contrail service orchestration - juniper networks · pdf filedata sheet 1 product overview...
TRANSCRIPT
Data Sheet
1
Product Overview
Contrail Service Orchestration
is a comprehensive software
management and orchestration
software product that provides
multisite and multicloud secure
network services like VPNs, SD-
WAN, and SD-Branch for secure
CPE, universal CPE, virtual CPE,
and virtual cloud endpoints.
Contrail Service Orchestration’s
intuitive user interface allows both
service providers and enterprises
to simultaneously select
centralized and distributed virtual
network functions for simple,
seamless service deployment.
Service management and
troubleshooting are streamlined;
tenants use self-service portals to
select the services that best meet
their business requirements.
Product Description Multicloud has fundamentally altered the traffic patterns and security postures of the
enterprise network, making it increasingly difficult to manage. Whether you manage your
company’s WAN, use WAN services, or provide them to enterprise customers, it’s time
to rethink your approach to network architecture and service management. You need a
solution that’s secure, flexible, and one that can simplify growing network complexity.
As service providers look to help enterprise organizations address their needs for multicloud
connectivity to support cloud-based business tools and resources, increased security,
an increasing number of devices in the workplace, and a growing mobile workforce, they
face a number of network and operational challenges. At the same time, competition is
increasing, as competitive providers are now able to deliver services over-the-top of their
network using virtualization technology. Service providers need to be able to address the
rapidly changing needs of their enterprise business customers. They need to respond
quickly, reducing service design, deployment, and delivery time windows, and place greater
ownership of service customization and management in customers’ hands. Yet their legacy
static networks and rigid service delivery infrastructures hinder their ability to react quickly
and deliver new responsive services on demand.
Juniper® Contrail® Service Orchestration empowers enterprises and service providers
to drastically reduce delivery times for managed services, transforming a multi-month
experience into a near real-time point-and-click operation by automating the entire service
delivery life cycle. As a component of Juniper Contrail SD-WAN, CSO reduces and optimizes
the operational costs by dynamically and efficiently routing traffic based on user and
application policies and analytics, significantly enhancing the user experience and allowing
service providers to grow revenue.
As a component of Juniper Cloud CPE, Contrail Service Orchestration seamlessly integrates
with Contrail Provider Cloud for turnkey cloud orchestration, creating a vertically integrated
Network Functions Virtualization (NFV) management and orchestration stack that delivers
and manages virtual and physical network services. It also integrates with the NFX Series
Network Services Platform, controlling these universal CPE devices. Juniper and third-party
virtual network functions (VNFs) running on the NFX Series or Contrail Provider Cloud are
easily integrated into consumable, higher-level managed services.
Contrail Service Orchestration
2
Data SheetContrail Service Orchestration
Architecture and Key ComponentsContrail Service Orchestration consists of the following key
components:
Network Service Designer: The Network Service Designer provides
product managers and network architects with an intuitive
point-and-click solution for performing the service definition
process of Juniper and third-party VNFs that is part of service
life cycle management. An easy step-by-step service design
implementation wizard walks you through the complete service
definition process, specifying the VNF onboarding process, VNF
version control, VNF description, and more. The Network Service
Designer also assists with service configuration parameters,
service chaining templates, and customer-specific service catalogs
that get exposed through the customer portal. The entire service
definition is saved in a database via standard YANG data models,
providing easy integration with third-party operations support
systems (OSS) and business support systems (BSS).
Figure 1: Contrail Service Orchestration Network Service Designer
Administration Portal: The Administration Portal gives network
administrators simultaneous visibility into customers’ on-
premises and hybrid cloud-based services, enabling them to
easily monitor and troubleshoot service health and status.
Detailed service information is readily accessible for monitoring
virtual or physical customer premises equipment (CPE), service
level agreements (SLAs), CPE resource diagnostic reports,
service catalog resources, and other administrative functions.
The Administration Portal supports role-based access control
(RBAC), as well as both local authentication and SAML-based
authentication for single sign-on (SSO). Administrators can also
create more users with specific roles and access privileges.
Figure 2: Contrail Service Orchestration Administration Portal
Multitenant Customer Portal: The Customer Portal is provided
through a unified portal with access to functions governed by
an RBAC to provide a per tenant admin and tenant operator
role (read-only access). Tenants, such as service provider
customers, have the freedom to self-select the services that best
fit their business needs. They also have the ability to select the
appropriate service deployment model on-premises or in the
cloud, with the flexibility to determine when to deploy, change, or
delete a service in near real time. Service providers can choose to
develop their own customer portal GUI using REST APIs.
Figure 3: Contrail Service Orchestration Customer Portal
Security Management: Contrail Service Orchestration includes
the ability through the same management platform to
orchestrate managed security services as part of the suite of
network services. You can manage Network Address Translation
(NAT) policy or intent-based firewall policy to ensure security
across Layer 4 transport rules through Layer 7 application
rules. Automation of the policies allows for consistent and
easy deployment across the network. With integrated security
dashboards and alerts, you always have visibility that sites are
secure. With security management built in, pervasive and always-
on security is part of every deployment.
Figure 4: Integrated Secure SD-WAN
3
Data SheetContrail Service Orchestration
Contrail Service Orchestration Features and Benefits
Features Benefits
Service creation workflow portal Service managers and administrators can intuitively define a customized service catalog through a simple wizard.
Resource management schemas Eliminates error-prone provisioning processes by recommending the most efficient service creation model based on defined VNFs that best meet tenant needs. The intelligent service design portal establishes a workflow that reduces the time required to define and deliver new services to market, increasing productivity and lowering operational expenses.
Automated service delivery The entire service life cycle is automated and orchestrated. When a tenant selects a service they want, regardless of the deployment model required—centralized, distributed, or hybrid—the service is automatically delivered to the customer.
Dynamic application traffic routing Improve application performance and avoid negative impacts caused by packet loss, jitter, delay, and poor throughput.
Junos Space® Security Director: comprehensive, fully integrated security management
Full-stack security is included for simple, automated, and consistent security visibility, policy management, and enforcement.
Open-standard BGP protocols for routing Easily works with existing WAN and service provider routing environments and additional SD-WAN controllers.
Open YANG data models and open APIs Integrates with other systems like BSS/OSS and IT service management (ITSM), or extends the platform with custom automation to accelerate workflow.
Multitenant service onboarding with tenant-customized profiles
Every tenant has a personalized experience, allowing for the creation of services that best fit their business needs.
Unified management of composable and distributed VNFs
Functions—based on universal CPEs or NFV cloud infrastructures—can be seamlessly interconnected to speed and ease secure network service creation.
Built-in physical network element management for Juniper systems
Automatically connects the access layer of the provider edge gateway in a central office to the virtual service instance.
Zero-Touch Provisioning (ZTP) and configuration for universal CPE devices
The NFX Series platform is automatically provided configuration, element management, and VNF life cycle management.
Any deployment model over any network implementation
Supports any WAN architecture, including full or partial mesh, over any transport network. Auto-provisions the underlay WAN network transport with various VPN technologies such as IPsec, GRE tunneling, L2/L3 VPN, and more.
Integrates with Contrail Provider Cloud Cloud-delivered NFV is easily integrated with Contrail Service Orchestration or higher-level existing OSS/BSS environments.
CSO SD-WAN Features and Benefits
Features Benefits
NFX Series Network Services Platform integration
Fully integrated with the NFX Series Network Services Platform, CSO delivers a fully automated deployment experience for Contrail SD-WAN customers. Simply take the NFX Series device out of the box, connect it to the network, and apply power.
SRX Series Services Gateways integration
Fully integrated with the SRX Series Services Gateways, CSO delivers a fully automated deployment experience for Contrail SD-WAN customers. Simply take the SRX Series device out of the box, connect it to the network, and apply power.
Multihoming with traffic failover support
NFX Series and SRX Series platforms are able to connect with two different hub devices in a hub and spoke topology. Traffic automatically switches from the primary hub to the secondary hub if the primary hub, its connection, or all of its overlay tunnels are down. When the primary and/or its tunnels become available, traffic is automatically reverted back.
MX Series and SRX Series hub gateway support
Contrail SD-WAN supports the use of both the Juniper Networks MX Series 3D Universal Edge Routers and SRX Series Services Gateways to be used as cloud-based hub devices. This provides service providers and enterprise organizations with the ability to leverage the same Juniper infrastructure already in their network.
On-premises hub gateway support
Supports the use of the SRX Series Services Gateways as premises-based hub devices, providing enterprise organizations the ability to leverage the same Juniper infrastructure already in their network.
Advanced policy-based routing (APBR)
Lets you classify traffic flows based on application attributes and apply filters based on these attributes to redirect the traffic.
Local breakout Lets you break out Internet (all non-VPN) traffic at the local site. The enterprise IT manager is able to define which links at the site can be used for local breakout, and also enable automatic interface-based source NAT policy for the local breakout links.
Full mesh support While full mesh networks are expensive to set up and maintain, because every site on the network is connected to every other site, they provide a high degree of reliability through the multiple data paths created.
Security features: Unified threat management (UTM) support
Provides integrated security: antivirus, antispam, Web filtering, and content filtering. Because it is fully integrated and based on the SRX Series high-performance next-generation firewall (NGFW) solution, customers have peace of mind that the solution is fully integrated, works out of the box, and provides industry-leading security performance.
Security features: NAT and SSL
Integrated NAT and SSL support ensures that traffic is protected whether flowing across MPLS tunnels, VPNs, or the Internet.
Threat map support Provides you with the ability to visualize your network geographically. Users are able to monitor incoming and outgoing traffic, blocked and allowed threat events from IPS, antivirus and antispam engine feeds, and unsuccessful login attempts. This is all provided via a simple to use GUI.
Remote device reboot In the event that an on-premises device might need to be rebooted, CSO can reboot the device from a remote location. This minimizes the need for local IT staff or service provider truck rolls.
4
Data SheetContrail Service Orchestration
SpecificationsSystem recommendations and operating environment depend on
the intended use. There are four recommended Contrail Service
Orchestration deployment configurations that support varying
scale and redundancy:
1. Demonstration mode without high availability
2. Trial mode with high availability
3. Production mode without high availability
4. Production mode with high availability
Recommended Operating Environment
• Network: 1GbE or 10GbE interface card (one or more)
• OS: Linux OS (Ubuntu 14.04.5 LTS)
• Storage: Greater than 1 TB Serial Advanced Technology
Attachment (SATA), Serial Attached SCSI (SAS), or solid-
state drive (SSD)
• Servers: Quanta (QuantaPlex T41S-U), Supermicro (SYS-
2028TPHC1TR-OTO-4), or Dell (R420) (Intel E5-2670v3 or
better) using 2.4GHz 64-bit dual x86 processor
Table 1 below reflects the server requirements per configuration.
Detailed configurations of virtual machines and memory
allocations to the Contrail Service Orchestration functions can be
found in the Contrail Service Orchestration deployment guide.
Table 1: Server Requirements per Configuration
Configuration Number of Servers
vCPUs per Server
Memory per Server (GB RAM)
Demo non-HA configuration 1 48 256
Production non-HA configuration
3 48 256
Production HA configuration 9 48 256
Trial HA configuration 3 48 256
Juniper Networks Services and SupportJuniper Networks is the leader in performance-enabling services
that are designed to accelerate, extend, and optimize your
high-performance network. Our services allow you to maximize
operational efficiency while reducing costs and minimizing
risk, achieving a faster time to value for your network. Juniper
Networks ensures operational excellence by optimizing the
network to maintain required levels of performance, reliability,
and availability. For more details, please visit www.juniper.net/us/
en/products-services.
Ordering InformationThis product adheres to the Juniper Software Advantage pricing
model.
The Contrail SD-WAN solution provides annual and multi-
year subscriptions that include Contrail Service Orchestration.
They are available in simple bundles of software and hardware
platforms, but you may also choose to purchase Contrail Service
Orchestration and other systems individually.
As this is a virtual appliance/software product, you would
not buy any hardware license from Juniper, but instead,
procure the hardware and additional required support for this
hardware from an additional third-party vendor. For additional
information on supported hypervisor(s) and VM requirements
and recommended hardware configuration, please refer to the
technical documentation for this product on our website under
the Support section.
Juniper Networks products are sold directly as well as through
Juniper partners and resellers.
For more information on the Juniper Software Advantage
business model, please visit www.juniper.net/us/en/products-
services/sdn/contrail/. For information on how to buy, please visit
www.juniper.net/us/en/how-to-buy.
CSO Cloud CPE Features and Benefits
Features Benefits
Distributed model with NFX Series platforms Fully integrated with the NFX Series Network Services Platform, which allows service providers to design, develop, and deliver a portfolio of managed services from one orchestration solution. CSO and the NFX Series can support a number of Juniper and third-party VNF solutions, and Juniper Professional Services can support customers in integrating additional VNFs as needed.
Distributed model with SRX Series platforms Fully integrated with the SRX Series Services Gateways, which allows service providers to easily deploy a high-performance NGFW-based managed security solution that is fully automated and orchestrated from a centralized management platform.
Centralized model with Contrail Provider Cloud and Contrail Networking
CSO can be deployed with Contrail Provider Cloud and Contrail Networking to deliver a cloud-based virtual managed service delivery solution. In this model, service providers can host and manage their services-focused VNFs in their data centers, leveraging service chaining to map customers to the services they order. This solution can be used with the SRX Series or NFX Series on-premises CPE devices or other third-party network interface devices (NIDs).
Hybrid model CSO supports a hybrid model, which allows service providers to distribute some services to the customer premises, while hosting other services in their data centers. This provides service providers with greater flexibility to best support their operational and business model requirements. In some cases, users may choose to start small, deploying a service from the cloud and then, as the demand for the service increases, eventually distribute it out to the end customer premises.
Corporate and Sales Headquarters
Juniper Networks, Inc.
1133 Innovation Way
Sunnyvale, CA 94089 USA
Phone: 888.JUNIPER (888.586.4737)
or +1.408.745.2000
Fax: +1.408.745.2100
www.juniper.net
Copyright 2018 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Juniper,
and Junos are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All
other trademarks, service marks, registered marks, or registered service marks are the property of their
respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper
Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice.
APAC and EMEA Headquarters
Juniper Networks International B.V.
Boeing Avenue 240
1119 PZ Schiphol-Rijk
Amsterdam, The Netherlands
Phone: +31.0.207.125.700
Fax: +31.0.207.125.701
Data SheetContrail Service Orchestration
1000559-008-EN Feb 2018
EXPLORE JUNIPERGet the App.
About Juniper NetworksJuniper Networks challenges the status quo with products,
solutions and services that transform the economics of
networking. Our team co-innovates with customers and partners
to deliver automated, scalable and secure networks with agility,
performance and value. Additional information can be found at
Juniper Networks or connect with Juniper on Twitter and Facebook.