At the core of much of Juniper Networks’ security hardware efforts in recent years has been the SRX security services gateway. For the most part, the SRX has been hardware-bound, but new efforts in Juniper’s Software Defined Secure Network (SDSN) initiative are expanding the definition of what the SRX is all about.
The SDSN is Juniper’s effort to disaggregate software from hardware, enabling better agility for both securit deployment and enforcement.
The new cSRX provides virtual SRX services inside a Docker container. Docker containers promise a lightweight deployment medium, and the technology is rapidly being embraced by both developers and operators in production. The cSRX provides Layer 4-7 security services, including threat management, content security, and application security features.
While the cSRX is about containers, there are still lots of use cases for traditional hypervisor-based Virtual Machines (VMs) as well, which is why Juniper also has a vSRX. The vSRX is a VM-based deployment of the SRX that can run on VMware’s ESX hypervisor or the open-source KVM hypervisor. According to Juniper, the vSRX can scale performance up to 100 Gbps, narrowing the gap with whatever physical purpose-built hardware appliances can enable.
Further helping to enable the SDSN portfolio is Juniper’s open-source Contrail Software Defined Networking (SDN) controller. Juniper is now expanding the scope of Contrail to support Docker and container networking.
“Customers can then create virtual networks and add different Docker containers to different virtual networks,” Pratik Roychowdhury, senior director of product management, SDN, Juniper Networks, explained in a blog post. “Additionally, Contrail Networking can now integrate with container cluster management systems, such as Kubernetes, and enables users to create network segmentation across Kubernetes ‘pods’.”
As is the case with other SRX devices, policy management on the cSRX and vSRX, can be handled with the Junos Space Security Director, allowing organizations to have a unified policy across physical and containerized editions of the SRX.
“These key additions to our security portfolio will further our Software-Defined Secure Networks vision and greatly benefit our customers,” Kevin Walker, security CTO at Juniper Networks, said in a statement. “Our products provide the best opportunity to create secure networks through policy, detection and enforcement.”
Sean Michael Kerner is a senior editor at Enterprise Networking Planet and InternetNews.com. Follow him on Twitter @TechJournalist.