Juniper adds router, switch coverage to security manager

Juniper Networks has upgraded and renamed its centralized security platform to cover many of the company’s routers and switches, less than a year after introducing the product.

When first released, Netscreen Security Manager (NSM) managed policies of Juniper’s security products, the Firewall/IP Sec, VPN and Intrusion Detection and Prevention (IDP) lines. As of this week the renamed Network Security Manager 2008.1 adds security management over Juniper’s J- and EX-series of routers and switches.

Being able to centrally control more devices will help lower capital expenses, said Sanjay Agarwal, Juniper’s senior product line manager for network management. “What we’re trying to address is providing a unified app for simplified management of all these devices in the network infrastructure which helps customers reduce their cost of ownership.”

The new NSM also links to Juniper’s Infranet Controller unified access control appliances to create a centralized security and infrastructure system covering switches, routers, VPNs and access control, he said. New features have been added to Infranet’s UAC 2.2 software, as well as two new members of the Infranet line, one of which scales up to 30,000 end users in a cluster.

Many of these devices share Juniper’s Junos operating system, which is updated four times a year. With NSM these updates are automatically downloaded, managed and installed, said Agarwal.

With NSM 2008.1, administrators can create role-based templates and configuration groups for making policy changes. For example, a global change on all of an organization’s DNS server settings can be accomplished quickly, Agarwal said.

All devices managed by NSM 2008.1 are linked through the standards-based Device Management Interface (DMI). NSM handles common management features like configuration file management, configuration management, inventory management, device discovery and boostrap.

In addition, there’s an XML/SOAP API for customers and partners who want to integrate it with applications they’ve created.

NSM 2008.1 also compliments Juniper’s Security Threat Response Manager (STRM), Agarwal said, which collects log data on possible threats, by automatically acting on policies triggered by a threat threshold.

However, NSM does not cover Juniper’s T-series routers.

As before, customers have two purchase options: NSMXpress is an appliance for controlling up to 500 devices. For environments with more than that customers have to buy the server-based NSM Central software, which runs on Red Hat Linux 4.0 and up or Sun Solaris 10.

Juniper also announced upgrades to the software that runs its Infranet unified access control appliances. UAC 2.2 has added support for Microsoft Windows Statement of Health (SOH) and its Embedded NAP agent, meaning Infranet Controllers can now be used to help manage upgrades to Windows XP Service Pack 3 and Windows Vista.

It also adds support for those Juniper intrusion detection devices that have the company’s Co-ordinated Threat Control (CTC) system, devices not covered until now. CTC co-ordinates responses between authentication and intrusion protection. Now, if there’s a end user accidentally triggers an online threat, the intrusion detection can not only stop it but also signal the UAC to take action, such as temporarily disable the user’s session.

Finally, the company announced additions to the Infranet Controller line. The IC 4500, for mid-sized companies, supports up to 5,000 simultaneous endpoint users. The IC 6500 supports up to 20,000 simultaneous endpoint devices per appliance or 30,000 simultaneous endpoint devices in a cluster. It includes dual, mirrored hot swappable SATA hard drives and dual, hot swappable fans. Dual hot swappable power supplies are an option.

There was no pricing available at press time for the IC 4500, IC 6500.

Related Download
Virtualization: For Victory Over IT Complexity Sponsor: HPE
Virtualization: For Victory Over IT Complexity
Download this white paper to learn how to effectively deploy virtualization and create your own high-performance infrastructures
Register Now