SD-WAN & Enterprise BRANCH Solution overview and BDM · Cloud Management Software Defined...

© 2019 Juniper Networks

From SD-WAN…

To SD-BRANCH…

To AI-DRIVEN ENTERPRISE

José Fidel Tomás. [email protected]

Partner Enablement Engineer - EMEA


From SD-Branch to SD-Enterprise

CPE/uCPE

SD-WAN/Hybrid-WAN

SD-BranchSD-WAN + SD-LAN

SD-EnterpriseSD-BRANCH + SD-CAMPUS

LTE

NFX Series Universal CPE

VNFsLTE

SRX Series CPE EX Series

Wi-Fi

Enterprise Branch

Enterprise Branch

Corporate HQ

Enterprise Branch

EX Series


Cloud

Management

Software Defined EnterpriseSingle architecture with presentation layer by market segment

SwitchingWi-Fi SecurityRouting

Artificial

IntelligenceOpen APIs

Wired & Wi-FiAssurance

MarvisVirtual Assistant

NetworkManagement

SD-WANOrchestration

ActionableInsights

AssetTracking

Cloud Services

AI Foundation

Domain Expertise

Data Science

Data Marvis

Open APIs

Junos Extension Toolkit

Streaming Telemetry


JUNIPER CONTRAIL SD-WAN

…

SD-BRANCH actually


CONTRAIL SD-WAN SOLUTION FOR ENTERPRISE CAMPUS & BRANCH

Campus and BranchEnterprise Sites

SaaS Applications IaaS, PaaS:VPCs for cloud-native apps

vSRX Virtual Firewallcloud-WAN endpoint

Private Clouds, Data Centers

Private or SP’sWAN backboneEnterprise Sites Public Cloud

Secure SD-LAN and SD-WAN

Dedicated,

MPLS

Broadband,

Internet

Wireless, 4G/LTE

Legacy and xDSL

Juniper or provider managed aaS

Cloud-managed Contrail SD-WAN

or

Contrail SD-WAN

SRX Series Services Gateway Secure CPEs

LTE

NFX Series universal CPE

LTE

WANxvSRX

Mist Wi-Fi APs

EX Series Ethernet Switches

LAN & WLAN devices WAN Edge Devices

Contrail Service Orchestration (SDN)

SaaS FW passthrough

MX/SRX WAN Hubs for large topologies

Enterprise or SP managed

Wi-Fi

© 2019 Juniper Networks Juniper Business Use Only

CSO CAPABILITY

6

Cloud Based Multi-tenancy

RBAC

CPE, EX Switch and Next Generation

Firewall Management

Pre-provision or auto-provision

Bulk Deploy Configuration

Mist Wireless Systems Integration

Operations and Monitoring

Network Access Control


CONTRAIL SD-WAN: SCALE & SIMPLICITY


Campus SD-WAN Edge Branch Office SD-WAN Edge Cloud/VPC SD-WAN Edge

Visibility and security: End-to-end across sites, Top-to-bottom in branch

Most scalable SD-WAN (>10,000 spoke sites)

now easily accessible to any enterprise

Easy cloud-based operations


MANAGEMENT CHOICES FOR THE AI-DRIVEN ENTERPRISE

Self-managed CSO software

Download and deploy

Managed Services

Partner provided

Cloud-managed Contrail &

Mist

Juniper led

software as a serviceControl on your terms Fully managed


Multi-tenancy and RBAC in CSO

Service Provider Admin

Tenant A Admin

VRF 1 VRF 2 VRF N

Dept100 Dept101 Dept1XX

Corp Intranet Guest Wifi

LAN 1

Site 1 / CPE 1

LAN 2 LAN NLAN 3

Operating Company Admin

Tenant B Admin

Operating Company

Tenant C Admin Tenant D Admin

Level 1 - MSP

Level 2 – Operating Company

Level 3 – Tenant

Level 4 – Department

VRF 1 VRF 2 VRF N

Dept100 Dept101 Dept1XX

Corp Intranet Guest Wifi

LAN 1

Site 1 / CPE 1

LAN 2 LAN NLAN 3

• Granular control of Portal Objects

• Read, Write, Execute

• Out of box predefined roles

• Service Provider, Operator, Tenants

• New role definition

• Authorization with SSO

Feature Support

Juniper Admin

CSO 5.1 – On Premise CSO 5.1 - Cloud


10

SD-WAN Use Cases


MPLS 1

EX

Internet

BRANCH SITES

HQ / Campus / POP

EX2300/3400/4300

Servers /

Applications

SRX3XX/550M/1500/4X00

Standalone NGFW

LTE

SRX3XX/550M/4X00/vSRX

NFX150/250

Mist AP61/43/41/21

SD-WAN CPE

EX2300/3400/4300

EX2300/3400/4300

3rd party CPE/FW

Standalone Switch

Mist AP61/43/41/21

Mist AP61/43/41/21

Contrail SD-WAN/SD-LAN

Controller/Orchestrator

SRX1500/4X00/vSRX

MX240/480/960*

SD-WAN HubHybrid WAN tunnel

Contrail SD-WAN/LAN USE CASES

1

2

3


SD-WAN HUB SUPPORT

• Shared Service Provider Hub

• Gateway/Peering to MPLS

• Enterprise Hub in Branch/HQ

• Static Enterprise Hub Mesh

• LAN side OSPF/BGP support

• Default route leak for DC Apps

• Lifecycle Management of Hub

• SRX 4100/4200 as cluster

• Multiple SP/Enterprise Hub support

• ZTP of SRX 4XXX on roadmap

Customer Benefit:

• Built-in failover and HA

• Scale with multiple Hubs

Use Case

• Shared Service Provider Hub in SP Network• Spoke as Enterprise Hub on premise

Cloud HUB

Site 3

Provider HUB

IPVPN

Dept

Depts

Cloud HUBEnterprise

Hub

Depts

Site 2

Dept

Site 4

Dept

Site 1

Dept

Cloud HUBEnterprise

Hub

Depts

Application

routes

CSO

Controller

DCOSPF/BGP


CSO DEPLOYMENT MODELS

JUNIPER 13

On-Premise (CSO 5.1) Cloud Delivered (CSO 5.1)


DYNAMIC MESHED SD-WAN

• Controller driven site-to-site mesh

• User defined Link mesh tags for mesh creation

• Mesh on different underlay types

• Site level switch for Hub-n-Spoke and Mesh

• Dial for mesh resource management

• Threshold for Max and Min tunnels

• Threshold for mesh create and delete

• Monitoring and Visualization

Customer Benefit:

• Support mesh with different underlay types

• Site to site tunnels based on CPE/link capacity

• Geo based meshing

• Increased Dual CPE site availability

• Enhance scale with partial mesh

• Distribute load with partial mesh

Feature Support

Site 1 Site 2 Site 3

Path A Path A Path A

DeptDeptDept

Path B

CSO

tagtag

Tags: Gold, Silver, Bronze

Cloud HUBService

Provider Hub

Depts

KPI: Session close rate

Gateway HQ SiteEnterprise Hub

Depts

Multiple mesh tags


Cloud HUB

SD-WAN BREAKOUT OPTIONS

• Intuitive Intent based Breakout policy

• Site Local Internet Breakout

• Dept Local Internet Breakout

• Application Local Internet breakout

• Zscaler Internet Breakout

• Central Breakout on Hub

• Central Zscaler Breakout

Customer Benefit:

• Granular control of traffic

• Site level control of breakouts

• Redundant breakout path for link failure

Use Case

• Extensive Breakout capability• Breakout failover and redundancy

Site 1 Site 2 Site 3

Enterprise

Hub

Service

Provider HUB

IPVPN

Local Breakout

Zscaler Breakout

DC

3. Hub Breakout

• Internet

• IPVPN

Local Breakout

Zscaler Breakout

Internet Breakout

ZBOPath A Path A Path A

Path A

Path B Path B Path B

DeptDeptDept

Depts

Depts

2. Central Internet Breakout

• Application

• Department

• Internet

1. Local Breakout

• Application

• Department

• Internet

• Zscaler


16

SD-LAN Use Cases


MPLS 1

EX

Internet

BRANCH SITES

HQ / Campus / POP

EX2300/3400/4300

Application

s

SRX3XX/550M/1500/4X00

Standalone NGFW

LTE

SRX3XX/550M/4X00/vSRX

NFX150/250

Mist AP61/43/41/21

SD-WAN CPE

EX2300/3400/4300

EX2300/3400/4300

3rd party CPE/FW

Standalone Switch

Mist AP61/43/41/21

Mist AP61/43/41/21

Contrail SD-WAN/SD-LAN

Controller/Orchestrator

SRX1500/4X00/vSRX

MX240/480/960*

SD-WAN HubHybrid WAN tunnel

CSO SD-BRANCH USECASES

1

2

3


FEDERATED MANAGEMENT

Contrail

Service Orchestration

Mist Cloud

Wired LAN Wireless Access EdgeSD-WAN Edge

API Federated

Contrail LAN fabric management Wired LAN management and assurance

UI portal-to-portal contextual pass through

WAN and Wi-Fi ambidextrous management intercepts the LAN in the middle


WIRED ASSURANCE & MARVIS ACTIONS

• Gain insight into wired network

performance

• Proactively identify and track issue

resolution with anomaly detection

• Determine root cause across wired and

wireless networks

• Leverage AI engine to analyze data across site and

identify configuration or interoperability issues

• Missing VLAN configurations

• 802.1x authentication issues

• RADIUS and DHCP issues

• Identify and resolve issues before users report them


WIRED SWITCH INSIGHTS

• Data via NETCONF feeding

into Marvis & service levels

• Detailed views of switch health

for CPU, memory, traffic

utilization and power

consumption


WIRED SWITCH PORT-LEVEL

• Data via NETCONF feeding

into Marvis & service levels

• Detailed views of per port in

traffic, interface stats and

errors, power consumption


22

NG-FW Use Cases


Protects against advanced malware like

ransomware and persistent threats

• Analyzes web and e-mail files using

sandboxing and machine learning

• Built-In Threat Intelligence – Reputation and

CnC Feeds, GeoIP Feeds, Custom Feeds

• FedRAMP certified, STIX/TAXII capable

• Integrate Carbon Black for endpoint protection

JUNIPER CONNECTED SECURITY IN SD-WAN


Contrail SD-WAN provides NG-Firewalling and UTM:

Intent-based policies and easy default rules and groups

Customize application-based policies for >4200 applications (even in

SSL/TLS)

• Antivirus

• Antispam

• Web filtering

• Content filtering

• IPS

• AppSecure

Cloud or on-prem ATP service subscription

adds:

Juniper ATP

UI includes:

Security policy and

threat visibility


APPLICATION VISIBILITY AND SLA VISUALIZATION –VISIBILITY OF 4200+ APPS WITH NEAR REAL-TIME JITTER, PACKET LOSS & RTT

SLA over time period

Top Applications per Site

Actual link SLA


INTENT POLICY


Deployment and

Components


ZERO TOUCH ACTIVATION AND DEPLOYMENT TEMPLATES

27

DEVICE ACTIVATION• Zero Touch Activation

• ZTP Support over LTE

• ADSL and VDSL Pluggable SFP

• Application based routing

• Granular Application based SLA

• Integrated Security

• Dynamic SLA Support

• Security Policy Management

• Device and Service Monitoring

• Multi-homing

• Full Mesh & Hub-n-Spoke

• Service Chaining with SD-WAN\

• Template support

Feature Support


Providers Integrators Technologies

CONTRAIL SD-WAN COMPONENTS

Partner ecosystemOptional physical or virtual

secure routing hubs/gateways

SDN control and

management on-prem or on-

cloud

WAN Endpoints: NFX, SRX or

vSRX, with optional Cloud ATP

service

Now includes Branch Wired and Wireless LAN Endpoints: EX and Mist APs


SRX300s, SRX550M, SRX1500, SRX4000s

Broad SRX portfolio from 100Mbps to 95Gbps

SRX SERIES NFX150, NFX250, NFX350

Industry-leader in universal CPE market share

NFX SERIES

Secure Router

or

Firewall

Secure uCPE

White-box /

Brite-box

Per-device

management

SDN & cloud-

managed

EDGE

Evolution

MANAGEMENT

Evolution

WAN EDGE PORTFOLIO


Global coverage Dual-SIM LTE with active-passive auto-failover

LTE

In-device embedded Wi-Fi ACw2 access with ZTP auto-config

WI-FI

ALL-IN-ONE AND WIRELESS BRANCH


Carrier-grade edge or secure, universal on-premises

SRX SERIES NG-FIREWALLS FOR BRANCH

All-in-one routing, switching and security MACsec IPsec, and application security

SRX FEATURE FOUNDATION

Next-Generation FW

•App QoS, Control, Visibility

•User-based Firewall

•Intrusion Prevention

Unified Threat Management

•Anti-virus

•Anti-spam

•Web / Content Filtering

Threat Intelligence Platform

•Botnets / C&C

•Geo-IP

•Custom Feeds, APT

Advanced Threat Prevention

•Sandboxing

•Evasive Malware

•Rich Reporting / Analytics

Firewall NAT VPN Routing

Management Reporting Analytics Automation


Universal CPE

Zero-touch

provisioning Zero truck

rolls

Modern and legacy

interfaces NG-FW / UTM / ATP Chain VNFs

NFX SERIES NETWORK SERVICES PLATFORM

Secure universal CPE

VMs

Universal CPEZero-touch provisioning

Zero truck rolls

Modern and legacy

interfaces Chain VNFsNG-FW / UTM / ATP

Carrier-grade edge or secure, universal on-premises

Industry First: Active-active clustering of 2 NFX devices for double the reliability and connection#1

Application VMs: IoT, Caching, FaaS… Network VNFs: Security, WANx…


CONTRAIL SD-WAN WITH AWS

Contrail SD-WAN as a service

Powered by

VPC VPC VPC VPC

Your future AWS OutpostsYour AWS regions and AZsYour remote OfficesYour campus and branch offices

Contrail automated setup of spoke site:

• Choose AWS region

• Choose AWS VPC

• Choose or create AWS subnet

• Download and run CloudFormation

template which does the work

• Activate spoke site





Detailed Site ViewWide area view


• Juniper’s SRX Series + JATP + Cloud ATP

• NFX can also run third-party FW like PAN

• Junos OS inside SRX & NFX Series

• Juniper vSRX inside the NFX Series

• Juniper vSRX on AWS, Azure, or any cloud

WIRELESS ROUTING WAN OPTIMIZATION

CLOUD HOSTING SECURITY OSS / BSS

OPEN ECOSYSTEM


• AT&T Flexware offering

• AT&T rebranded NFX devices with

managed VNFs on top

• Telstra Programmable Network (PEN)

• NFX250 programmable branch device

with vSRX Virtual Firewall security

• Verizon Virtual Network Services (VNS)

• Vodafone VPN+

• Demoed at MWC Feb 2018

• Announced September 2018

• Nationwide and Alaskan Business

SD-WAN based on Juniper’s

Contrail SD-WAN solution

• SD-WAN business network connectivity

• Secure web gateways located at 75+

globally distributed Local Cloud Centers

REFERENCE CUSTOMERS AND PARTNER PROVIDERS

SD

-WA

NN

FX

Seri

es


CHANNEL MOMENTUM

PYXYA Selects Contrail SD-WAN from Juniper Networks for OTT Managed Network Services


Juniper’s cloud-managed Contrail SD-WAN has been a gamechanger. As Australasia’s largest end-to-end bakery-ingredients supplier, we needed a solution that could bridge boundaries across over 1300 employees and more than 20 manufacturing sites, mills, offices and distribution centers, all while also simplifying operations. Contrail offered that strong value proposition, and more. With Contrail, we can now manage all our branch offices, private and public clouds from a single platform – while also being able to seamlessly manage advanced functionality such as zero-touch provisioning, security policies, or even service-level agreements at a granular application level.

John Khoury , CIO, Allied Pinnacle

CUSTOMER MOMENTUM

Juniper Confidential – Shared under NDA – except quote from Allied Pinnacle

Internal

© 2019 Juniper Networks 44

DEMOS & TRIALS


CONTRAIL SD-WAN15 FEATURES IN 15 MINUTES DEMO VIDEOS

Click for YouTube Video Playlist

more at www.juniper.net/sd-wan

https://www.youtube.com/playlist?list=PLGvolzhkU_gQv1YL1v9XX_u3SmQAeS83i

http://www.juniper.net/sd-wan


CONTRAIL SD-LAN15 FEATURES IN 15 MINUTES DEMO VIDEOS

more at www.juniper.net/sd-wan

https://youtu.be/4BW9AvDJmuI

http://www.juniper.net/sd-wan


JUNIPER SD-WAN SIMPLICITY VIDEOS

SD-WAN APPLICATION QUALITY

OF EXPERIENCE

SD-WAN: SIMPLIFYING YOUR

WAN WITH AUTOMATION

SD-WAN PROVIDES FLEXIBILITY

AND AGILITY

Juniper Contrail SD-WAN https://www.youtube.com/playlist?list=PLGvolzhkU_gS7ASD_M1k4clxP9dACMukm

SD-WAN: SECURITY SHOULD

NEVER BE AN AFTERTHOUGHT

https://www.youtube.com/playlist?list=PLGvolzhkU_gS7ASD_M1k4clxP9dACMukm


CSO AS A SERVICE – PRODUCT TOUR

• Read-only Product_Tour tenant as well as a Mist read-only Product_Tour organization

• Variety of devices – SRXs, EXs switches and Mist APs

• Supported all topologies (Hub & Spoke, Partial Mesh and, Full Mesh)

• Quick guide using Open Intro button

• Available for customers and partners after sign-up

https://www.juniper.net/us/en/forms/contrail-sdwan-product-tour/

JUNIPER 48

https://www.juniper.net/us/en/forms/contrail-sdwan-product-tour/


49


VISUALIZING THE SOLUTION: VIDEOS, DEMOS AND POC’S

DEFINE THE “ONE” PROBLEM

LEVERAGE VIDEOS (AM, SE)

DEMO FROM LAPTOP (SE):

BYOD TRIAL (GoTo SE, Specialist SE)

J-LABS POC (extended demo): show specific features (GoTo SE, Specialist SE)

LIVE TRIAL/CLOUD POC (CSO 5.0): Specialist SE, CoE

ON-SITE POC (CSO 4.1): PS

MORE TIME

MORE RESOURCESWhen you’ve sold,

stop selling

Email [email protected] for support on sales motion (qualify, prove, close)

mailto:[email protected]


JUNIPER ENTERPRISE MOMENTUM & CONTRAIL SD-WAN MOMENTUM

• Ramping new customers with SP and SI partners

– Typical deployment size: 20-40 sites

– High end deployment size: several thousand sites

– NA and EMEA enterprises dominate

• Invitations to trial and bid

– Notable uptick during 1Q2019

– Early DIY interest in as a service

• Channel

– Growing interest among VARs

– New, deeper collaboration with SPs

$1.53Bin 2018

9 quarters Y/Y

growth

13%in 2018

17%

In 2H2018

Contrail SD-WAN Momentum – last 6

monthsEnterprise Revenue Growth

Campus Switching Revenue

Growth


THANK YOU

©2017 Mist Systems. Proprietary & Confidential 53

Why Mist: Assurance, Automation, Agility and Relevance

Microservices cloud for

agilityClient level visibility Digital Engagement with

virtual BLE

AI-driven operations

and support

Date post:	11-Aug-2020
Category:	Documents
Upload:	others
View:	3 times
Download:	0 times

SD-WAN & Enterprise BRANCH Solution overview and BDM · Cloud Management Software Defined...

Documents