Juniper Networks stitched together some of its existing software to create a new security solution for its Contrail software-defined networking (SDN).
“If you look at new cloud-native apps they’re becoming very disaggregated into microservices in various cloud environments,” said Pratik Roychowdhury, Juniper’s senior director of product management for Contrail. “To ensure compute, storage, and networking is distributed — that’s what Contrail does. But we want to make sure the security portion is also distributed. That’s what brings us to Contrail Security.”
Juniper is taking three existing components to create Contrail Security. “The product is new, but the components are not,” Roychowdhury said.
It uses the Contrail analytics module to gather data, allowing an enterprise to see how its applications are talking to each other and flowing across environments.
It uses the Contrail SDN controller itself as a framework for security policy. “It creates a security policy framework that works across different environments such as OpenStack or AWS [Amazon Web Services],” said Roychowdhury. “You don’t need to re-write policy.”
And lastly, it uses Contrail’s vRouter for security enforcement for both Juniper security products such as its vSRX line as well as third-party firewalls.
“We’ve taken some of the core of Contrail, the controller and vRouter, and provided additional policy framework on top of it,” Roychowdhury said.
Juniper Networks plans to open source the security policy framework from Contrail Security.
The company said recently it plans to put more focus on the OpenContrail platform, and it will also try to draw a brighter line between the open source Contrail effort and Juniper’s commercial version of the product.