The Latest Juniper News
Product and Solution Information, Press Releases, Announcements
|Extending Security to All Points of Connection: Containerized Security with the cSRX|
|Posted: Mon Aug 05, 2019 12:52:30 PM|
The use of containers as a low-footprint infrastructure upon which to run microservices introduces another layer of infrastructure that needs to be secured. With Juniper Connected Security, organizations can provide industry-leading security for their containerized workloads, extending visibility and enforcement all the way down to the communication between individual microservices within an application.
Like all aspects of IT, containers need to be secured and administrators need visibility into data flows moving in and out of these containers. Monolithic applications are difficult to scale and incredibly inefficient when scaling is achieved. As a result, this has driven the sharding of applications into microservices for the past two decades and microservices are driving the adoption of containers.
With the release of software-defined networking (SDN) controllers such as Contrail, the ability to participate in network function service chains was introduced to Juniper's Containerized SRX (cSRX). Acting as a "bump in the wire" between two data flows and a target container, the cSRX adds security enforcement points where none existed before and offers the most comprehensive network security for Docker Containers that is available today. With Contrail, the addition of security is now transparent to application developers.
The cSRX also offers further network visibility, allowing organizations to respond more quickly to emerging threats. Individual containerized applications or microservices can be provided with their own next-generation firewall, or even an entire chain of network security services, depending on the need.
Advantages of the cSRX Container Firewall
Juniper Connected Security
What better place to inspect traffic for signs of compromise and to enforce security than at the connection point?
Juniper Connected Security integrates networking and information security products, allowing the detection of threats and the enforcement of policy at multiple points within the network. Juniper Connected Security provides perimeter defenses, cloud defenses, network segmentation, as well as virtualized and containerized security, and even defenses for edge computing.
Making Microsegmentation a Reality
Contrail has offered advanced microsegmentation capabilities for some time. However, microsegmentation can be an expensive proposition. Microsegments are virtual network segments or rule-based containment groups that are ideally used to encapsulate all of the microservices that make up a single application, or which occupy a single tier. Each microsegment is effectively its own small network, and to communicate beyond that segment, data flows would have to traverse a router. With Contrail, that router is the vRouter and itís distributed to every compute host.
The need for data entering or exiting a microsegment to traverse a router offers a natural choke point wherein network functions could be implemented. Traditionally, these network functions required expensive hardware and each data flow would have to be sent outside of the containerization host through the various pieces of hardware and then on to their destination.
The Contrail service chains for containers and cSRX change all of that. Network functions that can be applied to a service chain include:
With the cSRX, Contrail can create extremely small microsegments with extremely strong perimeters, rapidly instantiating network function service chains to defend each microsegment. Entire service chains can be stood up in seconds, allowing a microsegment and all necessary network functions to be brought into service faster than the containers or virtual machines that make up the application they defend.
Paired with Contrail Enterprise Multicloud, the cSRX represents the first production-grade solution that extends a full suite of orchestration, automation, security and analytics to deploy dynamic consumer and enterprise services in a cost and resource efficient manner into the container space. For containerized application platforms like OpenShift or Kubernetes, Contrail Enterprise Multicloud consists of Contrail Networking and Contrail Security controller, Contrail vRouter with L4 Security, cSRX and/or vSRX with L7 security, AppFormix Analytics Agent and the Kubernetes CNI plugin.
Juniper Connected Security extends security to where cloud-native applications reside to provide consistent policy across private cloud, public cloud and IoT infrastructure. Juniperís cSRX container firewall delivers a powerful and virtualization-specific set of advanced security services to secure containerized applications and microservices and is small enough to even be deployed by manufacturers on IoT devices.
The cSRX is feature-rich, offering administrators capabilities and a management interface that they will be familiar with because they use our vSRX and hardware SRX firewalls. The cSRX plays a vital role in Juniper Connected Security, protecting individual devices and workloads in resource constrained environments.
Securing today's networks requires multiple points of security enforcement throughout the network and the visibility to act on threats wherever they may appear. See, automate, and protect with Juniper Connected Security.