Cloud Security: Juniper vSRX and cSRX
Data centers are increasingly relying on server virtualization to provide services faster and more efficiently than before. However, with the virtualization of the data center there are new problems that require additional security measures, the requirements for which are higher than for physical resources.
')
For many organizations, virtual security is increasingly on the list of top priorities. Indeed, on the one hand, in virtual data centers it is easy to create, move and change high-dynamic virtual machines, and on the other, it can complicate the maintenance of installing virtual machines with security policies, as well as tracking security policies as they move. In fact, the agility and flexibility inherent in virtualization can lead to loss of accessibility and control familiar to physical environments.
This pushes the IT departments of companies to introduce firewalls, which allows for flexibility, adaptability and cost reduction. Juniper Networks' vision of a relatively secure software-configured network (SDSN) includes the end-to-end observability of the network, which ensures its security both from a physical and virtual point of view, increasing the efficiency of using the cloud environment to detect and prevent threats in real time. As part of this concept, Juniper announced two new products - the industry’s first virtual firewall with 100 Gb / s bandwidth and the Docker SRX service gateway (cSRX), which provides advanced services for application layers L4-L7 (content protection Content Security, unified threat protection (UTM).
vSRX
Juniper vSRX is a complete solution with a virtual firewall. As the industry's fastest virtual security platform, vSRX offers bandwidth up to 100 Gb / s, providing scalable and reliable protection for high-performance applications.
The vSRX solution is designed for businesses that need to secure virtual data centers located in private and hybrid cloud environments. Such organizations have a need for segmentation of security policies, as well as simultaneous management of security policies and configurations on physical and virtual platforms from a single management center (the management tool in this case is Junos Space Security Director.
vSRX is also great for hosting service providers offering security services and connectivity for virtual machines hosted by customers. Each client is provided with a separate vSRX firewall to keep its resources secure. The solution will also be a good choice for providers of managed security services (MSSP). In this case, the key requirements put forward to requests for services will be flexibility and the ability to quickly adapt, which will, depending on the requirements of the client, expand and narrow the range of security services provided. By automatically provisioning services as required, the vSRX solution provides the right coverage and adaptability.
Juniper vSRX provides industry-leading firewall per core — 17 Gbps and 4 Gbps for IMIX traffic for large packets. Performance scalability is up to 100 Gbps and 25 Gbps for IMIX traffic with 12 virtual CPUs. The solution has a wide range of security features: unified protection against UTM threats, specialized IPS tools, full anti-virus, antispam, content filtering and AppSecure services (visibility and application management). vSRX is managed centrally (as mentioned above, using Junos Space Security Director), as well as automated initialization and lifecycle management via Junos Space Virtual Director. It is possible to connect to virtual private networks and routing functions in the format of an adaptive virtual machine based on Junos OS. It is worth noting Full HA - saving sessions when switching to a standby device.
Juniper vSRX main competitive advantages
- The most productive virtual firewall with the highest speed
- Lowest total cost of ownership (CER)
- Integration with the SRX series physical firewalls for centralized management, security policy configuration and management
- Built-in streamlined routing, network connectivity and high availability functionality
- Flexible pricing model
The use of vSRX software is offered in both a perpetual license and a subscription. The pricing model varies depending on the type of bandwidth license (instead of the existing one, where the number of virtual CPUs was taken as the basis). The vSRX license will be offered in three different packages with the possibility of increasing the bandwidth by 10 MB, 100 MB, 1 GB, 2 GB and 4 GB.
- Basic Firewall Package (STD), including firewall, support for virtual private network and routing functions;
-Application Protection Package (ASEC), which includes all the functions of the STD package plus IPS and AppSecure;
Content Protection Package (CS), which includes all the functions of STD and ASEC packages, plus antivirus, web content filtering and antispam.
In addition, a choice of features will be available as line items for advanced security services.
cSRX
The cSRX firewall provides advanced security features for the L4-L7 application layers (Content Security content, AppSecure, Unified UTM Threat Protection) in a compact form factor that allows for increased density on the x86 infrastructure with a boot time of less than a second.
cSRX allows security professionals to deploy and scale protection using firewalls in a highly dynamic environment. The solution provides containers with Security Services VNF Security Services. The container-packed version of the Juniper SRX series firewalls allows both enterprises and service providers to significantly increase the deployment flexibility of advanced security services. Compactness, high density, and fast acceleration to working speed (fast spin-up times) are key advantages of the cSRX.
Docker software containers share a single host operating system for all application containers running on that server. Containers reduce resource consumption by applications, eliminating the need for multiple copies of the OS. Because of this, cSRX can run faster, takes up less space, scales in both directions, and, along with vSRX, provides a density level that far exceeds full virtual machines.
Increasing efficiency by using Docker as a container management solution, the cSRX service gateways provide simple, adaptive and highly scalable deployment options, covering many different applications. cSRX also supports Juniper Networks Contrail, OpenContrail, and other third-party solutions, and can integrate with next-generation tools for cloud orchestration like OpenStack, both directly and through APIs.
The solution does not take up too much space, which saves free space, and does not require the reservation of resources. In addition, cSRX extensions are possible to meet the highest requirements. With a boot-up / restart speed of less than 1 second, the firewall gives the client’s infrastructure greater flexibility. At the same time, using cSRX contributes to reducing the costs of companies, since customers can select the necessary functions, focusing on the acceptable cost.
Integrator Bonus
When adding vSRX and cSRX services to their portfolio, MUK partners can get a number of advantages. Thus, it is possible to offer a virtual firewall for enterprise customers who transfer their networks to the cloud environment or virtualize them both completely and partially. The proposal covers the needs of both physical and virtual security. A simple download and a 60-day trial version of vSRX help attract new customers and additional sources of revenue.
All this expands the opportunities for partners to access new accounts and market verticals, where the development of cloud technology leads to an increased need for virtual security solutions.
For questions contact: juniper@muk.ua .
')
For many organizations, virtual security is increasingly on the list of top priorities. Indeed, on the one hand, in virtual data centers it is easy to create, move and change high-dynamic virtual machines, and on the other, it can complicate the maintenance of installing virtual machines with security policies, as well as tracking security policies as they move. In fact, the agility and flexibility inherent in virtualization can lead to loss of accessibility and control familiar to physical environments.
This pushes the IT departments of companies to introduce firewalls, which allows for flexibility, adaptability and cost reduction. Juniper Networks' vision of a relatively secure software-configured network (SDSN) includes the end-to-end observability of the network, which ensures its security both from a physical and virtual point of view, increasing the efficiency of using the cloud environment to detect and prevent threats in real time. As part of this concept, Juniper announced two new products - the industry’s first virtual firewall with 100 Gb / s bandwidth and the Docker SRX service gateway (cSRX), which provides advanced services for application layers L4-L7 (content protection Content Security, unified threat protection (UTM).
vSRX
Juniper vSRX is a complete solution with a virtual firewall. As the industry's fastest virtual security platform, vSRX offers bandwidth up to 100 Gb / s, providing scalable and reliable protection for high-performance applications.
The vSRX solution is designed for businesses that need to secure virtual data centers located in private and hybrid cloud environments. Such organizations have a need for segmentation of security policies, as well as simultaneous management of security policies and configurations on physical and virtual platforms from a single management center (the management tool in this case is Junos Space Security Director.
vSRX is also great for hosting service providers offering security services and connectivity for virtual machines hosted by customers. Each client is provided with a separate vSRX firewall to keep its resources secure. The solution will also be a good choice for providers of managed security services (MSSP). In this case, the key requirements put forward to requests for services will be flexibility and the ability to quickly adapt, which will, depending on the requirements of the client, expand and narrow the range of security services provided. By automatically provisioning services as required, the vSRX solution provides the right coverage and adaptability.
Juniper vSRX provides industry-leading firewall per core — 17 Gbps and 4 Gbps for IMIX traffic for large packets. Performance scalability is up to 100 Gbps and 25 Gbps for IMIX traffic with 12 virtual CPUs. The solution has a wide range of security features: unified protection against UTM threats, specialized IPS tools, full anti-virus, antispam, content filtering and AppSecure services (visibility and application management). vSRX is managed centrally (as mentioned above, using Junos Space Security Director), as well as automated initialization and lifecycle management via Junos Space Virtual Director. It is possible to connect to virtual private networks and routing functions in the format of an adaptive virtual machine based on Junos OS. It is worth noting Full HA - saving sessions when switching to a standby device.
Juniper vSRX main competitive advantages
- The most productive virtual firewall with the highest speed
- Lowest total cost of ownership (CER)
- Integration with the SRX series physical firewalls for centralized management, security policy configuration and management
- Built-in streamlined routing, network connectivity and high availability functionality
- Flexible pricing model
The use of vSRX software is offered in both a perpetual license and a subscription. The pricing model varies depending on the type of bandwidth license (instead of the existing one, where the number of virtual CPUs was taken as the basis). The vSRX license will be offered in three different packages with the possibility of increasing the bandwidth by 10 MB, 100 MB, 1 GB, 2 GB and 4 GB.
- Basic Firewall Package (STD), including firewall, support for virtual private network and routing functions;
-Application Protection Package (ASEC), which includes all the functions of the STD package plus IPS and AppSecure;
Content Protection Package (CS), which includes all the functions of STD and ASEC packages, plus antivirus, web content filtering and antispam.
In addition, a choice of features will be available as line items for advanced security services.
cSRX
The cSRX firewall provides advanced security features for the L4-L7 application layers (Content Security content, AppSecure, Unified UTM Threat Protection) in a compact form factor that allows for increased density on the x86 infrastructure with a boot time of less than a second.
cSRX allows security professionals to deploy and scale protection using firewalls in a highly dynamic environment. The solution provides containers with Security Services VNF Security Services. The container-packed version of the Juniper SRX series firewalls allows both enterprises and service providers to significantly increase the deployment flexibility of advanced security services. Compactness, high density, and fast acceleration to working speed (fast spin-up times) are key advantages of the cSRX.
Docker software containers share a single host operating system for all application containers running on that server. Containers reduce resource consumption by applications, eliminating the need for multiple copies of the OS. Because of this, cSRX can run faster, takes up less space, scales in both directions, and, along with vSRX, provides a density level that far exceeds full virtual machines.
Increasing efficiency by using Docker as a container management solution, the cSRX service gateways provide simple, adaptive and highly scalable deployment options, covering many different applications. cSRX also supports Juniper Networks Contrail, OpenContrail, and other third-party solutions, and can integrate with next-generation tools for cloud orchestration like OpenStack, both directly and through APIs.
The solution does not take up too much space, which saves free space, and does not require the reservation of resources. In addition, cSRX extensions are possible to meet the highest requirements. With a boot-up / restart speed of less than 1 second, the firewall gives the client’s infrastructure greater flexibility. At the same time, using cSRX contributes to reducing the costs of companies, since customers can select the necessary functions, focusing on the acceptable cost.
Integrator Bonus
When adding vSRX and cSRX services to their portfolio, MUK partners can get a number of advantages. Thus, it is possible to offer a virtual firewall for enterprise customers who transfer their networks to the cloud environment or virtualize them both completely and partially. The proposal covers the needs of both physical and virtual security. A simple download and a 60-day trial version of vSRX help attract new customers and additional sources of revenue.
All this expands the opportunities for partners to access new accounts and market verticals, where the development of cloud technology leads to an increased need for virtual security solutions.
For questions contact: juniper@muk.ua .
Source: https://habr.com/ru/post/305500/
All Articles