Juniper Launches Security Blades
According to Juniper, the blades, or Secure Port Modules, can be slotted into the 5000 and offer a combination of firewall and VPN features. The blades are essentially circuitboards supporting two Juniper-built ASICs. They offer up to 30 Gbit/s of firewall performance and up to 20 Gbit/s of VPN (virtual private network) throughput, the vendor claims.
Firewalls are used to protect networks from external threats such as viruses and worms, whereas VPNs are typically used to give remote sites and individual users access to internal networks.
Juniper is pushing the envelope. The company's previous blades for the 5000 were capable of 12 Gbit/s of firewall and 6 Gbit/s of VPN throughput. Paul Stamp, a research analyst at Forrester Research Inc. says that the 5000 now leads the firewall pack. “It leaves their competition standing, from a performance standpoint,” he says.
The major competitor for the NetScreen 5000 is Cisco Systems Inc.’s (Nasdaq: CSCO) Catalyst 6500 device. Like Juniper, Cisco also offers specialist security blades for its appliance. A Cisco spokeswoman confirmed that the company’s firewall modules can handle between 20 and 22 Gbit/s of throughput. She added that Cisco’s VPN modules are now capable of up to 24 Gbit/s.
But does anyone actually need Juniper’s 30-Gbit/s firewall throughput? “I think the 30-Gig element is going to be limited to very large enterprises and carriers,” says Stamp. However, he predicts that the new blade will do “very well” in these markets.
With emerging applications such as voice and video placing a massive strain on networks, large enterprises and telecom firms are looking for faster throughput, according to Stamp. ”Anything real-time is a bandwidth hog,” he says. “As adoption of real-time applications takes hold, this type of throughput is going to be the norm.”
The end result, says Stamp, is likely to be something of a firewall/VPN arms race between the major vendors. “In this market, at the high-end, it’s going to be [about] bigger and faster."
Stephen Philip, Juniper's director of product marketing, told NDCF that the new souped-up firewall technology has a crucial role to play in the vendor’s nascent Enterprise Infranet initiative (see Juniper Intros Enterprise Infranet).
The Enterprise Infranet, which was launched a few months ago, is an ambitious plan to tackle Cisco in the enterprise security space. The scheme, which is still in its infancy, is seen as a clear shot at Cisco’s Network Admission Control (NAC) strategy to enforce security policy compliance across different devices (see Juniper Infranets the Enterprise).
Slowly but surely, Juniper is unveiling pieces of the strategy. Philip, for example, confirmed that firewall platforms, such as the NetScreen 5000, will act as the “enforcers” within the Enterprise Infranet. These, he says, will control access at the network edge or even act as a gateway between different buildings on a campus network.
Philip also confirmed that the enforcers will link up with a “Controller” appliance, which forms the heart of the initiative. However, Juniper is yet to launch the mysterious, VPN-based Controller. There has already been speculation that the company’s new family of VPN appliances could form the basis for the technology. Juniper, however, is staying tight-lipped on the specifics of its product roadmap (see Juniper Ups Its VPN Ante).
— James Rogers, Site Editor, Next-Gen Data Center Forum