sd-wan

Say Hello to Our Newest Branch Platforms for Secure SD-WAN by James Kelly

The announcement of Juniper's newest hardware additions for the AI-driven enterprise makes our portfolio of CPE the most extensive for secure SD-WAN across all sizes of branch and campuses. There’s no denying the growing importance of SD-WAN for providing secure and efficient connectivity of remote sites to the cloud. Even more important is enterprises’ need to drive operational simplicity and uniformity across the branch and campus in today’s multicloud environment. For SD-WAN to be successful, the key is to satisfy the needs of today while preparing for the ones of tomorrow and beyond.

One of the core needs of increasing importance for SD-WAN is security. Traditional security solutions don’t cut in when it comes to performance, interconnectivity and flexibility, meanwhile, SD-WAN-centric solutions may offer elementary security features that will ultimately put the business at risk. The industry is at an intersection where SD-WAN features and advanced threat protection need to be designed hand-in-hand to safeguard users, applications and infrastructure. This has been our exact focus for our SD-WAN solution and, to that end, we’ve now expanded our range of CPE hardware in the WAN edge portfolio to include:

Wi-Fi Mini Physical Interface Module (mPIM): An enterprise-grade Wi-Fi card for compact locations with our SRX Series Services Gateways. It provides dual radio support of 2.4 and 5Ghz frequencies along with 802.11ac Wave 2 and 802.11ac with backward compatibility of 802.11n standards. The module is suited for remote offices, guest Wi-Fi, small office, IoT connectivity or kiosks. It is an ideal branch-in-a-box solution where one access point is sufficient.

Screen Shot 2020-02-16 at 11.32.47 AM.png

This mPIM is manageable by CLI, JWeb or Juniper Sky Enterprise. It also offers ZTP and management via the Contrail Service Orchestration interface, as part of Juniper’s cloud-managed or on-premises Contrail SD-WAN solution. 

SRX380: For larger branches, the SRX380 is the fastest performing CPE platform of the branch SRX300 product line. Leading features include high port density with 10G options for high on-board connectivity, increased POE+ port density for IoT devices, AE256 MACsec encryption, dual power supplies and up to four MPIM card slots for wired or wireless connectivity. 

The SRX380 can be adapted to be a secure SD-WAN and next-gen firewall device. Users can add advanced threat prevention services to expand on the native next-generation firewall and UTM capabilities, IPS and AppSecure application visibility and policies. 

Branch Platforms Image 2.png

NFX350: The NFX350 is a high-end universal CPE platform in the NFX Series for large branch site deployments. Built on the next generation of Intel processors, Skylake, it offers up to 7.5 Gbps IPsec performance for higher SD-WAN scale and performance, while redundant power supplies provide greater platform resiliency. It includes 8x1Gbps and 8xSFP/SFP+ ports with AES256 MACsec support for high network connectivity and WAN interfaces for LTE, DSL and SFP. Support for multiple Juniper and third-party VNFs enables customers to accelerate application deployment in an automated and scalable fashion.

The NFX350 universal CPE platform fits the bill as a secure router, SD-WAN device or next-generation firewall. Consistent with the NFX Series, users reap the many benefits of SD-WAN, but most importantly, the simplicity of automation and consolidation with the reliability of smarter security and SDN.

Branch Platforms Image 3.png

These new products meet the needs of both the top and bottom ends of all branch and campus sizes – the SRX Wi-Fi mini card for compact spaces and the SRX380 and NFX350 as top line branch CPEs. We’re proud of our extensive SD-WAN solution and have plenty more to share about it in our Toolkit Tuesday webinars. Be sure to tune in or test drive Contrail SD-WAN for free.

The Wisdom of the Giants in SD-WAN by James Kelly

tree-1750784_1920.jpg

Podcast on YouTube

When it comes to your branch how can SD-WAN upgrade without also uprooting? Tall trees may tell.

A Branch’s Reach Should Not Exceed Its Grasp

They are the showy exterior of your organization: your branches, your stores, your schools, your sites. But insofar as networking domains, these are the humblest of locations with little or no networking expertise and sophistication. In the past, your networking grasp was feeble in the far reaches of the branch.

Now the story goes that SD-WAN is changing that. It’s putting the prowess of your brightest networking pros and the autopilot  automation of SDN steadily into these network extremities. But this is only the beginning of the story. So allow me to disabuse you from the enrapture of the shining fruits and perfumed flowers of the branch that is SD-WAN today.

You have been tricked. This was not the story, merely the first act.

Focusing on SD-WAN, my friends, we see the fruits. Take a step back and look wider. Now we see the tree. Now we see the roots.

One Tree: Everything Is Connected

The levity with which some people and vendors approach branch networking with SD-WAN quickly fades when they realize the simple truth that, beyond the branch, everything is connected. It is one tree.

Ungrounded SD-WAN solutions ignore what’s below the branches and clouds at tree tops. But approaching enterprise networking grounded in reality, you see the whole picture: your wide-area is not only your remote and branch connectivity. Everything is connected between branch sites, campuses, headquarters, data centers, and certainly today, multicloud—SaaS and your own cloud-based applications.

You would never be so credulous as to protect a tree’s exterior, believing it’s safe from harm. And no one would mistake strung-up ornaments for the tree itself. How about vines overlaying the tree? Yes, they could reach the branches. But they still aren’t your tree, nor its species, and they cannot be grafted on. This is SD-WAN for dummies and by decoration, but it parallels some SD-WAN propaganda.

SD-WAN savvy would never use proprietary control and data plane protocols that won’t graft and interoperate with your wider network. Security would not be secondary and sheath, but foremost in the immune system of the network first. Add-on network functions like VNFs would be symbiotic and seamless with network design and management. And other virtualized branch services would felicitously fold into the SD-Branch canopy or NFV-centers in nearby limbs.

This is multicloud and multi-site thinking, end to end and top to bottom. While its natural given Juniper’s portfolio, it’s quite different than the thinking of some other SD-WAN vendors whose niche interests, I leave to be addressed with the words of a fine woodsman. “When we try to pick out anything by itself, we find it hitched to everything else in the universe.” -John Muir

Layer Upon Layer

Just under the bark are the newest layers of a tree. Pushing out and up, a tree’s trunk core and deep roots nourish new growth and give it strength to endure the tests of time.

Drawing a parallel to networking growth and longevity, you may have observed this strategy at Juniper, where investment is steadfast in Junos and our platforms. Customers enjoy the benefit of this continuity, as investment protection and the ability to simply extend and build on base systems with SDN, like SD-WAN, employing our NFX, SRX, and MX Series systems and interoperating with the routing of all Junos-powered platforms.

You may observe another approach in the industry too. Vendors that continually force rip and replacement of systems. There are sales motivations for this, but another cause runs deeper...

When you engineer something anew, you usually architect for a minimum viable product and getting to market quickly. Take a tech startup for example: it’s faster to build software as a monolith or a mesh of purely cloud services, than to construct a devops pipeline, platform architecture, and microservices that scale. Taking that MVP route, eventually they will throw away their early work, to redo it at scale, with extensibility, with reliability and economically. This is invisible to customers of SaaS companies, but when translated to packaged-and-sold hardware and software systems, this architecture fetters customers with technical debt and forces rip and replacement inefficiency.

In networking, it’s wiser to sow scale and flexibility into the seeds of your base networking technologies and topologies. Architecting for growth in layers, allows you to scale your rootstock and your core so to speak, evolving today’s investments tomorrow.

Evolvable architecture is how the cloud giants design their software, and happens to be how Juniper designs our portfolio. This is why we did not acquire an SD-WAN solution. And this is why we built SD-WAN backward: we tackled the hard problems first (multi-tenancy, scale, reliability, NFV, etc.), so we could design once and for all, and offer the simplicity of one solution.

Reach for the Clouds

With so many SD-WAN solutions in the market, and mostly built with haste, as you might imagine, the winds of technology change will cause many to snap and topple. They weren’t designed beyond SD-WAN connections for the branch and cloud endpoints.

The wisdom of giant trees would suggest that as you reach for the multicloud, strength lies in swaying and adapting with the winds of change, and evolving and using the strength of the whole.

About Juniper Contrail SD-WAN

Juniper’s newly dubbed Contrail SD-WAN solution and its component parts were designed to inherently secure from within and to scale to support thousands of tenants each with thousands of sites. It was designed where SD-WAN is merely the first act of your transformation story. So it will grow with you to SD-Branch for site virtualization and consolidation, and even incorporate NFV-cloud services into your network service. Of course it’s multicloud-ready, connecting up to the likes of AWS, but just as importantly, it ties right into your core WAN routing today from your campuses and data centers.

Podcast on Soundcloud
Podcast on YouTube

image credit MichaelGaida/pixabay