Enterprise Framework: Delivering Proven IP Infrastructure for the ...

it.ba.de

Enterprise Framework: Delivering Proven IP Infrastructure for the ...

Juniper Networks

Enterprise Framework

Click to edit Master

title style

Delivering Proven IP Infrastructure

for the Real-Time Enterprise

Thorbjörn Zieger

Channel Account Manager CEUR

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net 1


Juniper Networks—Corporate Facts

Who We

Are:

• Incorporated 1996

• Does business in over 70 countries

• 4,500 employees

Market

Execution

Financials

• 90% of the Fortune 100 rely on Juniper

• Market share: Top 3 in all key markets

• Gartner Magic Quadrant Leaders:

SSL VPN, Firewall, IDP, IPSec VPN

• 6500+ partners worldwide

• More than 8,000 customers worldwide

• $2+ billion, strong cash position

• Fortune 1000 company

• Member of NASDAQ-100 Gold

• Member of S&P 500

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

2


Proven, Best-in-Class Innovation

Policy,

Control &

Visibility

Routing

Security/VPN

Secure

Access

WAN

Optimization

Application

Front End

IC

UAC

SSG

AAA

NMS

OAC

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

3


Emergence of the Real-Time Enterprise

Demands on the Business

• Agility to respond to planned

and unforeseen events

• Speed, adaptability,

extensibility critical

• Flexibility to control and

manage costs

• Leverage investments

• Extension of business

processes

• To partners and others

• To mobile and nomadic

employees

Demands on IT

• Defending against constant

threat environment

• Preserving business continuity

• Accessibility without risk to

business

• Visibility to support

compliance auditing,

management etc.

• Sharing and loosely coupling

intelligence between

applications, users and

infrastructure

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

4


Enterprise Architectural Approaches

AGILITY—Speed of Response

•System Silos

•Increased Risk

•Limited System value

Static

Legacy Networks

Responsive

•Systems Approach

•Best in Class

•Investment Leverage

•Operational Real-Time

Simplicity

& Predictability

•Inflexible

•Lock-In

•Diminished choice

INTELLIGENCE—Ability to respond

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

5


Proven IP Infrastructure for the Real Time

Enterprise

AGILITY—Speed of Response

Deliver Proven ProvenReal-Time

IP IP Infrastructure

For to the the Responsive

Real-Time

Enterprise

Static

Enterprise

INTELLIGENCE—Ability to respond

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

6


Juniper Enterprise Framework

Policy

Control

Visibility

Applications Environment

Standards-based signaling

Services

Infrastructure

IP Infrastructure

products in 3

Domains

• Publish interfaces,

support open

standards

between layers

• Create a partner

eco-system for

solutions

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

7


Supporting the Applications environment

Supporting the demands of applications

through Standards based interfaces

Partner

Ecosystem

Standard based

Interfaces

Policy

Applications Environment

Standards-based signaling

Control

Visibility

Services

Infrastructure

• Application visibility

• Inheritance of

application policies

• Solution integration

inc Service Oriented

Architectures (SOA)

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

8


Services

Services Provided to users and applications

by the System

Policy

Control

Visibility

Applications Environment

Standards-based signaling

Services

Infrastructure

App

Services

Functions

User

Services

Network

Services

• Simplicity—ease of

deployment/change

• Standards-based

interfaces

• Leverage existing

infrastructure

• Deployment strategy to

fit Business conditions

• Extend services through

carrier networks or to

business partners

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

9


Infrastructure

Shared intelligence to support and enforce

services and policies

Policy

Control

Visibility

Applications Environment

Standards-based signaling

Service

Network

Intelligence

Functions

App

Intelligence

End Point

Intelligence

• Best Performance,

No Compromise

• Optimized for end user

experience

• Operations friendly

• Scalable platforms

• Industry leading security

• High Availability

Infrastructure

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

10


Policy, Control and Visibility

The control plane for setting policy decisions

and the interface layer for inheritance

Functions

Policy

Control

Visibility

Applications Environment

Standards-based signaling

Service

Infrastructure

Threat

Control

User

Control

Performance

Control

• Policy Driven for

Efficiency, Agility

• Identity federation,

management

• Coordinate intelligence

between services

and Infrastructure

• Maximize network usage

• Application and data

visibility

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

11


Juniper Approach – Our Differentiation

Deliver Proven Proven

IP IP Infrastructure

For to the the Real-Time

Enterprise Enterprise

Customer-oriented approach

• Operational Simplicity & Predictability

• Open and Standards-based

• Investment Leverage

• Organisational behavior

‘No compromise’ solutions

• Performance & Scale

• Security

• Systems-wide Intelligence

• Solving the Difficult Problems

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

12


Enterprise Deployment Scenarios

WAN Gateway

Distributed Enterprise

Extended Enterprise

Data Centers

Converged IP

Infrastructure

Campus

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

13


Enterprises Trend - productivity up and cost down

Facilitated by increasing access to network resources….but…

Access Increases

INCREASED

THREAT

VOLUME

Business critical

network assets

Explosive growth of

vulnerabilities

FASTER

OUTBREAKS

Mobile devices transiting

the LAN perimeter

Unmanaged or ill managed

endpoints

Patch-to-outbreak time

getting shorter

New breed of threats can

come in with “permitted”

users and traffic

MORE

TARGETS

Widely diverse users

Security Decreases

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

14


Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

15


Solutions for the Extended Enterprise

Assessment & Containment

• Native checks

• Client/Server APIs

• Remediation

• Cache Cleaner

• Virtual

Environments

• Connection Control

Data

Center

IP Network

1.Endpoint

Assessment &

Authentication

2. Trusted Xport

(IPSec or SSL)

3. Authorize,

Enforce & Log

RA or

Extranet

DMZ

• Business Demands

• Deliver applications securely to employees,

contractors, partners, suppliers

• IT Challenges

• Provision and manage 1000s of endpoints

• Handle non-owned devices and networks

• Accelerate performance of web-based applications

• Juniper Benefits

• Deployment Agility, Flexibility with security

• Client-less model reduces mgmt overhead

• Per user, per application controls

• Endpoint integrity checks

• Investment Leverage

U.S. Dept of Labor

• Complements existing transport

• Save data center costs while improving

download times & availability

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

16


Juniper’s End-to-End Security Unmatched

Server

Farms

E-mail

MRP/ERP

Unix/NFS

Directory

Store

Intranet /

Web Server

Endpoint

Security

Data

Transit

Security

Hardened

Appliance

In-transit

Data

protection

Coordinated

Threat Control

Dynamic

Access

Privilege Mgmt

Authentication

& Directory

Integration

• Broadest endpoint security

offering

• Dynamic, x-platform Host

Checker

• Cache Cleaner

• Advanced Endpoint Defense

Integrated Malware

Protection

• JEDI client & server APIs

for 3 rd party integration

• Secure appliance

• Robust network

security services

• Multiple 3 rd party

audits

• In-Transit Data

Protection

• Data trapping

• URL obfuscation

• Correlated threat

information

• Coordinated attack

response

• Application usage

control and

visibility

• Granular, dynamic access control

• Broadest Authentication/

Authorization support

• Deepest directory integration

• Utilization of directory

information in policies

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

17


Access Privilege Management – 1 URL

Same person access from 3 different locations

Pre

Authentication

Gathers information

from user, network,

endpoint

Dynamic

Authentication

Authenticate user Map

user to role

Roles

Assignment

Assign session

properties for user

role

Resource Policy

Grant access to

resource as

specified by policy

From a Kiosk

Digital Cert = NO

Source IP = outside

Host Check = failure

Authentication = Strong

Mapped to Field role

SAM = No

File = No

Web Download=Yes

Web Upload=No

Timeout = ½ hour

Host Check = Recurring

Resources =

• CRM Web-read only

• Outlook Web Access

From the field

Digital Cert = YES

Source IP = outside

Host Check = success

Authentication = Strong

Mapped to Sales role

SAM = Yes

File = Yes

Web Download=Yes

Web Upload = Yes

Timeout = 2 hours

Host Check = Recurring

Resources =

• CRM Client/Server

• Exchange

Digital Cert = YES;

Source IP = LAN;

Host Check = success

Authentication = PW

Mapped to Sales role

Network Connect = Yes

Timeout = 12 hours

Host Check = No

Resources =

Full network access

From the LAN

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

18


Solutions for the Campus

Internet

• Business Demands

• Enable secure access to applications for employees,

contractors, partners and other onsite users over both

wired and wireless LANs

LAN #1

LAN #2

• IT Challenges

• Protect against outside/inside threats

• Segment resources, users, departments

• Provide secure WLAN access

• Scale across large or multiple LANs

• Juniper Benefits

• Deployment Agility, Flexibility with security

Odyssey Access

Clients

Departments

Departments

• Unified access control solution for L2 or L3

deployments

• 802.1X and SSL VPN secured WLAN

• Virtual firewalls protect departmental

resources

• Investment Leverage

• Support for Large L3 Routed Campuses

• Overlay to existing wired and/or wireless LANs

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

19


Enterprise Trend – Results

Skyrocketing security costs; loss of productivity with downtime

WAN Access

Campus

• Employees

• Business partners

• Customers

• Guests

• Contractor

Trust is presumed,

but unenforceable

Worms, viruses,

spyware

Need for

Comprehensive

ACCESS CONTROL

Malware, Trojans

and more

Distributed Enterprise

Ill managed endpoints

Lack of control

Extended Enterprise

• Employees

• Business partners

• Customers

• Guests

• Contractor

Solved by SSL VPN, which

provides ACCESS METHOD

with control

Network and application layer threats can come in

Valuable corporate information can go out

Access to mission-critical

enterprise assets and resources

• Business Apps

• E-mail

• Internal

Resources

“ Nearly 40% of all

large enterprises are looking to

implement a solution for LAN

access control in the next

12-18 months”

Forrester Research

Vulnerable servers are accessed

By EVERY user population

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

20


Why is this technology so important??

• Dynamic Network Boundaries –

Location Complication

• Mobile Workforce

• Wireless Networks

• Contractors

• Partners

• Diversity of endpoints

• Sophisticated Attacks

• Zero-Day Exploits

• Rapid Infection Speed

• Targeted Attacks (crimeware)

• Rootkits, Botnets, Zombies and

Back Doors

• Harder to control/More

demanding Applications

• IM/VoIP/VoD

• Unenforceable policy

• The Grey Network

• The Network you don’t know

you own!

• The Usual Suspects

• Bad People

• More Money for Attackers

• Extortion, Identity Theft,

Bank Fraud, Corporate

Espionage,…

• Careless People

• Accidental agents of

catastrophe

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

21


Juniper UAC : How It Works

Endpoint

Security

Software

+

Juniper UAC

Enforcer

+

Juniper

Infranet

Controller

+

AAA Authentication

Juniper

Enterprise

Infranet

Agent

Anti-

Virus

Client

Updates,

Fixes,

Service

Packs

Software

Firewall

IE

Security Credential Checking

Permit

Deny

Quarantine

Remediate

IC

Security Policy

Enforcement

Security Policy

Creation

AV Policy

Evaluation

AAA

Steel-Belted Radius,

LDAP, AD, OTP, PKI,

SAML

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

22


UAC 2.0: Layer 2 + Layer 3

The future of Unified Access Control

AAA Servers

Identity Stores

Infranet Controller

w/Integrated SBR

2.

3.

Infranet Agent

w/Integrated OAC

1.

802.1X

4.

Enforcers

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

23


Solutions for the WAN Gateway

VoIP

DMZ

Campus

IP Network

Data

Center

DMZ

RA or

Extranet DMZ

• RTE Business Demands

• Ensure business continuity, high availability to servers

and applications

• IT Challenges

• Maximize availability, resiliency, quality

• Protect public facing servers and infrastructure

• Optimal support for broad mix of app & traffic

• Massive # VPN Connections or Large BW single tunnels

• Juniper WAN Gateway Benefits

• Deployment Agility, Flexibility with security,

performance

• High performance Enterprise routers

provide 10x over competing solutions

• MPLS for improved quality and traffic

engineering

• High performance firewall/VPN, security

gateway

• Intrusion Prevention mitigates threats

• SSL VPN Gateway for secure access

• WAN Optimization to remote locations

• Investment Leverage

• Complementary to installed WAN

infrastructure, can be deployed in mixed vendor

scenario

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

24


Compression & Sequence Caching

• Low latency & highly scalable

• Application & protocol independent

• Compresses large & small data patterns

Molecular Sequence Reduction

• Patented memory-based

compression for 2x to 10x gains

• Centralized dictionary speeds

learning

• Eliminate patterns across any

application type

Network Sequence Caching

• Disk-based pattern compression

delivers 10x to 100x gains

• Compresses even under

simultaneous downloads

• Supports unidirectional learning

• Proactively pushes new content

to warm dictionaries

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

25


Application Acceleration

• Reduces impact of latency on slow apps

• Scales the flow & fills the pipe

• Overcomes impact of chatty protocols

Packet Flow Acceleration

• Increases TCP throughput

• FEC recovers dropped packets

Application Flow Acceleration

• Big gains even on low latency

links (30 ms)—File services

(CIFS), Exchange (MAPI)

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

26


PFA Details

• Fast Connection Setup

• Eliminates one round-trip from setup —

benefits short-lived sessions

• Active Flow Pipelining

• Terminates TCP —

benefits high-latency and/or high-capacity links

• Forward Error Correction

• Sends recovery packets —

benefits lossy links by avoiding retransmissions

TCP

Reliable Transport with FEC

TCP

Active Flow Pipelining

Data1

Data2

Data3

Data4

Data5

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

27


Visibility: WAN Executive Reporting

Reduction Summary

Reduction

Peak Data Reduction 78.9 %

Total Data Reduction 71.2 %

Total Bytes Into Peribit

Total Bytes Reduced

Total Bytes Out of Peribit

Effective WAN Capacity

55.5 GB

39.2 GB

16.3 GB

3.47 X

Path Latency Distribution

Application Summary

Percent of traffic To and From WAN by application

Path Loss Distribution

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

28


Solutions for the Data Center

Internet

• Business Demands

High performance

Routing

Integrated

IPS/FW/VPN

Secure Access (SSL)

WAN Optimization

• Ensure LAN-like application delivery for web users,

remote users, and branch offices

• Ensure business continuity, high availability to servers

and applications

• IT Challenges

• Data Center consolidation and server centralization

• Protect applications, data, and infrastructure

AFE Application

Acceleration

Cache

SLB

Web

Acc

SSL

O/L

Web Servers

• Maximize performance, availability, resiliency

• Regulatory Compliance

• Juniper Benefits

• Deployment Agility, Flexibility with security,

performance

• High performance routers deliver 10x over

competing solutions

App Servers

• High performance firewall/VPN/security

• AFE accelerate applications to users

Data Bases

• WAN Optimizer accelerate applications to sites

• Investment Leverage

• Consolidate or redeploy servers from

acceleration

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

29


Solutions for the Distributed Enterprise

Retail Office

(1000s) WiFi

Access

Small Branch

(1000s) w Split

Tunnels

NG Branch/Regional

Office w Split

Tunnel

Internet

IP/MPLS Network

Back-hauled

Branch

• Business Demands

• Address Compliance issues without compromising

availability and application performance

• Reduce costs without compromising security

• IT Challenges

• Protect data, servers, infrastructure

• Improve application performance after data

center/server centralization

• Maximize availability, resiliency

Regional

Office

HQ

Regional

Office

• Juniper Benefits

• Deployment Flexibility with security,

performance

• Intrusion Prevention mitigates threats

• WAN Optimization for branch offices

• Resilient, secure VPN to branch offices

• MPLS VPN for QoS and traffic engineering

to regional offices

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

30


Solutions for Private WAN

Headquarters

Branch Office

• Business Demands

• Ensure business continuity, high availability and security

of network

Branch Office

IP Network

• IT Challenges

• Maximize availability, resiliency, quality

• Protect public facing servers and infrastructure

• Support applications with Quality of Service

Branch Office

Branch Office

Backup

Data

Center

• Juniper Benefits

• Deployment Flexibility with performance

• High performance Enterprise routers

provide 10x over competing solutions

• MPLS for improved quality and traffic

engineering, fast link recovery

• Operational simplicity with single OS train for

all routers

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

31


MPLS Enables the Private Network: Convergence

• Consolidation: Enables IP to consolidate multiple

networks: ATM, Frame Relay, TDM, and IP

Before

• Provides the required quality of service

characteristics to support the diverse applications of

these many networks

After

PSTN

IP

IP/MPLS

FR/ATM

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

32


Enterprise Deployment Summary

WAN Gateway

Distributed Enterprise

Extended Enterprise

Data Centers

Deliver Proven Proven

IP IP Infrastructure

to Converged the IP

For Infrastructure

the Real-Time

Enterprise Enterprise

Campus

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

33


Why Enterprise Infranet Framework Matters

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

34


Why should you care about EIF?

• It’s our Enterprise vision

• It’s the “wrapper” for enterprise product portfolio

• It can help you sell

• Facilitates conversations at CXO level

• Solves strategic problems

• Opens up full Juniper suite

• Consultative selling

• Solution selling

• Selling services

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

35


Juniper Networks Global Alliances

Global Elite Partners

Security

Alliances

Infrastructure

Alliances

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

36


Juniper/Avaya Strategic Alliance

• #1 in SSL VPN

• #2 in high end routing

• #2 in Firewall/VPN Appliances

• 8 of the top 15 Fortune 500

Companies are Juniper Customers

• 9 of the top 20 Global 100

Companies are Juniper Customers

• #1 IP Telephony

• #2 Enterprise Telephony

• #1 Voice Mail, UC & UM

• #1 Call Centers

• #1 PBX Maintenance Services

• Standards based solution

Highly Resilient and Secure Converged Network that

Provides the Best Communication Solutions for

Businesses

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

37


Best-in-class Network & Endpoint Security

Internet

Symantec

Juniper’s Gateway

Security

ISG/SSG

Symantec

Network

Juniper’s Security

ISG/SSG

Juniper security

appliances on the network

Symantec Juniper

Network IDP

Security

With Integrated

Symantec security

content

101101110010001110100

110100101111001110010

Data Center

111010011111110100111

001001001000111001100

& Servers

111010010010101010101

Symantec endpoint and

server protection agents

End User

Networks

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

38


Objective:

Comprehensive Endpoint Compliance & Access Control

Solution

• Endpoint Compliance/Access control is facing strong demand,

but the solutions are still complex

• Many moving parts: Multiple client agents, RADIUS servers and network

hardware that must be tested for interoperability

• Complexity risks could slow the growth of Network Access Control market

symantec

• Core competence in endpoint security

and compliance

• Broad Endpoint Compliance solution,

built on Sygate acquisition

• Market-leading Endpoint AntiVirus and

personal firewall

• Strong endpoint route-to-market

• Core competence in securing

network infrastructure

• Market-leading 802.1x supplicant and

AAA Radius technology

• Market-leading network-based

enforcement and security appliances

• Strong networking route-to-market

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

39


Juniper Networks Global

Go-to-Market Strategy — J-Partner

Enables and rewards partners for delivering

business critical networking and security solutions

Channels

Global Elite

Elite

Specialist

Authorized

Enable

Solutions

Financials

Alliances

Infrastructure

Security

System Integrator

OSS and Network

Management

Content and Applications

Reward

Demand

Programs

Business Critical Networking Solutions

End Customer

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

40


Best in Class Technology - Enterprise

Market Share*

• 1 in SSL VPN

• 1 in High-end Firewall

• 2 in High-end Enterprise Routing

• 2 in WAN Acceleration

Gartner Leadership Quadrant

• Firewall VPN

• SSL

• Intrusion Prevention Systems

• Application Acceleration

* Source: Synergy IDC and Infonetics

Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

41


Copyright © 2006 Juniper Networks, Inc. Proprietary and Confidential www.juniper.net

42

More magazines by this user
Similar magazines