© 2015, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

October, 2015

NET208

Enable and Secure Your

Business Applications via the

Hybrid Cloud in AWSShishir Agrawal - Juniper NetworksSr. Manager, Product Management, vSRXssagrawal@juniper.net

Ariful Huq – Juniper NetworksSr. Manager, Product Management, vMXahuq@juniper.net

What to Expect from the Session

• Trends and challenges in migrating to hybrid cloud

• Learn about solutions to address these challenges

• Routing capabilities between public cloud instances

• Secure transport to the public cloud

• Security against advanced threats and staying compliant

• Demo on how to address these challenges in AWS

and a do-it-yourself solution

For your 60 minutes

91%70

%

Nearly 70% of enterprises

will pursue the hybrid cloud

by 2015**

91% of net new software

was built for cloud delivery

in 2014***

The cloud is changing the way enterprises work and transforming

the way IT and business processes are delivered.

2017

25% CAGR

28% CAGR

24% CAGRPrivate

Cloud

IaaS/PaaS

SaaS/BPaaS

Cloud Market Opportunity*

25% CAGR through 2017

By 2017, cloud

spend will be

$392B

*Source: IBM Market Insights, 1H 2014

**Source Gartner, p.6, Private Cloud Matters, Hybrid Cloud is Next, Gartner G00255302, Sept 6, 2013

***Source: IDC Directions, “How SaaS Gets Built” Doc # DR2014_T3_RM March 2014

Cloud statistics

Cloud inhibitors

.7

1.3

16.7

18.7

21.3

22.7

24.0

26.0

27.3

28.0

28.0

30.0

41.3

Other

None

Lack of tools to…

Current network…

Cloud cannot support…

Reduced…

Will cost too much to…

Hard to integrate with…

Reliability concerns:…

Dependency on…

Lock-in to a single…

IT governance issues

Security concerns

Employee size 100-999…

4

4.6

17.2

17.9

18.5

18.5

22.5

26.5

28.5

29.1

31.8

34.4

48.3

Other

None

Lack of tools to…

Reduced…

Expensive

Limitation of current…

Not suitable for…

Hard to integrate with…

Service provider lock-…

Dependency on…

IT governance…

Reliability concerns:…

Security concerns

Employee size 1000+ (N=151)

Q. Which does your organization consider the most IMPORTANT INHIBITORS to your organization's increased

usage of cloud services?

N=301

Base: All respondents

Source: IDC’s Multi-Client Report: Enterprise Cloud Connect, 2015

Key Inhibitors: Security, Reliability, & IT governance

Business edge & enterprise networks evolving

• Applications & workloads shifting to public cloud providers such as

AWS. This shift requires:

• Secure transport to the public cloud

• Secure perimeter gateway providing same next-gen firewall capabilities as

on-premises solutions

• Routing capabilities between public cloud instances in case of geo-

redundancy

Trends

Enabling public cloud migration

Customer Challenges

CE

Provider

MPLS

NetworkInternet

PE PE

PE PE

Amazon PE Amazon PE

Scalable Secure Transport with full mesh capabilities from multiple

enterprise locations to public cloud instance

Routing between VPC instances across AWS regions for geo-

redundancy and high availability

Operational consistency between on-premises and cloud gateway

Redundant gateway for high availability within an AWS region

Visibility, Analytics, and Troubleshooting capabilities of the cloud

gateway

VPC instanceVPC instance

AWS Region A AWS Region B

Ensure Quality of Service for specific types of traffic

Direct-Connect

Enabling public cloud migrationSolution: Scale-Out Virtual Router in the VPC

Virtual Private Cloud

Availability ZoneAvailability Zone

VPC Subnet VPC Subnet

Customer Gateway

Customer Network

New York

VPN

Router Virtual Private Gateway

Customer Gateway

Customer Network

Chicago

VPN

Customer Gateway

Customer Network

Los Angeles

VPN

Utilize a scale-out virtual router instead

To remediate the challenges

highlighted we augment a VPC

deployment with a Scale-Out

Carrier Class Virtual Router

Enabling public cloud migrationSolution: Scale-Out Virtual Router in the VPC

CE

Provider MPLS

NetworkInternet

PE PE

PE PE

Amazon PE Amazon PE

Scalable Secure Transport with full mesh capabilities from

multiple enterprise locations to public cloud instance :

Utilize IPSec VPN for any-to-any connectivity with

scalable tunnel count and throughput capabilities.

Operational consistency between on-premises gateway

and cloud gateway : Carrier class operating system

(JUNOS) with rich routing stack, automation

capabilities (Chef, Puppet, Ansible, PyEz) and

analytics (IPFIX, JFLOW)

VPC instanceVPC instance

AWS Region A AWS Region B

IPSec VPN

Direct-Connect

Virtual Router Virtual Router

Enabling public cloud migrationSolution: Scale-Out Virtual Router in the VPC

CE

Provider MPLS

NetworkInternet

PE PE

PE PE

Amazon PE Amazon PE

VPC instanceVPC instance

AWS Region A AWS Region B

VXLAN over

IPSec

Routing between VPC instances across AWS regions and

Enterprise locations for high availability: Dynamic routing

(BGP) with Overlay Tunneling (VXLAN) capabilities

creates seamless connectivity across all endpoints.

Redundant gateway for high availability within an AWS

region : Instantiate multiple instances of the scale-out

virtual routing platform within a VPC instance to

create redundant topologies. Use technologies such

as BFD for end-to-end liveliness detection.

Direct-Connect

Virtual Routers Virtual Routers

vMX-A

VPC

Internet

Gateway

vMX-B

EC2

Instances

VPC

Router

Public Subnet Private Subnet

Internet VPN

Tunnels

Route

Table

Enabling public cloud migrationDeployment Scenario: Virtual Router as a Virtual Private Cloud (VPC) Gateway

Security: specific areas of concerns

11N=135

Base: Respondents citing “security” as an important cloud inhibitor

Source: IDC’s Multi-Client Report: Enterprise Cloud Connect, 2015

What are the specific inhibitors to your organization's increased usage of cloud services?

21%

24%

25%

29%

33%

39%

59%

67%

Lack of visibility into cloud provider's…

Shadow/rogue IT usage

Job security for IT staff

Denial of Service attacks

Legal and regulatory compliance

Unauthorized data access by cloud provider

Security breach of the cloud provider's…

Data protection

Total (N=135)

Data Protection, Security, and Compliance are Key Concerns

Secure migration to AWS hybrid cloud

Use Cases

Customer Challenges

Migration of IT

Services

SaaS/Cloud

Bursting

Desktop as a

Service

Advanced Threat

Protection

Full-mesh secure

connectivity

Preserve IT

compliance

Leverage existing

solutions

Seamless migration

experience

Solution: migration of IT services

AWS

VPC-DevVPC-Prod

US-West US-East

On-Prem

DCDevProd

Policy A Policy B

Policy APolicy B

Full-mesh secure connectivity – IPSec VPN

Preserve IT compliance –policy migration

Leverage existing solutions – physical or virtual firewall

Seamless migration experience –management & automation

Solution: SaaS/cloud bursting

AWS

VPC-DevVPC-Prod

US-West US-East

On-Premises

DCDevProd

Policy A Policy B

Policy APolicy B

“Outside-in” Advanced Threat Protection – IPS, security intelligence, advanced anti-malware

Open security intelligence platform

Customer-provided or

Third-Party Threat Data

Command & Control, GeoIP,

Additional Intelligence

Local Appliance

or Service

1

2

3

45

Firewall

Aggregated & optimized cloud-based threat intelligence1

Provide threat intelligence to customer premise2

Local/Customer data incorporated into solution3

Central management4

Intelligence distributed to firewall enforcement points5

Threat Intelligence

Cloud

Central Mgmt

A framework that uses information frommultiple sources to deliver improved security

6

Router/Switch

Intelligence distributed to router/switch enforcement points6

Advanced anti-malware cloud service

Advanced Anti-malware Cloud Service

Malware Inspection Pipeline

Cache Static AnalysisDynamic

Analysis

Internal Compromise Detection

Identified

Malware

C&C

EventsAnalytics

Web-based Service Portal

Licensing ReportingConfig & Mgmt

Feed Analysis & Efficacy

C&C GeoIP CustomKnown C&C Servers

Content (File)

Extraction

Fast Verdicts for

In-line Blocking

Threat Intel Events

(C&C “Hits”)

Firewall

Quarantine

Compromised

Systems

Solution: Desktop as a Service (DaaS)

AWS

On-Premises DC

“Inside-out” Advanced Threat Protection –Application Visibility & Control, User ID, UnifiedThreat Management

Application visibility and control

Ingress Egress

App Tracking Understand security risks

Address new user behavior

App Firewall Block access to risky apps

Allow user-tailored policies

App QoS Prioritize important apps

Rate-limit less important apps

SSL Proxy SSL packet inspection

IPS Block security threats

• Heuristics for evasive and tunneled apps

• More application signatures

• Open signature language

Virtual firewall: enable secure migration to AWS

Foundation

Next Generation

Firewall Services

Firewall VPN NAT Routing

Application Control

User-based Firewall

Unified Threat

Management

Anti-virus

Intrusion Prevention Web/Content Filtering

Anti-malware

Security Intelligence

Command & Control

GeoIP Feeds

Custom Feeds

Management Reporting Analytics Automation

Core firewall features

Advanced security services

a

IPSec VPNIPSec VPN

Providing protection

and connectivity to

customer hosted VMs

Other VMWeb VMAPPVM

DBVM

Cloud Hosting Environment:

Customer 1

Other VMWeb VMAPPVM

DBVM

vSRX

Customer Premise 1

Customer Premise 3

Customer Premise 4

Customer Premise 2

CUSTOMER

1

CUSTOMER 3

CUSTOMER 4

CUSTOMER 2

Public

Cloud

Public

Cloud

Expedient: cloud hosting provider use case

Copyright © 2015 Juniper Networks, Inc.

vSRX

dedicated

to

Customer 1

Call to action

• vSRX – Juniper virtual firewall

• vMX – Juniper virtual router

• Download a 30-day free trial of vMX with complete routing stack:

http://www.juniper.net/support/downloads/?p=vmx#sw

• Download vSRX 60-day trial including advanced security services:

• http://www.juniper.net/us/en/dm/free-vsrx-trial/

• vSRX on AWS expected to ship in the next few months

• vMX on AWS expected to ship in the next few months

• Stop by Juniper booth #403 to see demo of vSRX and vMX on AWS

Demo

Thank you!

Remember to complete

your evaluations!