Juniper Networks Inc. has added tools for network microsegmentation in Contrail -- an important feature for users of the software-defined networking controller, but a capability that's unlikely to reverse Juniper's decline in security revenues.
Juniper introduced the capability this week, along with other security features the company labeled as Juniper Contrail Security. In general, Juniper is focusing its latest stab at strengthening its security portfolio on companies with multiple data center environments in a Contrail cloud.
Microsegmentation tools, which have become a popular way to contain malware in the data center, allow corporate IT staff to build a zero-trust security zone around a set of resources, such as network segments and workloads. In network virtualization within SDN, microsegmentation adds firewall capabilities to east-west traffic.
VMware and Cisco have had microsegmentation capabilities in their SDN products, NSX and Application Centric Infrastructure (ACI), respectively, for several years. NSX has outpaced ACI deployments in the data center, primarily because microsegmentation has become its leading use case for protecting applications that run on top of VMware's ubiquitous server virtualization products.
Contrail cloud use case
Companies use Juniper Contrail and vRouter -- the vendor's virtualized router software -- to create a network overlay that extends across cloud-based environments in multiple data centers. The core users of Contrail and Juniper switches include cloud companies that provide infrastructure, platform or software as a service. Others include large financial institutions.
With the latest release, companies can use the Contrail cloud console to carve up their data center LAN and intradata-center WAN, and then create and distribute policies that establish restrictions on communications between network microsegments. Also, Juniper is providing tools that give companies the option of using third-party firewalls for policy enforcement.
The capability is available for cloud environments using bare-metal servers, Linux containers built and managed through the Kubernetes system, and OpenStack -- the modular architecture for creating and managing large groups of virtual private servers. Kubernetes and OpenStack are open source technologies.
Juniper has contributed Contrail's source code to the open source community through an initiative called OpenContrail. Contrail is a Juniper-supported binary version of OpenContrail, which is available under the Apache 2.0 license.
Juniper has contributed the source code of its latest security features to the OpenContrail community, said Pratik Roychowdhury, the product manager for Contrail. The site GitHub is the online repository for OpenContrail.
"Everything that I'm talking about in Contrail Security is out there [on GitHub]," Roychowdhury said. "Anyone can essentially go and take a look at the source code."
Other Contrail cloud security features
Besides microsegmentation, Juniper has added other features to the Contrail console. They include a visual depiction of interactions between applications in hybrid cloud environments and analytics that detect anomalies and suggest corrective actions.
The latest features are useful to companies using Juniper switches or its SRX firewalls running alongside other vendors' switches, said Lee Doyle, an analyst at Doyle Research and a TechTarget contributor. Either scenario would be helpful to Contrail adoption.
"Contrail is one of many SDN controllers that has struggled to break through [a competitive market]," Doyle said. "It's not contributing a huge amount of revenue."
What is contributing a growing share of Juniper's revenue is switching. In the quarter ended June 30, revenue grew nearly 32% year over year to $276 million. However, the company's overall market share is small at 3.4%, according to stock research firm Trefis.
Security, on the other hand, remains a weak spot in Juniper's portfolio. Revenue has fallen from $670 million in 2012 to $318 million last year, according to Trefis. In the June quarter, revenue fell 12% to $68.7 million.
"Quite frankly, the focus right now on security has been on achieving stability and returning to growth," Juniper CEO Rami Rahim said in an online transcript of the July earnings call with financial analysts. The transcript is available on the financial site Seeking Alpha.
Evaluating SDN technology with starter kits
Training priorities when preparing for an SDN deployment