Juniper Networks this week expanded its branch office portfolio, releasing two new services routers, two secure services platforms and two network management appliances to boost branch office connectivity.
According to the Sunnyvale, Calif.-based networking vendor, the number of branch offices is growing, and enterprises are constantly looking for ways to enhance user productivity and deliver services and applications. Companies face the challenge of providing branch offices with direct Internet access without compromising security or cost, while also optimizing application performance and providing secure data, voice and reliable services.
"With the branch office market evolving and the demand for choice and flexibility increasing, enterprises struggle to provide a high-performance, secure and reliable network to branch office users," said Andrew Braunberg, principal analyst with Current Analysis. "In order to effectively secure their networks, administrators require visibility into emerging security threats and a simplified method of implementing, enforcing and measuring compliance to global security policies across their entire network and do so with a centralized network management device."
First among Juniper's updates are the new J2320 J-series service router and the Secure Services Gateway (SSG) 320M. Running the modular JUNOS software, the J-series delivers secure and reliable network connectivity to regional, branch and remote offices and extends modularity and services integration to branches. The SSG 320M runs ScreenOS. Both are 1RU high and feature three physical interface module (PIM) slots, four 10/100/100 Ethernet ports, a 400 Mbps firewall and 175 Mbps VPN performance. An encryption card comes standard on the SSG 320M and is optional on the J2320. The J2320 also features Avaya IP telephony support.
The J2350 and SSG 350M are 1.5RU high, have five modular PIM slots, four 10/100/1000 Ethernet ports, 500 Mbps firewall performance and 225 Mbps VPN performance. Avaya IP telephony support is available on the J2350 and encryption card is optional; it is standard on the SSG 350M.
The two SSG updates deliver secure LAN and WAN connectivity to small branches with 25 to 100 users. They perform stateful firewall and VPN functions while protecting inbound traffic from worms, spyware, Trojans and malware with a set of Unified Threat Management features such as intrusion prevention, antivirus, anti-spam and Web filtering functions.
The SSG and J-series updates have a common hardware platform, so enterprises can migrate from one operating system to the other, depending on their needs.
Burton Group senior analyst Eric Maiwald said sharing a hardware platform allows IT to choose whether to focus more on security or the networking portion, since both the J-series and SSGs can perform each function.
Lastly, Juniper announced NetScreen-Security Manager (NSM) Xpress and NSM Central Manager. NSMXpress is an appliance version of NSM that offers management for up to 500 firewall/VPN devices and a redundancy option with real-time high availability. It acts as a single integrated management interface for network and security pros to control Juniper firewall/VPN and intrusion detection and prevention devices. NSMXpress offers device configuration, network settings and security policies. The NSM Central Manager appliance manages up to 10 NSM servers and can scale up to 30,000 firewall/VPN devices, while distributing security policies across the network.
Braunberg said that the NSM updates are intended for companies that have small staff numbers and possibly limited expertise in the branch office and where security tools need to be managed from a central location.
He called the SSG and J-series updates "incremental improvements" because Juniper has added more security on the J-series side and more routing capabilities into the SSG platform. He said the ultimate goal would be to have one operating system between them.
Maiwald agreed, noting that the current trend in the branch is to add more networking functionality to security boxes while adding more security to networking tools. He said Cisco, with its ASA and ISR, is an example of that, and other vendors are likely to follow suit; and he noted that if companies choose to add the PIM modules -- which can add eight or 16 ports of 10/100/1000 Ethernet -- to the new SSG releases, it "starts to look more like a switch."
"As the sophistication and number of business-critical applications increases for the branch office," Sheth said, "so do the performance and security requirements of the underlying network infrastructures supporting them."
Pete Revel, senior lead network and security architect and senior project and technology manager at Intermatic Inc., said rolling new applications out to branch offices is a company-wide initiative to enhance productivity with reliable and secure access to applications.
"Our business requires us to provide integrated best-in-class security, WAN connectivity and multiple network and business services so we can deliver a dependable and secure experience to our employees, customers and strategic business partners," Revel said.
Overall, Burton Group's Maiwald said, Juniper is trying to capitalize on the branch office challenges many companies face, which boil down to cost and management, while also offering a level of services.
"I need to minimize cost, otherwise I'm putting an awful lot of money into these relatively small locations," he said, adding that companies also need to be able to manage branch offices, which typically don't have an in-house IT staff.
Branch offices, Maiwald said, create a balancing act between cost and security: Do companies pay more to have a more secure environment, or do they pay less and increase risk and exposure?
"The branch is a good place to combine these functions," he said. Throughput is relatively low, and features and functions can be added as time goes on. "They're a good place to do things at a reduced cost."
Dig deeper on Branch office network design