Juniper Jumps on Network Security

Fleshes out its Enterprise Infranet initiative with the launch of its new Infranet Controller devices

October 24, 2005

3 Min Read
NetworkComputing logo in a gray background | NetworkComputing

Juniper Networks today unveiled its new Infranet Controller devices, the core component of its Enterprise Infranet strategy to bolster network security.

Launched earlier this year, the Enterprise Infranet is an offshoot of Junipers carrier plan, the Infranet Initiative, and is head-to-head with Cisco Systems' Network Admission Control (NAC) strategy. (See Juniper Intros Enterprise Infranet, Juniper's Infranet Takes Baby Steps, and Cisco Heckles Infranet Initiative.)

The Infranet Controllers are the heart and lungs of the Enterprise Infranet. They use an SSL VPN-based policy engine to provision software agents on devices such as PCs and laptops. This agent then helps enforce centrally managed security policies, such as preventing non-compliant PCs from connecting to the network.

According to Juniper, the 1U 4000 device can support up to 3,000 concurrent endpoints, or devices, whereas the 2U 6000 box can handle up to 25,000, although these figures are based on internal testing. But Andrew Harding, Juniper’s director of product management, tells NDCF that, if anything, these numbers are on the conservative side. “At 25,000 users the box isn’t even sweating,” he boasts.

The idea is that users can lock down large chunks of their corporate infrastructure in one fell swoop. Harding tells NDCF that the controllers are based on policy engine technology from Neoteris, which was acquired by NetScreen in 2003. NetScreen was then snapped up by Juniper. (See NetScreen Snags SSL Leader and Juniper/NetScreen Merger OK'd.)Jeff Springer, network security manager at the University of Nevada, Reno, is hoping to test the 4000 over the next few weeks. “We’re probably going to use it for our residence halls,” he says. “We need a way to identify users that come into the residence halls and log on.”

Springer tells NDCF that he hopes the new device will give students greater flexibility. “We want something that provides roaming so that if a user moves from one subnetwork to another subnetwork they can still get access.”

Did he consider any other vendor (ahem), before he opted for Juniper? “We’re not really a big Cisco shop, so we didn’t really look at their NAC,” he admits. “The other NetScreen boxes that we have have been very reliable and we will be looking for the same level of reliability on this one.”

Cisco’s NAC, which also enforces security policy compliance across different devices, was launched back in November 2003, and the networking giant has been slowly adding flesh to the bones of the strategy. (See Cisco Unveils New Network Solution and Cisco Sets Out Security Strategy.)

For instance, Cisco recently extended its NAC strategy to encompass its Catalyst switch product lines and also announced a partnership with vulnerability management vendor Qualys. (See Cisco Expands NAC Framework and Qualys, Cisco Team on NAC .)Experts have already identified the Enterprise Infranet as a valid alternative to Cisco, saying that it could help broaden Juniper’s influence in the enterprise market, where it is trying to break Cisco’s dominance. (See Juniper Infranets the Enterprise.)

But Juniper’s strategy, like Cisco’s, is still a work in progress. The Enterprise Infranet currently encompasses Juniper’s IPSec VPN and firewall products, but Harding says its intrusion and prevention products will be added to mix in the first quarter of 2006. (See Juniper Ships ISG 1000 and Juniper Slots in More Security .) Next up could be the application acceleration technologies Juniper acquired when it bought Peribit and Redline earlier this year. (See Juniper Takes Two: Peribit & Redline.) “Those guys are right down the hall, we’re certainly talking,” says Harding.

Pricing for the 4000 starts at $25,000, whereas the 6000 starts at $60,000. Both controllers are generally available today.

Cisco was unavailable for comment on this story.

— James Rogers, Site Editor, Next-Gen Data Center ForumCompanies mentioned in this story:

SUBSCRIBE TO OUR NEWSLETTER
Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like


More Insights