Shifting to a cloud strategy has been at the top of almost every CIO's priority list now for the better part of a decade. In fact, an interesting factoid from ZK Research is that businesses spent approximately $12 billion globally last year on technology to build private clouds. This includes a myriad of technology, including virtualization platforms, converged and hyper-converged infrastructure, and storage. Combine this with the continued rise of mobile phones, tablets, and the addition of the IoT, and it's pretty clear this this isn't your father's, or even your older brother's, IT environment.
The evolution of IT to a cloud-centric model has enabled organizations to do things they have never been able to before. Utilization is at an all-time high, workers can literally perform any task from any location (often on mobile phones), and IT is more agile than it ever has been.
However, there is a dark side to the cloud, and that is the resulting complexity that has emerged in the IT environment, particularly with respect to the network. Cloud is a network-centric compute paradigm, so the network plays a critical role in the success or failure of cloud initiatives.
The network has also become a lot more complicated. The data center network has evolved into fabrics, Wi-Fi is now the dominant access technology, the WAN is shifting to a hybrid model, and network functions virtualization (NFV) and software defined networking (SDN) are starting to have an impact across the network. For today's network manager, it is becoming increasingly difficult to put all the network puzzle pieces together and run a network that is secure and optimized for the cloud.
This week, Juniper announced a reference architecture called "Unite" to help organizations deploy a network that is cloud-ready. The concept of an architecture is to help remove much of the guess work in deploying all of the components that comprise a network. There's always a fair amount of tuning, tweaking, fiddling that has to be done to optimize the deployment. This process can often take months to accomplish. An architecture like Unite should simplify the process greatly.
While many vendors have reference architectures, Unite has some interesting aspects, most notably:
- Multi-layer architecture. While Unite is a network architecture, it organizes the network into a number of "layers," each of which can be managed, updated, and configured independently. The lowest layer is underlying network infrastructure and included routers and switches. Juniper actually shows this as two separate layers: the foundation layer, which is the software and silicon, and the devices above this. In practicality, most customers will look at that as a single layer. Above that is an "access" layer that is predominantly Wi-Fi, and above that is security, which covers secure network access and other advanced security services such as security intelligence feeds. In the Unite architecture, security is both its own layer but is also integrated across the other layers. Juniper security is built into the underlying network infrastructure, which includes the silicon, software, and systems. This is how Juniper is able to deliver high-performance network security. For example, the SRX Firewall utilizes Juniper silicon on systems. Also, all network devices have "hooks" to act as policy/security enforcement points. A third-party ecosystem partner can provide additional security services, like network and policy control. The top layer is integrated management and is where devices are configured. More importantly, though, the management layer is where network data is collected for analytics to improve visibility and performance.
- Multi-vendor. While Juniper is obviously the main component of Unite and wholly makes up the network infrastructure layer, each of the other layers is designed to be multi-vendor as part of Juniper's Open Convergence Framework (OFC). The vendors included in Juniper's Unite stack are as follows:
- Network infrastructure: Juniper EX switches, MX edge routers, SRX and vSRX branch routers and security appliances.
- Wireless access: Aerohive, Aruba and Ruckus.
- Unified Communications: Microsoft Lync.
- Security/policy: Juniper Spotlight Security threat intelligence management, Juniper Sky Advanced Threat Prevention advance malware protection, Juniper next-generation firewall, Cyphort, Pulse Secure, Aruba ClearPass.
- Integrated management: Juniper Network Director and Security Director, Contrail, Aerohive HiveManager, Aruba AirWave.
- End-to-end architecture. Most architectures focus on one specific aspect of the enterprise network. Unite is designed to be end-to-end and can help simplify the deployment and ongoing management of every part of the network – from the data center to the access edge to the branch. Network simplification is accomplished with Junos Fusion Enterprise, an open fabric that leverages the EX9200 switch. Junos Fusion Enterprise uses 802.11BR and scales to over 100 access switches to provide support for 6,000+ access ports. It can also unify both the enterprise wiring closets and the on-premise data center as a single logical network device. Historically, the data center has been low-hanging fruit for reference architectures because the complexity is high and the stakes are high. However, complexity knows no limits, and IT needs help at the access edge and the branch. Branches, in particular, can be highly problematic for businesses because they require a wide variety of technology deployed on numerous appliances and typically have no local IT support. Unite shifts this model to virtualized services that can be deployed and managed remotely.
- Open architecture. Juniper has leveraged open standards where possible and, under its OCF, has published a number of APIs to enable third parties to interoperate with Juniper infrastructure. A handful of third-party vendors were included as part of Unite, but I fully expect to see others added.
The shift to the cloud is well underway, and it's transforming almost every part of IT. The last component to evolve is the network. Juniper's Unite architecture should help customers deploy a multi-vendor network that can meet the security, scalability, and resiliency requirements of the cloud, but also be simple to deploy, manage, and operate.