SD-ENTERPRISE “THE GAME CHANGER” NXTWORK On Tour...
Transcript of SD-ENTERPRISE “THE GAME CHANGER” NXTWORK On Tour...
© 2018 Juniper Networks
NXTWORK On TourBranding Guidelines
SD-ENTERPRISE
“THE GAME CHANGER”
Michael Shipley, APAC GTSE SD-WAN
© 2018 Juniper Networks
1. SD-WAN EVOLUTION
2. SD-ENTERPRISE OVERVIEW AND ARCHITECTURE
3. CAPABILITIES
4. DIFFERENTITATION
5. DEMOS
6. IN SUMMARY
AGENDA
© 2018 Juniper Networks
SD-WAN EVOLUTION
© 2018 Juniper Networks
SD-ENTERPRISE BUSINESS OUTCOMES
Top Business OutcomesEnterprise Networking Challenges
LESS THAN 6 MONTH PAYBACK PERIOD
Source: Juniper Business Analysis Team [email protected]
SD-WAN REQUIRES ADDITIONAL IP
SECURITY COMPARED TO MPLS
● Reduce / Avoid Expenditures
○ 63% less cost - truck rolls, set-up
○ 25-90% savings - WAN circuits
○ 30-65% total investment savings, new
OpEx models
● Business Agility
○ 40% faster - new services, on and off
○ Hours to minutes - self provisioning
○ 75% faster - addition of branches
● Customer QoE
○ 20-50% - improved application
performance
https://stlpartners.com/research/enterprise-networking-challenges-how-can-sd-wan-help/
© 2018 Juniper Networks
SD-WAN ALONE ISNT ENOUGH
• Easier operations and lower OpEx
• Faster branch and VPC rollouts
• Lack of branch IT expertise
• Variety and reliability of connectivity
• VPN segmentation
• Better on-ramps to multicloud
• App & user policy controls, SLAs, visibility
• SD-WAN-aaS business and consumption
• Bandwidth on demand
SD-WAN has already solved
AI-driven enterprise & Juniper Connected Security
…across campus, branch and WAN
• Integral Security: NG-FW, UTM, IDP, DDoS
Protection, ATP, encryption and key management
• Block threats in SD-WAN and in LAN switches
• SD-LAN: Campus and branch switching and WiFi
• SD-Branch uCPE consolidation of VNFs and apps:
• IoT gateway, unified communications, edge-
computing cache and applications
SD-ENTERPRISE
AIMING FOR SD-WAN TODAY… is like driving forward looking in the REAR VIEW MIRROR
© 2018 Juniper Networks
SD-ENTERPRISE EVOLUTION
6
1
2
3
CPE/uCPE
SD-WAN/Hybrid-WAN
SD-Branch
SD-Enterprise
LTE
NFX Series Universal CPE
VNFsLTE
SRX Series CPE EX Series
Wi-Fi
Enterprise Branch
Enterprise Branch
Corporate HQ
Enterprise Branch
EX Series
© 2018 Juniper Networks
7
SD-ENTERPRISE
OVERVIEW &
ARCHITECTURE
© 2018 Juniper Networks
IT’S BOTH CLOUD DELIVERED AND ON-PREM
8
Partner / Self Managed
© 2018 Juniper Networks
SD-ENTERPRISE SOLUTION AND MAIN COMPONENTS
1) Management and Orchestration
• CSO On-Cloud (5.0)
• CSO On-Prem (4.1)
2) CPE/Branch Gateway Device
• Branch SRX Series: SRX300 line, SRX550M, SRX4100,
SRX4200, vSRX (roadmap SRX1500)
• NFX Series: NFX150 and NFX250
3) Enterprise Hub
• SRX4100/4200
4) Provider Hub (Multitenant)
• SRX1500, SRX4100/4200, vSRX
• MX Series (feature and model limitations 104-960)
5) Branch LAN switching
• New models EX2300, EX3400, and EX4300
6) WiFi
• All models supported by Mist cloud management
Mist Wi-Fi APsEX Series Ethernet Switches
SRX Series Services Gateway Branch Secure CPEs
LTE
NFX Series universal CPE
LTE
Contrail SD-WAN
vSRX Virtual Firewall
Enterprise or Provider Hub
HYBRID WAN NGFW SD-WAN SD-LAN
© 2018 Juniper Networks
SD-ENTERPRISE CPE PRODUCT PORTFOLIO F
lexib
ilit
y a
nd
Scale
SRX300
SRX320
SRX340
SRX345
NFX250 S2
NFX250 S1
NFX250 LS1
NFX150
vSRX
VNF
VNF
vSRX
CSO/NSC Automation, SD WAN & Security
Small Server Medium ServerSmall Branch CPE
Open VNF Platforms
3rd Party CPE
vSRX
SRX4100/4200
Large Branch CPE
Junos
Junos
SRX550M
SRX1500
New in 4.1
• ZTP
• NFX 250 Porter 2 Dual CPE/RMA
• NFX 150 Porter 3 Single CPE/RMA
• SRX 3xx CPE (LTE)
Feature Support
• SRX 4100/4200 as SP/Enterprise Hub
• vSRX Hub Support
• Hub Multi-homing
Feature Support
• Hub Multi-homing
• Hub and Spoke
• Dynamic Mesh
Feature Support
© 2018 Juniper Networks
SD-ENTERPRISE WITH INTEGRATED SECURITY SERVICES
Foundation Services
Next Generation Firewall
Services
Firewall NAT VPN Routing
Application Control &
Visibility
User-based Firewall
Unified Threat Management
(Known Threats)
Anti-virus
Intrusion Prevention Web/Content Filtering
Anti-spam
Threat Intelligence
Platform
Botnets/C&C
GEO-IP
Custom Feeds, APT
Management SSL Proxy Analytics Automation
Cloud Based
Advanced Anti-Malware
(Zero Day)
Sandboxing
Evasive Malware
Rich Reporting, Analytics
© 2018 Juniper Networks
MULTI-TENANCY AND RBAC
Service Provider/Enterprise Admin
Tenant A Admin
VRF 1 VRF 2 VRF N
Dept100 Dept101 Dept1XX
Corp Intranet Guest Wifi
LAN 1
Site 1 / CPE 1
LAN 2 LAN NLAN 3
Operating Company Admin
Tenant B Admin
Operating Company
Tenant C Admin Tenant D Admin
Level 1 - MSP
Level 2 – Operating Company
Level 3 – Tenant
Level 4 – Department
VRF 1 VRF 2 VRF N
Dept100 Dept101 Dept1XX
Corp Intranet Guest Wifi
LAN 1
Site 1 / CPE 1
LAN 2 LAN NLAN 3
• Granular control of Portal Objects
• Read, Write, Execute
• Out of box predefined roles
• Service Provider, Operator, Tenants
• New role definition
• Authorization with SSO
Feature Support
Juniper Admin
Operating Company Admin
© 2018 Juniper Networks
NETWORK SEGMENTATION AND DEPARTMENTS
• > 25 Network Segments
• Separate policy controls on each segment
• Special DC Department on Hub
Feature Support
• Isolate departmental traffic with Network Segmentation• LAN side OSPF on Enterprise Hub• Automatically leak DC routes to all Spokes
Spoke
Department 1 VRF
Department 2 VRF
Department 25 VRF
•
•
•
Hub
Data Center VRF
Department 1 VRF
Department 2 VRF
Department 25 VRF
•
•
•
DCOSPF
Cloud HUB
Dept
LAN
Branch HQ
CSO
Controller
© 2018 Juniper Networks
Cloud HUB
TRANSPORT FLEXIBILITY
• Dynamic Mesh
• Partial Mesh
• E-Hub Mesh support
• Multi-transport for full mesh
• Link tagging
• Lower Bandwidth support for ZTP
• Minimum 5 Mbps for ZTP (4.0.2)
• Minimum 2 Mbps for ZTP (4.1)
• Lower Bandwidth for OAM/DATA
Customer Benefit:
• Transport agnostic
• Leverage available WAN link type
• Improve scale with partial mesh
Feature Support
Site 2 Site 4 Site 5
Cloud HUB
DeptDeptDept
Dept
CSO
Broadband MPLS MPLS, Broadband, LTE
Site 1
LTE
Site 3
Dept
ADSL/VDSL
Dept
Cloud HUB
Gateway
DeptCloud HUB
Gateway
Dept
© 2018 Juniper Networks
Cloud HUB
SD-WAN BREAKOUT OPTIONS
• Intuitive Intent based Breakout policy
• Site Local Internet Breakout
• Dept Local Internet Breakout
• Application Local Internet breakout
• Zscaler Internet Breakout
• Central Breakout on Hub
• Central Zscaler Breakout
Customer Benefit:
• Granular control of traffic
• Site level control of breakouts
• Redundant breakout path for link failure
Use Case
• Extensive Breakout capability• Breakout failover and redundancy
Site 1 Site 2 Site 3
Enterprise
Hub
Service
Provider HUB
IPVPN
Local Breakout
Zscaler Breakout
DC
3. Hub Breakout
• Internet
• IPVPN
Local Breakout
Zscaler Breakout
Internet Breakout
ZBOPath A Path A Path A
Path A
Path B Path B Path B
DeptDeptDept
Depts
Depts
2. Central Internet Breakout
• Application
• Department
• Internet
1. Local Breakout
• Application
• Department
• Internet
• Zscaler
© 2018 Juniper Networks
flexible
de-risk connection services,
and enhance their value
supports multiple connection types and
locations
customizable
differentiate to create more
stickiness and drive up ARPU
customize to your environment,
business and customer needs
open
integrate additional VNFs
for a portfolio of services
APIs provide north and southbound
interfaces
secure
sell tiered security services:
basic, advanced, premier
fully integrated NGFW with UTM and
ATP options
fully integrated
sd-wan + sd-lan (wired +
wireless) + security
complete SD-WAN solution, hardware +
software
broad CPE portfolio
expand target market off-net
with flexible CPE portfolio
Virtual, Secure Router, Universal CPE
solutions
A FULLY INTEGRATED SOLUTION
16
Let us help you achieve your desired business outcomes …
© 2018 Juniper Networks
1
CAPABILITIES
© 2018 Juniper Networks
AUTOMATED ZERO TOUCH
18
WAN
Branch Site
1. SRX CPE is delivered to site.
2. CPE calls home to obtain config from CSO.
3. CSO generates and pushes config based on type of deployment.
CSO
SRX / vSRX
(CPE)
© 2018 Juniper Networks
SD-BRANCH
19
WAN
Branch Site
1. CSO manages intent-based security policies and security services for provisioned CPEs.
2. The CPE continuously sends security/NGFW stats that can be used for reporting.
3. EX Switches can be configured and managed through the platform. Mist APs can also be monitored.
SRX / vSRX
(CPE)
CSO can be used as a management platform for CPE and Switching.
EX Switches
(Stack/VC)
Mist APs
CSO
© 2018 Juniper Networks
…ADD SD-WAN AND EVOLVE TO SD-ENTERPRISE
20
Branch Site
1. Upgrade managed sites to full SD-WAN functionality for Application Centric Routing and SLAs.
2. Simplified Multicloud: Stitch your SD-WAN overlay into Public Cloud using vSRX.
SRX / vSRX
(CPE)
Unified SD-WAN & Site Management: Deploy managed sites now and upgrade to SD-WAN when ready.
EX Switches
(Stack/VC)
Mist APs
CSO
MPLS
4G/LTE
Regional
DC
SRX / vSRX
(Hubs)
WAN
© 2018 Juniper Networks
KEY SD-ENTERPRISE LAN FEATURES
21
• Juniper Cloud Hosted
• LAN service
• Multi-Tenancy
• Role Based Access Control (RBAC)
• EX2300/EX3400/EX4300 Standalone behind any
Internet Gateway
• EX2300/EX3400/EX4300 behind SD-WAN SRX
or NGFW SRX
• ZTP support for EX
• Configuration/Maintenance/Troubleshooting for
EX
• EX system health monitoring
• Integrated Mist WiFi AP Monitoring
• Flexible Deployment Options
WAN
NAC Policy Server
CSO Cloud Service
Branch
Corp HQ
MPLS / Internet / LTE
© 2018 Juniper Networks
SWITCH DASHBOARD UI
22
© 2018 Juniper Networks
INTEGRATED MIST WI-FI AP MONITORING
23
• Mist AP device inventory view in CSO
• Mist AP monitoring via federated SDN
Feature Support
© 2018 Juniper Networks
KEY FEATURES OF SD-ENTERPRISE LAN
24
• Remote branch access switch provisioning
• Works in conjunction with Juniper SRX for SDWAN and NGFWZero Touch Provisioning
• Configure Access ports and VLAN assignments
• Stage 2 Templates of common configurations (5.0.2)
• SW Image ManagementConfiguration Management
• Detection and visibility of alarms
• Live Port Status (Up/Down with color coding)
• Ping, Traceroute, Reboot
Fault Management &
Troubleshooting
• Port bandwidth utilization
• Port information of in/out errors
• Port information of in/out packet loss
• General Resource Utilization details
Performance Metrics
© 2018 Juniper Networks
KEY NGFW FEATURES
Device Mgmt. MonitoringPolicy Mgmt.
• Configuration
• Zones
• Physical/Logical
Interfaces
• Routing Instance
• License push
• S/W upgrade
• App Signature download
• Event Viewer
• Firewall Events
• Web Filtering
Events
• IPSec VPN Events
• Content Filtering
Events
• Antispam Events
• Antivirus Events
• IPS Events
• Device Events
• Firewall Policy
• UTM Policy
• NAT Policy
• SSL Proxy
• Address/Address Groups
• Service/Service
Groups/Protocols
• Application/
Application Groups
• Security Reports
• Log Report
• Bandwidth Report
• ANR Report
• Threat Map
Reporting
© 2018 Juniper Networks
DIFFERENTITATION
© 2018 Juniper Networks
SD-ENTERPRISE KEY CAPABILITIES & DIFFERENTIATION
Service Richness
(upsell security as a service)
• Next Generation Firewall
• UTM, IDS, IPS, Sky ATP, Unified Policy, SDSN
• NFX: TPM, Secure Boot, Secure BIOS
27
Deployment Flexibility
(branch or cloud)
• Breadth of CPE, NFX, SRX, white box (roadmap)
• uCPE Performance
• Multiple VNF Services
• Fully Integrated HW/SW
• SRX/NFX widely deployed
SECURITY
(INTEGRATED NGFW)
CPE PORTFOLIO
(BREADTH, SCALE)
Protect, Grow Revenue
(managed service portfolio)
• Investment Protection: use existing infrastructure
• Flexible: standard protocols, open interfaces
• Customizable to customer unique requirements
• 3rd Party VNFs
FLEXIBILITY
(SD-WAN + SERVICES)
End to End
(campus & branch)
• EX Switching
• Zero Touch Provisioning
• Mist WLAN Integration
• Single UI Platform
SD-LAN
SWITCHING & WIFI
LTE
LTELTE
© 2018 Juniper Networks
2
DEMOS
© 2018 Juniper Networks
© 2018 Juniper Networks
© 2018 Juniper Networks
SUMMARY
© 2018 Juniper Networks 32https://www.juniper.net/us/en/forms/contrail-sdwan-free-
trial/
© 2018 Juniper Networks 33
© 2018 Juniper Networks
SUMMARY
34
Game On!
Secure
SD-WAN
Competitive SD-WAN Features
Differentiated Features
On-Prem and Cloud
Security with SD-WAN
SD-LAN
Mist WLAN
Game On!SD-LAN
WLAN
Try before you buy!
© 2018 Juniper Networks
TAKE THE SHORT SURVEY BEFORE YOU LEAVE!
35
© 2018 Juniper Networks
NXTWORK On TourBranding Guidelines