The Power of a Threat-Aware Network

Juniper Connected Security is more than just a marketing catchphrase or a nice metaphorical basket where all of Juniper Networks’ information security products can be placed. It is an information security strategy, one focused on the importance of deep network visibility, multiple points of enforcement throughout the network and interconnectivity between both networking and information security products. The expansion of SecIntel throughout Juniper’s portfolio is a real-world example of this strategy in action. Bringing threat intelligence to network infrastructure with SecIntel provides customers with a threat-aware network, enabling their network infrastructure to act against attacks and help safeguard users and applications.

SecIntel for a Threat-Aware Infrastructure

SecIntel provides carefully curated, verified threat intelligence from Juniper Networks’ Advanced Threat Prevention (ATP) Cloud, Juniper Threat Labs and industry-leading threat feeds to our MX Series routing platforms, SRX Series Services Gateways and NFX Series Network Services Platform to block command-and-control communications at line rate.
Earlier this year, CRN designated Juniper’s SecIntel as one of the “12 Cool New Threat Detection and Response Products Unveiled at Black Hat 2019.” SecIntel integration has now been extended to EX Series and QFX Series switches, enabling them to subscribe to SecIntel’s infected host feed and allowing customers to block compromised hosts at the switch port, simply and easily. Customers can now extend SecIntel throughout their entire network, increasing the number of security enforcement points.

If the expansion of SecIntel capabilities is a technological demonstration of what Juniper Connected Security aims to achieve, 2019 has been a year which reinforced that the Juniper Connected Security approach is working for customers. This year, Juniper Networks was named a Champion in the Infotech SIEM Customer Experience report. In this report , Juniper Secure Analytics ranked first in a number of categories, including service experience and product impact.

Juniper Receives “Recommended” rating from NSS Labs for Juniper’s Data Center Security Gateway

This week, Juniper Networks also achieved a “Recommended” rating from NSS Labsfor our ability to secure the data center in their 2019 Data Center Security Gateway (DCSG) report. NSS Labs tested the Juniper SRX5400 firewall with one SPC3 service card, running AppSec and IDP licenses. NSS Labs’ independent testing focused on security effectiveness, performance, stability and reliability, and TCO.

“Juniper is back,” is the first bullet point listed by NSS Labs under “Key Takeaways” within the DCSG Security Value Map™ Comparative Report. The NSS Labs Data Center Security Gateway tests have traditionally only included server-side evasions, but this year, NSS also included client-side evasions. Juniper scored well, achieving the following results:

• 100% resistance to evasions
• 99.62% exploit block rate
• 13.962 Gbps average secured throughput

Juniper Connected Security represents some of the most effective information security products available on the market today. Making these capabilities available throughout the network increases security for all workloads, no matter where those workloads happen to operate.

Partner Alliances

Juniper Connected Security encompasses more than just Juniper’s own products. By connecting our technologies with those of alliance partners, Juniper Connected Security offers organizations the ability to secure their networks from the endpoint to the edge, and every cloud in between.

For example, organizations can use Juniper Connected Security in partnership with Corero to stay ahead of DDoS attacks using the same security tools that identify and classify the risks of compromised endpoints. These are also the same products used to analyze telemetry from – and enforce policy on – firewalls, switches and routers throughout a customer’s network. Juniper Connected Security offers organizations a common toolkit for information security, regardless of a network’s scale; one that works with Juniper’s own products, those of our ecosystem partners and even those of our competitors.

Security at All Points of Connection
Networking and security are inextricably intertwined. It is when vendors (and customers) attempt to architect their networks using only point solutions that they open themselves up for risk. Effective network security starts with designing the network for both connectivity and multiple layers of security and is achieved by deploying multiple technologies, from multiple vendors, creating a whole that is more capable than the sum of its parts.

“Juniper is back.”
– NSS Labs 2019 Data Center Security Gateway Security Value Map Comparative Report, Key Takeaways
Juniper Networks offers organizations the networking and security capabilities they need to not only meet today’s challenges, but tomorrow’s as well. Our network and security portfolio offer industry-leading performance along with the ability to scale. This is reflected in the 22% year-over-year growth of our security portfolio.

Trust is the real IT security challenge of the next decade. Vendors need to build it. Customers need to be judicious about it. Whom will you trust with the future of your business? Which vendor(s) are you certain will be there a decade from now? Who will provide you cross-vendor integration support today, tomorrow and in the future?

At Juniper, we’ve refocused our strategic direction of solving our customers’ challenges to safeguard users, applications and infrastructure by extending security to all points of connection on the network, creating a network that is threat aware and better able to deliver the reliable connectivity we’re known for and a more effective way to secure those connections and the data that traverses them. And we’re actively executing on that strategy. Extending SecIntel first to the firewall, then the router, and now the switch allows the threat-aware network we’ve been talking about to become a reality for our customers.

Cloud Networking Transformation Ahead

Networking is undergoing a metamorphosis. Today’s operations are challenged to cope with the DevOps, NetOps, SecOps and CloudOps models that need consistent operations control. Why should enterprises care? How do you cope with decades of legacy and is change possible? Arista believes that the networking world is at the cusp of a transformation, significantly facilitated by the agile, dynamic and economic network models of the public cloud providers. They have proven the elegance of simple yet scalable designs that transform siloed networks for the data center, core, campus or branch PINs (Places in the Network) into east west PICs(Places in the Cloud). This new paradigm is a far cry from the traditional siloed network architectures that required applications to be assigned to specific servers or storage, causing fixed-function rigidity. Agility and high availability are pivotal foundations to building the new PICs.

As large data sets explode, the use of artificial intelligence applications, video and workflow traffic intermingled with breakthroughs in the mobile Internet from 5G to 400Gbps speeds, creates greater pressures on network portability. This has driven Arista to build a highly programmable state-driven software stack –Arista EOS^® (Extensible Operating System) and network wide CloudVision^®.

Campus is a Natural Extension
As data centers extend to the campus and branch, converting siloed PINs to PICs, applications require increased agility and elasticity, blending cloud native applications and enterprise networks via containers and APIs. The shift to IoT and microservices, be it physical, virtual or container-based with Arista CloudEOS and intelligent wired-WiFi edge connects a common spine with common protocols. This Universal Spine is enabled through CloudVision topology and inference management.

Changing Operation Models
Modern development tools today are closer to distributed systems architectures than before and need to understand failure patterns, network partitions/requirements and how their applications deploy and perform in far more dynamic environments. Traditional CLI based Network ops is lagging behind by decades and the model will only scale if declarative practices are adopted to augment mature DevOps. Ops teams are emerging ‘bottom-up’ as NetOps from IT infrastructure balance out this dynamic. The “operator” functions are rapidly becoming understood and accepted as critical roles within enterprise. CloudVision brings that network wide turnkey control.

Network wide Analytics
Migrating from old school appliances to next generation architectures requires network wide analytics. With switch-based DANZ (Data ANalyZer) and our recent acquisition of Big Switch DANZ Monitoring Fabric, (DMF) we can create overlays to CloudVision for network wide change control, automation and analytics. This is a primary driver of cost and efficiency on Day 2.

Arista Ahead
Until now the intersection of human, users, devices, machines and networking was somewhat loosely- coupled. Now one or many applications or scans can consume gigabytes of data, ingested from IoT devices such as video, storage, and real-time analytics with indexing and queuing views. Arista’s cognitive approach to high availability networking, built on cloud principles of availability, agility, and analytics, brings the combination of inference and real-time action. Troubleshooting shouldn’t be a finger pointing exercise, and live patching should be the norm instead of unplanned outages. The healthy flow of information to critical decision makers demands a cognitive network. Welcome to the new world of software defined cloud networking!

How machine learning and automation can modernize the network edge

If you want to know the future of networking, follow the money — right to the edge.
Applications are expected to move from data centers to edge facilities in record numbers, opening up a huge new market opportunity. The edge computing market is expected to grow at a compound annual growth rate of 36.3 percent between now and 2022, fueled by rapid adoption of the “internet of things,” autonomous vehicles, high-speed trading, content streaming and multiplayer games.
What these applications have in common is a need for near zero-latency data transfer, usually defined as less than five milliseconds, although even that figure is far too high for many emerging technologies.  
The specific factors driving the need for low latency vary. In IoT applications, sensors and other devices capture enormous quantities of data, the value of which degrades by the millisecond. Autonomous vehicles require information in real-time to navigate effectively and avoid collisions. The best way to support such latency-sensitive applications is to move applications and data as close as possible to the data ingestion point, therefore reducing the overall round-trip time. Financial transactions now occur at sub-millisecond cycle times, leading one brokerage firm to invest more than $100 million to overhaul its stock trading platform in a quest for faster and faster trades.

Operational challenges

As edge computing grows, so do the operational challenges for telecommunications service provider such as Verizon Communications Inc., AT&T Corp. and T-Mobile USA Inc. For one thing, moving to the edge essentially disaggregates the traditional data center. Instead of massive numbers of servers located in a few centralized data centers, the provider edge infrastructure consists of thousands of small sites, most with just a handful of servers. All of those sites require support to ensure peak performance, which strains the resources of the typical information technology group to the breaking point — and sometimes beyond. 
Another complicating factor is network functions moving toward cloud-native applications deployed on virtualized, shared and elastic infrastructure, a trend that has been accelerating in recent years. In a virtualized environment, each physical server hosts dozens of virtual machines and/or containers that are constantly being created and destroyed at rates far faster than humans can effectively manage. Orchestration tools automatically manage the dynamic virtual environment in normal operation, but when it comes to troubleshooting, humans are still in the driver’s seat. 
And it’s a hot seat to be in. Poor performance and service disruptions hurt the service provider’s business, so the organization puts enormous pressure on the IT staff to resolve problems quickly and effectively. The information needed to identify root causes is usually there. In fact, navigating the sheer volume of telemetry data from hardware and software components is one of the challenges facing network operators today. 

Machine learning and automation 

A data-rich, highly dynamic, dispersed infrastructure is the perfect environment for artificial intelligence, specifically machine learning. The great strength of machine learning is the ability to find meaningful patterns in massive amounts of data that far outstrip the capabilities of network operators. Machine learning-based tools can self-learn from experience, adapt to new information and perform humanlike analyses with superhuman speed and accuracy.  
To realize the full power of machine learning, insights must be translated into action — a significant challenge in the dynamic, disaggregated world of edge computing. That’s where automation comes in.
Using the information gained by machine learning and real-time monitoring, automated tools can provision, instantiate and configure physical and virtual network functions far faster and more accurately than a human operator. The combination of machine learning and automation saves considerable staff time, which can be redirected to more strategic initiatives that create additional operational efficiencies and speed release cycles, ultimately driving additional revenue. 

Scaling cloud-native applications

Until recently, the software development process for a typical telco consisted of a lengthy sequence of discrete stages that moved from department to department and took months or even years to complete. Cloud-native development has largely made obsolete this so-called “waterfall” methodology in favor of a high-velocity, integrated approach based on leading-edge technologies such as microservices, containers, agile development, continuous integration/continuous deployment and DevOps. As a result, telecom providers roll out services at unheard-of velocities, often multiple releases per week. 
The move to the edge poses challenges for scaling cloud-native applications. When the environment consists of a few centralized data centers, human operators can manually determine the optimum configuration needed to ensure the proper performance for the virtual network functions or VNFs that make up the application.
However, as the environment disaggregates into thousands of small sites, each with slightly different operational characteristics, machine learning is required. Unsupervised learning algorithms can run all the individual components through a pre-production cycle to evaluate how they will behave in a production site. Operations staff can use this approach to develop a high level of confidence that the VNF being tested is going to come up in the desired operational state at the edge. 

Troubleshooting at the speed of AI 

AI and automation can also add significant value in troubleshooting within cloud-native environments. Take the case of a service provider running 10 instances of a voice call processing application as a cloud-native application at an edge location. A remote operator notices that one VNF is performing significantly below the other nine.  
The first question is, “Do we really have a problem?” Some variation in performance between application instances is not unusual, so answering the question requires a determination of the normal range of VNF performance values in actual operation. A human operator could take readings of a large number of instances of the VNF over a specified time period and then calculate the acceptable key performance indicator values — a time-consuming and error-prone process that must repeated frequently to account for software upgrades, component replacements, traffic pattern variations and other parameters that affect performance.
In contrast, AI can determine KPIs in a fraction of the time and adjust the KPI values as needed when parameters change, all with no outside intervention. Once AI determines the KPI values, automation takes over. An automated tool can continuously monitor performance, compare the actual value to the AI-determined KPI and identify underperforming VNFs.
That information can then be forwarded to the orchestrator for remedial action such as spinning up a new VNF or moving the VNF to a new physical server. The combination of AI and automation helps ensure compliance with service-level agreements and removes the need for human intervention — a welcome change for operators weary of late-night troubleshooting sessions. 

Harnessing the competitive edge

As service providers accelerate their adoption of edge-oriented architectures, IT groups must find new ways to optimize network operations, troubleshoot underperforming VNFs and ensure SLA compliance at scale. Artificial intelligence technologies such as machine learning, combined with automation, can help them do that.
In particular, there have been a number of advancements over the last few years to enable this AI-driven future. They include systems and devices to provide high-fidelity, high-frequency telemetry that can be analyzed, highly scalable message buses such as Kafka and Redis that can capture and process that telemetry, and compute capacity and AI frameworks such as TensorFlow and PyTorch to create models from the raw telemetry streams. Taken together, they can determine in real time if operations of production systems are in conformance with standards and find problems when there are disruptions in operations.
All that has the potential to streamline operations and give service providers a competitive edge — at the edge.

Secure SD-WAN - Branch Platforms

The announcement of Juniper's newest hardware additions for the AI-driven enterprise makes our portfolio of CPE the most extensive for secure SD-WAN across all sizes of branch and campuses. There’s no denying the growing importance of SD-WAN for providing secure and efficient connectivity of remote sites to the cloud. Even more important is enterprises’ need to drive operational simplicity and uniformity across the branch and campus in today’s multicloud environment. For SD-WAN to be successful, the key is to satisfy the needs of today while preparing for the ones of tomorrow and beyond.

One of the core needs of increasing importance for SD-WAN is security. Traditional security solutions don’t cut in when it comes to performance, interconnectivity and flexibility, meanwhile, SD-WAN-centric solutions may offer elementary security features that will ultimately put the business at risk. The industry is at an intersection where SD-WAN features and advanced threat protection need to be designed hand-in-hand to safeguard users, applications and infrastructure. This has been our exact focus for our SD-WAN solution and, to that end, we’ve now expanded our range of CPE hardware in the WAN edge portfolio to include:

Wi-Fi Mini Physical Interface Module (mPIM): An enterprise-grade Wi-Fi card for compact locations with our SRX Series Services Gateways. It provides dual radio support of 2.4 and 5Ghz frequencies along with 802.11ac Wave 2 and 802.11ac with backward compatibility of 802.11n standards. The module is suited for remote offices, guest Wi-Fi, small office, IoT connectivity or kiosks. It is an ideal branch-in-a-box solution where one access point is sufficient.

This mPIM is manageable by CLI, JWeb or Juniper Sky Enterprise. It also offers ZTP and management via the Contrail Service Orchestration interface, as part of Juniper’s cloud-managed or on-premises Contrail SD-WAN solution.



SRX380: For larger branches, the SRX380 is the fastest performing CPE platform of the branch SRX300 product line. Leading features include high port density with 10G options for high on-board connectivity, increased POE+ port density for IoT devices, AE256 MACsec encryption, dual power supplies and up to four MPIM card slots for wired or wireless connectivity.

The SRX380 can be adapted to be a secure SD-WAN and next-gen firewall device. Users can add advanced threat prevention services to expand on the native next-generation firewall and UTM capabilities, IPS and AppSecure application visibility and policies.


NFX350: The NFX350 is a high-end universal CPE platform in the NFX Series for large branch site deployments. Built on the next generation of Intel processors, Skylake, it offers up to 7.5 Gbps IPsec performance for higher SD-WAN scale and performance, while redundant power supplies provide greater platform resiliency. It includes 8x1Gbps and 8xSFP/SFP+ ports with AES256 MACsec support for high network connectivity and WAN interfaces for LTE, DSL and SFP. Support for multiple Juniper and third-party VNFs enables customers to accelerate application deployment in an automated and scalable fashion.

The NFX350 universal CPE platform fits the bill as a secure router, SD-WAN device or next-generation firewall. Consistent with the NFX Series, users reap the many benefits of SD-WAN, but most importantly, the simplicity of automation and consolidation with the reliability of smarter security and SDN.



These new products meet the needs of both the top and bottom ends of all branch and campus sizes – the SRX Wi-Fi mini card for compact spaces and the SRX380 and NFX350 as top line branch CPEs. Be sure to tune in or test drive Contrail SD-WAN for free.

Juniper Flex Program

Juniper Flex Program Overview

The Juniper Flex Program is a framework, set of policies, and tools that help unify and thereby simplify Juniper product-driven licensing and packaging.

The major components of the framework are:

• A focus on customer segments (enterprise, service provider, and cloud) and use cases for Juniper Networks hardware and software products.
• The introduction of subscription licenses and subscription portability for all Juniper Networks products including Junos OS, Contrail, and Juniper cloud-based services.
• The introduction of a common three-tiered model (standard, advanced, and premium) for all Juniper Networks software products.

Getting Started with the Juniper Flex Program

As a customer ordering a Juniper Networks product that includes hardware, you order:

• The hardware platform that includes the standard license.
• The customer support package that fits your needs.
• The advanced or premium subscription licenses, according to your use case. These subscription licenses include embedded customer support.

As a customer ordering a Juniper Networks software product, you order:

• The standard, advanced or premium subscription license, according to your use case. These subscription licenses include embedded customer support.

Understanding the Three-Tiered Model for the Juniper Flex Program

As new hardware platforms become available with the Juniper Flex Program, you can customize your purchase using one of the following three models:

• Standard License
  The standard license includes the hardware platform and a license to use the software with the standard feature set. Standard Return Material Authorization (RMA) policies apply with no changes in case of hardware failure. Customer support is ordered separately as you select your preferred hardware support policy and support for the standard software features. For more information about support policy, see Contact Support. The hardware platform does not require a separate license, and the software right-to-use (RTU) license is perpetual for the licensed features.
• Advanced License
  The advanced license includes the subscription-based license to use the advanced software features. The license term is 1 year, 3 years, or 5 years. Customer support for the software features is included. These features differ by use case and platform. For example, to view the list of features for the QFX5200 switch, see QFX5200 Switch SKUs.
• Premium License
  The premium license includes the subscription-based license to use the Junos OS software features. The license term is 1 year, 3 years, or 5 years. Customer support for the software features is included. These features differ by use case and platform. The premium license is a superset and includes all the features from the advanced license and additional features. For example, to view the list of features for the QFX5200 switch, see QFX5200 Switch SKUs.

Figure 1: Three-Tiered Model for the Juniper Flex Program

Understanding Subscription Licenses

All advanced and premium licenses are offered as subscriptions. Subscription licenses are available in 1 year, 3 years, or 5 years terms. After the order fulfilment, the subscription period begins after the completion of 30 days grace period.

Table 1 describes the subscription terms for purchase and number of months to use the license.

Table 1: Subscription Terms Details

Subscription Terms	Number of Months for the License
1 year	13 months
3 years	37 months
5 years	61 months

The subscription licenses include the following attributes:

• Specific products might offer a subset of these licenses. At the end of the term, you have three options:
  • You can renew the subscription, to continue to use the features and scale granted under the license.
  • You can order a replacement subscription. For example, when an advanced subscription term expires, you might have the requirement to upgrade to the premium subscription term.
    Upgrading and downgrading the subscription models is supported. In both cases, subscription models are processed as a new order, and you might use the features and scale granted under the new license. For example, you have a 5 years subscription and you want to downgrade to 3 years subscription and the other way around.
  • You might decline to renew or purchase a replacement subscription. In this case, you may no longer use the features and scale granted under the expired subscription. You can continue to use the hardware and any software features which are granted under a perpetual license.
• Subscription licenses include Juniper customer support for software features as part of the subscription license, unless customer support is provided by a Juniper partner directly. There is no need to order a separate customer support policy for the advanced and premium licenses.
• Premium license includes all the features in the premium and advanced licenses.
• Subscriptions may be ordered at any time.
• New software features may be available over time with new software versions.
• Subscription licenses are portable for similar devices.
• Subscriptions are cancelable at the end of the term.
• Renewals are not automatic.

Licensing Support on the Juniper Flex Program

The Juniper Flex Program offers the following support:

• Portability for Subscription Licenses
  Subscription licenses are portable. This means that if you buy a new similar hardware platform, then you can port the subscription license. You can stop using the license on one hardware platform and move it to another hardware platform. This portability allows you to balance features across hardware platforms in the network without having to buy extra feature licenses.
• Perpetual Licenses
  The standard Junos OS software shipped on the hardware platform includes a perpetual license, and this license is valid for the life of the hardware platform. The advanced and premium licenses are made available through the subscription license.
• Feature-Based Licensing
  Some Juniper products offered add-on feature licenses. In the new licensing model, feature licenses are included in the standard, advanced, or premium licenses.
  For information about how to purchase a software license, contact your Juniper Networks sales representative at https://www.juniper.net/in/en/contact-us/.

Building Bridges in the Enterprise on the Journey Toward the Self-Driving Network™

Networks are meant to connect. Yet all too often network operations are disconnected, creating chasms instead of bridges for IT departments. 

This is especially true in the world of Software-Defined Networking (SDN). The goal of SDN is to bring more agility to network operations through the abstraction and automation of network control functions.  However, the industry has forced out disparate SDN solutions that tend to address specific use cases, instead of delivering a holistic solution for the entire enterprise. This has prevented most companies from realizing the full potential of SDN technology. It doesn’t have to be this way.

Juniper Networks has always offered a best-in-class SD-WAN solution with unprecedented scale, robust security and an unsurpassed array of performance options for campus, branch and public cloud WAN connections. In addition, we maximize flexibility with both on-premises and cloud-managed service options for SDN control. Today, we’ve expanded on these advantages even further with several enhancements to the company’s enterprise portfolio that bring even more flexibility, scale and cost savings to campus and branch environments and bring us one step closer to transforming enterprise IT with true AI-driven networks.

A Unified SD-Branch

We’re pleased to announce that Juniper’s SD-WAN solution has grown to also include software-defined LANs. From a common cloud-managed portal, our customers can now easily provision Juniper EX Series switches (e.g. the EX4650, EX4600, EX4300, EX3400 and EX2300 models), manage LAN fabrics and configure LAN virtualization and security policies in the same way they operate their SD-WAN environments. This automated functionality simplifies operations to reduce costs, streamline workflows and leverage the WAN and LAN network for connected security. In addition to the cloud-managed SD-WAN solution, these features will also be in the downloadable controller software for optional on-premises deployment.

Continuing on the theme of unified operations, we have also made it easier to operate Wi-Fi networks in conjunction with the SD-Branch. The same portal for SD-WAN and SD-LAN can be used to show Mist wireless access points and launch the Mist cloud for WLAN provisioning, troubleshooting, management and other day-to-day operations, including our unique wired/wireless assurance capabilities. 



Juniper has a unique and innovative vision of unifying wired/wireless LANs, SD-WAN and security under a common framework that delivers unparalleled automation, insight and actions to our enterprise customers.  These latest enhancements take us one step closer to that goal by expanding the breadth of our cloud offering and delivering even more deployment options for simple, seamless and secure campus and branch networks

Portfolio Breadth for Any Size Enterprise Site

While Juniper’s strength in operational simplicity is fueled by our software innovation (managed via the cloud), we also differentiate -- and excel -- with the quality and breadth of our hardware portfolio. To that end, we are pleased to announce several new additions to our CPE family.

For the more compact branch locations, Juniper is introducing a Wi-Fi card for our line of branch SRX (SRX 3xx and SRX550) next-generation firewalls and secure SD-WAN edge devices.


With the addition of the Wi-Fi card and its smart zero-touch configuration options, the branch SRX is now the perfect all-in-one device for a compact all-wireless branch, SOHO or kiosk, where only one access point is needed. Like the other SRX mini-cards, this new card is integrated into the Contrail SD-WAN solution via Junos. For users with modest network management needs, the SRX with Wi-Fi card is also supported in our cloud-based Juniper Sky Enterprise.

New to the top end in the branch SRX Series is the SRX380. It comes with several leading performance features: 1Gbps IPsec performance, four 10G ports, 16 PoE+ ports for greater wattage and density and AES256 MACsec encryption. Its four mini-card slots expand wired or wireless connectivity with, for example, the new Wi-Fi card, LAN port cards for PoE-powered IoT devices and dual-SIM LTE cards for reliable auto-failover wireless SD-WAN connectivity.

Advancing Juniper’s leadership position in universal CPE even further, new to the NFX Series, is the NFX350. The NFX350 will roll out with the latest in x86 horsepower, along with more storage and memory for secure SD-WAN supporting adjacent virtual network functions and other branch-local applications. All NFX350 devices come with eight 10G and eight 1G interfaces and, depending on the configuration, up to 2TB of storage, 128GB of RAM and 32 vCPUs. The fully loaded NFX350 will support up to 40Gbps of NG-firewalling and up to 8Gbps of IPSec.

It’s Time for the AI-Driven Enterprise

Juniper believes that an AI-driven architecture is the ultimate end game for enterprise IT. It drives simplicity which saves time and money. It increases network predictability and reliability to deliver much needed assurance. And it lays the foundation for driving more value to the business. Fortunately, Juniper has all the right elements to make this happen -- a complete product portfolio, the world’s best AI engine, a modern cloud built for agility and scale and a relentless commitment to execution.  

Not long ago, Juniper announced the integration of wired and wireless access under a common cloud and AI-engine. By unifying our SD-Branch solution under a common cloud-managed portal and federating management between LAN, WLAN and WAN environments, Juniper has taken great strides toward delivering on the ultimate promise of the AI-driven enterprise.

If you’re joining us at NXTWORK EMEA in London this week, be sure to check out breakout sessions and demos on all of the above, and don’t miss our weekly webinars on SD-WAN and Mist wireless. When you’re ready to judge for yourself, watch the demo playlist for SD-WAN and SD-LAN and sign up for a free trial of Contrail SD-WAN, soon expanding to include a guided tour of our LAN fabric management too.

Juniper broadens SD-Branch management, switch options

Juniper has taken the wraps off new software and switches that are designed to broaden user options in deploying software-defined branch offices and enterprise networks.
The company bolstered its Contrail SD-WAN cloud package to include support for SD-LAN-specific operations, such as provisioning of new devices and managing branch office LANs.

"From one cloud portal, customers can now provision Juniper EX Series switches to manage LAN fabrics and configure LAN virtualization and security policies in the same way they operate their SD-WAN environments," wrote Manoj Leelanivas, chief product officer at Juniper, in a blog about the enhancements. "This automated functionality simplifies operations to reduce costs, streamline workflows and leverage the WAN and LAN network for connected security. In addition to the cloud-managed SD-WAN solution, these features will also be in the downloadable controller software for optional on-premises deployment."


The Contrail SD-WAN cloud offering, announced earlier this year, expanded on the company’s existing on-premise (SRX-based) and virtual (NFX-based) SD-WAN offerings to include greater expansion possibilities – up to 10,000 spoke-attached sites and support for more variants of passive redundant hybrid WAN links – and topologies such as hub and spoke, partial, and dynamic full mesh, Juniper stated.


The service brings with it Juniper’s Contrail Service Orchestration package, which secures, automates, and runs the service lifecycle across NFX Series Network Services Platforms, EX Series Ethernet Switches, SRX Series next-generation firewalls, and MX Series 5G Universal Routing Platforms. Ultimately it lets customers manage and set up SD-WANs, and now LANs, all from a single portal.


That same portal can be used to show Mist wireless access points and launch the Mist cloud for WLAN provisioning, troubleshooting, management and other day-to-day operations, including Juniper's wired/wireless assurance capabilities, Leelanivas stated. Juniper in April closed the agreement to buy wireless-gear-maker Mist for $405 million and has been incorporating the Mist technology with its own.

Mist is known for its cloud-managed, AI-based wireless service called WiFi Assurance, which measures performance and service-level metrics to make wireless networks more predictable and reliable, according to the company. Mist's cloud-based system features an AI-driven technology, called Marvis, that brings dynamic packet-capture and machine-learning technology to automatically identify, adapt and fix network issues.


Juniper recently announced Mist is expanding its cloud-based Assurance program to include wired platforms. Wired Assurance can tap into Juniper’s core network operating system, Junos, and gather telemetry data that will measure network performance for connected endpoints, including IoT devices, the company said. It also features anomaly detection to alert when there is a deviation in switch performance from baseline metrics before users know issues exist.
On the hardware side, Juniper expanded its branch switching options to include:

• NFX350: The NFX350 family features eight 10G and eight 1G interfaces and, depending on the configuration, up to 2TB of storage, 128GB of RAM and 32 vCPUs. The fully loaded NFX350 will support up to 40Gbps of NG-firewalling and up to 8Gbps of IPSec.
• SRX380: The SRX380 comes with several key performance features, including 1Gbps IPsec performance, four 10G ports, 16 PoE+ ports for greater wattage and density, AES256 MACsec encryption and four mini-card slots for expanded connectivity.
• A new Wi-Fi card for branch SRX boxes that lets customers deploy Wi-Fi with zero-touch configuration alongside LTE, Ethernet and other traditional network transport options.

This story, "Juniper broadens SD-Branch management, switch options" was originally published by Network World.