Juniper Networks is expanding its network and security management software to include more of the company's product line, making it easier for customers to set security policies across their infrastructure rather than doing so using several product-specific platforms.
The company's Network and Security Manager (NSM) now supports Juniper's SSL VPN products, Unified Access Control (UAC) NAC gear, and its EX enterprise switches. Previously the NSM platform managed just firewalls and intrusion-detection products. Later this year, Juniper says it will bring management of its M-Series multiservice edge routers and MX-Series Ethernet services routers under NSM as well.
While this type of broad management platform is common among other networking vendors and Juniper customers want it, the new NSM required bringing together management of disparate products that were developed in-house, as well as those that were acquired.
NSM was created by NetScreen, which Juniper bought in 2004. NetScreen came to Juniper with firewalls, IPSec and SSL VPNs, and intrusion-detection gear, some of which was acquired as well. For instance, NetScreen bought its SSL VPN gear when it purchased Neoteris in 2003.
To bring management of this smorgasbord of devices under NSM, Juniper instituted an XML interface called device management interface (DMI). NSM has been adapted to talk to DMI, and that capability makes it possible for Juniper to add product lines to the management platform quickly, the company says.
New NAC capabilities
Juniper has made its UAC product compatible out of the box with Microsoft's NAC technology, known as Network Access Protection (NAP). This means customers can use elements of one with elements of the other.
Rather than distribute Juniper's UAC client, the NAP client built into Windows XP and Vista can handle reporting on the status of end points.
UAC has supported NAP for more than a year, based on public demonstrations, but that required complex configuration. Now, the support is standard.
Along with NAP interoperability, new UAC software makes it simpler to install and deploy UAC client software. It also makes it possible for UAC to auto-remediate more third-party products, such as anti-virus software, and enables UAC scale to hundreds of thousands of end points at a time.
Juniper also has broadened the number of devices that can send security input to the UAC Infranet Controller policy-controller, in order to isolate misbehaving end points.