Juniper Networks is expanding its network and security management software to include more of the company's product line, making it easier for customers to set security policies across their infrastructure rather than doing so using several product-specific platforms.
The company's Network and Security Manager (NSM) now supports Juniper's SSL VPN products, Unified Access Control (UAC) NAC gear and its EX enterprise switches. Previously the NSM platform managed just firewalls and intrusion-detection products. Later this year, Juniper says it will bring management of its M-Series multiservice edge routers and MX-Series Ethernet services routers under NSM as well.
While this type of broad management platform is common among other networking vendors and Juniper customers want it, the new NSM required bringing together management of disparate products that were developed in-house, as well as those that were acquired.
NSM was created by NetScreen, which Juniper bought in 2004. NetScreen came to Juniper with firewalls, IPSec and SSL VPNs, and intrusion-detection gear, some of which was acquired as well. For instance, NetScreen bought its SSL VPN gear when it purchased Neoteris in 2003.
To bring management of this smorgasbord of devices under NSM, Juniper instituted an XML interface called device management interface (DMI). NSM has been adapted to talk to DMI, and that capability makes it possible for Juniper to add product lines to the management platform quickly, the company says.
New NAC capabilities
Juniper has made its UAC product compatible out of the box with Microsoft's NAC technology, known as Network Access Protection (NAP). This means customers can use elements of one with elements of the other.
Rather than distribute Juniper's UAC client, the NAP client built into Windows XP and Vista can handle reporting on the status of endpoints.
UAC has supported NAP for more than a year, based on public demonstrations, but that required complex configuration. Now, the support is standard.
Along with NAP interoperability, new UAC software makes it simpler to install and deploy UAC client software. It also makes it possible for UAC to auto-remediate more third-party products, such as antivirus software, and enables UAC scale to hundreds of thousands of endpoints at a time.
Juniper also has broadened the number of devices that can send security input to the UAC Infranet Controller policy-controller, in order to isolate misbehaving endpoints.
The company's Coordinated Threat Control architecture enables various devices on the network to report to the Infranet Controller about significant security incidents. Based on the severity of these events, the controller policies can call for quarantining the offending machine or restricting its access to the network. In extreme cases, the machine's session can be cut and further access attempts denied until the attack can be analyzed.
Juniper has expanded this reporting capability to include the firewall within its Integrated Security Gateway (ISG) appliance.
Juniper also is announcing two new Infranet Controller appliances, the IC 4500 and the IC 6500, new hardware that boosts the performance of earlier models. The IC 4500 costs US$10,000 for the appliance plus licenses for concurrent users. The smallest license is for 25 users and costs $1,500. The IC 6500 appliance costs $15,000 plus licenses. The smallest license package is for 100 users and costs $4,300.
The company has added a disaster-recovery license for its UAC platform. So, when a business has to switch to a backup or mirrored data center, it costs less to license the backup site that it would otherwise.