JUNIPER SECURING THE DATACENTER

e d u c a t io n se rv ic e s c o u rse w a re

Securing the Data Center
Student Guide

Securing the Data Center

NOTE: Please note this Student Guide has been developed from an audio narration. Therefore it will have
conversational English. The purpose of this transcript is to help you follow the online presentation and may require
reference to it.
Slide 1

Build the Best

© 2015 Juniper Networks, Inc. All rights reserved.

Course SOT-DCD05F-ML5

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 1

© Juniper Networks, Inc.

2

Securing the Data Center

Slide 2

Juniper Networks
Data Center Design
Best Practices

Securing the Data Center

© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

Welcome to Juniper Networks “Securing the Data Center” eLearning module.
In this course module, we will provide an overview of the Juniper Networks security products and capabilities for
securing the data center.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

3

Securing the Data Center

Slide 3

Navigation

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 3

Throughout this module, you will find slides with valuable detailed information. You can stop any slide with the Pause
button to study the details. You can also read the notes by using the Notes tab. You can click the Feedback link at any
time to submit suggestions or corrections directly to the Juniper Networks eLearning team.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

4

Securing the Data Center

Slide 4

Course Objectives

After successfully completing this course, you will be
able to:
•Provide an overview of Juniper’s SRX Series physical and
virtual security products
•Explore Juniper’s IPS capabilities
•Describe tools for network deployment, management, and
troubleshooting

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 4

After successfully completing this course, you will be able to:
• Provide an overview of Juniper’s SRX Series physical and virtual security products; and
• Explore Juniper’s IPS capabilities; and
• Describe tools for network deployment, management, and troubleshooting.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

5

Securing the Data Center

Slide 5

Agenda: Securing the Data Center

Physical and Virtual SRX Series Platforms

An Overview of IPS, the Junos OS, Junos Space
Security Director, and Secure Analytics

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 5

This course consists of two sections. The two main sections are as follows:
• Physical and Virtual SRX Series Platforms; and
• An Overview of IPS, the Junos OS, Junos Space Security Director, and Secure Analytics.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

6

Securing the Data Center

Slide 6

Juniper Networks
Data Center Design
Best Practices

Physical and Virtual
SRX Series Platforms

© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

Physical and Virtual SRX Series Platforms

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

7

Securing the Data Center

Slide 7

Section Objectives

After successfully completing this section, you will be
able to:
•Provide an overview of Juniper’s SRX Series
•Discuss Juniper’s control and data plane architecture
•Explore the features of the SRX Series physical and virtual
platforms

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 7

After successfully completing this section, you will be able to:
• Provide an overview of Juniper’s SRX Series;
• Discuss Juniper’s control and data plane architecture; and
• Explore the features of the SRX Series physical and virtual platforms.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

8

Securing the Data Center

Slide 8

SRX Series Services Gateways
Next-Generation Firewalls
Branch

Campus

Data Center
SRX5800

100G

SRX5600

High-End SRX
SRX5400

Virtual SRX
(vSRX)

SRX3400

SRX3600

SRX1400

10G
1G

Branch SRX

SRX100

SRX220
SRX110 SRX210

SRX240

SRX550

SRX650

Unprecedented Scale

Integrated Routing, Switching and Security
Junos OS

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 8

SRX Series Services Gateways
SRX Series platforms run from the branch office models, suitable for managed service offerings, to campus platforms,
and all the way to high-end modular systems capable of running at more than 300 Gbps for the most demanding data
center deployments.
SRX Series Services Gateways for the branch are next-generation security firewalls that provide essential capabilities
that connect, secure, and manage workforce locations sized from handfuls to hundreds of users. By consolidating fast,
highly-available switching, routing, security, and next generation firewall capabilities in a single device, enterprises can
protect their resources as well as economically deliver new services, safe connectivity, and a satisfying end-user
experience.
Juniper Networks virtual SRX product, Firefly Perimeter, goes beyond traditional security appliances with a new virtual
firewall that is delivered in a virtual machine (VM) form factor and based on Juniper’s Junos operating system (Junos
OS) and the SRX Series Services Gateways.
The high-end SRX Series platforms have an industry leading architecture that sets them apart based on the following
capabilities:
• Unprecedented scale to enable a multitude of services without having to pay a huge performance penalty; and
• A modular architecture which allows customers to buy the hardware that is needed today with the ability to scale
into the future.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

9

Securing the Data Center

Slide 9

Architecture:
Separate Data and Control Plane

…

Module N

Routing

Interfaces

Management

Control Plane
Data Plane

Routing

Data

DoS and
DDoS Attacks

Management

Shared Plane

Kernel

Packet Forwarding
Physical Interfaces

DoS and
DDoS Attacks

Attacks overwhelm the box

Attacks can be thwarted

Administrator loses management access
– your network is down

Under attack, administrator maintains
management access to modify policy,
disallow bad traffic, and process good
traffic – your network stays up

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 9

Architecture: Separate Data and Control Plane
Juniper’s separate data and control plane architecture offers significant advantages. Consider the following:
• With competitors’ single plane design:
• During attacks, there is no management access to address the situation; and
• During attacks, processing of routing updates stop, and the network is down.
• With Juniper’s separate control and data plane design:
• You maintain management access, even during a DoS/DDoS attacks; and
• Route update processing continues.
Separate data plane (packet forwarding) and control plane (management) architecture provides the following benefits:
• Scales performance;
• Enhances resiliency; and
• Enables redundancy.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

10

Securing the Data Center

Slide 10

Best In Class Security

Enables complete application
visibility and control

Integrates security for physical
and virtual data centers

Strong, dynamic content security:
leveraging intelligence from
multiple security companies

Secure and resilient even under
the most demanding conditions

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 10

Best In Class Security
The SRX Series offers the broadest security protection in the market, such as the following:
• The SRX Series enables complete application visibility and control;
• Integrates security for physical and virtual data centers;
• Provides strong UTM capabilities, leveraging intelligence from multiple security companies; and
• Is secure and resilient, even under demanding situations, utilizing a unique architectural design based on multiple
processing cores and a separation of the data and control planes.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

11

Securing the Data Center

Slide 11

Maximum Performance and Scale

Delivers high-performance
throughput, massive session
volume, and flexible, largescale connectivity

Add security services without
service interruptions for
business continuity

Enables pay as you grow
approach

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 11

Maximum Performance and Scale
The SRX Series provides the following performance and scaling capabilities:
• The SRX Series delivers high-performance throughput, massive session volume, and flexible, large-scale
connectivity;
• High-throughput connectivity options match virtually any business requirement, including the industry’s first
100-Gigabit interface option;
• Next-generation I/O card (NG-IOC) connectivity options include 100-Gigabit Ethernet, 40-Gigabit Ethernet,
and high density 10-Gigabit Ethernet interfaces; and
• The SRX Series delivers up to 300 Gbps of firewall throughput and scales to 100 million sessions, 450,000
connections per second, and 218 Gbps IPsec throughput.
• For business continuity, the SRX Series can enable additional security services without service interruptions;
• Just activate security services licenses—with no special install or appliances.
• The SRX Series provides a pay-as-you-grow approach;
• You can add additional cards as needed.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

12

Securing the Data Center

Slide 12

Carrier-Grade Reliability


Delivers uptime continuity
with in-service hardware
and software upgrades

Enables high availability
with redundant components
and links

Built on a carrier-class
hardware foundation

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 12

Carrier-grade Reliability
The SRX Series builds on Juniper’s reputation of carrier-grade reliability with the following features:
• The SRX Series delivers uptime continuity with in-service hardware and software upgrades;
• Enables high availability with redundant components and links; and
• Provides carrier-class hardware for network resiliency.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

13

Securing the Data Center

Slide 13

Branch SRX Series Gateways
Next-generation Security Gateways
Hardware Platforms Scale from 1-Gigabit Ethernet to 10-Gigabit Ethernet
+ More LAN slots,
Dual P/S, + Hot Swap I/O
2mPIM+6GPIM
4 GB DRAM
WAN slots, 10 x GigE,
PoE, Dual PS
2 GB DRAM
SRX650
+ 4 WAN slots,
16 x GigE, PoE
+ 2 WAN slots, 1 GB DRAM
SRX550
8 x GigE, PoE
1 GB DRAM
SRX240

Fixed Config
8 x FE1
GB DRAM

Fixed Config
VDSL2 WAN
8 x FE1
GB DRAM

WAN slot,
2 x GigE, PoE,
1 GB DRAM

SRX220

SRX210
SRX110

SRX100

Small Office
© 2015 Juniper Networks, Inc. All rights reserved.

Small to
Medium Office
CONFIDENTIAL

Large Branch/
Regional Office/
Data Center
SOT-DCD05F-ML5

www.juniper.net | 13

Branch SRX Series Gateways
SRX Series Services Gateways for the branch are next-generation security gateways that provide essential
capabilities that connect, secure, and manage workforce locations sized from handfuls to hundreds of users.
Here is a snapshot of the Juniper Networks SRX Series for the branch portfolio:
• The SRX100 is a fixed form factor device, ideal for small offices.
• The SRX110 provides a platform similar to the SRX100, but with integrated vDSL2, which is intended for
environments where the primary WAN connectivity will be DSL.
• The SRX210 and SRX220 are ideal solutions for small to medium offices;
• The SRX210 has one mini-PIM slot with two Gigabit Ethernet interfaces and six FE interfaces; and
• The SRX220 has two mini-PIM slots and eight onboard Gigabit Ethernet interfaces.
• The SRX240 is ideal for medium offices with four built-in mini-PIM slots and 16 on-board Gigabit Ethernet
interfaces;
• The SRX550 fills the price/performance gap between the SRX240 and SRX650 and is a flexible solution, ideal for
mid to large branch offices; and
• The SRX650 is great for large branch and regional offices with more LAN slots and dual processors and power
supplies for increased availability.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

14

Securing the Data Center

Slide 14

vSRX
•
•

Secure

Virtual version of the SRX
Series
Provides north / south
firewall (5 Gbps), NAT,
routing, VPN connectivity
features in a flexible
virtual machine format

VM

VM

VM

VM

vSRX

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 14

vSRX
vSRX was introduced by Juniper in January of 2014. At a very high level, vSRX is a physical SRX Series device in VM
format. You can think of it, for example, as taking an SRX550 or SRX240 from the SRX Series product line, stripping
away the sheet metal, power cable, and all of the physical elements of the device, and then you have Firefly
Perimeter. You get all the flexibility associated with running the product in a VM—put it in the cloud or put it in various
different infrastructures to have the VMs use vSRX as their default gateway for all traffic that they process.
Because it is in a VM, it is bound at about 5 Gbps firewall throughout. You get the flexibility of the VM format, you do
not have to make any kernel changes, and there is no dependency on API integrations. vSRX is for use cases where
you need north-south filtering at about 5 Gbps of performance, and you also need connectivity features such as
Network Address Translation (NAT), routing, and VPN. All of those pieces are inherent in Junos and all are available
in the vSRX product. Think of this as the north-south and connectivity feature set in VM format.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

15

Securing the Data Center

Slide 15

SRX Series Services Gateways
for the High End
Tailored Security for Critical Assets
Best-in-class Security
Maximum Performance and Scale
Carrier-grade Availability

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 15

SRX Series Services Gateways for the High End
SRX Series Services Gateways for the high end deliver tailored security for your critical assets. To meet the solution
requirements, the SRX Series for the high end is a next-generation firewall that offers:
• Best-in-class security;
• Maximum performance and scale; and
• Carrier–grade availability.
Let’s explore each of these attributes in greater detail.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

16

Securing the Data Center

Slide 16

Areas of Deployment
Private
Cloud

•Traditional on-premises data centers
•SRX Series hardware platforms

Hybrid
Cloud

•vSRX or vMX in conjunction with SRX
Series hardware on-premises
•Cloud bursting
•vCPE or vPE deployment

Public
Cloud

•Amazon, Google, Facebook type of cloud
deployment using vSRX or vMX
•Not reliant on on-premise devices

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 16

Areas of Deployment
Juniper Networks physical as well as virtual firewall platforms can be deployed in the following areas:
• Private Cloud (Enterprise data center/private cloud):
• Traditional on-premises data centers; and
• SRX Series hardware platforms, from the SRX100 to the SRX5800.
• Hybrid Cloud:
• Enterprise network application and workload extension into the cloud vSRX or the new virtual MX Series
(vMX) in the cloud in conjunction with an enterprise SRX Series hardware platform on-premises.
• Bookend solution: Juniper-to-Juniper hybrid cloud deployment (Juniper end-to-end Layer 3 to Layer 7
deployment and control)
• Cloud bursting (using SRX Series high-end platforms on-premises or any IPsec capable public cloud firewall)
• Non-bookend solution: Juniper-to-other cloud termination (such as, AWS, EC2, or Google firewall offering,
Layer 3 to Layer 7 deployment)
• Virtual Customer Premises Equipment (vCPE) deployment such as vSRX or virtual provider edge router,
(vPE)/vCPE, such as vMX
• Public Cloud:
• Amazon, Google, Facebook, Microsoft vCPE/vPE cloud deployment (using vSRX or vMX)
• Not reliant on any SRX device being on-premises in the enterprise

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

17

Securing the Data Center

Slide 17

Section Summary

In this section, we:
•Provided an overview of Juniper’s SRX Series
•Discussed Juniper’s control and data plane architecture
•Explored the features of the SRX Series physical and virtual
platforms

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 17

In this section, we:
• Provided an overview of Juniper’s SRX Series;
• Discussed Juniper’s control and data plane architecture; and
• Explored the features of the SRX Series physical and virtual platforms.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

18

Securing the Data Center

Slide 18

Learning Activity 1: Question 1

What are three benefits that Juniper’s separate
control and data plane architecture provides?
(Choose three.)
A. Management access is separated from packet forwarding
B. Packets can still be forwarded when an attack occurs
C. Route processing is automatically stopped when under
attack
D. Resiliency is enhanced

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 18

Learning Activity 1: Question 1

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

19

Securing the Data Center

Slide 18

Learning Activity 1: Question 2

How much firewall throughput does Firefly Perimeter
currently provide?
A.
B.
C.
D.

1 Gbps
5 Gbps
7 Gbps
10 Gbps

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 18

Learning Activity 1: Question 2

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

20

Securing the Data Center

Slide 19

Juniper Networks
Data Center Design
Best Practices

An Overview of IPS, the Junos OS,
Junos Space Security Director, and
Secure Analytics

© 2014 Juniper Networks, Inc. All rights reserved. | www.juniper.net | Proprietary and Confidential

An Overview of IPS, the Junos OS, Junos Space Security Director, and Secure Analytics
To round out the data center security discussion, this section will provide an overview of Juniper IPS, the Junos OS,
the Security Director application within Junos Space, and Secure Analytics.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

21

Securing the Data Center

Slide 20

Section Objectives

After successfully completing this section, you will be
able to:
•Describe Juniper Networks IPS features and capabilities
•Describe the basic features of Junos OS
•Discuss Juniper’s tools that assist in the deployment,
management, and troubleshooting of large network
deployments

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 20

After successfully completing this section, you will be able to:
• Describe Juniper Networks intrusion prevention systems (IPS) features and capabilities;
• Describe the basic features of Junos OS; and
• Discuss Juniper’s tools that assist in the deployment, management, and troubleshooting of large network
deployments.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

22

Securing the Data Center

Slide 21

IPS Capabilities
Stateful Signature
Inspection
•Minimizes false positives
•Applied only to relevant traffic

Protocol Decodes
•Enforce proper usage of
protocols
•Improves signature accuracy
through precise contexts of
protocols

Signatures
•Identify anomalies, attacks,
spyware, and applications
•Detects attacks and attempts to
exploit known vulnerabilities

Traffic Normalization

ZeroZero-Day Protection

Recommended Policy

•Reassembly, normalization, and
protocol decoding
•Overcomes attempts to bypass
other IPS detections through
obfuscation

•Detects protocol anomalies and
protects same-day for new
vulnerabilities and exploits

•Critical attack signatures are
identified
•Simplifies installation and
maintenance while ensuring the
highest network security

Active/Active Traffic
Monitoring
•Monitors SRX clusters and
delivers advanced features such
as in-service software upgrade

© 2015 Juniper Networks, Inc. All rights reserved.

Packet Capture
•IPS policy supports packet
capture logging per rule
•Conducts further analysis of
surrounding traffic and
determines further steps for
additional protection
CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 21

IPS Capabilities
Juniper Networks IPS capabilities offer several unique features that assure the highest level of network security.
Stateful signature inspection provides the following:
• Minimizes false positives and offers flexible signature development; and
• Signatures are applied only to relevant portions of the network traffic as determined by the appropriate protocol
context.
Protocol decodes offer the following:
• More than 65 protocol decodes are supported along with more than 500 contexts to enforce proper usage of
protocols; and
• Accuracy of signatures are improved through precise contexts of protocols.
Signatures offer the following:
• There are more than 8,500 signatures for identifying anomalies, attacks, spyware, and applications and
• Attacks are accurately identified and attempts to exploit known vulnerabilities are prevented.
Traffic normalization provides the following:
• Reassembly, normalization, and protocol decoding; and
• Overcomes attempts to bypass other IPS detections by using obfuscation methods.
Zero-day protection provides the following:
• Protocol anomaly detection and same-day coverage for newly found vulnerabilities; and
• Protects your network against any new exploits.
Recommended policy offers the following:
• A group of attack signatures are identified by the Juniper Networks Security Team as critical for the typical
enterprise to protect against; and
• Installation and maintenance are simplified while ensuring the highest network security.
Active/active traffic monitoring provides the following:
• IPS monitoring on active/active SRX5000 line chassis clusters; and
• Support for active/active IPS monitoring including advanced features such as in-service software upgrade; and

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

23

Securing the Data Center

Packet capture provides the following:
• IPS policy supports packet capture logging per rule; and
• Conducts further analysis of surrounding traffic and determines further steps to protect the target.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

24

Securing the Data Center

Slide 22

The Junos OS

Reliable, high-performance network operating system
for routing, switching, and security

improves the reliability, performance, and security of
existing applications

Automates network operations

Architected with DevOps in mind

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 22

The Junos OS
Junos OS is a reliable, high-performance network operating system for routing, switching, and security. It reduces the
time necessary to deploy new services and decreases network operation costs. Junos OS offers secure programming
interfaces and the Junos software development kit (Junos SDK) for developing applications that can unlock more
value from the network.
Running Junos OS in a network improves the reliability, performance, and security of existing applications. It
automates network operations on a streamlined system, allowing more time to focus on deploying new applications
and services. Junos OS is scalable both up and down, providing a consistent, reliable, stable system for developers
and operators. This, in turn, means a more cost-effective solution for your business.
Junos OS is architected with DevOps in mind. With versatile scripting support and integration with popular
orchestration frameworks, Junos OS offers flexible options for continuous delivery and DevOps style management.
The Junos Continuity features further enhance continuous delivery and efficient software re-qualification.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

25

Securing the Data Center

Slide 23

Junos OS Features

Data Plane

Kernel
mKernel
HAL

Physical Interfaces

© 2015 Juniper Networks, Inc. All rights reserved.

Daemon X

Switching

Routing

Management

Control Plane

Open Management Interfaces

One operating system
Steady release train
Modular software architecture
Ease of use and operational
agility
• Simple routing policy
management
• Separate control and data planes
increase reliability and security
• Junos Continuity features

•
•
•
•

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 23

Junos OS Features
Junos OS offers the following features:
• One operating system reduces time and effort to plan, deploy, and operate network infrastructure;
• A steady release train provides stable delivery of new functionality;
• Modular software architecture provides highly available and scalable software that keeps up with changing needs;
• Meaningful configuration hierarchies together with annotations, commit check, commit, and rollback features
exemplify ease of use and operational agility;
• Simple routing policy management supports fine-grained network traffic controls;
• Separate control and data planes increase reliability and security; and
• Designed for DevOps, Junos Continuity aids continuous delivery, zero downtime, and vastly reduced requalification times when introducing new line card or chassis upgrades.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

26

Securing the Data Center

Slide 24

Managing the Network and Security
Firewall management and UTM

Junos Space Security Director

• Control the device throughout its life cycle
with a single, centralized dashboard

• Provides security scale, granular policy
•

control, and policy breadth
Quickly manage all phases of the security
policy life cycle

IPS signature management
AppFW
IPsec VPN management
NAT management

•

Secure Analytics
SIEM capabilities—efficiently manage
business operations on networks from a
single console

• Analyze and manage network data
• Log management
• Real-time threat management
© 2015 Juniper Networks, Inc. All rights reserved.

Log
Management

Security
Information
and Event
Management

Secure Analytics
Network
Behavior
Analysis and
Application
Visibility

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 24

Managing the Network and Security
Unlike solutions that require administrators to use multiple management tools to control a single device, Junos Space
Security Director enables IT departments to control the device throughout its life cycle with a single, centralized
dashboard.
As an application on Junos Space Network Management Platform, Junos Space Security Director provides extensive
security scale, granular policy control, and policy breadth across the network. It helps administrators quickly manage
all phases of the security policy life cycle for stateful firewall, UTM, IPS, application firewall (AppFW), VPN, and NAT
through a centralized web-based interface. Junos Space Security Director reduces management costs and errors with
efficient security policy, workflow tools, and a powerful “app” and platform architecture.
Juniper Networks Secure Analytics provides Security Information and Event Management (SIEM) capabilities. By
combining, analyzing, and managing an unparalleled set of surveillance data—network behavior, security events,
vulnerability profiles, and threat information—it helps empower companies to efficiently manage business operations
on their networks from a single console. It offers superior log management with distributed log collection and
centralized viewing, threats management that delivers real-time surveillance and detection information, and
compliance management capabilities—all viewed and managed from one console.
Juniper Networks Advanced Insight Solution (AIS) provides in-service diagnostic functionality with flexible automated
monitoring and reporting. Third-party network management partners supporting the Juniper products provide
additional management solutions for network, fault, performance, and change control. By selecting the appropriate
management tool, network administrators can deploy, manage and troubleshoot large network deployments.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

27

Securing the Data Center

Slide 25

Section Summary

In this section, we:
•Described Juniper Networks IPS features and capabilities
•Described the basic features of Junos OS
•Discussed Juniper’s tools that assist in the deployment,
management, and troubleshooting of large network
deployments

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 25

In this section, we:
• Described Juniper Networks IPS features and capabilities;
• Described the basic features of Junos OS; and
• Discussed Juniper’s tools that assist in the deployment, management, and troubleshooting of large network
deployments.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

28

Securing the Data Center

Slide 26

Learning Activity 2: Question 1

Security Director is an application that runs on which
Juniper product?
A.
B.
C.
D.

Firefly Perimeter
Secure Analytics
Junos Space
SRX Series

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 26

Learning Activity 2: Question 1

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

29

Securing the Data Center

Slide 26

Learning Activity 2: Question 2

True or false: Secure Analytics offers log
management, threat management, and compliance
management, all in one product.
A. True
B. False

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 26

Learning Activity 2: Question 2

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

30

Securing the Data Center

Slide 27

Course Summary

In this course, we:
• Provided an overview of Juniper’s SRX Series physical and
virtual security products
• Explored Juniper’s IPS capabilities
• Described tools for network deployment, management, and
troubleshooting

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 27

In this course, we:
• Provided an overview of Juniper’s SRX Series physical and virtual security products;
• Explored Juniper’s IPS capabilities; and
• Described tools for network deployment, management, and troubleshooting.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

31

Securing the Data Center

Slide 28

Additional Resources

Education Services training classes
•http://www.juniper.net/training/technical_education/


Juniper Networks Certification Program Web site
•www.juniper.net/certification


Juniper Networks documentation and white papers
•www.juniper.net/techpubs


To submit errata or for general questions
•[email protected]

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 28

For additional resources or to contact the Juniper Networks eLearning team, click the links on the screen.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

32

Securing the Data Center

Slide 29

Evaluation and Survey

You have reached the end of this Juniper Networks
eLearning module

You should now return to your Juniper Learning
Center to take the assessment and the student
survey
•After successfully completing the assessment, you will earn
credits that will be recognized through certificates and nonmonetary rewards
•The survey will allow you to give feedback on
the quality and usefulness of the course

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 29

You have reached the end of this Juniper Networks eLearning module. You should now return to your Juniper
Learning Center to take the assessment and the student survey. After successfully completing the assessment, you
will earn credits that will be recognized through certificates and non-monetary rewards. The survey will allow you to
give feedback on the quality and usefulness of the course.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

33

Securing the Data Center

Slide 30

Copyright © 2015 Juniper Networks, Inc.

All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo,
JUNOS, QFABRIC, NETSCREEN, and SCREENOS are registered
trademarks of Juniper Networks, Inc. in the United States and other
countries. All other trademarks, service marks, registered
trademarks, or registered service marks are the property of their
respective owners.

© 2015 Juniper Networks, Inc. All rights reserved.

CONFIDENTIAL

SOT-DCD05F-ML5

www.juniper.net | 30

Copyright © 2015 Juniper Networks, Inc.
All rights reserved. JUNIPER NETWORKS, the Juniper Networks logo, JUNOS, QFABRIC, NETSCREEN, and
SCREENOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other
trademarks, service marks, registered trademarks, or registered service marks are the property of their respective
owners.

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

34

Securing the Data Center

Slide 31

CONFIDENTIAL

Course SOT-DCD05F-ML5

© Juniper Networks, Inc.

35

e d u c a t io n se r v ic e s c o u rse w a re

Co rp o rat e and Sales Head q uart ers

APAC Head q uart ers

EM EA Head q ua rt ers

Junip er Net w orks, Inc.
119 4 Nort h Mat hild a Avenue
Sunnyvale, CA 9 4 0 8 9 USA
Phone: 8 8 8 .JUNIPER
( 8 8 8 .5 8 6 .4737)
or 4 0 8 .74 5 .20 0 0
Fax: 4 0 8 .74 5.210 0
w w w.junip er.net

Junip er Net w orks ( Ho ng Kong)
26 / F, Cit yp laza One
1111 King’s Ro ad
Taikoo Shing, Ho ng Kong
Phone: 8 5 2.2332.36 36
Fax: 8 5 2.2574 .78 0 3

Junip er Net w orks Ireland
Airsid e Business Park
Sw ord s, Co unt y Dub l in, Ireland
Phone: 35 .31.8 9 0 3.6 0 0
EMEA Sales: 0 0 8 0 0 .4 58 6 .4737
Fax: 35 .31.8 9 0 3.6 0 1

Copyright 20 10 Junip er Net w orks, Inc.
All right s reserved. Junip er Net w o rks,
t he Junip er Net w orks lo go, Juno s,
Net Screen, and ScreenOS are regist ered
t rad em arks of Junip er Net w o rks, Inc. in
t he Unit ed St at es and ot her count ries.
All o t her t rad em arks, service m arks,
regist ered m arks, or regist ered service
m arks are t he p ro p ert y of t heir
resp ect ive ow ners. Junip er Net w orks
assum es no resp o nsib ilit y f or any
inaccuracies in t his d o cum ent . Junip er
Net w orks reserves t he right t o change,
m o d if y, t ransf er, o r ot herw ise revise t his
p ub l icat ion w it hout not ice.