Kunal Jha, Juniper Networks

Similar documents
THE EXPONENTIAL DATA CENTER

METAFABRIC ARCHITECTURE A SIMPLE, OPEN, AND SMART NETWORK FOR THE DATA CENTER

THE NEW NETWORK IS SIMPLIFIED

CAMPUS AND BRANCH RECAP. Ralph Wanders Consulting Systems Engineer

SAFEGUARDING YOUR VIRTUALIZED RESOURCES ON THE CLOUD. May 2012

SECURING THE NEXT GENERATION DATA CENTER. Leslie K. Lambert Juniper Networks VP & Chief Information Security Officer July 18, 2011

WHAT S NEW FROM JUNIPER?

JUNIPER SIMPLY CONNECTED WIRELESS LAN PROMOTION. Stallion Winter Seminar March 2013

EXECUTING ON PLATFORM & SOFTWARE INNOVATION

Prepare Your Network for BYOD. Meraki Webinar Series

Deep Dive QFX5100 & Virtual Chassis Fabric Washid Lootfun Sr. System Engineer

THE NETWORK AND THE CLOUD

Introduction to Cloud Networking. Company and Product Overview

Juniper Networks Switching: EX & QFX Series

Learn more with Westcon. Switching: EX & QFX Series SALES GUIDE Your JUNIPER NETWORKS dedicated Sales Team

Cloud-Enable Your District s Network For Digital Learning

Introduction. Trusted by Thousands of Customers Worldwide. Recognized for Innovation

Wireless LAN Solutions

JUNIPER NETWORKS VIRTUAL CHASSIS FABRIC TECHNOLOGY

SD-WAN Transform Your Agency

BUILD A BUSINESS CASE

MODERNIZE YOUR DATA CENTER. With Cisco Nexus Switches

EX2200 & EX2300 Sales Guide. March 2017

Networking Drivers & Trends

Cato Cloud. Software-defined and cloud-based secure enterprise network. Solution Brief

Juniper Virtual Chassis Technology: A Short Tutorial

Introducing Avaya SDN Fx with FatPipe Networks Next Generation SD-WAN

Selling the Total Converged Solution Module #1: Nortel Enterprise Networking Overview of the 4 Pillars and Why Nortel Tom Price Nortel HQ Sales

VIRTUAL CLUSTER SWITCHING SWITCHES AS A CLOUD FOR THE VIRTUAL DATA CENTER. Emil Kacperek Systems Engineer Brocade Communication Systems.

JUNIPER STRATEGY TO CONVERGE WIRELESS AND FIXED ETHERNET IN A CAMPUS INFRASTRUCTURE. PHAL NANDA Sept 2012

Community College LAN Deployment Guide

Community College LAN Design Considerations

Cloud-Enable the Enterprise with Junos Fusion

Ciprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.

Evolution of Data Center Security Automated Security for Today s Dynamic Data Centers

SwitchX Virtual Protocol Interconnect (VPI) Switch Architecture

BUILDING A MISSION CRITICAL WIRELESS NETWORK TO SUPPORT THE GROWING DEVICE PROLIFERATION Maxime Deparisse 07/09/2012

Business Strategy Theatre

Network Configuration Example

Overview of the Juniper Networks Mobile Cloud Architecture

BROCADE ARUBA PARTNERSHIP ANNOUNCEMENT FREQUENTLY ASKED QUESTIONS

THE BUSINESS CASE FOR OUTSIDE-IN DATA CENTER SECURITY

The Next Opportunity in the Data Centre

Meraki MX Family. Overview

The Cisco BYOD Smart Solution

Juniper Networks M Series and J Series Routers

Juniper Solutions for Turnkey, Managed Cloud Services

BROCADE CAMPUS. Bill Ryan. August 23, Brocade Communications Systems, Inc. Proprietary Information

Meraki MX Family Cloud Managed Security Appliances

Dell EMC Networking: the Modern Infrastructure Platform

NETWORK ARCHITECTURES AND CONVERGED CLOUD COMPUTING. Wim van Laarhoven September 2010

Meraki 2014 Solution Brochure

BYOD the HP Way: Secure, Device-Agnostic Network Access Management Jochen Fischer Solution Architect (MASE) September 2013

Evolution with End-to-End Data Center Virtualization

SOLUTION BROCHURE. Mobility Changes Everything

Improve application deployment by 400% with your own private cloud

Juniper Unite Cloud-Enabled Enterprise Reference Architecture

Cato Cloud. Solution Brief. Software-defined and Cloud-based Secure Enterprise Network NETWORK + SECURITY IS SIMPLE AGAIN

FIREWALL PROTECTION AND WHY DOES MY BUSINESS NEED IT?

Campus network: Looking at the big picture

Stop Threats Faster. Vaishali Ghiya & Dwann Hall Juniper Networks

Firewalls for Secure Unified Communications

Top-Down Network Design

ALWAYS ON ENTERPRISE. Juniper WLAN/LAN offering the ON enterprise foundation. Alain Levens ADVANCED TECHNOLOGY TECH-LEAD SPECIALIST FEBRUARY, 2014

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Meraki MX Family Cloud Managed Security Appliances

Simplifying the Branch Network

Why EXTREME NETWORKS. NES Communications Partner event 2018

Unified Access Network Design and Considerations

SRX als NGFW. Michel Tepper Consultant

Networking Update. August 2017

Total Threat Protection. Whitepaper

Cato Cloud. Global SD-WAN with Built-in Network Security. Solution Brief. Cato Cloud Solution Brief. The Future of SD-WAN. Today.

Feature Comparison Summary

Innovative Solutions. Trusted Performance. Intelligently Engineered. Comparison of SD WAN Solutions. Technology Brief

Resilient WAN and Security for Distributed Networks with Cisco Meraki MX

The Economic Benefits of a Cooperative Control Wireless LAN Architecture

OmniSwitch 6850E Stackable LAN Switch

IBM Ethernet Switch J48E

Brocade Ethernet Fabrics

Exam Questions

Ethernet Fabrics- the logical step to Software Defined Networking (SDN) Frank Koelmel, Brocade

BT Connect Networks that think Optical Connect UK

JUNIPER PRODUCT UPDATE. Jukka Piirainen Stallion Winter Seminar

PCI Express x8 Single Port SFP+ 10 Gigabit Server Adapter (Intel 82599ES Based) Single-Port 10 Gigabit SFP+ Ethernet Server Adapters Provide Ultimate

Deploying Data Center Switching Solutions

Network Virtualization Business Case

Question No : 1 Which three options are basic design principles of the Cisco Nexus 7000 Series for data center virtualization? (Choose three.

Mobile-First. Campus Switching. Introducing Aruba Aruba Inspiration Day. Dennis Ladefoged - Systems Engineer

The Market Disruptor. Mark Pearce EMEA Director Channel Networking November 16 th Networking Solutions for the Future-Ready Enterprise

PT Unified Application Security Enforcement. ptsecurity.com

THE NETWORK. INTUITIVE. Powered by intent, informed by context. Rajinder Singh Product Sales Specialist - ASEAN August 2017

Meraki Solution Brochure

CCNP Switch Questions/Answers Cisco Enterprise Campus Architecture

儲存網路, 與時俱進 JASON LIN SENIOR TECHNICAL CONSULTANT BROCADE, TAIWAN

The Virtualisation Security Journey: Beyond Endpoint Security with VMware and Symantec

2011 Cisco and/or its affiliates. All rights reserved. Cisco Public 1

Politecnico di Torino Network architecture and management. Outline 11/01/2016. Marcello Maggiora, Antonio Lantieri, Marco Ricca

JUNIPER NETWORKS AND AEROHIVE NETWORKS: CLOUD- ENABLED SOLUTIONS FOR THE ENTERPRISE

The threat landscape is constantly

Transcription:

Kunal Jha, Juniper Networks 1 1

Security Cloud Virtualization BYOD / Mobility SDN 2 2

Simplified Networking RakeshSingh@Juniper.net Senior Systems Engineer Juniper Networks Proprietary and Confidential -- printed copies of this document are for reference only

FIXED MODULAR Core Aggrega tion Access EX8216 1G-Copper EX8208 8x10G 1G-Fiber EX8200 Virtual Chassis 40x10G Extra-Scale EX6200 EX6200 48F EX9200 2008 2009 2010 2011 2012 2013+ Core Aggrega tion EX42000 Virtual Chassis EX4200 EX4500 Virtual Chassis EX3300 Virtual Chassis EX4550 SFP+ EX4550 10GT External RPS Access EX3200 EX4500 EX2200 EX4200-PX EX3300 EX2200-C 4 4

Deployed Extensively Over 19,000 customers, 15M+ ports Data center, campus, branch, SP Financials, healthcare, education #3 LAN switching vendor Why We Win Technology Flexibility Performance OPERATIONAL SIMPLICITY 5 5

Rigid, legacy model of I.T. THE REST OF THE DATA CENTER HAS ADVANCED DRAMATICALLY IN RECENT YEARS From To Applications On-Premise Apps Servers/ Dedicated Servers Compute Storage Dedicated Storage Software Services Virtualized Workloads Shared Storage Flexible, virtualized model 6 6

Rigid, legacy model of I.T. THE DATA CENTER NETWORK HAS NOT EVOLVED, AND IS NOW AN INHIBITOR From To Applications On-Premise Apps Servers/ Dedicated Servers Compute Storage Dedicated Storage Network Layers of Complexity Software Services Virtualized Workloads Shared Storage Experience? Economics? Flexible, virtualized model 7 7

Ethernet Network evolution 3-2-1 3. Legacy three-tier data center 2. Juniper two-tier data center 1. Juniper s data center fabric W Up to 75% of traffic E 8 8

Virtual chassis : advantage Core Switches 128 Gig Distribution Switches 10 Gig 10 Gig 10 Gig 10 Gig Access Switches 9 9

Multi Building campus Deployment example Utilize the same MM fiber One-switch LAN 1 to manage 1 to upgrade 1 software version No L2 Loop/No STP required High Availability Redundant Pwr/Cooling Redundant Switch Fabric Sub-second Convergence in case of device/link failure Integrated Access Security Integrated QoS for Voice/Video/Data Local L3/L2 processing Peer-peer traffic can be processed by VC ring itself, no need to load the core. Optimized for Voice and Video over IP as inter building bypasses the core switch. GbE/10GbE VCP Lab Bldg 2 EX4200 Virtual Chassis Classroom Bldg 3 EX4200 Virtual Chassis EX4200 Virtual Chassis 1GbE uplink Admin Bldg 1 One Virtual Chassis to Manage for the entire campus backbone 1GbE uplink Classroom Bldg 4 EX4200 Virtual Chassis Recreation Bldg 5 EX4200 Virtual Chassis GbE/10GbE VCP WAN 10 10

Distributed CORE with 8-member VC EX4200 A Location EX4200 EX4200 C Location EX4200 Single core switch to manage across all sites One core switch to manage across multiple sites EX4200 EX4500 EX4200 EX4500 Sites could be campus or DC or both common hardware and operating system Location B Location D Seamless virtual workload mobility across sites 11 11

TRANSFORM THE NETWORK One Network Flat, any-to-any connectivity Single device N=1 Switch Fabric Data Plane Flat Any-to-any Control Plane Single device Shared state A Fabric has the. Performance and simplicity of a single switch And the Scalability and resilience of a network 12 12

Chassis Switch End of Row Single point of management Cabling complexity 13 13

QFabric evolving the single switch model Director Fabric Route Engine Separate the I/O modules from the fabric and replace copper traces with fiber links. For redundancy add multiple Interconnect devices. Federated Control and Intelligent Nodes One logical switch Interconnect I/O Modules Node Chassis Switch QFabric 14 14

QFABRIC Family Summary Scalability Runs Junos QFX3000-M 10s to 768 ports QFX3000-G 10s to 6,144 ports Rich functionality Performance QFX3000-M Low jitter <3us on avg. Simplicity N=1 QFX3000-G Low jitter <5us on avg. Lossless DCB compliant Storage End-to-end FCoE FCoE/FC Gateway and FCoE/iSCSI Transit Switch Designed for Modern DC Virtualization and convergence Seamless Layer 2 and Layer 3 Flexible VLAN capability 15 15

Approaches To Securing Virtual servers: 1. VLAN Segmentation Each VM in separate VLAN Inter-VM communications must route through the firewall Drawback: Possibly complex VLAN networking 2. Agent-based Each VM has a software firewall Drawback: Significant performance implications; Huge management overhead of maintaining software and signature on 1000s of VMs 3. Kernel-based Firewall VMs can securely share VLANs Inter-VM traffic always protected High-performance from implementing firewall in the kernel Micro-segmenting capabilities VM1 VM2 VM3 VM1 VM2 VM3 VM1 VM2 VM3 ESX Host ESX Host FW as Kernel Module ESX Host HYPERVISOR HYPERVISOR HYPERVISOR FW Agents 16 16

vgw Firewall Performance TCP Throughput Test (Standard 1500 Byte packet size). See slide notes for details 17 17

Juniper is recognized industry leader in Security Leaders Quadrant in Four Categories: Network Access Control SIEM/STRM SSL VPN FW/IPSec VPN Visionaries Quadrant in: Intrusion Prevention Category Network Access Control SIEM/STRM SSL VPN Firewall/IPSec VPN SSL VPN Intrusion Prevention 18 18

Inconvenient Statistics 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two years through insecure Web apps. Ponemon Institute 19 19

WAF is not enough Bot Nets Targeted Scanners IP Scanners Reliance on signatures Static attack surface No understanding of attackers Reactive Manual Hacking 20 20

WAF is not enough WAFW00F can fingerprint WAF products protecting a website. Can already profile 20 WAF products. 21 Source: 21 http://code.google.com/p/waffit/source/browse/trunk/wafw00f.py

5 attack Phases:- APT behaviour Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Silent Reconnaissance Attack Vector Establishment Attack Implementation Attack Automation Maintenance Attackers profile physical and virtual devices and applications Weaknesses in attack surface identified for attack Attacks launched to take control of device, application or VM. Can be used to begin further Reconnaissance Repeat attack to increase effectiveness, increase Profit or extract more data Evade patching and remediation measures to stop the attack WAF Plays Here Plays Here 22 22

The Junos WebApp Secure (MYKONOS) advantage Deception-based Security Detect Track Profile Respond Tar Traps detect threats without false positives. Track IPs, browsers, software and scripts. Understand attacker s capabilities and intents. Adaptive responses, including block, warn and deceive. 23 23

Detection by Deception Tar Traps Query String Parameters Network Perimeter Hidden Input Fields Client Firewall App Server Database Server Configuration 24 24

Fingerprint of An Attacker Timezone Browser version Fonts Browser add-ons 200+ attributes used to create the fingerprint. ~ Real Time availability of fingerprints IP Address False Positives nearly zero 25 25

Smart Profile of Attacker Attacker local name (on machine) Attacker global name (in Spotlight) Attacker threat level Incident history 26 26

Respond and Deceive Junos WebApp Secure Responses Human Hacker Botnet Targeted Scan IP Scan Scripts &Tools Exploits Warn attacker Block user Force CAPTCHA Slow connection Simulate broken application Force log-out All responses are available for any type of threat. Highlighted responses are most appropriate for each type of threat. 27 27

Solution Slides Mobility & BYOD 28 28

THE HISTORY OF BUSINESS CONNECTIVITY Terminals PCs Laptops Mobile Devices Serial Networks Ethernet Networks Casual Wireless Primarily Wireless 29 29

Juniper wireless today Over 6,000 Customers 1 M+ AP installed base since 2005 Healthcare Education (Higher Ed & K-12) Hospitality Presence in Fortune 500: Shell, Chevron, Alcoa, Audi, VW Many Mission Critical Environments: University Minnesota 18,000 AP, 300 Buildings, 1200 Acres Belfast Health & Social Care Trust 2,220 AP, 7 hospitals, 22,000 Staff Largest wlan patent portfolio today Proven Technology Track Record: Simple, Secure, Mobile Real Time Location Aware 17 issued patents, 49 pending Differentiating WLAN Innovations: Seamless roaming Life Cycle Management Intelligent Switching Controller Virtualization Identity Based Networking Unified Mobility Services 30 30

Juniper Networks Wireless LAN Evolution Fat AP Architecture Local Switching Thin AP Architecture Central Switching Juniper WLAN Architecture Local AND Central Switching Optimized for: x Security x Management x Reliability Performanc e Optimized for: Security Management x Reliability x Performanc 31 31 Copyright 2011 Juniper Networks, Inc. e www.juniper.net Optimized for: Security Management Reliability Performanc e

DISTRIBUTED SWITCHING MAXIMIZES SCALABILITY Centralized-Only Switching Breaks Down Under Increased Load from 802.11n Cisco & Aruba 10x increase exceeds controller capacity Distributed Switching Handles 802.11n without Breaking Down Juniper Internet Internet 11n increases load by up to 10x All traffic gets forwarded by controller Twice the traffic through network core 802.11n increases load up to 10x Can't scale without expensive upgrades Traffic can be forwarded by the AP Optimized traffic flows ideal for voice 802.11n has no impact on controller Scales in place without upgrades 32 32

RESILIENCY ADVANTAGE OF WLAN VIRTUALIZAION Hot Standby Approach - Aruba Controller Virtualization - Juniper Catastrophic failure dropped user sessions (imagine voice call) APs restart using hot standby controller No AP load balancing across controllers Fully loaded hot standby required Hitless failover even for active session (including voice calls) APs instantly remapped to in-service controller Dynamic AP load balancing across controllers No additional equipment required 33 33

Core differentiator: CONTROLLER CLUSTERING Competitors Complex Approach Vendor A Hot Stand-by or Back-up controller Vendor B Juniper s Simplified Approach Controller A Controller B Controller C Discrete controllers operate independently for AP redundancy configuration Harder to scale since adding capacity is cumbersome Limited resiliency APs mapped directly to controller & resets upon network/device failure Limited reliability N+1 (limited to number of designated back-up switches) Difficult to manage, highest cost of ownership Clustered controllers act collectively as single virtual controller for wireless configuration Easy to scale Capacity can be added in chunks, anywhere in the network Highest resiliency APs dynamically map to controllers optimized, auto AP load balancing Always-on reliability many-to-many redundancy all switches can serve as back-up Easiest to manage, lowest cost of ownership 34 34

35 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback