Posts tagged Networking
Enterprise Network Observability with Kentik - #TFD27

With your network now reaching much further than the boundaries of your offices, managing an enterprise network is much more complex than ever before.

Kentik’s mission is two-fold.

  1. To make life awesome for people building the connected world

  2. Deliver one comprehensive observability platform for running all of an enterprise’s infrastructure.

During #TFD27, Kentik presented their SaaS-based Enterprise Network Observability Platform. Their platform can receive telemetry from various sources using integrations and agents. With this data via powerful analytics, they can provide network managers with automated insights to resolve issues, improve performance, control standards and much more.

During the demonstration, they showed a number of powerful tools that were able to troubleshoot various issues, including conducting root cause analysis over an application configured in a hybrid infrastructure.

I liked their platform's ability to configure various tests to help monitor the network and application performance. These are able to be configured to take place from agents you have installed across your network or public agents accessible over the internet across the world. This allows enterprise network admins the ability to receive insight from a variety of standpoints. Further to this, the visualisation capability within the platform was fantastic. The two examples below show visualisations, first of BGP routing and secondly of a complete network topology within AWS.

When managing a largescale complex enterprise network, these tools will be invaluable to ensure you have visibility across not only the networks within the offices but across datacenters, into the cloud and beyond.

You can see my doodle covering Kentik’s presentation below and be sure to check out the presentations on the TFD website.

To learn more about Kentik check out their website here.

Juniper Connected Security - Building a threat-aware network

Trying to ensure your network is secure often seems like an impossible battle. Many security and network operation teams often face a losing battle of an ever-growing list of software, aiming to ease administration and secure the network. The truth is, more often than not, this software ends up creating further information silos and adding to the barrage of information for the already bewildered specialists to try to understand.

I was recently given the opportunity to attend an exec briefing with some of the security team at Juniper Networks to understand how their approach differs.  

As always I have summerised my findings in the Tech Doodle below.  

Before I delve a little deeper into Juniper Security Director Cloud, let me share with you my top 3 thoughts: 

  1.  Juniper Security Director Cloud is a subscription-based service avoiding additional hardware requirements 

  2. Juniper Security Director Cloud works well with Juniper and third-party solutions 

  3. Juniper Security Director Cloud has intelligent policy management and can make reactive changes based upon threat analysis  

Juniper Security Director Cloud is an as-a-Service subscription-based solution meaning there is no need for additional hardware or complex initial configuration. As mentioned above I was particularly impressed with how it offers customers support for a number of third-party technologies as well as the wealth of solutions within Juniper’s portfolio.

Core to Juniper Security Director Cloud is the belief that the network itself should become threat-aware.  

Utilising in-built intelligence, Juniper Security Director Cloud is able to protect every connection from client to workload from on-premises to the cloud.  

Juniper Security Director Cloud utilises a unified policy set irrespective of the device, but importantly the automation capabilities allow for deduplication, rule precedence and error avoidance within the policies. Critically, Juniper Security Director cloud is not only able to help you monitor your estate, but also make reactive changes based upon threat analysis.

Many organisations are looking for solutions that are able to simplify and centralise security operations. Not only should they help reduce the burden of multiple siloed solutions, but should also look to use intelligence and automation to help proactively protect the network. This is exactly what Juniper Security Director Cloud sets out to achieve. For organisations that are looking to implement SASE (Secure Access Secure Edge) principles, the fact that Juniper Security Director Cloud supports third- party solutions will allow for Juniper Secure Edge solutions to be implemented alongside existing solutions whilst transitioning.

Juniper is also ever innovating in this space and recently announced the addition of CASB (Cloud Access Security Broker) and DLP (Data Loss Prevention) into their Secure Edge offering.

It was good to learn more about Juniper’s approach to security and SASE. For me I am really looking forward to seeing this technology in action. A single unified approach to policy and intelligent threat analysis coupled with reactive changes is a very powerful mix. I hope to be able to share some demonstrations of this technology with the Tech Doodles readers soon.

You can learn more about Juniper Connected Security at Black Hat 2022 on booth #2240.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.

Flowmon Overview - Network Performance Monitoring and Diagnostics

I have recently been doing some work with Flowmon to further understand Flowmon’s Network Performance Monitoring and Diagnostics (NPMD) functionality. Below you can see my doodle covering the technology.

In-brief Flowmon, which is now part of Progress, following the Kemp acquisition, gives network operators visibility and insights into network performance and issues. It does this by enriching flow data with level 7 application data, giving enhanced network insight without the overheads of full packet capture. Critical to this is the Flowmon collector appliance which can receive data as Netflow, IPFIX or any standard flow record like sflow, jflow or netstream.

Flowmon Architecture

With this collected data, Flowmon provides;

  • Autonomous investigation for route cause of operational issues

  • In-built expert knowledge of network error codes with remedial action

  • Reduced and simplified toolset, allowing delegation of networking monitoring and troubleshooting

  • Reduction of network diagnostic noise, allowing problems to be resolved quickly and easily

I was able to understand some of the use cases in action, this included following the process of an administrator trying to diagnose slow internet performance reported by users. Utilising the Flowmon toolset, the problems were able to be tracked down within a few steps. The root cause, diagnosed through Flowmon was an incorrect client configuration, resulting in increased network traffic. This was due to Windows updates being pulled down directly from the internet rather than from the local WSUS server. Without Flowmon, this may have taken Network Admins and other teams many hours to diagnose and resolve.

I was really impressed by what I saw of Flowmon, without tools like this, troubleshooting user issues is often a difficult task, with admins trying to understand where the problem lies between the applications, the network and the user. Flowmon gives network admins the tools they need, not only to resolve problems quickly but to be proactive in their troubleshooting.

You can find out more about Flowmon here

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Progress to create content covering the Flowmon product set. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Progress.

Announcements from the Juniper Networks Analyst, Influencer and Media Global Summit 2021

This week saw the Juniper Networks 2021 global summit for analysts, influencers and the media. I have covered my thoughts on this event and Juniper’s strategy in my earlier blog post. In this blog post, I am going to cover the three key announcements from the summit. 

  1. Juniper Support Intelligence

  2. New Wi-Fi 6E Access Points

  3. Juniper Mist IoT Assurance

Juniper Support Insights

Juniper Support Insights is a cloud-connected, AI-driven support platform for customers using Junos OS devices such as ACX. EX. MX, PTX, QFX and SRX.

With Juniper Support Insights, there is no need to replace or upgrade your device to get this functionality - it is already included. You can choose to connect your devices directly to the cloud, like the Mist AI connected devices, or alternatively, you can use a lightweight collector appliance. The collector is a hardware appliance that can support up to 20,000 devices with a single collector. I think many organisations will choose to opt for the collector in their secure environments.

Once connected to the cloud, Support Insights will give operations actionable insights into their network to allow them to be proactive in their maintenance. In addition, Support Insights will use the small amount of data collected about your devices to give insights regarding the following:

  • Product data

  • Contracts

  • Machine learning

  • Install base

  • Service requests

  • Knowledge base

  • PBN’s

  • SIRTS

  • RMAs

  • EOL/EOS

As Support Insights uses machine learning, the more devices that are connected to the cloud, the more accurate and relevant the insights that will be delivered. 

I like the fact that Support Insights is readily accessible without additional cost, upgrade or replacement of existing Junos products. It will undoubtedly help operations teams get better insights into their install base and hopefully assist them in moving from reactive to proactive support. Whilst Support Insights is a read-only freemium offering, at a cost, Juniper also has products that offer read and write interactions with the network, with solutions like Paragon Insights. 

Juniper Support Insights solution

Juniper Support Insights blog

AI-driven Wi-Fi 6E Access Points

The second announcement covered two new AI-driven Wi-Fi 6E access points. The two new access points leverage the Mist cloud and AI engine for rich insights, enhanced troubleshooting and optimisations. The two access points that were announced are both tri-band and quad radio with BLE (Bluetooth Low Energy Support).

The AP45 access point offers Juniper’s patented virtual Bluetooth LE technology. This will be attractive to organisations that need enhanced location-based services.

Product webpage: Juniper Wireless Access Points and Edge

Juniper Mist IoT Assurance

The final announcement focused on the lifecycle of IoT devices on a wireless network, particularly those that lack the support for 802.1x (WPA3 Enterprise).

With IoT devices increasingly being added to our corporate networks and at scale within many networks, it's essential that this process is quick, easy - and importantly, secure. Unfortunately, many IoT devices aren’t enterprise-ready and will lack the necessary features to secure and isolate traffic, all resulting in security issues or configuration complexity. This is where IoT Assurance comes in.

IoT Assurance is a cloud-based service that leverages a Multiple Pre-Shared Key mechanism (MPSK) to easily onboard devices at scale, offering micro-segmentation of devices as well as traffic engineering and full policy management. IoT Assurance provides a full suite of access control functionality using MPSK or Private Pre-Shared Keys, all without relying on having a client MAC address available in advanced or a configured NAC device.

Once the devices are on board, IoT Assurance takes control of day two operations, including automatic PSK expiration in conjunction with automatic key rotation, making sure that keys are regularly rotated whilst ensuring there is no downtime. Some additional tools are integrated, such as the ability to monitor active device utilisation per PSK, a fully-featured API and the ability in the future to create self-provisioning portals that can be used for BYOD workflows.

IoT Assurance Datasheet

Final Thoughts

These announcements further build upon Juniper’s portfolio of products as well as their vision of experience-first networking. With tools like Support Assurance and IoT Assurance, admins can streamline workflows, take proactive actions, and deliver higher levels of reliability, security, and service to end-users.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.

Juniper Networks Leading with Experience-First Networking

Juniper Networks Analyst, Influencer and Media Global Summit 2021

This week saw Juniper present an update on its vision, strategy and latest innovations at the company’s virtual global summit for analysts, influencers and the media. Leading up to this event, I have been lucky enough to meet a number of Juniper execs to understand first-hand its strategy, vision, and latest product offerings.

Juniper has a laser focus on experience-first networking. This is much more than a marketing spin on its products and this was clear throughout the summit and across the company’s product innovations. Experience-first networking for Juniper is all about simple operations for network admins and a superior end-user experience for IT users. Anyone who knows me will know that I'm a simple soul, and while I love enterprise technology, I firmly believe it doesn't need to be complicated. So this messaging and focus both sit well with me.

How is Juniper delivering experience-first networking?

Often when you hear terms like experience-first networking, you will think it is just about marketing spin on top of the same old products. It is clear with Juniper that it goes much deeper than this. It appears to all start with the 2019 acquisition of Mist Systems and particularly the AI offerings surrounding the Marvis technology. If you haven't seen Marvis in action, head over to Tech Field Day to learn more. During the summit there was a short demonstration of the Marvis technology in action, initially showing troubleshooting of a wired network where the root cause had been diagnosed as a faulty network cable. Secondly and most impressively to me, the technology was able to troubleshoot and pinpoint an end-user's issue with Microsoft Teams. These kinds of quick and straightforward troubleshooting abilities make a real difference to both the end-users and the IT teams, allowing them to focus more time on innovation and moving forward, rather than tackling business as usual issues.

The image below was discussed during the summit. It depicts logged support tickets over time and how they were resolved. The green portion shows the tickets resolved (and logged) without human intervention, and the red portion indicates tickets with human intervention. As you can see, with AI technology built into the systems and more nodes being added to improve intelligence, tickets are being resolved before IT even needs to intervene.

Juniper discussed that, moving forward, networking was about much more than speeds and feeds alone. Of course, speeds and feeds are still important, but now it's about delivering real business value - and for Juniper Networks as a software company, this is all about the experience.

What was announced?

Building on the experience-first networking approach and maintaining its leadership within its products, Juniper Networks announced three new offerings during the summit:

I have expanded on these announcements in this blog post, but these products further help operations deliver a better experience to end-users, with better uptime, quick resolution to issues, better performance and in-built security.

Final Thoughts

I have been really impressed to hear and understand Juniper's vision, and importantly, how it plans to achieve it. Juniper has been on a journey to modernise its business, and the focus on software and innovation around AI results is a real differentiator that will matter to customers.

Personally, moving forward, I look forward to learning more about Marvis and seeing it in action for myself.

Here are two of my Doodles from the event. Please click them to see them in more detail.

Disclaimer: Tech Doodles through Tech Crossing Limited has been paid by Juniper to create content following the Juniper Networks Analyst, Influencer and Media Global Summit 2021. Whilst Tech Crossing Limited and the authors of this blog post have been paid to create the content, there has been no influence or editorial control by Juniper Networks.