2-04 Security Products and Solutions by Stephen Philip ...


Published on

  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Our products deliver best-in-class performance and innovation across 6 key areas (vertical columns): Routing Security Secure Access (for remote access) WAN Optimization Application Front End (for Data Center optimization) Policy, Control & Visibility across the portfolio All backed by a Partner and alliance program to deliver the best service to our customers.
  • This slide sets out the evolving challenges and requirements that today's enterprise customers have. Business Drivers Increased productivity, increase business efficiency/flexibility, reduce costs and regulatory compliance IT organisations need to do is to deliver Secure & Assured Infrastructure that is able to deliver differentiated applications and services across this network This is getting harder to do with…… Single IP infrastructure – demanding applications require network performance Virtual enterprises - dynamic perimeters, different users, devices, locations and trust levels Elevated threat environment – application level attacks and worm propagation Regulatory compliance (now global) – granular access controls and auditing Customers typically think about the enterprise network in five distinct as segments Data centres which house critical servers, Campus which includes users, wired and wireless infrastructure WAN GW which includes the Routers, Firewalls, VPNs and DMZs. It also includes the public facing apps. Extended enterprise - which is business partners, and mobile workers Distributed enterprise - which is the branch office environment High Level Enterprise Initiatives & Concerns Increased remote access and extranet access provisioning Increased perimeter security (application level) and internal security - DMZ(s) and Data Centers Concern for access control & identity management inside the enterprise LAN Although a reluctance to replace the access layer Data Center consolidation, thin (thinner) branch deployments Interest in secure branch deployments due to internet connectivity and split tunneling Reduced # of networks, the use of VoIP, use of the internet or IP/MPLS as a backbone -> single IP infrastructure Transition to the next slide To address these issues across the network we need greater levels of network control…
  • Organization: Department of Labor, Mine Safety and Health Administration Industry: Federal Government Challenge: Improve productivity by extending highly secure remote access to MSHA remote workers that is easy to deploy and manage, cost effective, and easy to use. Solution: Juniper Networks NetScreen Secure Access SSL VPN The Benefits: • High levels of security at the end-points and for applications/files being accessed • Ease of deployment and management for IT Staff • Ease of use for employees • Improved efficiency for all Customer NYC Department of Information Technology and Telecommunications (DoITT) – supports 78 NYC agencies with over 200,000 employees What did they deploy? Comprehensive & Layered Security Juniper Networks SSL VPN to connect remote offices Application Needed secure data connections for remote access to business applications Why Juniper? No software required on client machines Easy-to-use interface for customers that could be tailored for each user group Cost-effective remote access solution to support Flexible support of multiple types of user authentication sources Raymond James Highly sensitive nature of the personal and financial data that is transmitted across the Raymond James network, maintaining and improving network security is a fundamental part of the Information Security department’s mission. One area of the Raymond James network that the Information Security team monitors very closely is their virtual private network (VPN), which provides remote contractors, located worldwide, with access to the tools and information they need to do their jobs. It was only after Juniper Networks introduced its own SSL VPN solution that the Raymond James Information Security team decided it was time to make the switch. “the Juniper Networks NetScreen-SA 5000 series came along, it blew us out of the water. It had everything we’d been waiting for.” The decision to convert to a Juniper Networks SSL VPN solution has brought with it a number of significant cost, labor and time savings. Organization: Raymond James Financial, Inc., one of the largest financial services firms in the United States Industry: Financial Challenge: Keep up with the latest security advancements to provide more efficient and more robust system to all users Solution: Juniper Networks NetScreen SSL VPN Benefits: • Ease of deployment and administration for Information Security staff • Ease of use for employees • Heightened security • Greater operating efficiency Organization: Arizona Game & Fish, government agency to conserve, enhance and restore Arizona’s diverse wildlife resources and habitats. Industry: Government Challenge: Complying with Homeland Security requirements Solution: Juniper Networks NetScreen SSL VPN solution Benefits: • Secure network access anytime, anywhere • Increased network security and scalability Customer: Catholic Health System, healthcare provider to hundreds of thousands of Western New Yorkers Industry: Healthcare Challenge: Install a secure remote access infrastructure that connects the disparate networks of multiple hospitals Solution: Juniper Networks NetScreen SSL VPN solution Benefits: • Anywhere, anytime access to patient information • Saved time and money because of Juniper Networks ease-of-use • HIPAA compliance Organization: HealthBridge provides reimbursement solutions to pharmaceutical manufacturers, biotechnology companies and medical device companies. Industry: Health care Challenge: Securely connecting multiple hospitals on the same network Solution: Juniper Networks NetScreen SSL VPN solution Benefits: • Remote access based on permission level • Ease-of-use • Single point of entry for users • New hospital applications created
  • The University of Miami requirement: Secure campus-wide networks and enable new applications research material on marine and atmospheric science, patient medical records and student and faculty email messages wireless LAN network that covers an area of 240 acres on campus property. Solution: Each faculty with its own multi-gigabit Firewall Virtual Systems on faculty FWs for separation of student and staff networks SSL security overlay for WiFi network Benefits: Increased data security, operational efficiency and cost savings Secured network data Boosted performance and reliability Reduced device quantity and simplified management Increased operational efficiency and saved costs Wynn Resorts Project (Voice, Data, Security). Best-in-Class solution was a better alternative to Cisco. Proof-of-concept planning began and we pulled in resources from Corp. to support our efforts. Juniper, Extreme, Avaya win. SA product, which helped to solve an immediate requirement for Wynn to have outside developers gain access to the Wynn network. To date we have received orders from Wynn Resorts for 4 x NS-5400 with 16 Gig interfaces in each, 2 x ISG-2000, 4 x NS-208, 2 x NS-204, 1 x SA-3010, and several NS-5GT's, The key to our success at Wynn Resorts was our ability to work with our vendor partners and to bring the right Juniper resources to the table at the right moment. able to demonstrate that performance, scalability and HA capabilities were essential to the success of the project for Wynn Customer SUNet - the Stanford University Network, includes more than 100,000 computers with 35,000 email accounts and delivers nearly 900,000 incoming mail messages daily What did they deploy? Comprehensive & Layered Security Juniper Networks NetScreen-500 Firewall/IPSec VPN security systems Application To provide an “open community to enable easy information access and exchange, while protecting critical resources and preserving network reliability and performance Why Juniper? Comprehensive security solution Greater speed and reliability across network Simplified administration Customer: The Technical College of Bonn-Rhein-Sieg, Rhine-Westfalia, Germany Industry: Education Challenge: The isolation of numerous and related specialist faculties and provision of flexible connections to the network Solution: Juniper Networks NetScreen firewall Benefits: • Increased security across departments • Reduced total cost of ownership due to virtual systems feature and throughput scalability
  • Santa Clara Benefits: • Reduced bandwidth requirements by up to 10M bit/sec, saving at least $48,000 per year • Server capacity increased: Connection management, I/O and SSL processing offloaded, essentially cutting server loads in half • Need for additional network components averted: Reduced the amount of data traffic, enabling network components such as firewalls to handle more load. Dow Corning Provides Secure, High-performance Access to its NetWeaver SAP Portal with Juniper Networks DX Application Acceleration Platform Organization: Dow Corning Industry: Chemicals Challenge: Deploy mySAP NetWeaver Portal within a single global instance of SAP to provide more than 9,000 employees at over 100 sites in 32 countries with anytime, anywhere access to vital business information with the same response time as with SAP R/3 Solution: Juniper Networks DX application acceleration platforms Benefits: • Doubled performance of page downloads and reduced network SAP traffic by 70 percent • Improved response times by as much as 4x • Offloaded SSL and compression overhead from back-end systems • Provided business partners and employees with secure and assured access to SAP portals via the Internet • Reduced overall SAP cost of ownership and improved manageability AvantGo AvantGo is a free service from iAnywhere, a subsidiary of Sybase, that delivers rich, personalized mobile Websites to PDAs and smartphones. Today, hundreds of major brands, including American Airlines, CNET, GM, Rolling Stone and The New York Times, leverage AvantGo to target a highly desirable demographic of millions of registered users. AvantGo offers the convenience of anywhere, anytime access, seamlessly supporting both wireless and “sync and go” connectivity. Organization: iAnywhere, a subsidiary of Sybase, Inc. Industry: Communications software Challenge: Replace unstable routers with a more reliable, cost-effective alternative and provide reliable firewall/VPN functionality to the distributed network Solution: Juniper Networks M20 Routers & ISG (FW with IDP) for their Data Center Benefits: • Faster, more reliable, more stable routing of information across network • Reduced costs due to less maintenance needed for products • Secure and assured networking experience Business Profile: Cathay Pacific Airways, registered and based in Hong Kong, offers scheduled cargo and passenger services to over 90 destinations around the world. Industry: Airline Challenges: To support future expansion, Cathay Pacific needed to upgrade their network and transition from a proprietary to an open system that could utilize IP-based applications to improve the customer experience. Solution: Cathay Pacific implemented a new Integrated Traffic Management (ITM) system designed by SITA SC Professional Services and based on WX application acceleration platforms from Juniper Networks. Benefits: The WX-based ITM system increased Cathay Pacific’s WAN capacity by 68 percent with minimal disruption to the existing network, resulting in a significant cost savings by eliminating the need for higher-speed links and equipment upgrades. London Underground Key Challenges: • Needed to speed access on public Web site, even during huge traffic spikes • Peak load provisioning impractical • New Web kiosk application to launch Key Benefits: • Increased capacity of four high-end servers • Reduced bandwidth by 80 Mbps—an 80% decrease • Increased server capacity by 25% • Faster user downloads, even during peak periods • Easier IP address management State of New Mexico Business: • State government taxation department Problem: • Providing 70 dispersed DMV offices with secure online access to a statewide intranet application Solution • DX 3250 application acceleration platform Key Benefits • Provided T1-level performance on 56K lines • Increased server capacity 280% • Reduced bandwidth usage 65% • Accelerated site performance by 60%
  • As organizations run their applications from central locations over the WAN performance is impacted. Bandwidth – limited bw on WAN connections - drop in bw from LAN to WAN ( 100 to 1 ); expensive; consumption increases Latency – less understood => physics +storeNforward hops on nwk => rtt for packet to go from sender to receiver; intl. links (250 ms+) vs. US links (75-100 ms); intervals impacts perf. due to back/forth beh. of TCP protocol; apps waiting for processes to complete can’t fill bw on WAN ; MS Exchange => constrained by processes within L7 protocol Contention – can’t eliminate it, need to manage access to bw . Nemertes Research – 100+ apps per co., 2 dozen business-critical 4 ) Manageability – WAN = black hole; (ie: migrate to next-gen WAN services => MPLS (an any-to-any connection) => need visibility; WAN services => top 3 line items in IT budget- need to see how apps + WAN performing Each area impacts applications differently – 1) rich content across WAN makes bw limitation more problematic ( ie; attach 5M file in email ) 2) Protocol chattiness – back-and-forth beh. of transmissions limits app. performance in presence of latency 3) Contention impacts performance cuz low priority apps compete with crit. apps for WAN resources 4) Lack of manageability - cannot see how apps + WAN performing
  • Customer DISA - Dedicated, global, terrestrial OC-192 optical communication network that supports the DoD, National Security, and Intelligence communities What did they deploy? Mission-Critical Network Infrastructure Juniper sole IP routing vendor chosen with Core and Edge T640/320 Series/M40e Series routers running Layer 2/3 VPNs: 150 nodes at 90 sites NetScreen Applications Lead the IP transformation charge within the DoD Enhance existing GIG core to support 10 Gbps optical transport with IP/MPLS routing Common control plane for multiple services Why Juniper? Juniper products met all security, performance, reliability, and scalability requirements at a better value Strong support for cyber security strategies Customer DREN-Nationwide backbone network for the U.S. Department of Defense Research and Engineering Community of over 4,300 scientists and engineers What did they deploy? Mission-Critical Network Infrastructure M10/M5 Edge & T640 Core platforms AS-PICs and ATM-PICs NetScreen 5XXX boxes Applications First DoD network to transition from ATM to MPLS as a hybrid network Converged voice, data, and video Why Juniper? Elevated critical IP performance metrics by 500% via higher throughput and reduced latency for converged voice, data, and video traffic Supports hybrid networks in a single chassis Preserved the performance and integrity of ATM transmissions across the backbone Organization: City of Burbank Industry: Government Challenge: Upgrade and modernize city’s communication network Solution: Juniper Networks NetScreen network security appliances Benefits: • Vastly improved network security • Greater speed and reliability across network • Secure and assured network system provides internal departments and the general public access to the data that is most relevant to them Customer DTI – statewide network connecting over 350 state and school locations What did they deploy? Mission-Critical Network Infrastructure M and T series routers, NetScreen 5400 firewall, SA 5000 SSL VPN, and IDP 1100 Applications To improve speed, performance, & security of ultra high-speed, statewide network Transparent LAN Service (TLS) key application Why Juniper? Selected the Juniper Networks solution based on its proven reliability and advanced security and IP/MPLS capabilities. Customer: The Internet2 national R&E consortium and its Abilene network www.internet2.edu Challenge: Consortium applications required scalable high-speed backbone routing, IPv4 and v6, multicast at dense 10 Gbps speeds with no performance compromise Action: Installing 11 Juniper Networks T640 routing platforms as the new OC-192c backbone infrastructure Advantage: Fulfills need for high-performance backbone routing of all leading-edge services; one uniform OS lowers management and operational costs; scales by plugging new line cards into T640s
  • "one packet" transmissions, from protocols such as DNS, and small packet applications, such as multi-media, streaming video, VoIP applications, etc., are increasing in popularity, so the average packet size is getting smaller Also, these applications require very low latency – i.e. VoIP While general connectivity is on the rise, more and more people are connecting to the network, from home, on the road, on the go-PDA’s wireless, etc. The overall risks to the network are increasing, vulnerabilities are on the rise, attacks are growing in sophistication, necessitating more and more inspection of the traffic, up to the application layer, to make sure that what is flowing through is not malicious So, first and foremost, a high performance solution that can accommodate both large and small packet sizes at very low latency is needed to ensure that the business activity can go on… then it will become increasingly important to add security to the network to protect the resources.
  • Swift SWIFT plans to deploy more than 10,000 NetScreen appliances by the time the migration is completed – currently planned by the end of 2004 – which is expected to represent one of the world’s largest VPN deployments. Customer: U.S. Department of Energy, Energy Sciences Network (ESnet) www.es.net Drivers: Support annual doubling of traffic growth; migrate from OC-12 ATM backbone to new OC-48/192 links with ongoing support for separate ATM network Actions: Installed more than two dozen Juniper Networks M10, M20, M40e, and T320 routing platforms Advantages: • Fast, reliable performance • Transparent upgrade process with no disruption to users • Support for advanced protocols and services such as inter-domain IP multicast, MPLS • Simultaneous support for IPv4 and IPv6 RadioShack Secure point of sale, inventory, cell phone activation, & other back office business applications between corporate & each store. We won against Cisco and CheckPoint because we were able to exceed all of their VPN requirements, set up anti virus and deep inspection functionality appropriately NetScreen-5GT (5500) offering VPN & AV in more than 5,000 retail stores located throughout the U.S. NetScreen-5200 (4) deployed at the Fort Worth, Texas, headquarters to protect critical network resources & data traversing its highly distributed corporate network Hitachi Consulting We had significant challenges getting Cisco up and running and the VoIP had become almost inaudible. Within 24 hours of the NetScreen installation we were getting calls from employees telling us how happy they were with the voice quality. The difference was like night and day. Mike Shisko Director of IT Hitachi Consulting 40 percent improvement in network performance, Increased employee productivity.Simplified deployment and network management South Carolina Juniper Networks Juniper Networks IDP 100 to give them added visibility into the system Juniper Networks NetScreen-204 to protect the network’s edge where it meets the public Internet Juniper Networks NetScreen-208 firewalls to assist in the core server and SAN environment. Juniper Networks M7i and J4300 to protect each of the Department’s field offices Customer: Hitachi Consulting, the business and technology consulting arm of Hitachi, Ltd. Industry: Consulting Challenge: Installing an IPSec VPN/security infrastructure that would improve VoIP quality and reliability Solution: Juniper Networks NetScreen firewall and IPSec VPN security solutions Benefits: • 40 percent improvement in network performance • Increased employee productivity • Simplified deployment and network management Customer: McDonald’s restaurants of Canada Ltd., Canada’s #1 quick service restaurant Industry: Food service Challenge: Installing a cost-effective, high-performance and scalable security infrastructure Solution: Juniper Networks NetScreen firewall and IPSec VPN solution Benefits: • Increased network security and performance • Saved time and money by centrally managing order entry system • Increased employee productivity • Accelerated ordering, reporting and communication process “ Juniper network security products have allowed our store managers to dramatically reduce the time it takes to complete inventory orders and end-of-day reports. The end-of-day process has been cut down by 45 minutes. Multiply this by 7 days a week across 450 company stores and that’s a lot of time savings.” Organization: South Carolina Department of Probation, Parole and Pardon Services Industry: Government Challenge: Create an easily accessible and secure networking solution for the department Solution: Juniper Networks routers, intrusion detection and firewall/VPN appliances Benefits: • Flexibility of network architecture enables solution to adapt and evolve, saving time, effort and money • IDP devices allow an added level of visibility into the system, enabling a proactive approach to security • Secure and assured network system provides high level of security for data without sacrificing ease of accessibility for authorized personnel
  • 2-04 Security Products and Solutions by Stephen Philip ...

    1. 1. Juniper Security Products and Solutions Overview Stephen Philip Senior Director - Product Marketing Security Products Group
    2. 2. Agenda <ul><li>Juniper leadership in Security </li></ul><ul><li>Juniper Product Portfolio </li></ul><ul><li>Juniper Solutions by Location </li></ul><ul><ul><ul><li>Campus </li></ul></ul></ul><ul><ul><ul><li>WAN GW </li></ul></ul></ul><ul><ul><ul><li>Data Center </li></ul></ul></ul><ul><ul><ul><li>Distributed Organization </li></ul></ul></ul><ul><ul><ul><li>Extended Organization </li></ul></ul></ul>
    3. 3. Juniper Leadership in Security <ul><li># 2 in Network Security </li></ul><ul><ul><li>Passed Check Point in Q2 </li></ul></ul><ul><li>#1 in High End FW/VPN </li></ul><ul><li>#1 in SSL VPN </li></ul><ul><li>Growing faster than inline IPS market </li></ul><ul><li>Juniper in the Leadership quadrant for: </li></ul><ul><ul><li>Firewall </li></ul></ul><ul><ul><li>IPSec VPN </li></ul></ul><ul><ul><li>SSL VPN </li></ul></ul><ul><ul><li>IPS </li></ul></ul>Recognized as leader by Gartner Recognized as leader by Press Recognized as leader by our Customers Source Infonetics Q2-2006 U.S. Department of Labor
    4. 4. Proven, Best-in-Class Innovation UAC AAA OAC NSM Policy, Control & Visibility Security/VPN Routing Application Front End WAN Optimization Secure Access IC SSG
    5. 5. Evolving Challenges and Requirements Campus Organization Organization <ul><li>Single IP infrastructure – demanding applications require network performance </li></ul><ul><li>Virtual Organizations - dynamic perimeters, different users, devices, locations and trust levels </li></ul><ul><li>Elevated threat environment – application level attacks and worm propagation </li></ul><ul><li>Regulatory compliance (now global) – granular access controls and auditing </li></ul>Need a secure and resilient infrastructure able to deliver differentiated applications and services across the network
    6. 6. Solutions for the Extended Organization IP Network Data Center U.S. Department of Labor RA or Extranet DMZ <ul><li>Assessment & Containment </li></ul><ul><li>Native checks </li></ul><ul><li>Client/Server APIs </li></ul><ul><li>Remediation </li></ul><ul><li>Cache Cleaner </li></ul><ul><li>Virtual Environments </li></ul><ul><li>Connection Control </li></ul>1.Endpoint Assessment & Authentication 2. Trusted Xport (IPSec or SSL) 3. Authorize, Enforce & Log <ul><ul><li>Extended Organization Challenges </li></ul></ul><ul><ul><ul><li>Deliver applications securely and appropriately to employees, contractors, partners, suppliers anywhere, anytime </li></ul></ul></ul><ul><ul><ul><li>Provision and manage 1000s of endpoints </li></ul></ul></ul><ul><ul><ul><li>Handle non-owned devices and networks </li></ul></ul></ul><ul><ul><li>Extended Organization Solutions </li></ul></ul><ul><ul><ul><li>Client-less model reduces mgmt overhead </li></ul></ul></ul><ul><ul><ul><li>SSL VPN per user, per application controls </li></ul></ul></ul><ul><ul><ul><li>Endpoint integrity, quarantine, remediation </li></ul></ul></ul><ul><ul><ul><li>Application Acceleration (AFE) improves download times & availability </li></ul></ul></ul>
    7. 7. Juniper’s Coordinated Threat Control Business Partner Telecommuter LAN <ul><li>Correlated Threat Information </li></ul><ul><li>Identity </li></ul><ul><li>Endpoint </li></ul><ul><li>Access history </li></ul><ul><li>Detailed traffic & threat information </li></ul><ul><li>Comprehensive Threat Detection and Prevention </li></ul><ul><li>Ability to detect and prevent malicious traffic </li></ul><ul><li>Full layer 2-7 visibility into all traffic </li></ul><ul><li>Proven, market leading technology </li></ul><ul><li>Coordinated Identity-Based Threat Response </li></ul><ul><li>Manual or automatic response </li></ul><ul><li>Multiple response options: terminate, disable, or quarantine user </li></ul><ul><li>Supplements IDP’s threat prevention </li></ul>IDP detects threat and signals SA SA identifies user & takes action on user session Signal Self-registration technology for easy configuration
    8. 8. Solutions for the Campus <ul><ul><li>Campus Challenges </li></ul></ul><ul><ul><ul><li>Protect against outside/inside threats </li></ul></ul></ul><ul><ul><ul><li>Segment resources, users, departments </li></ul></ul></ul><ul><ul><ul><li>Provide secure WLAN access </li></ul></ul></ul><ul><ul><ul><li>Scaling across large or multiple campuses </li></ul></ul></ul><ul><ul><li>Campus Solutions </li></ul></ul><ul><ul><ul><li>Department & Virtual firewalls protect departmental resources </li></ul></ul></ul><ul><ul><ul><li>Intrusion Prevention mitigate and contains threats </li></ul></ul></ul><ul><ul><ul><li>802.1X & SSL VPN secured WLAN </li></ul></ul></ul><ul><ul><ul><li>Large L3 Routed Campuses </li></ul></ul></ul><ul><ul><ul><li>Unified access control solution </li></ul></ul></ul><ul><ul><ul><ul><li>Infranet Controller, Agent and Enforcer </li></ul></ul></ul></ul>Campus #1 Departments Internet Departments Campus #2
    9. 9. Unified Access Control Overview AAA AAA Servers Identity Stores Firewall Enforcers Central Policy Manager Endpoint profiling, user auth, endpoint policy Dynamic Role Provisioning User access to protected resources User admission to network resources Agent Protected Resource 802.1X
    10. 10. Unified Access Control Overview Agent AAA AAA Servers Identity Stores Firewall Enforcers Central Policy Manager Endpoint profiling, user auth, endpoint policy Dynamic Role Provisioning User access to protected resources User admission to network resources with SBR with OAC Protected Resource 802.1X
    11. 11. Introducing UAC 2.0 Agent AAA AAA Servers Identity Stores Firewall Enforcers Central Policy Manager Endpoint profiling, user auth, endpoint policy Dynamic Role Provisioning User access to protected resources User admission to network resources with SBR with OAC <ul><li>UAC 2.0 interoperates with any 802.1X infrastructure wired or wireless </li></ul><ul><li>UAC 2.0 is TNC compliant for truly open architecture </li></ul><ul><li>Access control for guests, contractors and employees </li></ul><ul><li>UAC 2.0 can be deployed via: </li></ul><ul><ul><li>802.1X only </li></ul></ul><ul><ul><li>Overlay w/firewall only </li></ul></ul><ul><ul><li>Both, for maximum granularity </li></ul></ul>Protected Resource 802.1X
    12. 12. Solutions for the Data Center <ul><ul><li>Data Center Challenges </li></ul></ul><ul><ul><ul><li>Protect data, servers, infrastructure </li></ul></ul></ul><ul><ul><ul><li>Maximize performance, availability, resiliency </li></ul></ul></ul><ul><ul><ul><li>Consolidate and simplify architecture </li></ul></ul></ul><ul><ul><ul><li>Terminate 1000s of VPN connections </li></ul></ul></ul><ul><ul><li>Data Center Solutions </li></ul></ul><ul><ul><ul><li>High performance edge service routers provide 10x over competing solutions </li></ul></ul></ul><ul><ul><ul><li>High performance firewall/VPN/security gateway </li></ul></ul></ul><ul><ul><ul><li>Intrusion Prevention mitigates threats </li></ul></ul></ul><ul><ul><ul><li>SSL for secure access </li></ul></ul></ul><ul><ul><ul><li>AFE accelerate applications to users </li></ul></ul></ul><ul><ul><ul><li>WAN Optimizer accelerate applications to sites </li></ul></ul></ul>Web Servers App Servers Data Bases High performance Routing Integrated IPS/FW/VPN Secure Access (SSL) AFE Application Acceleration Internet SLB Web Acc Cache SSL O/L WAN Optimization
    13. 13. How the WAN slows applications Accelerating Applications over the WAN Inability to understand application and WAN performance Lower-priority apps slow down critical ones Protocol chattiness Visibility and Reporting Acceleration Application Control More rich content Compression, Caching VoIP Web Oracle SAP Application Contention Limited Bandwidth Latency The WAN Pipe Manageability
    14. 14. Solutions for the WAN Gateway <ul><ul><li>WAN Gateway Challenges </li></ul></ul><ul><ul><ul><li>Maximize availability, resiliency, quality </li></ul></ul></ul><ul><ul><ul><li>Protect public facing servers and infrastructure </li></ul></ul></ul><ul><ul><ul><li>Optimal support for broad mix of app & traffic </li></ul></ul></ul><ul><ul><ul><li>Massive # VPN Connections or Large BW single tunnels </li></ul></ul></ul><ul><ul><li>WAN Gateway Solutions </li></ul></ul><ul><ul><ul><li>High performance Enteprise routers provide 10x over competing solutions </li></ul></ul></ul><ul><ul><ul><li>MPLS for improved quality and traffic engineering </li></ul></ul></ul><ul><ul><ul><li>High performance firewall/VPN, security gateway </li></ul></ul></ul><ul><ul><ul><li>Intrusion Prevention mitigates threats </li></ul></ul></ul><ul><ul><ul><li>SSL VPN Gateway for secure access </li></ul></ul></ul><ul><ul><ul><li>WAN Optimization to remote locations </li></ul></ul></ul>IP Network Data Center DMZ RA or Extranet DMZ VoIP DMZ City of Burbank Campus
    15. 15. WAN Gateway Requirements Value & Number of Connections Application Awareness / Protection Ave Packet Size Latency & Sensitivity Internet SSL VPN DMZ Web Partner DMZ FTP SSL DMZ RADIUS <ul><li>Provide high performance for large and small packet traffic mix </li></ul><ul><li>Make traffic decisions with low latency to ensure applications are not affected </li></ul><ul><li>Handle traffic load, complexity & availability requirements as # & value of connections increase </li></ul><ul><li>Understand application requirements and prevent/mitigate application-level attacks </li></ul>
    16. 16. Juniper Networks ISG Ground-up Design ISG 2000 GigaScreen3 ASIC, 1 GB RAM Programmable Processors Network Traffic Dual 1GHz PowerPC CPU 2 GB RAM, FPGA Dual 1GHz PowerPC CPU 2 GB RAM, FPGA Dual 1GHz PowerPC CPU 2 GB RAM, FPGA Dual 1GHz PowerPC CPU 2 GB RAM ASIC Module Security Modules (for IPS) Management Module I/O Modules 1 3 2 1 2 Processing power unmatched by any competitive offering I/O I/O I/O I/O Fixed I/O I/O Network Traffic GigaScreen3 ASIC, 1 GB RAM Programmable Processors Dual 1GHz PowerPC CPU 2 GB RAM, FPGA Dual 1GHz PowerPC CPU 2 GB RAM, FPGA ISG 1000 Dual 1GHz PowerPC CPU 2 GB RAM
    17. 17. Solutions for the Distributed Organization <ul><ul><li>Distributed Organization Challenges </li></ul></ul><ul><ul><ul><li>Protect data, servers, infrastructure </li></ul></ul></ul><ul><ul><ul><li>Improve application performance </li></ul></ul></ul><ul><ul><ul><li>Maximize availability, resiliency </li></ul></ul></ul><ul><ul><ul><li>Simplify architecture, management </li></ul></ul></ul><ul><ul><li>Distributed Organization Solutions </li></ul></ul><ul><ul><ul><li>Intrusion Prevention mitigates threats </li></ul></ul></ul><ul><ul><ul><li>Dedicated & multi-function firewalls </li></ul></ul></ul><ul><ul><ul><li>WAN Optimization for branch offices </li></ul></ul></ul><ul><ul><ul><li>Resilient, secure VPN to branch offices </li></ul></ul></ul><ul><ul><ul><li>MPLS VPN for QoS and traffic engineering to regional offices </li></ul></ul></ul>HQ Regional Office Regional Office Internet Back-hauled Branch IP/MPLS Network Small Branch (1000s) w Split Tunnels Retail Office (1000s) WiFi Access Remote Campus w Split Tunnel
    18. 18. Best in Class Security – Secure Services Gateway <ul><li>SSG 5 - Six fixed form factor models </li></ul><ul><ul><li>7 Fast Ethernet + 1 WAN interface </li></ul></ul><ul><ul><ul><li>ISDN BRI S/T, V.92, Serial </li></ul></ul></ul><ul><ul><ul><li>Dual radio 802.11a + 802.11 b/g variants of each </li></ul></ul></ul><ul><ul><li>160 Mbps FW / 40 Mbps VPN </li></ul></ul><ul><li>SSG 20 – 2 modular models </li></ul><ul><ul><li>5 Fast Ethernet + 2 Mini I/O slots </li></ul></ul><ul><ul><ul><li>Mini PIM options include ADSL2+, T1, E1, ISDN BRI S/T, V.92 at FCS </li></ul></ul></ul><ul><ul><ul><li>Dual radio 802.11a + 802.11 b/g variant </li></ul></ul></ul><ul><ul><li>160 Mbps FW / 40 Mbps VPN </li></ul></ul><ul><li>SSG 140 </li></ul><ul><ul><li>8 FE and 2 GE Interfaces </li></ul></ul><ul><ul><li>4 WAN PIM slots </li></ul></ul><ul><ul><ul><li>Standard J Series WAN interfaces </li></ul></ul></ul><ul><ul><ul><li>ISDN, Dual E1 and Dual T1 </li></ul></ul></ul><ul><ul><li>350 Mbps FW / 100 Mbps VPN </li></ul></ul><ul><li>SSG 550/520 </li></ul><ul><ul><li>4 on-board 10/100/1000 ports </li></ul></ul><ul><ul><li>6 WAN/LAN I/O expansion slots </li></ul></ul><ul><ul><li>Up to 1 Gbps FW/NAT / 500Mbps IPSec / 500 Mbps IPS (DI) </li></ul></ul><ul><li>New Secure Services Gateway Models </li></ul><ul><li>Advanced Security - Integrated Branch Routing and WAN interfaces </li></ul><ul><ul><li>FW, VPN , AV (including - phishing, - spyware) & Anti SPAM </li></ul></ul><ul><ul><li>ADSL2+, T1, E1, ISDN BRI S/T, V.92, Gig E </li></ul></ul>
    19. 19. Deploy Once – Add Services later <ul><li>Choose WAN connection & Deploy Device </li></ul><ul><li>Base System Cost + WAN I/F </li></ul><ul><li>Access Routing & VPN Service </li></ul><ul><li>Firewall Service </li></ul>
    20. 20. Deploy Once – Add Services later <ul><li>IPS Service </li></ul><ul><li>Web Filtering Service (SurfControl) </li></ul><ul><li>AV Service (Kaspersky) </li></ul><ul><li>Spam (Symantec) </li></ul>Additional license cost <ul><li>Choose WAN connection & Deploy Device </li></ul><ul><li>Base System Cost + WAN I/F </li></ul><ul><li>Access Routing & VPN Service </li></ul><ul><li>Firewall Service </li></ul>
    21. 21. Deploy Once – Add Services later <ul><li>IPS Service </li></ul><ul><li>Web Filtering Service (SurfControl) </li></ul><ul><li>AV Service (Kaspersky) </li></ul><ul><li>Spam (Symantec) </li></ul>Additional license cost Additional HW Requirements = None <ul><li>Choose WAN connection & Deploy Device </li></ul><ul><li>Base System Cost + WAN I/F </li></ul><ul><li>Access Routing & VPN Service </li></ul><ul><li>Firewall Service </li></ul>
    22. 22. Centralized Management <ul><li>Centralized control over Integrated Security Devices </li></ul><ul><ul><li>Remote Management </li></ul></ul><ul><ul><ul><li>Secure remote management of firewall, VPN, content security, and routing across all devices from one location </li></ul></ul></ul><ul><ul><li>Role-based administration </li></ul></ul><ul><ul><ul><li>Delegate administrative access to key support people with Assign specific tasks to specific individuals </li></ul></ul></ul><ul><ul><li>Centralized activation/deactivation of security features </li></ul></ul><ul><ul><ul><li>Application attack protection, Web usage control, Payload attack protection, Spam Control </li></ul></ul></ul>Network Security Operations Network Security Operations Network Security Operations
    23. 23. Thanks