© 2019 Juniper Networks
From SD-WAN…
To SD-BRANCH…
To AI-DRIVEN ENTERPRISE
José Fidel Tomás. [email protected]
Partner Enablement Engineer - EMEA
© 2019 Juniper Networks
From SD-Branch to SD-Enterprise
CPE/uCPE
SD-WAN/Hybrid-WAN
SD-BranchSD-WAN + SD-LAN
SD-EnterpriseSD-BRANCH + SD-CAMPUS
LTE
NFX Series Universal CPE
VNFsLTE
SRX Series CPE EX Series
Wi-Fi
Enterprise Branch
Enterprise Branch
Corporate HQ
Enterprise Branch
EX Series
© 2018 Juniper Networks
Cloud
Management
Software Defined EnterpriseSingle architecture with presentation layer by market segment
SwitchingWi-Fi SecurityRouting
Artificial
IntelligenceOpen APIs
Wired & Wi-FiAssurance
MarvisVirtual Assistant
NetworkManagement
SD-WANOrchestration
ActionableInsights
AssetTracking
Cloud Services
AI Foundation
Domain Expertise
Data Science
Data Marvis
Open APIs
Junos Extension Toolkit
Streaming Telemetry
© 2019 Juniper Networks
JUNIPER CONTRAIL SD-WAN
…
SD-BRANCH actually
© 2019 Juniper Networks
CONTRAIL SD-WAN SOLUTION FOR ENTERPRISE CAMPUS & BRANCH
Campus and BranchEnterprise Sites
SaaS Applications IaaS, PaaS:VPCs for cloud-native apps
vSRX Virtual Firewallcloud-WAN endpoint
Private Clouds, Data Centers
Private or SP’sWAN backboneEnterprise Sites Public Cloud
Secure SD-LAN and SD-WAN
Dedicated,
MPLS
Broadband,
Internet
Wireless, 4G/LTE
Legacy and xDSL
Juniper or provider managed aaS
Cloud-managed Contrail SD-WAN
or
Contrail SD-WAN
SRX Series Services Gateway Secure CPEs
LTE
NFX Series universal CPE
LTE
WANxvSRX
Mist Wi-Fi APs
EX Series Ethernet Switches
LAN & WLAN devices WAN Edge Devices
Contrail Service Orchestration (SDN)
SaaS FW passthrough
MX/SRX WAN Hubs for large topologies
Enterprise or SP managed
Wi-Fi
© 2019 Juniper Networks Juniper Business Use Only
CSO CAPABILITY
6
Cloud Based Multi-tenancy
RBAC
CPE, EX Switch and Next Generation
Firewall Management
Pre-provision or auto-provision
Bulk Deploy Configuration
Mist Wireless Systems Integration
Operations and Monitoring
Network Access Control
© 2019 Juniper Networks
CONTRAIL SD-WAN: SCALE & SIMPLICITY
Cloud-managed Contrail SD-WAN
Campus SD-WAN Edge Branch Office SD-WAN Edge Cloud/VPC SD-WAN Edge
Visibility and security: End-to-end across sites, Top-to-bottom in branch
Most scalable SD-WAN (>10,000 spoke sites)
now easily accessible to any enterprise
Easy cloud-based operations
© 2019 Juniper Networks
MANAGEMENT CHOICES FOR THE AI-DRIVEN ENTERPRISE
Self-managed CSO software
Download and deploy
Managed Services
Partner provided
Cloud-managed Contrail &
Mist
Juniper led
software as a serviceControl on your terms Fully managed
© 2019 Juniper Networks
Multi-tenancy and RBAC in CSO
Service Provider Admin
Tenant A Admin
VRF 1 VRF 2 VRF N
Dept100 Dept101 Dept1XX
Corp Intranet Guest Wifi
LAN 1
Site 1 / CPE 1
LAN 2 LAN NLAN 3
Operating Company Admin
Tenant B Admin
Operating Company
Tenant C Admin Tenant D Admin
Level 1 - MSP
Level 2 – Operating Company
Level 3 – Tenant
Level 4 – Department
VRF 1 VRF 2 VRF N
Dept100 Dept101 Dept1XX
Corp Intranet Guest Wifi
LAN 1
Site 1 / CPE 1
LAN 2 LAN NLAN 3
• Granular control of Portal Objects
• Read, Write, Execute
• Out of box predefined roles
• Service Provider, Operator, Tenants
• New role definition
• Authorization with SSO
Feature Support
Juniper Admin
CSO 5.1 – On Premise CSO 5.1 - Cloud
© 2019 Juniper Networks Juniper Business Use Only
10
SD-WAN Use Cases
© 2018 Juniper Networks
MPLS 1
EX
Internet
BRANCH SITES
HQ / Campus / POP
EX2300/3400/4300
Servers /
Applications
SRX3XX/550M/1500/4X00
Standalone NGFW
LTE
SRX3XX/550M/4X00/vSRX
NFX150/250
Mist AP61/43/41/21
SD-WAN CPE
EX2300/3400/4300
EX2300/3400/4300
3rd party CPE/FW
Standalone Switch
Mist AP61/43/41/21
Mist AP61/43/41/21
Contrail SD-WAN/SD-LAN
Controller/Orchestrator
SRX1500/4X00/vSRX
MX240/480/960*
SD-WAN HubHybrid WAN tunnel
Contrail SD-WAN/LAN USE CASES
1
2
3
© 2019 Juniper Networks Juniper Business Use Only
SD-WAN HUB SUPPORT
• Shared Service Provider Hub
• Gateway/Peering to MPLS
• Enterprise Hub in Branch/HQ
• Static Enterprise Hub Mesh
• LAN side OSPF/BGP support
• Default route leak for DC Apps
• Lifecycle Management of Hub
• SRX 4100/4200 as cluster
• Multiple SP/Enterprise Hub support
• ZTP of SRX 4XXX on roadmap
Customer Benefit:
• Built-in failover and HA
• Scale with multiple Hubs
Use Case
• Shared Service Provider Hub in SP Network• Spoke as Enterprise Hub on premise
Cloud HUB
Site 3
Provider HUB
IPVPN
Dept
Depts
Cloud HUBEnterprise
Hub
Depts
Site 2
Dept
Site 4
Dept
Site 1
Dept
Cloud HUBEnterprise
Hub
Depts
Application
routes
CSO
Controller
DCOSPF/BGP
© 2019 Juniper Networks
CSO DEPLOYMENT MODELS
JUNIPER 13
On-Premise (CSO 5.1) Cloud Delivered (CSO 5.1)
© 2019 Juniper Networks Juniper Business Use Only
DYNAMIC MESHED SD-WAN
• Controller driven site-to-site mesh
• User defined Link mesh tags for mesh creation
• Mesh on different underlay types
• Site level switch for Hub-n-Spoke and Mesh
• Dial for mesh resource management
• Threshold for Max and Min tunnels
• Threshold for mesh create and delete
• Monitoring and Visualization
Customer Benefit:
• Support mesh with different underlay types
• Site to site tunnels based on CPE/link capacity
• Geo based meshing
• Increased Dual CPE site availability
• Enhance scale with partial mesh
• Distribute load with partial mesh
Feature Support
Site 1 Site 2 Site 3
Path A Path A Path A
DeptDeptDept
Path B
CSO
tagtag
Tags: Gold, Silver, Bronze
Cloud HUBService
Provider Hub
Depts
KPI: Session close rate
Gateway HQ SiteEnterprise Hub
Depts
Multiple mesh tags
© 2019 Juniper Networks Juniper Business Use Only
Cloud HUB
SD-WAN BREAKOUT OPTIONS
• Intuitive Intent based Breakout policy
• Site Local Internet Breakout
• Dept Local Internet Breakout
• Application Local Internet breakout
• Zscaler Internet Breakout
• Central Breakout on Hub
• Central Zscaler Breakout
Customer Benefit:
• Granular control of traffic
• Site level control of breakouts
• Redundant breakout path for link failure
Use Case
• Extensive Breakout capability• Breakout failover and redundancy
Site 1 Site 2 Site 3
Enterprise
Hub
Service
Provider HUB
IPVPN
Local Breakout
Zscaler Breakout
DC
3. Hub Breakout
• Internet
• IPVPN
Local Breakout
Zscaler Breakout
Internet Breakout
ZBOPath A Path A Path A
Path A
Path B Path B Path B
DeptDeptDept
Depts
Depts
2. Central Internet Breakout
• Application
• Department
• Internet
1. Local Breakout
• Application
• Department
• Internet
• Zscaler
© 2019 Juniper Networks Juniper Business Use Only
16
SD-LAN Use Cases
© 2019 Juniper Networks Juniper Business Use Only
MPLS 1
EX
Internet
BRANCH SITES
HQ / Campus / POP
EX2300/3400/4300
Application
s
SRX3XX/550M/1500/4X00
Standalone NGFW
LTE
SRX3XX/550M/4X00/vSRX
NFX150/250
Mist AP61/43/41/21
SD-WAN CPE
EX2300/3400/4300
EX2300/3400/4300
3rd party CPE/FW
Standalone Switch
Mist AP61/43/41/21
Mist AP61/43/41/21
Contrail SD-WAN/SD-LAN
Controller/Orchestrator
SRX1500/4X00/vSRX
MX240/480/960*
SD-WAN HubHybrid WAN tunnel
CSO SD-BRANCH USECASES
1
2
3
© 2019 Juniper Networks
FEDERATED MANAGEMENT
Contrail
Service Orchestration
Mist Cloud
Wired LAN Wireless Access EdgeSD-WAN Edge
API Federated
Contrail LAN fabric management Wired LAN management and assurance
UI portal-to-portal contextual pass through
WAN and Wi-Fi ambidextrous management intercepts the LAN in the middle
© 2019 Juniper Networks
WIRED ASSURANCE & MARVIS ACTIONS
• Gain insight into wired network
performance
• Proactively identify and track issue
resolution with anomaly detection
• Determine root cause across wired and
wireless networks
• Leverage AI engine to analyze data across site and
identify configuration or interoperability issues
• Missing VLAN configurations
• 802.1x authentication issues
• RADIUS and DHCP issues
• Identify and resolve issues before users report them
© 2019 Juniper Networks
WIRED SWITCH INSIGHTS
• Data via NETCONF feeding
into Marvis & service levels
• Detailed views of switch health
for CPU, memory, traffic
utilization and power
consumption
© 2019 Juniper Networks
WIRED SWITCH PORT-LEVEL
• Data via NETCONF feeding
into Marvis & service levels
• Detailed views of per port in
traffic, interface stats and
errors, power consumption
© 2019 Juniper Networks Juniper Business Use Only
22
NG-FW Use Cases
© 2019 Juniper Networks
Protects against advanced malware like
ransomware and persistent threats
• Analyzes web and e-mail files using
sandboxing and machine learning
• Built-In Threat Intelligence – Reputation and
CnC Feeds, GeoIP Feeds, Custom Feeds
• FedRAMP certified, STIX/TAXII capable
• Integrate Carbon Black for endpoint protection
JUNIPER CONNECTED SECURITY IN SD-WAN
Cloud-managed Contrail SD-WAN
Contrail SD-WAN provides NG-Firewalling and UTM:
Intent-based policies and easy default rules and groups
Customize application-based policies for >4200 applications (even in
SSL/TLS)
• Antivirus
• Antispam
• Web filtering
• Content filtering
• IPS
• AppSecure
Cloud or on-prem ATP service subscription
adds:
Juniper ATP
UI includes:
Security policy and
threat visibility
© 2019 Juniper Networks
APPLICATION VISIBILITY AND SLA VISUALIZATION –VISIBILITY OF 4200+ APPS WITH NEAR REAL-TIME JITTER, PACKET LOSS & RTT
SLA over time period
Top Applications per Site
Actual link SLA
© 2019 Juniper Networks Juniper Business Use Only
INTENT POLICY
© 2019 Juniper Networks Juniper Business Use Only
Deployment and
Components
© 2019 Juniper Networks
ZERO TOUCH ACTIVATION AND DEPLOYMENT TEMPLATES
27
DEVICE ACTIVATION• Zero Touch Activation
• ZTP Support over LTE
• ADSL and VDSL Pluggable SFP
• Application based routing
• Granular Application based SLA
• Integrated Security
• Dynamic SLA Support
• Security Policy Management
• Device and Service Monitoring
• Multi-homing
• Full Mesh & Hub-n-Spoke
• Service Chaining with SD-WAN\
• Template support
Feature Support
© 2019 Juniper Networks
Providers Integrators Technologies
CONTRAIL SD-WAN COMPONENTS
Partner ecosystemOptional physical or virtual
secure routing hubs/gateways
SDN control and
management on-prem or on-
cloud
WAN Endpoints: NFX, SRX or
vSRX, with optional Cloud ATP
service
Now includes Branch Wired and Wireless LAN Endpoints: EX and Mist APs
© 2019 Juniper Networks
SRX300s, SRX550M, SRX1500, SRX4000s
Broad SRX portfolio from 100Mbps to 95Gbps
SRX SERIES NFX150, NFX250, NFX350
Industry-leader in universal CPE market share
NFX SERIES
Secure Router
or
Firewall
Secure uCPE
White-box /
Brite-box
Per-device
management
SDN & cloud-
managed
EDGE
Evolution
MANAGEMENT
Evolution
WAN EDGE PORTFOLIO
© 2019 Juniper Networks
Global coverage Dual-SIM LTE with active-passive auto-failover
LTE
In-device embedded Wi-Fi ACw2 access with ZTP auto-config
WI-FI
ALL-IN-ONE AND WIRELESS BRANCH
© 2019 Juniper Networks
Carrier-grade edge or secure, universal on-premises
SRX SERIES NG-FIREWALLS FOR BRANCH
All-in-one routing, switching and security MACsec IPsec, and application security
SRX FEATURE FOUNDATION
Next-Generation FW
•App QoS, Control, Visibility
•User-based Firewall
•Intrusion Prevention
Unified Threat Management
•Anti-virus
•Anti-spam
•Web / Content Filtering
Threat Intelligence Platform
•Botnets / C&C
•Geo-IP
•Custom Feeds, APT
Advanced Threat Prevention
•Sandboxing
•Evasive Malware
•Rich Reporting / Analytics
Firewall NAT VPN Routing
Management Reporting Analytics Automation
© 2019 Juniper Networks
Universal CPE
Zero-touch
provisioning Zero truck
rolls
Modern and legacy
interfaces NG-FW / UTM / ATP Chain VNFs
NFX SERIES NETWORK SERVICES PLATFORM
Secure universal CPE
VMs
Universal CPEZero-touch provisioning
Zero truck rolls
Modern and legacy
interfaces Chain VNFsNG-FW / UTM / ATP
Carrier-grade edge or secure, universal on-premises
Industry First: Active-active clustering of 2 NFX devices for double the reliability and connection#1
Application VMs: IoT, Caching, FaaS… Network VNFs: Security, WANx…
© 2019 Juniper Networks
CONTRAIL SD-WAN WITH AWS
Contrail SD-WAN as a service
Powered by
VPC VPC VPC VPC
Your future AWS OutpostsYour AWS regions and AZsYour remote OfficesYour campus and branch offices
Contrail automated setup of spoke site:
• Choose AWS region
• Choose AWS VPC
• Choose or create AWS subnet
• Download and run CloudFormation
template which does the work
• Activate spoke site
© 2019 Juniper Networks
CONTRAIL SD-WAN WITH AWS
© 2019 Juniper Networks
CONTRAIL SD-WAN WITH AWS
Detailed Site ViewWide area view
© 2019 Juniper Networks
• Juniper’s SRX Series + JATP + Cloud ATP
• NFX can also run third-party FW like PAN
• Junos OS inside SRX & NFX Series
• Juniper vSRX inside the NFX Series
• Juniper vSRX on AWS, Azure, or any cloud
WIRELESS ROUTING WAN OPTIMIZATION
CLOUD HOSTING SECURITY OSS / BSS
OPEN ECOSYSTEM
© 2019 Juniper Networks
• AT&T Flexware offering
• AT&T rebranded NFX devices with
managed VNFs on top
• Telstra Programmable Network (PEN)
• NFX250 programmable branch device
with vSRX Virtual Firewall security
• Verizon Virtual Network Services (VNS)
• Vodafone VPN+
• Demoed at MWC Feb 2018
• Announced September 2018
• Nationwide and Alaskan Business
SD-WAN based on Juniper’s
Contrail SD-WAN solution
• SD-WAN business network connectivity
• Secure web gateways located at 75+
globally distributed Local Cloud Centers
REFERENCE CUSTOMERS AND PARTNER PROVIDERS
SD
-WA
NN
FX
Seri
es
© 2019 Juniper Networks
CHANNEL MOMENTUM
PYXYA Selects Contrail SD-WAN from Juniper Networks for OTT Managed Network Services
© 2019 Juniper Networks
Juniper’s cloud-managed Contrail SD-WAN has been a gamechanger. As Australasia’s largest end-to-end bakery-ingredients supplier, we needed a solution that could bridge boundaries across over 1300 employees and more than 20 manufacturing sites, mills, offices and distribution centers, all while also simplifying operations. Contrail offered that strong value proposition, and more. With Contrail, we can now manage all our branch offices, private and public clouds from a single platform – while also being able to seamlessly manage advanced functionality such as zero-touch provisioning, security policies, or even service-level agreements at a granular application level.
John Khoury , CIO, Allied Pinnacle
CUSTOMER MOMENTUM
Juniper Confidential – Shared under NDA – except quote from Allied Pinnacle
Internal
© 2019 Juniper Networks 44
DEMOS & TRIALS
© 2019 Juniper Networks
CONTRAIL SD-WAN15 FEATURES IN 15 MINUTES DEMO VIDEOS
Click for YouTube Video Playlist
more at www.juniper.net/sd-wan
© 2019 Juniper Networks
CONTRAIL SD-LAN15 FEATURES IN 15 MINUTES DEMO VIDEOS
more at www.juniper.net/sd-wan
https://youtu.be/4BW9AvDJmuI
© 2019 Juniper Networks
JUNIPER SD-WAN SIMPLICITY VIDEOS
SD-WAN APPLICATION QUALITY
OF EXPERIENCE
SD-WAN: SIMPLIFYING YOUR
WAN WITH AUTOMATION
SD-WAN PROVIDES FLEXIBILITY
AND AGILITY
Juniper Contrail SD-WAN https://www.youtube.com/playlist?list=PLGvolzhkU_gS7ASD_M1k4clxP9dACMukm
SD-WAN: SECURITY SHOULD
NEVER BE AN AFTERTHOUGHT
© 2019 Juniper Networks
CSO AS A SERVICE – PRODUCT TOUR
• Read-only Product_Tour tenant as well as a Mist read-only Product_Tour organization
• Variety of devices – SRXs, EXs switches and Mist APs
• Supported all topologies (Hub & Spoke, Partial Mesh and, Full Mesh)
• Quick guide using Open Intro button
• Available for customers and partners after sign-up
https://www.juniper.net/us/en/forms/contrail-sdwan-product-tour/
JUNIPER 48
© 2019 Juniper Networks
49
© 2019 Juniper Networks
VISUALIZING THE SOLUTION: VIDEOS, DEMOS AND POC’S
DEFINE THE “ONE” PROBLEM
LEVERAGE VIDEOS (AM, SE)
DEMO FROM LAPTOP (SE):
BYOD TRIAL (GoTo SE, Specialist SE)
J-LABS POC (extended demo): show specific features (GoTo SE, Specialist SE)
LIVE TRIAL/CLOUD POC (CSO 5.0): Specialist SE, CoE
ON-SITE POC (CSO 4.1): PS
MORE TIME
MORE RESOURCESWhen you’ve sold,
stop selling
Email [email protected] for support on sales motion (qualify, prove, close)
© 2019 Juniper Networks
JUNIPER ENTERPRISE MOMENTUM & CONTRAIL SD-WAN MOMENTUM
• Ramping new customers with SP and SI partners
– Typical deployment size: 20-40 sites
– High end deployment size: several thousand sites
– NA and EMEA enterprises dominate
• Invitations to trial and bid
– Notable uptick during 1Q2019
– Early DIY interest in as a service
• Channel
– Growing interest among VARs
– New, deeper collaboration with SPs
$1.53Bin 2018
9 quarters Y/Y
growth
13%in 2018
17%
In 2H2018
Contrail SD-WAN Momentum – last 6
monthsEnterprise Revenue Growth
Campus Switching Revenue
Growth
© 2019 Juniper Networks
THANK YOU
©2017 Mist Systems. Proprietary & Confidential 53
Why Mist: Assurance, Automation, Agility and Relevance
Microservices cloud for
agilityClient level visibility Digital Engagement with
virtual BLE
AI-driven operations
and support