Juniper SPACE SECURITY DESIGN, Junos Space User Manual
JUNOS SPACE SECURITY DESIGN
DATASHEET
Product Overview
In properly designed networks, security is
an integral attribute of the system. When
security is treated as an aerthought, or
developed independent of the overall
design requirements, it is oen costly,
inflexible, and risky.
Enterprises are mostly driven by
time-to-market pressures and oen
deploy systems before achieving
appropriate levels of quality and
security. Consequences can impact
overall deployment schedules, increase
complexity, and even delay profitability.
Junos Space Security Design helps
integrate a secure network design
workflow into your branch deployment
solution. The result is faster time
to market, reduced security risk,
centralized, consistent configuration of
the network, and overall lower cost of
maintenance.
Product Description
Juniper Networks® Junos® Space Security Design is a state-of-the-art, scalable enterprise
solution designed to automate the visualization, configuration, and deployment of the
security architecture of a multi-domain network.
Large-scale network security implementations often increase operational complexity
and cause configuration errors leading to heightened security risk. Considering the critical
elements of a network security deployment as topology visualization, business policy
management, VPN implementation, as well as provisioning, distribution and application
of required configurations require a holistic, smart, and automated design approach.
Grappling with compliance requirements and the need to reduce administrative costs,
IT departments can translate business policies easily and quickly into the network
infrastructure with minimal manual intervention using Security Design. Benefiting from
a platform-wide consistent visual interface, Security Design features a sophisticated yet
simple web based design environment.
allowed
HTTPS
MS-SQL
RADIUS
San Francisco
denied
HTTP
TELNET
SSH
SRX240
Internet
London
SRX240
Branch
allowed
SNMP
SSH
SRX3400
Security Design
running on
Junos Space
Figure 1: Typical topology for headquarters to branch security
HQ
1
Security Design provides an innovative method to model
network security between network domains by providing security
architects with a solution that is easy to use and easy to deploy.
The application automates security design through a familiar
web-based interface with design and deployment workflows, and
facilitates rapid deployment of thousands of security devices to
branch locations securely and efficiently.
Unlike solutions that require highly skilled onsite network
security architects at each branch location, multi-domain
security architecture can be designed once in the corporate
office, then distributed and applied to each branch network via
several convenient and secure methods. Using Security Design,
IT departments can automate the translation of business policy
requirements into the network infrastructure, reducing the
complexity while increasing consistency and reliability.
Junos Space
Security Design is a software application that is built on the Junos
Space network application platform, and it leverages all Junos
Space platform capabilities. The premise of Security Design is
to provide the security architect with an environment in which
it is easy to design, configure and deploy required security rules.
It provides sophisticated, end-to-end visibility to the network
topology, drag-and-drop policy associations between network
resources, wizards to configure and provision VPN and device
configurations, and convenient and secure deployment options.
Junos Space is underpinned by a programmable application
environment, a powerful runtime environment, and a Web 2.0 GUI.
Figure 2: Security Design is an application on Junos Space platform
Architecture and Key Components
Security Design represents several innovations including topology
based policy definition to model security devices once and have
the configuration ready to push to thousands of devices, policy
abstraction to create a logical security topology, and patent
pending security domains to allow common security restrictions to
be applied to a grouping of distributed network resources. These
innovations are embodied in the following components:
• Object builder, to create applications, domains, and addresses.
• Security whiteboard, to design the network security topology,
establish policies, and create VPN configurations.
• Rapid deployment, to specify branch settings, and create and
distribute the configuration profiles.
Features and Benefits
Security whiteboard and object builder are the two workspaces
included to facilitate the architecture design and the device
configurations. Functionality to trace and control the progress is
provided by the job management feature of Security Design.
Figure 3: Security whiteboard and network topology
Security Whiteboard
Security whiteboard consists of three sub-functions—security
topology, security policy, and IPsec VPN configurations. Using
topology view of the whiteboard the user can create and manage
network objects of a targeted network domain. Each object allows
the user to view its specific properties and thus make further
adjustments. When specific topology information is not available,
the architect can simply import the new topology from a comma-
separated values (CSV) file that can be created using other design
tools. The objects within the security whiteboard workspace include
applications, security domains, and addresses that can be created
and managed using the object builder feature of Security Design.
Security policies that control the traffic between security domains
are applied to the topology using GUI tools provided in the
workspace. For example, the user can simply establish a policy
association between two security domains by dragging a line
from the toolset. Then, the details of the policy and the traffic
rules are created graphically in a dialog box related to this policy
association. In the next step, the architect decides whether to
provision the security policy immediately or schedule it for a later
date to finally complete policy implementation between the
required security domains.
2
Loading...