Juniper Networks Presentation Template-US

Download Report

Transcript Juniper Networks Presentation Template-US 

IPSec or SSL VPN?
Decision Criteria
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
1
The Extended
TraditionalEnterprise
Enterprise
Fixed
Telecommuters
Customers
Mobile Workers
Leased
Lines
Business
Partners
Branch
Offices
Data Center
Day Extenders
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
2
Business Connectivity
Requirements
 Must support business productivity for all audiences, while costeffectively securing communications
• Secure
• Affordable
• Raise Productivity
• High Performance & Availability
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
3
The Enterprise Connectivity Solution
Use the Internet to replace leased lines
Fixed
Telecommuters
Fixed
Telecommuters
Customers
Mobile Workers
Internet
Business
Partners
Internet
Branch
Offices
Data Center
Business
Partners
Mobile Workers
Day Extenders
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
4
NetScreen IPSec and SSL VPNs
Customers
Mobile Workers
Day Extenders
Sales
Business
Partners
HR
Internet
Finance
Fixed
Telecommuters
Branch
Offices
Department
Servers
Copyright © 2004 Juniper Networks, Inc.
DMZ
Data Center
Proprietary and Confidential
www.juniper.net
5
The Secure Access Landscape
Fixed/Site-to-Site
Remote Access
Mobile
employees/consultants
Remote/Branch
Office
HQ
Business Partners
Customers
Fixed telecommuters
Connectivity Requirements:
 Bridge fixed, “trusted” networks
 Managed devices
 Transparent access to remote LAN
 Full access to network resources
 Network-layer mgmt & administration
Options:
 Internet VPNs (IP Sec)
 Network VPNs (MPLS)
Copyright © 2004 Juniper Networks, Inc.
Connectivity Requirements:
 Access from “untrusted” networks
 Access from unmanaged devices
Options:
 SSL VPNs
Proprietary and Confidential
www.juniper.net
6
Juniper Network Netscreen
Secure Access SSL VPNs and IPSec VPN Products
Type of
Application
Type of PC
Remote
Network
Security
Type of
Connection
Type of
VPN
Remote Office/
Branch Office
Corporate
Managed, Trusted
Fixed
IPSec
Mobile Employee
Corporate or
Non-Corporate
Unmanaged,
Untrusted
Mobile
SSL VPN
Partner/Customer
Non-Corporate
Unmanaged,
Untrusted
Mobile
SSL VPN
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
7
NetScreen VPNs Meet Business
Needs
Requirements:
Secure
Affordable
NetScreen IPSec VPN
NetScreen Secure Access SSL VPN
• Integrated purpose-built
solution
• Integrated high performance,
robust firewall (w/ Zones)
• Hardened appliance, AAA policy
integration, and access privilege
management
• Route-based VPNs offer low TCO
for site-to-site or fixed
configurations
• No client or server changes
• Low TCO for remote/mobile
employees, partners and customers
Ease of use
• Dynamic Route-Based
VPNs leverage "self-healing”
capabilities
• Centralized management
• Simple Web interface
• Centralized management for
administrators
High Performance &
Availability
• Resiliency at device, network
and VPN level
• Stateful failover an a variety of
clustering options
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
8
Industry Analysts Agree
The IPSec VPN Market is Growing
IPSec VPN market:
$10B in 2003, $12B
by 2004
Site-to-Site VPNs (Infonetics 2003)
75%
Inclusive of hardware,
software and services
72%
68%
63%
Average Percent
57%
54%
50%
49%
37%
32%
34%
60% of enterprises
implementing
network-layer VPNs
25%
0%
2003
2004
2005
Year
Headquarters
Copyright © 2004 Juniper Networks, Inc.
Branch offices
Remote offices
Proprietary and Confidential
www.juniper.net
9
Industry Analysts Agree…
The SSL VPN Market is Growing
$600
“We project that by
2004, 60% of corporate
users will use SSL for
remote access at least
some of the time.”
TAMTAM
M$’s
(Infonetics
2/04)
M$'s
(Infonetics
Q4FY03)
TAM M$’s (Infonetics 2/04)
$500
Remote Access
$400
$300
“By 2005/06 SSLbased solutions
will be the
dominant method
for remote access,
with 80% of users
utilizing SSL...”
$200
$100
$0
FY02
Copyright © 2004 Juniper Networks, Inc.
FY03
FY04
FY05
FY06
Proprietary and Confidential
www.juniper.net
10
Decide Your VPN Needs
By User Type and Network
IT environment:
IPSec VPN
SSL VPN
Type of connection
Fixed connection
Transient connection
Type of device
Managed corporate device
Varying devices
Type of access
Site-to-site
Remote employee, business
partner, customer
Access Controls
Robust firewall functionality
Enables access management
policy enforcement
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
11
Decide Your VPN Needs
By User Type and Network
User constituency:
IPSec VPN
Remote office employees
X
IT staff
X
SSL VPN
X
Mobile employees
X
Day extenders
X
Consultants
X
Customers
X
Business partners
X
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
12
Decide Your VPN Needs
By User Type and Network
Applications and content:
IPSec VPN
Voice Over IP
X
Entire subnets with no
application access control
required
X
Networks, including intranets
and extranets, that require
access control
SSL VPN
X
Web applications
X
X
Client/server applications
X
X
Intranet content
X
X
Email
X
X
File Servers
X
X
Server socket dependent
applications
X
X
Copyright © 2004 Juniper Networks, Inc.
Proprietary and Confidential
www.juniper.net
13
IPSec and SSL
IPSec Design Goal – low level secure network connectivity
• Network layer connection
• IPSec encryption
• Any TCP ports flow over tunnel
Tunnel/transport
applications
IPSec Gateway
Gateway
• Usually done with a hardware
gateway on the LAN and a hardware
or software client
SSL Design Goal – Secure application-to-application connectivity
• Application layer connection
Port
443
Specific Protocol
Server
Copyright © 2004 Juniper Networks, Inc.
Port
443
Client
• SSL or TLS encryption
• Specific port is open (easier to secure)
• Usually done in application software
(included with all standard Web
browsers and e-mail applications)
Proprietary and Confidential
www.juniper.net
15
IPSec and SSL
OSI
Application
Presentation
Sessions
Transport
Network
Data Link
Physical
Copyright © 2004 Juniper Networks, Inc.
TCP/IP
Application
HTTP, FTP, POP
SSL/TLS
TCP, UDP
Internet Protocol IP
Transport
IPSec
Network
Proprietary and Confidential
www.juniper.net
16