Filter
Top Products
FW/IPSec VPN Buyer’s Guide
Copyright © 2004, Juniper Networks, Inc. 5
3. Deliver a high level of fault tolerance to ensure the solution is always available.
Being able to survive a failure and maintain both connectivity and the security stance of the organization is
the sign of good solution. The solution needs to provide redundancy at all levels to give an organization the
flexibility to choose the level of availability they want for each of their network segments, based on their cost
and connectivity requirements. The device, itself, needs to offer solid-state performance and component
redundancy. It then needs to support a high availability configuration that is able to maintain session and
VPN state information and survive a failure both up and down stream of the device, offering an
active/active, full mesh architecture. It needs to include network redundancy, leveraging the resiliency of
dynamic routing and supporting path redundancy to multiple ISPs or a dial-back up line. At the VPN level, it
needs to support multiple tunnels and minimize failover time to ensure optimal connectivity. Only a solution
that is able to provide all of the redundancy pieces is truly fault tolerant.
4. Offer ease of use and management.
The real costs of a solution are tied not to the initial capital outlay, but to the ongoing management and
operational costs associated with keeping the solution up and running. If a solution requires a lot of time
and resources to maintain, it is going to take away from other activities and increase the management
burden on the organization. The solution needs to be easy to interact with to ensure changes can be quickly
made to keep the security policy in force. An administrator should be able to manage the device, network
and security aspects of the solution, from a single interface, as opposed to having to go to one interface to
make routing changes and another interface to set security policies. It should automate as much as
possible to minimize human intervention, using tools such as templates and auto-configurations to
maximize consistent security deployments throughout the network. It should also, however, provide
granular controls to ensure that specific sites have a configuration that is most appropriate to their
environment. It should enable different people in the organization to efficiently do their jobs, without
introducing any risk to the security at large. For example, a NOC administrator should be able to get access
to device status, but shouldn’t be able to make security policy changes, a CIO should be able to see
reports, but not make routing changes, etc. It should also be easy to troubleshoot to enable organizations to
quickly resolve problems. Organizations don’t want to waste a lot of time on managing, rather they want an
easy to use solution that enables them to spend time on activities core to their business success.
5. Enable quick and simple deployment and installation.
IT, network and security managers are expected to do more with less, so it is important to be able to get
solutions up and running quickly. It needs to seamlessly integrate into the network environment, without
introducing interoperability issues. It should be intuitive, so that it doesn’t require a lot of training or security
expertise to use. Updates need to be easy to accomplish, without having to worry about overriding custom
configurations or introducing new vulnerabilities. For instance, an organization doesn’t want to have to
worry about how a newly applied patch to the operating system will affect the underlying platform or the
applications that it is running. The solution should be designed with everything working together, to
minimize complexity and simplify deployment and installation.