Презентация для доклада, сделанного в рамках конференции Juniper New Network Day 01.01.2014.
Докладчик -- Senior System Engineer компании Juniper Дмитрий Карякин.
Видеозапись этого доклада с онлайн-трансляции конференции вы можете увидеть здесь: http://www.youtube.com/watch?v=yqINtev0zdA
Virtual version of the SRX; provides north / south firewall (5Gbps), NAT, routing, VPN connectivity features in a flexible virtual machine format
Security & Routing functionality delivered as a virtual machine Junos delivered as a virtual appliance on a choice of Hypervisors Runs on standard x86 hardwareFull, proven Junos security and routing protocol suiteLeverages proven SRX & VJX technologyPerformance optimizedSMP kernel & multi-threaded flowd over multiple vCPUsSupports Hypervisor VM functionalityExample: vMotion, snapshots, HA/FT, Cloning, Management etc.Note: Main code from SRX with modules like UTM and IDP, AppSecure coming in future builds
This slide is a build
Network visibility:All VM traffic flows stored in database and available for analysisBenefits:Visibility to all VM communicationsAbility to spot design issues with security policiesSingle click to more detail on VMsBenefits:Know exactly how VMs are communicating on virtual network (complete flow information). Know which physical systems are connecting to virtual systems!Spot design issues or problems with security policies (web servers using FTP, Tier 1 VMs talking directly to Tier 3)Click on a single VM in the left-hand pane to see VM details like host, IP address, VM events, etc_____________________________________________________________________________________Reports Pre-defined and customizable reports covering all of solution modulesBenefits:Generate reports in PDF or CSV formatsAutomatically send scheduled reports via email or store directly Scoping mechanism isolates contents (Customer/Dept A’s VMs never show up in Customer/Dept B’s report)___________________________________________________________________________Compliance The compliance module includes pre-defined rules based on virtual security best practices and an engine so customers can define their own rules.vGW lets VM administrators define and report on the conditions that constitute compliant operation, both corporate and regulatory, in their environment.Most administrators will build rules to reflect compliance violations. However, vGW’s UIs allows for the building of “whitelists” or desired configurations, and “blacklists” or unwanted conditions. vGW continuously monitors all VMs, including newly created ones to report on the security posture of each one and on the network as a whole. Virtual network administrators can see their aggregate compliance posture at a glance and drill down on each VM to identify risk mitigating actions. Benefits:Define rules on any VM or VM group (alerts and reports for compliance rule violations)Automatically quarantine VMs into an isolated network if they violate a ruleRules relevant to both VM and host configurationEnhanced rule editor for intuitive manipulation of attributes
Normal Internet traffic flows through the DDoS Secure Appliance, while the software analyses the type, origin, flow, data rate, sequencing, style and protocol being utilised by all inbound and outbound traffic. The analysis is heuristic in nature and adjusts over time but is applied in real time, with minimal (store and forward) latency.