Communication Services
VoIP | Video Conference | VPN
Cisco Nortel Microsoft

The Juniper Networks' NetScreen line of security solutions allows enterprises to cost-effectively secure their remote sites, regional offices and network perimeter, as well as the network core, without sacrificing performance. NetScreen's best-of-breed security functionality can be deployed in a layered manner throughout the network to provide the necessary level of network and application level protection. Whether providing secure access to employees, partners and customers from untrusted networks, securing the perimeter network, replacing legacy WAN networks with IPSec virtual private networks (VPNs), consolidating legacy, software-based firewalls to optimized purpose-built devices, or protecting new network deployments, such as voice-over-IP, wireless LANs, extranets or secure online meetings, NetScreen is the choice for enterprise and carrier network security. NetScreen solutions integrate layers of security technologies in purpose-built devices optimized to secure critical assets.
Key technologies include:

    • Firewall: NetScreen stateful inspection firewalls provide robust network access control and attack containment features that let customers protect the perimeter and core network infrastructures. NetScreen's Deep Inspection firewall builds on the strength of stateful inspection and integrates intrusion prevention technology into the firewall to provide application-level attack protection at the network perimeter.
    • IPSec VPN: NetScreen VPN solutions offer resilient, secure connectivity for full network access between headquarter locations and remote offices and fixed telecommuters, as well as business partners, in lieu of Frame Relay or private lines.
    • SSL VPN: NetScreen SSL VPNs let customers cost-effectively extend secure access to mobile employees, partners, and customers by providing granular user-based and group-based access controls of both application and full network resources.
    • Denial of Service Protection: In order to mitigate the effect of brute force and other network-based attacks, customers deploy NetScreen's high-performance products to secure their Web infrastructures.
      Antivirus: Leveraging market-leading gateway antivirus technology from Trend Micro, NetScreen's integrated antivirus solutions provide another level of application layer protection in a distributed enterprise.
      Intrusion prevention: The NetScreen intrusion prevention appliance goes beyond traditional intrusion detection products by accurately detecting network, application and hybrid attacks and offering customers the ability to drop the attack to stop it from compromising vital resources.
    • Secure Meeting: The NetScreen Meeting appliance enables secure, cross-enterprise online meetings, while maintaining security policies and regulatory conformance and reducing Internet-facing risk.

Secure, reliable communications are critical to the success of service providers and enterprises alike. Juniper Networks makes securing communications easy with its extensive portfolio of VPN solutions so that service providers and enterprises can realize operational benefits and productivity gains. The Juniper VPN portfolio includes solutions ranging from carrier-grade MPLS-based VPNs to deliver new services, to enterprise grade IPSec- and SSL-based VPNs to deliver high performance and highly resilient Wide Area Networking secure remote, extranet and intranet access to fixed sites, mobile employees, business partners and customer.

Enterprises provide secure communications to fixed locations such as branch offices, using Juniper's IPSec VPN solution. The IPSec VPN solution has advanced redundancy options that provide very low latency switch-over. And since the IPSec VPN capabilities are integrated into the firewall appliance, administrators can create security zones based "per VPN" policies to segment the traffic in the network.

SSL VPNs provide secure remote access as well as extranet and intranet access for remote/mobile employees, business partners and customers. Juniper's SSL VPN solution can significantly reduce a corporation's total cost of ownership by reducing the burden of deploying and managing client software on endpoints for remote access, as well as obviating DMZ buildouts and the deployment of software agents for extranet access. And since access can be dynamically provisioned by a combination of user, device and network attributes, the Juniper SSL VPN provides more granular control and more consistent enforcement of enterprise security policies.

Service providers can build upon an MPLS based infrastructure and choose from Layer 2 VPNs, Circuit Cross Connect (CCC) VPNs, RFC MPLS VPNs as well as inter-provider and carrier of carrier VPNs to match their application and operational needs. Whether service providers are looking to consolidate their legacy services over a common infrastructure or to offer new revenue generating services to their end users, Juniper Networks has a wide variety of flexible VPN solutions to choose from.

Implementing Juniper Networks VPN solutions is part of the transformation of the network to a new infrastructure called an infranet. Infranets combine the reach of public networking with the security and performance of private networks for service providers and enterprises. The Model for InfraNet Transformation (MINT) outlines the steps required to implement an infranet with its four-layer framework and highlights the importance of VPNs to facilitate secure communications.

MPLS : Deliver New, Revenue-generating IP Based Services With Proven, Production Scale
MPLS Based Solutions

MPLS forms the basis for cost-efficient, highly reliable, multi-service IP networks. With MPLS service providers and enterprises increase bandwidth efficiency and scalability, reduce operational and management expense and deliver reliable service. MPLS is also a key enabler for IP based services such as Layer 3 VPNs, while simultaneously supporting existing Private Line, Frame Relay, and ATM services through Layer 2 VPNs and Pseudo Wires.

Juniper Networks MPLS Solution

Juniper Networks delivers a feature rich implementation of IP Routed MPLS in a growing number of large-scale deployments. Working closely with the world's leading service providers, Juniper Networks has applied MPLS to:

    • Improve core scalability in migration from IP/ATM overlay networks
    • Increase efficient use of network bandwidth through the application of MPLS Traffic engineering
    • Enable rapid and scalable deployment of VPN

By applying the knowledge gained from these customer experiences, Juniper Networks leads standards definition and refinement for innovative solutions such as Generalized MPLS, Graceful Restart mechanisms for LDP and BGP and MPLS Fast Re-Route.

IP Services - VPN

Whether you want to offer your subscribers scalable corporate services, wholesaling for carrier partners, Layer 2 migration, or remote user support, the ERX delivers a comprehensive VPN offering, such as: wire-speed performance and support for a number of varied VPN technologies in a single chassis, including Multiprotocol Label Switching (MPLS), Virtual Routers, and Layer 2 Tunneling Protocol (L2TP), IPsec, and Generic Tunnel Encapsulation (GRE). From these, you can implement the proper technology to create the best service offering for your customers.

Benefits
As IP becomes more common to corporate networks and applications, the market opportunity for IP-based VPNs, which provide connectivity between corporate sites and access to Application Service Providers (ASP), is expanded. The economy of scale of the service provider's network results in cost savings for corporations. Corporations are able to optimize capital investment and operations, and revenue opportunities for the service providers, as they are able to proceed to the next step in the value chain.
The power of the E-series router enables service providers to offer VPNs that meet their subscriber needs:

    • Scalable, native IP VPNs for corporate users who are ready to upgrade to IP networking
    • Scalable, corporate-based VPNs that allow subscribers to migrate from Frame Relay-based networks to IP-based networks
    • Wholesale VPNs that support backhauling and subscriber transport in a secure and easy-to-manage environment
    • Support for active dial and home-based remote subscribers and telecommuters who must access corporate resources
    • VoIP-based and other latency-sensitive VPNs that support next-generation service offerings
    • A timely solution that alleviates the restrictive and time-consuming manual provisioning process that affects VPN deployment and profit
    • Secure implementations that maintain separate address and route environments while still allowing management access

Technology
Because the E-series is a distributed architecture on a router-based platform, it delivers significant advantages in performance, security, and scale. In order to create a VPN service with competitive benefits, the E-series delivers three special functions: the ability to classify users in a flexible manner, assign users to the VPN, and initiate the VPN transport. The result is a scalable in-network VPN that is easy to deploy and maintain.

The E-series uses powerful and flexible classification techniques to assign incoming packets to VPNs. This allows you to use domain names, IP header information, RADIUS information, TOS or MPLS label, or interface information to determine and screen VPN membership. It also allows you to combine VPN creation with IP QoS levels to further differentiate your service offering. The VPN policies are applied on a per-packet basis at wire speed without impacting performance. You can choose from a range of policy options, including transport type, routing information, security policies, or billing options. The ERX provides you with the ability to choose the best technology to deliver your preferred VPN service offering.

Transport technology options include:

    • The first scalable MPLS offering for the edge of the service provider network. This standards-based offering allows service providers to use extensions to the BGP route protocol to automate the distribution of VPN membership information, which provides the first scalable solution for a corporate VPN offering
    • The E-series offers Virtual Router support, with discrete routing protocol instances and route tables. This is an ideal technology for wholesale partners. Each wholesale partner can be given its own VR, IP address space, route policies and route protocol instances, and management access. This allows the infrastructure owner to give a discrete router to each partner, while managing and investing in a single unit
    • L2TP LAC and LNS solutions that scale to support real network rollouts. The E-series scales to support thousands of L2TP sessions in a single chassis. L2TP can be used to create corporate VPNs or to backhaul xDSL or dial traffic to ISP partners
    • Older systems may use L2F as the tunneling protocol of choice. The E-series also supports this protocol in the same scalable manner as L2TP.
    • For low-overhead IP-based tunnels, service providers are using GRE. This lightweight protocol meets the needs of service providers who hope to tunnel installed-based protocols such as Frame Relay through an IP transport
    • The E-series supports IPSec transport with support for 3DES, IKE, and PKI keys. This in-network support allows for an encrypted service offering for security-sensitive VPN subscribers
    • Finally, the E-series also supports both Frame Relay and ATM PVCs, allowing service providers with established networks to use the secure nature of PVC transport to carry their new IP-based customers

Features
As service providers strive to offer VPNs as a turnkey subscriber service, current generation solutions are constrained by their lack of performance, routing capabilities, and enterprise scaling. The E-series VPN technologies are engineered to meet the needs of an in-network VPN approach. The MPLS implementation automates VPN membership information using standards-based routing protocols to provide operations scale. The L2TP implementation delivers the highly scalable LAC and LNS termination. IPsec hardware encryption delivers performance without compromise. And the E-series virtual router technology protects each routing domain, securely segmenting traffic between VPNs. The wide range of technology options allows service providers to architect the best network for their subscriber service offerings.

In addition, the carrier-class features of the E-series round out the service offering:

  • A single edge platform can deliver consistent IP services to leased line, xDSL, fixed wireless, and cable subscriber—any VPN service can be delivered over any access media type
  • The ASIC-based power of the E-series enables all VPN services to be delivered at wire speed, with or without accounting information
  • The extensive density of the E-series can support up to 4,000 T1s (3,000 E1s) in a single chassis, up to 12,000 T1s (9,000 E1s) in a single rack, optimizing POP space and power, and allowing service providers to hit cost-competitive pricing targets
  • 100% redundancy features such as subscriber-facing interface redundancy deliver a competitive SLA advantage

SSL VPN
Juniper Networks NetScreen Secure Access SSL VPNs have led the market with complete range of enterprise-class products providing scalability, high availability, and security functionality for customers seeking to cost-effectively extend secure access to network resources. Now customers can benefit from the ubiquity that SSL VPNs provide, including,secure remote access, extranet, and intranet access to remote/mobile employees, business partners and customers, all from a single platform.
Juniper Networks NetScreen-SA SSL VPNs - Features and Benefits
Robust Security Architecture

  • Hardened security layer intermediates access to all resources
  • Access privilege management allows for powerful, flexible authentication and authorization policies without additional software deployment
  • Endpoint client, device, data and server layered security controls
  • Identity driven access as specified by user group, role, network, device, and/or session attributes
  • Granular auditing and logging
  • Security validation by numerous third parties
  • Total Cost of Ownership (TCO) Savings
  • Secures remote access, partner extranets and intranets in a single appliance
  • Requires little to no incremental client or server-side hardware, software or capital expenditure
  • Eliminates software deployment, integration, and customization
  • Dramatically reduces desktop support overhead

Enhanced Enterprise Productivity and Flexibility (users & admins)

    • Secure access to business critical information from anywhere
    • Role-based delegation of administrative tasks
    • NetScreen-SA Central Manager eases administration tasks
    • Three access options supported by a single platform (Web content, Client/Server, full network-layer access)

Products
Juniper Networks NetScreen-SA 1000 Series
The Juniper Networks NetScreen-SA 1000 Series of SSL VPNs enables small-to-medium-sized companies to deploy cost-effective remote access, extranet and intranet security, all from a single platform. The NetScreen-SA 1000 Series is based on the Instant Virtual Extranet (IVE) platform, which uses SSL, the security protocol found in all standard Web browsers, as a secure access transport mechanism. The use of SSL eliminates the need for client software deployment, changes to internal servers, and costly ongoing maintenance. The NetScreen Secure Access appliances also offer sophisticated partner/customer extranet features that enable controlled access to differentiated users and groups with little to no infrastructure changes, DMZ deployments, or software agents. This functionality also allows companies secure access to the corporate intranet, so that administrators can restrict access to different employee, contractor or visitor populations, based on the resources that they need. NetScreen-SA 1000 Series products can be deployed in cost-effective Cluster Pairs, providing the redundancy, high availability, and seamless failover that enterprises demand.
Juniper Networks NetScreen-SA 1000 Series Features at a Glance
Cost-effective

    • No client to configure/deploy, little to no server changes
    • Secure remote access, intranets and extranets from one platform
    • User self-service features lower help desk support costs

Enhance security

    • Access privilege management features enable powerful, flexible authentication and authorization policies with no software deployments
    • Identity driven access can be specified by user group or role, as well as network, device, and session attributes
    • Endpoint client, device, data and server layered security controls
    • Three different access methods allow enterprises to provision by purpose
    • Fine grained auditing and logging

Enable higher productivity - for users and administrators

    • Access applications and resources from any device with a standard Web browser
    • Role-based delegation of administrative tasks
    • Juniper Networks NetScreen-SA Central Manager eases administration tasks
    • Inheritable, editable policies streamline administration

Juniper Networks NetScreen-SA 3000 Series
The Juniper Networks NetScreen-SA 3000 Series of SSL VPNs enable mid-to-large-sized organizations to provide cost-effective remote access, partner extranet, and intranet security. Because the NetScreen-SA 3000 uses SSL as a secure transport mechanism, there is no client to deploy to mobile and remote users and little to no changes are required to internal servers. NetScreen-SA 3000 appliances feature rich access privilege management functionality that can be used to create secure customer/partner extranets with little to no infrastructure changes, DMZ deployments, or software agents. The NetScreen-SA 3000 also features the performance scalability and high availability features necessary to meet enterprise class needs, with Cluster Pair deployments for redundancy and throughput.

Juniper Networks NetScreen-SA 3000 Series Features at a Glance
Cost-effective

    • Secure remote access, intranets and extranets
    • No client to configure/deploy, little to no server changes
    • User self-service features reduce help desk support

Enhance security

    • Access privilege management allows for powerful, flexible authentication and authorization policies with no software deployments
    • Identity driven access can be specified by user group & role, as well as network, device, and session attributes
    • Endpoint client, device, data and server layered security controls
    • Three different access methods allow enterprises to provision by purpose
    • Granular resource-based authorization
    • Fine grained auditing and logging
    • FIPS- Cryptographic key handling in a certified module

Performance scalability

    • High performance, scalable platform
    • High availability/redundancy options
    • Role-based delegation of administrative tasks
    • Juniper Networks NetScreen-SA Central Manager eases administration tasks
    • Inheritable, editable policies streamline administration

Juniper Networks NetScreen-SA 5000 Series
The Juniper Networks NetScreen-SA 5000 Series of SSL VPNs provides best-in-class performance, scalability, and redundancy for organizations with high volume secure access and complex authorization requirements. It was specifically designed to handle the most demanding performance requirements - accommodating large volumes of users, resource-intensive applications, and complex usage patterns - to provide enhanced scalability. The NetScreen-SA 5000 Series offers rich access management policy enforcement, enabling enterprises to offer the benefits of secure remote access for large numbers of differentiated users, as well as to secure extranets and intranets, both easily and cost effectively. Using the NetScreen-SA 5000, enterprises can reap the benefits of secure partner/customer extranets while minimizing costly, high maintenance infrastructure changes, DMZ deployments, and/or distributed software agents. The NetScreen-SA 5000 product line can also be used to secure corporate intranets. And because NetScreen-SA 5000 appliances can be centrally managed and deployed in multi-unit and multi-site clusters, this security solution is both manageable and scaleable. The NetScreen-SA 5000 products provide enterprise-class performance scalability and high availability, with features that include dual Gigabit Ethernet ports, SSL acceleration and hardware-based HTTP compression for superlative performance. These appliances can be deployed as standalone devices, in Cluster Pairs, and in Multi-Unit Clusters for unparalleled throughput and redundancy.

Juniper Networks NetScreen-SA 5000 Series Features at a Glance
Best-in-class performance scalability and high availability

    • Designed for large number of users and complex application needs
    • High availability clustering options across the LAN and WAN
    • High performance hardware platform with:
      o Hardware-based HTTP compression
      o On-board SSL acceleration
      o Dual Gigabit Ethernet interfaces

Increased security

    • Access privilege management allows for powerful authentication and authorization policies with no additional software deployments
    • Endpoint client, device, data and server layered security controls
    • Identity driven access can be specified by user group or role, as well as network, device, and session attributes
    • Three different access methods allow enterprises to provision by purpose
    • Fine-grained auditing and logging
    • FIPS- Cryptographic key handling in a certified module

Streamlined administration for lower total cost of ownership

    • Little to no client deployment, server changes, or application integration/customization
    • Secure remote access, partner/customer extranets, and intranets from one platform
    • Role-based delegation of administrative tasks
    • Juniper Networks NetScreen-SA Central Manager eases administration tasks

Baseline & Advanced Feature Sets
Juniper Networks NetScreen-SA 1000, NetScreen-SA 3000, and NetScreen-SA 5000 lines of SSL VPNs are offered with either Baseline or Advanced Feature Sets. As business users are increasingly demanding ubiquitous access from any device and any network, enterprise security organizations must ensure that the appropriate level of information access is granted, given the combination of corporate policies and a variety of user, device, network and session attributes. The NetScreen Secure Access Baseline and Advanced feature sets address these needs and enable companies to create the precise solution that best meets their needs, from small-to-mid-sized employee remote access deployments to the largest global enterprise extranet. The Baseline products provide the functionality that an enterprise would need to deploy secure remote access, as well as a basic customer/partner extranet or intranet. The Advanced products feature additional sophisticated capabilities that will meet the needs of more complex deployments with diverse audiences and use cases. Both products provide remote access, extranet, and intranet capabilities with little to no need for client software, server changes, DMZ build-outs, or software agent deployments.

Baseline Product Feature Set
Enable differentiated access with access privilege management

    • Dynamic authentication policies
    • Role definition and mapping rules
    • Role- and resource-based authorization rules
    • Application event auditing and logging

Flexible policy model

    • Hybrid role/resource based policy model
    • Re-usable, inheritable, "copy-paste-edit" policy model
    • Integrates with existing directories for authentication and authorization
    • Centralized security infrastructure

Comprehensive, end-to-end layered security

    • Strong authentication/robust AAA
    • Endpoint security: Host Checker/Cache Cleaner, Data, and Server security

Advanced Product Feature Set (In addition to Baseline features)

    • Combine attributes using Boolean expressions, for flexible, dynamic, "per-session" policies
    • Advanced role definition and mapping rules combine attributes using Boolean expressions
    • Advanced resource authorization policies combine attributes using Boolean expressions

User self-service

    • Password Management Integration
    • Web Single Sign-On
    • Multiple hostname support
    • Customizable User Interface
    • Role-based delegation
    • Flexible role definition
    • Granular per task delegation

Juniper Networks NetScreen-SA Central Manager
As SSL VPN deployments grow both in cluster size and in breadth of geographic reach, so too has the challenge in providing streamlined, efficient management. Juniper Networks NetScreen-SA Central Manager addresses this need, providing robust product with an intuitive Web-based UI designed to facilitate the task of configuring, updating and monitoring NetScreen Secure Access appliances whether within a single cluster or across a global cluster deployment. Enterprises can now employ all the benefits of award-winning NetScreen Secure Access appliances even more easily and cost-effectively, with scalable, centralized device configuration and maintenance.
Juniper Networks NetScreen-SA Central Manager Features at a Glance
Streamline Administration

    • Central management for deployments of NetScreen Secure Access SSL VPNs
    • Highly efficient and scalable architecture makes expanding deployments easy to maintain

Ensure Consistent Security Policy Enforcement

    • Synchronization automates propagation of changes within a cluster
    • Push technology eliminates incomplete security policy enforcement by sending information to other gateways or clusters

Optimize Performance

    • Real-time system/cluster use data
    • Automated appliance software updates
    • Back-up and restore for rapid disaster recovery

Comprehensive, Actionable Auditing

    • Rich log filtering capabilities for quick searches of critical events
    • Detailed archives for easy comparisons

Enhanced Enterprise Productivity and Flexibility (users & admins)

    • Secure access to critical business information from anywhere
    • Role-based delegation of administrative tasks
    • NetScreen-SA Central Manager eases administration tasks
    • Three access options supported by a single platform (Web content, Client/Server, full network-layer access)

     
Copyright(c) 2004 Omega Network Services. All rights reserved