture Laying the Foundation for a Next-gen Secure Distributed Telco Cloud. Mobile World Congress 2017

Configuring Aviatrix Encryption

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Intelligent WAN: Leveraging the Internet Secure WAN Transport and Internet Access

Software-Defined Secure Networks in Action

Course Outline. Module 1: Microsoft Azure for AWS Experts Course Overview

Getting Started with AWS Security

Cisco Cloud Services Router 1000V with Cisco IOS XE Software Release 3.13

Virtualized Network Services SDN solution for service providers

Juniper Networks Switching: EX & QFX Series

FortiGate. on OCB FE Configuration Guide. 6 th December 2018 Version 1.0

JURUMANI MERAKI CLOUD MANAGED SECURITY & SD-WAN

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

Implementing and Configuring Cisco SDWAN (ICSDWAN-CT)

Overview. AWS networking services including: VPC Extend your network into a virtual private cloud. EIP Elastic IP

Routing Applications State of the Art and Disruptions

Cisco SD-WAN. Intent-based networking for the branch and WAN. Carlos Infante PSS EN Spain March 2018

NITA Based Offers and Services

Juniper Solutions for Turnkey, Managed Cloud Services

VMware Hybrid Cloud Solution

Evolved Campus Core: An EVPN Framework for Campus Networks. Vincent Celindro JNCIE #69 / CCIE #8630

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

NETWORK DEPLOYMENT WITH SEGMENT ROUTING (SPRING)

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

VMware Cloud on AWS. A Closer Look. Frank Denneman Senior Staff Architect Cloud Platform BU

Virtualized Network Services SDN solution for enterprises

ENTERPRISE SECURITY MANAGEMENT. Frederick Verduyckt 20 September 2012

AWS Reference Design Document

Cloud-Enable Your District s Network For Digital Learning

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Cisco Enterprise Cloud Suite for Service Providers. Cisco Knowledge Network Data Center Jan 16, 2018

Microsoft Azure for AWS Experts

Cato Networks. Network Security as a Service

PROTECT WORKLOADS IN THE HYBRID CLOUD

Network Edge Innovation With Virtual Routing

Selling the Total Converged Solution Module #1: Nortel Enterprise Networking Overview of the 4 Pillars and Why Nortel Tom Price Nortel HQ Sales

PUBLIC AND HYBRID CLOUD: BREAKING DOWN BARRIERS

Deploying Cloud Network Services Prime Network Services Controller (formerly VNMC)

Advanced CSR Lab with High Availability and Transit VPC

Cloud Native Security. OpenShift Commons Briefing

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Cisco Designing the Cisco Cloud (CLDDES) Download Full version :

LTRDCN-2100 Cloud networking solutions with Cisco Cloud Services Router (CSR 1000V) on AWS and Azure

Defending Against Unkown Automation is the Key. Rajesh Kumar Juniper Networks

Cloud Computing: Making the Right Choice for Your Organization

VMware Cloud Provider Platform

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

Where is the Network Edge? MEC Deployment Options, Business Case & SDN Considerations

Software Defined Broadband Networks. Jon Mischel Director, Product Management

Data Sheet Gigamon Visibility Platform for AWS

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Benefits of SD-WAN to the Distributed Enterprise

Junos Security (JSEC)

Cisco Container Platform

Remote Access VPN Helping enterprise businesses implement strong authentication for their remote workforce

Juniper SD-WAN Alexandre Cezar Consulting Systems Engineer, Security/Cloud

Cisco Cloud Services Router 1000V and Amazon Web Services CASE STUDY

The Cisco BYOD Smart Solution

AT&T Dedicated Internet Express

and public cloud infrastructure, including Amazon Web Services (AWS) and AWS GovCloud, Microsoft Azure and Azure Government Cloud.

SaaS. Public Cloud. Co-located SaaS Containers. Cloud

Disclaimer This presentation may contain product features that are currently under development. This overview of new technology represents no commitme

Security Camp 2016 Cloud Security. August 18, 2016

What is SD WAN and should I know or care about it? Ken LaMere Ecessa

Versa Software-Defined Solutions for Service Providers

Distributed Data Centers within the Juniper Networks Mobile Cloud Architecture. White Paper

SteelConnect. The Future of Networking is here. It s Application-Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

Safeguard Application Uptime and Consistent Performance

Smart and Secured Infrastructure. Rajesh Kumar Technical Consultant

Build an open hybrid cloud and paint it red and blue

40390: Microsoft Azure for AWS Experts

Making hybrid IT simple with Capgemini and Microsoft Azure Stack

Distributed Data Centers Within Juniper Networks Mobile Cloud Architecture. Mobile World Congress 2017

Software-Defined Secure Networks. Sergei Gotchev April 2016

Transcription:

Extending Enterprise Security to Multicloud and Public Cloud Paul Kofoid Sr. Consulting Engineer: Security & Cloud

This statement of direction sets forth Juniper Networks current intention and is subject to change at any time without notice. No purchases are contingent upon Juniper Networks delivering any feature or functionality depicted in this presentation. This presentation contains proprietary roadmap information and should not be discussed or shared without a signed non-disclosure agreement (NDA).

AGENDA Market trends Hybrid & multi-cloud Juniper s opportunity Solution differentiation Juniper value proposition 3

Why to Play Hard in the Hybrid / Multi-cloud Market Cloud Market size by 2020 $ 230B Enterprise IT organizations that will commit to multi-cloud architecture (IDC) 85% AWS revenue in 2016 Azure revenue in 2016 $12.2B $ 2.5B Takeaway : Real Money Risk Tolerance 4

Cloud Migration Trends $204B GLOBAL MARKET FOR PUBLIC CLOUD (GARTNER) Enterprises that will have deployed virtual firewalls by 2017 - INFONETICS 80% 73% Y/Y growth of virtual appliances - Dell'Oro research Y/Y growth of physical appliances - Dell'Oro research 4% 5

Hybrid and Multi-Cloud

Why Extend into the cloud? Simplicity Scalability Global Footprint Cost-effectiveness Public cloud benefits + Cost optimization + Best-of-breed Technologies + Data center locale 7

Network Extension into the Cloud Control the Cloud Experience App App Data Center (A) MX Campus / Branch L3-L7 QoS Access Control Firewall policies VPN connections MPLS VPN Internet MX / vmx PE Router vsrx QFX Fabric L3-L7 QoS Access Control vsrx Firewall policies VPN connections vsrx vmx App App OS OS App OS App App OS OS App Tenant A Tenant B Data Center (B) L3-L7 QoS Access Control L3-L7 QoS Access Control OS App MX Firewall policies VPN connections Firewall policies VPN connections App OS App OS Tenant C Cloud Provider 8

Juniper s Opportunity

10 Enterprises in Amazon AWS

So Far, So Good, So What? Challenge of Securing the clouds Huge Opportunity for Juniper 11

Virtual Private Cloud (VPC) Peering Limitations VPC Peering connects 2 (and only 2) VPCs together to share the private IP space between them Both VPCs can be in the same AWS account or different accounts Both VPCs must be in the same region VPC subnet Availability Zone - a VPC subnet Availability Zone - b VPC Peering VPC subnet Availability Zone - a VPC subnet Availability Zone - b Virtual Private Cloud - VPC A Region Virtual Private Cloud - VPC B 12

Amazon AWS Security: Juniper Insertion Points 1 2 3 4 5 AWS security is implemented via stateless ACLs or based on security groups Virtual gateways cannot initiate VPN connections to other virtual gateways AWS VPNGW is restricted to 1G VPN throughput Advanced security features are not supported Lack of dynamic routing between VPCs 13

Solution Differentiation

Transit VPC secure hub Inter-VPC and intra-vpc security (IDS/IPS, NGFW, ATP) Hub and Spoke topology IPSec VPN termination Automated Solution Integrated security (No SPAN port needed as in other s solution) High Performance (Major advantage against pure-security players) CloudFormation template-ready Or Deploy via Ansible 15

Backhaul VPCs back to Datacenter via IPSec VPC subnet VPC subnet VPC subnet VPC subnet... VPC subnet VPC subnet Availability Zone - a Availability Zone - b Availability Zone - a Availability Zone - b Availability Zone - a Availability Zone - b Virtual Private Cloud VPC A Virtual Private Cloud - VPC B Virtual Private Cloud VPC N... corporate data center Each time a new VPC is deployed, the on-prem router needs to be configured for the new spoke. Operator can either choose to use vsrx in each VPC or an AWS Virtual Private Network gateway to make the IPSec connections 16

Juniper Networks vsrx Benefits Internet Gateway INTERNET User Firewall Intrusion Prevention Unified Threat management Internet Gateway INTERNET Juniper Threat Defense Sky ATP APP Secure vsrx Advanced Threat Prevention Cloud Infrastructure VPN Termination Carrier Class routing Microsoft VM Cloud Infrastructure 17

Stacking up Against the Competition Transit VPC solution with integrated security High performance requirement in Transit VPCs Support for 128 routing instances Alternate vendors claim cloud HA, but restricted to same Availability Zone 18

Value Proposition

vsrx value addition: offloading AWS paid features INTERNET Eliminate dedicated NAT Internet Gateway VPN peering Eliminate dedicated VPN gateway 10.100.0.0/16 10.101.0.0/16 VPC peering 10.102.0.0/16 ENGINEERING PRODUCTION SALES Eliminate VPC Peering module 10.100.0.0/16 10.100.0.0/16 10.101.0.0/16 Add Comprehensive security & Intelligence VPN gateway VPN connection VPN gateway VPN connection AWS CLOUD VPN connection VPN gateway at Ingress, Egress and between VPCs Manage security from a single console (unified) VPN gateway VPN connection VPN connection VPN gateway Partner Team Engineering Team Partner Team Sales Team BETTER ROI Engineering Team Sales Team 20

Key Juniper Benefits Carrier-class security and routing xsp security and routing built on the robust Junos OS Better TCO Lower prices and reduced resource requirement of VSRX directly translates to lesser AWS infrastructure costs and overall operating costs Unified Management Simple, intuitive management for extending security policies seamlessly, enforcing and monitoring security across public and hybrid clouds Investment Protection Comprehensive security whichever deployment option you choose with future support for Containers and SDSN implementation Programmability Extensive programming capabilities are critical to DevOps deployment SIMPLE & INTELIGENT SECURITY WHEREVER THE NETWORK GOES 21

What about Microsoft Azure? Transit VPC Not all use cases possible in Amazon AWS are currently supported in Azure (i.e. tvpc) Hybrid Cloud Securely extend on-premises networks into the Azure cloud https://azuremarketplace.microsoft.com/en-us/marketplace/apps/juniper-networks.vsrx-securitygateway?tab=overview Management CLI, API and Security Gateway Solution Template from Azure Marketplace Connectivity Create encrypted tunnels between Azure vnets as well as Amazon AWS Deployment Security Gateway Solution Template from Azure Marketplace (NEW) https://www.juniper.net/documentation/en_us/vsrx/topics/task/multi-task/security-vsrx-security-gatewaysolution-template-azure-marketplace-deploying.html SIMPLE & INTELIGENT SECURITY WHEREVER THE NETWORK GOES 22

23 Enterprises in Azure:

It s Still All About Routing, and Who does it Best? Internet of Things (IoT) Whoever says you won t be using IPv6 as well as Dual-Stack IPv6/v4 routing, is lying Hybrid Cloud Internet-class security and routing built on the robust Junos OS End-to-End Public Cloud IPv6 containerized workloads need to tie back to IPv4 Private clouds Investment Protection Hardware or Software NGFW + L7 protection, with Junos routing Programmability API Extensibility First, ~Since 1998 SIMPLE & INTELIGENT SECURITY WHEREVER THE NETWORK GOES 24

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback