If you talked with me at Interop, Las Vegas last week you heard me speak of Juniper’s New Network Platform Architecture. The New Network Platform Architecture is an initiative that brings together Juniper’s innovations in silicon, software, and systems to deliver best-in-class network designs that enable business advantages for our customers. This is a milestone for Juniper, and it shows the commitment that we have to delivering value to our customers to help them compete in today’s market place.

More than two decades ago the Berlin Wall crumbled because there was pressure from the people on both sides. So also, the Old Network is crumbling from pressure on two sides...

When it comes to vGW antivirus and IDS, we get a lot of questions about performance, signatures, and whether traffic has to be sent to an external device for inspection.

With vGW, both the IDS and antivirus engine signatures are housed on the vGW Security VM (SVM). The packets are not sent to an external location for processing on the antivirus engine.

vGW antivirus also comes in two flavors: 1) an on-access scan and 2) an on-demand scan. Think of on-access as real time with a micro agent loaded in each VM, but with the signature repository residing on the SVM.  If, for instance, a user tries to save an infected file to their VDI VM, the vGW on-access scan will intercept and quarantine the file. The on-demand option is more like point-in-time or offline antivirus. It uses a micro snapshot, scans the offline VMDK file, and then recommits the snapshot. This way, you can optionally schedule your VM scans during maintenance windows or off-peak hours to ensure that virus scanning does not negatively impact business-critical traffic.

Finally, the IDS engine is not inline and, therefore, firewall performance is not directly affected and the maximum throughput on any ESX/ESX(i) host in the environment is approximately 2 Gbps. The IDS processing is done on the SVM with stats rolled up for reporting to the Security Design management center. This processing can also be exported using packet mirroring or spanning to an external engine. Please note that this is only IDS and not an IPS option.

For more information please contact Cloud Security Sales.

Modern data center networks face an unprecedented array of challenges, including cost effective scaling, support for new applications such as highly virtualized data centers, more reliable delivery of Ethernet data frames, and much more.  This week at Interop in Las Vegas, IBM released a series of technical briefs that present a vision for the creation of an open data center with an interoperable network.
 

As the current movement toward open source virtualization (in other words, “no-pay” virtualization platform) is gaining more momentum, so are projects like OpenStack. Founded in July 2010 by Rackspace and NASA, OpenStack is an open source cloud computing platform project and community that currently has more than 165 companies, including two recent joiners, IBM and Red Hat. It has three core projects—Compute, Object Storage, and Image Service—with many more in the incubation hopper and, per a recent NetworkWorld article, also ranks as one of the top 10 most powerful Iaas companies.

The beauty of open source is that there is no vendor lock-in and, well, it’s cheaper—which are two things that are important to customers and, by extension, to Juniper. When it comes to the cloud, Juniper’s objective is to provide the best possible and most cost-effective security for its customers—whatever their choice of platform may be. OpenStack supports multiple hypervisors and Juniper’s vGW Virtual Gateway, which currently supports VMware and has short-term planned support for other hypervisors like KVM, Hyper-V, and Xen. So if organizations continue to rally behind OpenStack and the efforts of its growing number of active developers and cloud technologists to create a massively scalable cloud offering, they can count on Juniper to provide security that meets their needs for versatility as well as high-performance, multi-layered defenses, and compliance.

Today, Juniper Networks released its Trusted Mobility Index, a global survey of more than 4,000 mobile device users and IT decision-makers, which benchmarks current levels of trust in mobile technologies as well as examines how trends in mobile security and reliability influence attitudes and behaviors.

While there is a great deal of research into increasing mobile security and privacy threats – including Juniper’s own threat research conducted by its Mobile Threat Center – little attention has been given to understanding people’s current attitudes and confidence in their mobile experiences.

The total amount of known mobile malware has risen dramatically. From 2010 to 2011, Juniper Networks Mobile Threat Center identified a 155 percent increase in threats to mobile devices. However, no other category of mobile security threats is growing as quickly as Spyware.

In fact, in the first three months of 2012, Spyware targeting mobile devices has doubled. To put this in perspective, Juniper has discovered nearly the same amount of Spyware from January to March of 2012 as we have in the last eight years combined.

May 2012 Microsoft Patch Tuesday Summary

Welcome to another edition of patch Tuesday summary blog.  Last month’s patch Tuesday involved patching 11 vulnerabilities over 6 bulletins, while this month we are patching 23 vulnerabilities over 7 bulletins.

Here is a list of the vulnerabilities fixed in today’s patches:

The much brandied "Internet of things" or the more geeky M2M conjure up a vision of myriad of connected devices all talking to each other exchanging data in real time. Just for a moment overlay that with the security lens and you will start to see what is a seemingly intractable problem - how do you secure these billions of devices ?

Next week at Interop, there will be a good amount of reality and hype surrounding BYOD, Big Data, fabrics, software defined networking, and of course, THE CLOUD. My fellow Juniper representatives and I are looking forward to talking about those issues and architectural strategies for your IT infrastructure. However, there is a more mundane, but also important decision to be made when it comes to thinking about economics and future proofing your infrastructure: when, where, and why should you use 1G vs 10G switches?