Juniper Infranets the Enterprise

Less than a week after making some hefty enterprise networking acquisitions valued at nearly half a billion dollars, Juniper Networks Inc. (Nasdaq: JNPR) stepped up its full-frontal assault on Cisco Systems Inc. (Nasdaq: CSCO) today, announcing a new technical program to bolster security in enterprise networks (see Juniper Takes Two: Peribit & Redline).

Juniper has launched a security approach called the Enterprise Infranet Initiative, an apparent offshoot of its carrier plan, the Infranet Initiative, which has already resulted in some posturing and verbal sparring between Juniper and Cisco (see Juniper's Infranet Takes Baby Steps and Cisco Heckles Infranet Initiative). At the heart of the strategy is a new device called the Infranet Controller, which is based on Junipers own SSL VPN technology.

The controller uses an SSL VPN-based policy engine to provision software agents on devices such as PCs and laptops, according to Juniper execs. This agent then helps enforce centrally managed security policies, such as preventing non-compliant PCs from connecting to the network, which could make VPNs far more pervasive and easy to implement.

How will Juniper help IT staff manage the security networks? The controller will initially link up firewalls, and Juniper plans to eventually bring routers, intrusion detection and prevention devices, and SSL VPN technology into the mix.

Of course, Cisco's got its own plans for locking down the enterprise. Cisco’s key weapon in this struggle is its Network Admission Control (NAC) initiative, which enforces security policy compliance across different devices. NAC was launched back in November 2003, and Cisco has been slowly adding flesh to the bones of the strategy since (see Cisco Unveils New Network Solution and Cisco Sets Out Security Strategy).Juniper's plan, though still in its early stages, appears to be a strategy to offer a direct alternative to Cisco's NAC, say several analysts.

”It’s the Not-NAC,” says Jim Slaby, senior analyst at The Yankee Group, of Juniper's initiative. Slaby adds that, up until now, Cisco has used its NAC strategy to extend its own technology reach within the network.

However, specific details about Juniper's plans are a bit sketchy at the moment, including the controller's form factor. However, David Flynn, Juniper's vice president of security products did confirm to NDCF that the first products to support the strategy will be shipping in the third quarter this year.

Nonetheless, the Sunnyvale, Calif.-based vendor is already touting the Enterprise Infranet as a service that could cover a range of hardware devices from different vendors. Analysts say that this offers a valid alternative to Cisco, and could help broaden Juniper's influence in the enterprise networking market, where it is trying to break Cisco's dominance.

Although a raft of software vendors, including IBM Corp. (NYSE: IBM) and Computer Associates International Inc. (CA) (NYSE: CA), have teamed up with Cisco, Slaby says that, in reality, the NAC initiative relies heavily on Cisco kit. “NAC is a good way to tattoo the Cisco brand on a customer’s skin,” he says. “It’s not permanent, but removal is expensive.”Jon Oltsik, senior analyst at the Enterprise Strategy Group agrees that the new Juniper initiative could compete with NAC, although he refused to rule out the possibility of coexistence. “Ultimately they may be able to play alongside and include Cisco agents into the architecture,” he says.

Oltsik feels that this is a smart move by Juniper, particularly in the wake of its Redline Networks Inc. and Peribit Networks Inc. acquisitions. “It helps them get another foot in the enterprise,” he says. “If you combine NetScreen with [Juniper's] backbone routing and the technologies they picked up last week it gives them a lot of avenues to go up.”

So, what part will Redline and Peribit play in the brave new world of Enterprise Infranet? “We’re working on those details," says Flynn.

Cisco was unavailable for comment for this story.

— James Rogers, Site Editor, Next-Gen Data Center Forum0