Transcription
Solution BriefJuniper Unite Cloud-EnabledEnterprise Reference ArchitectureAchieving agility by simplifying and securing the enterprise networkChallengeThe cloud is central to the transformation of the enterprise. From public to private toThe enterprise network is nolonger just a business necessity.To truly enhance employeeproductivity, corporations musttransform their enterprisenetworks into agile, secureservices platforms that areaccessible by users anywhere,anytime.hybrid, enterprises are adopting cloud technologies as their primary operating model,SolutionJuniper’s Unite Cloud-EnabledEnterprise is a comprehensivereference architecture that letsbusiness organizations builda secure, high-performancecampus/branch network.Benefits Simplifies infrastructuredeployment, management, andoperations while acceleratingservice bring-up Secures the enterprise witha suite of solutions thatdefend everything from theinfrastructure to cloud-basedservices and feeds Integrates partner offeringsfor WLAN and other key thirdparty components, providingcohesive, best-in-class optionsfor customers Implements SoftwareDefined WAN (SD-WAN) withapplication-aware routing,utilizing various network linksappropriate for businessapplicationsmaking campus and branch networks the critical on-ramp to cloud-based applicationsdeployed in private clouds, on-premise data centers, or hosted in remote locations.Network virtualization is also transforming enterprise IT, offering a springboard to theflexibility and agility of the cloud. With virtualization, networks can evolve into newdeployment and management paradigms, with enterprise campus and branch networksreaping the benefits of centralized visibility and control.The ChallengeThe widespread adoption of mobile networking and social media is increasing reliance oncloud-driven applications, which need to be delivered to multiple locations and devices.When combined with BYOD, Internet of Things (IoT), and the increasing sophisticationand variability of threats, it’s clear that everything connected to or transmitting through thenetwork is a potential security risk.Large public cloud players, and even some private cloud players, have sparked a networktransformation with innovations like SDN, Network Functions Virtualization (NFV),automation, analytics, and proactive network assurance designed to create an agilenetwork infrastructure that makes IT a competitive advantage. Enterprise networktransformation is about reducing CapEx and OpEx, freeing up budget to invest in revenuegenerating applications that streamline the business, while creating a network foundationthat effectively leverages these technology and productivity enablers.Unfortunately, the majority of today’s campus and branch networks are manual systemscomprised of layers of switches and VLANs, with multiple management points requiringdifferent tools and adding operational complexity. Multiple layers and flavors of securitysolutions, ranging from load balancers to firewalls, add even more to this complexity.Because these layers of products must be administered manually, the potential forconfiguration errors that disrupt services or open security gaps increases, making it riskierand more challenging than ever to operate and manage the distributed enterprise.A cloud-enabled enterprise network, on the other hand, enables rapid deployment of newservices across all locations and increases employee productivity. Providing a common,converged network spanning distributed locations, a cloud-enabled enterprise canrecognize and support a diverse set of wired and wireless devices, applications, people,and things, seamlessly and securely connecting them to services. Cloud-enabled enterprisenetworks make the IT department a “service provider” for its company’s distributedlocations, enabling the delivery of reliable, scalable, and secure connectivity that linkstelecommuters, remote locations, and corporate offices to a common system.1
Juniper Unite Cloud-Enabled Enterprise Reference ArchitectureSolution BriefJuniper Networks delivers a comprehensive cloud-enabledSimplify the Infrastructureenterprise solution that leverages technology utilized by serviceBy collapsing core, distribution, and access layers into a singleproviders and mega cloud providers to deliver high-scale serviceslogical platform that can be managed from a central location,capabilities for enterprise IT departments. Using innovationsJuniper removes operational headaches while providing networkderived from building the world’s largest cloud-based networksagility. A single, easy-to-manage platform lets IT organizationsand applying them to the enterprise, Juniper delivers a simplified,expand access port functionality, protect the edge, and centralizeprogrammable network platform that can be easily customizedconfiguration, provisioning, management, policy, and visibility. Itand replicated across branches, campuses, and on-premisesall works regardless of the deployment model: physical or virtual;data centers, allowing businesses to deploy their own private orpublic or private cloud; or traditional IT. Based on Juniper switching,public clouds. Furthermore, based on years of experience helpingsecurity, and network services solutions—including unified threatthe world’s largest service and cloud providers design, test, andmanagement, next-generation firewalls, and malware detectionbuild their mission-critical infrastructures, Juniper has gained theand eradication tools—Juniper Unite offers all the essentialexpertise and knowledge required to evaluate, plan, and buildcomponents an expanding business needs to support theirenterprise application- and content-aware networks empoweredoperations today while preparing them to embrace the future.by SD-WAN, from assessments to full turn-key deployment.Juniper accomplishes this consolidation with Juniper Networks The Juniper Networks Unite Cloud-EnabledEnterpriseJunos Fusion Enterprise, an innovative architecture that letscustomers build an agile enterprise network that treats accessThe Juniper Networks Unite Cloud-Enabled Enterprise is based onswitches as extension ports of the core switch—effectivelya three-pronged approach: simplifying the infrastructure; securingmaking multiple switches appear as a single, logical device. Junosthe network; and delivering an open, converged framework thatFusion Enterprise utilizes automated configurations to simplifyensures best-in-class deployments. Based on Juniper switchingoperations and management; it also supports both stacked andand security solutions—including unified threat management,mesh topologies, allowing both end-user access and privatenext-generation firewalls, and malware detection and eradicationcloud or IT data center environments to be consolidated into atools, as well as best-of-breed WLAN, UCC and network solutionssingle logical system.through an Open Convergence Framework—Juniper Unite offersall the essentials an expanding business needs to support theirIntegratedManagementSecurity / PolicyNetwork AccessAccess TechnologyPartnerNetworkInfrastructureOpen Convergence Frameworkoperations today while preparing them to embrace the ureInsightAnalyticsSky AnalyticsContrailNetworkingVendorNeutral uckusVirtual ChassisMulti-Silicon StrategyMX Series GatewaySRX Series, vSRX icon StrategyInnovative SystemsInnovative SoftwareJuniper-provided componentsFigure 1: The Juniper Networks Unite Cloud-Enabled Enterprise Reference Architecture2
Juniper Unite Cloud-Enabled Enterprise Reference ArchitectureSolution BriefAdditionally, Juniper’s network services platform helps enterprisesOpen Converged Frameworkreduce the number of appliances deployed at their branchJuniper’s Unite Cloud-Enabled Enterprise helps organizationslocations by consolidating them into one easy-to-managedeploy more agile and high-capacity networks that servedevice, right-sized to deliver multiple services simultaneously.greater numbers of users and support an ever-increasingA zero-touch provisioning (ZTP) feature enables enterprises tovariety of devices with fewer resources and limited budgets.instantiate their branches in just minutes, rather than days.This comprehensive cloud-based solution is designed toSecuring the Enterpriseaccommodate the emerging IT environment, providing access toThe Juniper Unite Cloud-Enabled Enterprise also providescorporate resources anywhere, anytime.comprehensive security and control with Juniper Networks SRXBy partnering with best-in-class wireless LAN (WLAN), unifiedSeries Services Gateways and the Junos Space Network Directorcommunications (UC), network access control (NAC), andand Junos Space Security Director applications, which providesecurity vendors through its Open Converged Frameworknetwork performance monitoring and capacity planning as well(OCF), Juniper ensures easy access to business resources fromas centralized security policy management and control. The SRXany device, in any environment, by offering a consistent userSeries platforms, which offer secure routing (VPN) and next-experience and a network that is easy to deploy, operate, andgeneration firewall capabilities, are essential to providing a securemanage—without locking customers into proprietary solutionsfoundation for campus and branch enterprise network deployments.when converging or upgrading their enterprise network.While there are many ways to detect and isolate intruders andFor wireless access, Juniper’s OCF includes leading WLANbad actors, technology that requires the replication of the exactvendors such as Aruba Networks, Ruckus Wireless, and Aerohiveenvironment for the intruder is inferior to other solutions. CreatingNetworks, allowing customers to choose between 802.11n orsuch an environment—including the creation of virtual machinesmove to more advanced technologies such as 802.11ac and a(VMs) and mirroring the operating system and applicationsvariety of other management and integration options.where the intruder exists—is not only challenging, it doesn’tscale well. Simply maintaining such an ecosystem of softwarecompatibility in order to isolate intruders becomes a project inand of itself.A much more effective way to detect and isolate attackers is toimmediately segment out intruders or bad actors by quarantiningthem in a sandbox area. Such technology currently exists, and itis much easier to use existing network capabilities than to createyet another layer of complexity and operational headaches.Also, by integrating with collaboration tools such as MicrosoftLync, Juniper helps users work together in real time, sharingand collaborating anywhere, anytime, over a reliable networkinfrastructure.Features and Benefits Manageability: Broad support for unified device, network,and security management tools helps lower TCO. Single, consistent Junos OS across the product line:Juniper provides this visibility and centralized network policyUnlike other vendors, Juniper Networks EX Series Ethernetcontrol using an open policy enforcement platform to stopSwitches, NFX Series Network Services Platforms, and SRXthreats faster and more effectively, both from a cost and anSeries Services Gateways run the same Juniper Networksefficiency perspective.Junos operating system, ensuring easy management andJuniper Networks Spotlight Secure gathers comprehensive,consistent operations.up-to-date threat and security intelligence and instantly Seamless connectivity: EX Series switches allow always-communicates it to Security Director, which in turn sendson access for any application. Various interface types arethe information to all SRX Series platforms in the network.supported, including 1GbE and 10GbE copper and fiber.Additionally, Juniper Networks Sky Advanced Threat PreventionConverged networks are supported for data, voice, and video,delivers cloud-based protection and prevents malware fromalong with anytime/anywhere access through integrationinfecting the network by “detonating” downloads in a cloudwith Juniper Networks’ Open Converged Framework.sandbox, allowing SRX Series devices to identify and block anymalicious threats. Advanced, open, and scalable network security: SecurityDirector, combined with Juniper’s Sky Advanced ThreatJuniper’s Unite Cloud-Enabled Enterprise, complementedPrevention solution and SRX Series Services Gateways,by Juniper’s branch solution, enables these comprehensiveoffers a comprehensive enterprise security solution,security services and applications to be delivered to all locationsincluding a full range of firewall protection for everythingdynamically while maintaining consistent security policiesfrom the smallest branch to the largest service provider.everywhere.Advanced protection such as unified threat management(UTM), next-generation firewall, and threat intelligenceservices work to keep both data and network safe. The3
Juniper Unite Cloud-Enabled Enterprise Reference Architectureability to accept open feeds from Juniper as well as outsideSolution Brief A full suite of Juniper Professional Services and Supportsources allows customers to fine-tune their security forServices from Juniper certified partners, providingthe most efficient network protection available acrossassistance to customers for every phase of the solution lifeall locations. Both physical and virtual firewalls can becycle, from planning and assessments through testing andcentrally managed, ensuring policies are dynamically andvalidation to full turn-key project management and Dayconsistently updated, applied and enforced everywhereTwo operational support.across the enterprise. Broad range of switches for every need: The EX Seriesswitches support everything from access to aggregation tocore deployments. Architectural advantages: Junos Fusion offers a simple,Enterprise InfrastructureThe Juniper Unite Cloud-Enabled Enterprise solution begins withthe high-performance EX Series Ethernet Switches, featuringthe Juniper Networks EX4300, EX3400, EX2300 and EX2300-CEthernet switches for access, the EX4600 Ethernet Switch forreliable, and flexible solution for building corporatehigh-speed access or distribution, and the EX9200 Ethernetnetworks, supported by the EX9200, EX4300, EX3400,Switch for programmable core switching.EX2300 and EX2300-C Ethernet Switches. Application and content aware routing: The SRX SeriesThe EX Series switches offer a number of unique features,including Virtual Chassis technology, multichassis linkServices Gateways with SD-WAN capability intelligentlyaggregation (MC-LAG), Junos Space Service Insight technology,choose routes from among various network links whileand unified in-service software upgrade (unified ISSU) in bothpreserving quality of service (QoS).modular and fixed platforms. Third-party network services: The NFX Series NetworkServices Platform, combined with virtualizationtechnology, eliminates the need for multiple appliances byconsolidating services into a single, easy to manage device,right-sized to simultaneously deliver multiple services fromJuniper, Juniper’s technology alliance partners, and customenterprise applications.Solution ComponentsThe Juniper Networks Unite Cloud-Enabled Enterprise is built on: Reliable, high-performance, and automation-ready EX SeriesEthernet Switches, NFX Series Network Services Platforms,and SRX Series Services Gateways. Modern user interfaces focused on the user experience,delivering single pane-of-glass management with JunosThe EX Series has also assumed a new level of manageabilityand scalability with Junos Fusion Enterprise by enablingcustomers to manage the entire enterprise campus and branch—including hundreds of switches and thousands of ports—as asingle, logical device.Customers can use the Junos Fusion Enterprise technology tocollapse multiple networks into one, creating a large virtualsystem for the entire campus and branch network that behavesand operates as a single switch. Organizations can deploymultiple Junos Fusion clusters throughout the enterprise network,each capable of scaling to support thousands of user portsacross satellite devices. Junos Fusion Enterprise leverages theopen 802.1BR standard to create an enterprise campus networkfabric composed of EX Series Ethernet Switches.Space Network Director and Junos Space Security Director,In a Junos Fusion Enterprise deployment, EX9200 switcheswhich integrate with Juniper Networks Secure Analytics toserve as aggregation devices to provide the core service, whileenable dynamic workflow execution.EX4300, EX3400, EX2300 and EX2300-C switches serve as An Open Converged Framework with published APIs,allowing customers to choose best-in-class technologiesthat address all technology needs for their campus andbranches from UC, WLAN access technology, and thirdparty security feeds. VMs, created and automated with Contrail ServiceOrchestration, to deliver full life-cycle managementincluding the installation, deployment, and management ofvirtualized network services and applications.satellite access devices. Juniper Networks QFX5100 Switches arealso supported in a leaf topology, offering the unique ability tomanage campus, branch, and data center from a single, logicalmanagement plane, creating virtual network segmentation.The EX Series switches support a number of network automationand plug-and-play operational features, including operations andevent scripts, automatic rollback, and Python scripting, as wellas integration with Chef and Puppet. Juniper also offers an EXQuickstart service, which provides design review and validation;low-level EX Series design, configuration, and implementationplanning; and cutover support and information transfer to help newcustomers transition to a Juniper Unite Cloud-Enabled Enterprise.4
Juniper Unite Cloud-Enabled Enterprise Reference ArchitectureSolution BriefJunos Space Network Director is an intelligent, automatedcan define enforcement policies from all feeds via Securitynetwork management tool that enables network administratorsDirector, which provides a single, centralized managementto see, analyze, and control their entire enterprise network—point. These components, combined with the SRX Seriesphysical and virtual; wired and wireless; data center, campus,firewalls, provide the foundation for the Platform for Openand branch—through a single pane of glass. Using NetworkPolicy Enforcement.Director, administrators can manage and synchronize both Sky Advanced Threat Prevention is a cloud-based servicephysical and virtual environments in the data center, ensuringthat quarantines potentially malicious traffic or redirects itthat network policies follow workloads as they move fromto be sanitized, preventing the proliferation of malware.server to server or from virtual machine to virtual machine. In therepetitive management tasks such as network provisioning andSummary—Simplified and SecureEnterprise Networktroubleshooting, dramatically improving operational efficiencyAs more businesses move to the cloud to solve their dataand reliability across all locations.management and access problems, they have a critical need forJuniper Unite brings agility to the campus and branch via the NFXsolutions that can help them bridge the gap between their existingSeries Network Services Platform. Featuring ZTP, the NFX Seriesenvironment and their vision of a more agile and flexible network.lets enterprises quickly turn-up remote locations without havingEnter the Juniper Unite Cloud-Enabled Enterprise—a common,IT expertise at each site. The network services and applicationsunified network that supports a diverse set of devices,running on the NFX Series can be instantiated and managed byapplications, people, and things to provide reliable, scalable,the CSO
Juniper Secure Analytics Contrail Networking Junos Fusion Juniper-provided components NGFW Spotlight Secure Vendor Neutral Policy Management Figure 1: The Juniper Networks Unite Cloud-Enabled Enterprise Reference Architecture. 3 Juniper Unite Cloud-Enabled
![[MS-OFFMACRO]: Office Macro-Enabled File Format](/img/3/5bms-offmacro-5d-130211.jpg)
![[MS-OFFMACRO2]: Office Macro-Enabled File Format Version 2](/img/3/ms-offmacro2.jpg)
