As Juniper Networks has advanced into enterprise network gear, South Carolina’s Department of Probation, Parole and Pardon has come to rely on the company.
The state of South Carolina’s probation department became a big purchaser of Juniper Networks enterprise products via a predictable route: it was a satisfied customer of NetScreen firewalls, then Juniper bought NetScreen.
After that, as Juniper expanded its enterprise portfolio the state tried out the new Juniper gear in competition with other vendors’ products, and in many cases Juniper came out on top, says David O’Berry, the IT director for South Carolina’s Department of Probation, Parole and Pardon.
Also see: Juniper unveils giant router; Juniper Networks acquisitions fuel its enterprise business; Juniper feels growing pains
Now the department has a mix of Juniper enterprise equipment including firewalls, routers and intrusion -detection and -prevention platforms. Juniper’s WAN optimization gear will play a key role in rolling out a .NET infrastructure that is now being planned, Berry says.
He doesn’t buy Juniper gear blindly but the company always gets consideration. “I will go with the product that suits the enterprise the best,” he says. But having dealt with the company for five years now, he considers Juniper a trusted vendor in a very small group that also includes Cisco, NetApp, EMC and Dell.
The road to Juniper started in 2002 when the state network’s Network Associates Gauntlet firewall software was maxing out its Sun Enterprise 250 servers. Secure Computing had just bought the Gauntlets and was still working out exact plans for it, O’Berry says.
He looked around and found the NetScreen firewall appliances supported both better throughput and a better price, so he switched to them, and now the state has six deployed at key sites. These include NetScreen 204s, 208s and SSG 500 Series devices.
Two years later, when Juniper was ready to beta test its J-Series routers, O’Berry signed up. The department put the J-4300 through its paces for three months along with Cisco’s 2800 Series routers.
Both routed well, but Juniper’s reputation for security gave it the edge at a time when Cisco was under fire about its unpatched routers being susceptible to buffer-overflow attacks and shell-code exploits. “I'm with a pretty security-conscious group for the most part,” says O’Berry, “so those things had me start looking at other vendors for what we could do routing-wise.”
But he was also impressed with Juniper’s roadmap for bringing security features from NetScreens ScreenOS operating system to Junos, Juniper’s highly regarded router software. “There just were a lot of good things coming,” O’Berry says, “as long as the products also satisfied your needs on the front end.”
He said the company was also aggressive on price, although price was not a determining factor. So he took the plunge and bought 56 J-4300 routers for each department site and two Juniper M7i multiserivce routers for the core. “This was the first foray for Juniper into the enterprise, but it wasn't the first foray into routing, of course,” he says.
The promise of a blended Junos and ScreenOS is something that O’Berry is still waiting for and tops his list of things he wants Juniper to deliver. Over time, Juniper says it will add software modules to Junos that incorporate specific security features of ScreenOS so the J-Series routers can support a full-featured firewall and advanced security gateway functions.
He’d also like a better Junos management interface. “The ease of use with which you can work with ScreenOS has always been fantastic,” he says. “The power of Junos is really unmatched. But they really need to finish their management product, make that more user friendly. And I've had the same discussion with them over the last nine months.”
O’Berry and his department chose Juniper’s IDP gear to automatically block attacks detected on the network. In addition, because it was a former NetScreen product, his staff was familiar with the look of its management platform. In addition, prices vs. other vendors’ IDP products were about equal, and he trusted Juniper at that point.
“I know I'm going to be able to depend on Juniper not only to do what they say they are going to do but then to support it after the fact,” O’Berry says. “That is not always the case with every company.”
That reputation has also helped Juniper win O’Berry’s department’s business for Web acceleration gear that will front-end severs for its .NET applications, a new project for the department that is still underway.
O’Berry says he will also keep Juniper’s universal access control (UAC) - its NAC architecture - in mind when it comes time to consider NAC for his network. He is impressed that the company bought up Funk Software for its client-checking ability and that a Juniper employee, Steve Hanna, is a key negotiator of NAC standards.
“Their products will always get a look and they will always get to be in the ballgame,” O’Berry says. “It's just like when you talk about a router Cisco is in the ballgame right off the bat because they have a proven track record. It doesn't matter if God himself has created a router. Juniper with me, has that proven track record.”