Juniper Seminar: Key Takeaways

Posted on by

Yesterday, I attended the Toronto session of a Juniper seminar focused on security and datacenter solutions.

The following are the key takeaways I extracted:

  • Juniper is standards-oriented. In the area of NAC, e.g., they are co-chairing with Symantec the Trusted Computing Group‘s Trusted Network Connect (TNC) effort. It’s not (yet) clear to me how the TCG interplays with the IETF … And speaking of IETF, Juniper’s Network and Security Manager (NSM) makes use of IETF’s NetConf standard in, e.g., simplifying the provisioning of new devices on the network.
  • Juniper has a comprehensive portfolio of offerings at the intersection of security and networking. Interestingly, Juniper’s Security Threat Response Manager (STRM) OEMs technology from Q1Labs.
  • 802.1x is a solid bet. Based on a number of trends, and a variety of requirements, Juniper promotes use of 802.1x. Even though this is a path we’ve already identified, it’s good to have it independently validated …
  • Security, and other services, can be offloaded to purpose-built devices in the core. Instead of inserting, e.g., a FWSM into a device (e.g., a Cisco 65xx) that is primarily providing routing and switching services, Juniper has recently introduced a new paradigm with its SRX series. Touted as a services gateway for the core, the purpose of the SRX is to offload from the routing/switching devices various services – e.g., firewall, VPN, etc. As I understand it, the SRX runs JUNOS with various enhancements from ScreenOS (their O/S from their firewall devices). Even if you don’t make use of Juniper solutions, it may make sense to understand and potentially apply the offloading-of-services concept/paradigm in your core.
  • Juniper allows for the virtualization of switches. Juniper Virtual Chassis (VC) is currently only available for their EX 4200 platform. With VC, it’s possible to virtualize up to 10 physically distinct EX 4200s into one. Within the next year, Juniper plans to provide VC on, e.g., their EX 8200 platform. Because vmWare’s vMotion requires layer-2 adjacency, server virtualization may prove to be a significant driver for switch virtualization. I expect that this will prove, e.g., to be particularly relevant in providing failover services (at the networking layer) between multiple, physically distinct, and geographically separated locations.

Even though the event appeared to be more of the sales-y/marketing-y variety, there was substantial technical content in evidence.

1 thought on “Juniper Seminar: Key Takeaways

  1. Charles Goldberg (Juniper), who presented the security (morning) session at the aforementioned Juniper event, had the following comment to share:

    Here are some references for IETF’s NAC direction, the WG is called Network Endpoint Assessment.

    http://www.networkcomputing.com/channels/security/showArticle.jhtml?articleID=206800835

    Click to access IETFNACstrategy.pdf

    And the latest drafts can always be found at:

    http://tools.ietf.org/wg/nea/draft-ietf-nea-pa-tnc/

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s