Your campus network is key to successfully achieving a secure and automated multicloud. It’s the on-ramp to multicloud resources. Uptime and reliability impacts your users’ experience and productivity.
A Journey
Getting to a secure and automated multicloud campus is rarely a greenfield event and therefore is a journey that must be taken in steps. You can take advantage of natural expansion and refresh events to make progress on the journey. These can be things like deploying the latest wireless technology or perhaps deploying a new application.
At Juniper Networks, we have formalized this journey into what we call the 5-step framework. We’ve applied this 5-step framework to each of the places in the network, including the campus. Each step of the journey requires coordination across several elements, such as the architecture, people and process. Let’s examine how a campus can evolve using the 5-steps.
Step One – The Legacy Campus
We’ve observed that the majority of organizations are at this first step: the legacy campus. Characteristics include:
- 3-tier campus architectures
- Security via perimeter firewalls
It may be that campus IT teams seek to deploy the latest and greatest in terms of switches for things like PoE++, high-bandwidth uplinks or even multi-gig, but the architecture is still from 10 or 15 years ago and any switch will do. But operationally, this means that managing the network is intensive, requiring managing of devices rather than a system, giving the same level of reliability from the start—this is just consuming more electricity and running higher speed links.
Step Two – The Simplified Campus
In step two, we simplify the campus, first by adopting fabric technologies and by looking at automation ideas within people and processes components. Here we begin to leverage some of the learnings from the data center.
From a technology and architecture perspective, we consolidate the management of the entire campus with a campus fabric. For example, Juniper’s Junos Fusion Enterprise can reduce the management of an entire campus network, one with more than 6,000 access ports, to a single logical device. Think of this as a packaged automation solution, simplifying operations and greatly freeing up “keeping the lights on” resources.
Alternatively, as we have learned in the data center, we can use EVPN/VXLAN, which are open standards-based technologies that can be deployed to create a campus fabric. Since this fabric technology is also deployed in data centers, it provides the added advantage of unifying both campus and data center operations under one central technology, eliminating the need to manage multiple architectures, which can be more operationally expensive. Also in step two, we start shifting away from inefficient polling based telemetry using SNMP to advanced, on-demand streaming telemetry.
In a step two simplified campus, IoT technology can begin to be deployed using an open IoT framework with consistent security and policy. Further improvements to the campus security posture can be implemented by adopting advanced threat protection, leveraging advanced threat intelligence from the cloud to protect against advanced and persistent threats. Consider Juniper’s Sky ATP, a cloud-based advanced threat protection solution that integrates with the SRX next-gen firewall.
Step Three – The Automated Campus
In step three, IT teams take on more automation, leveraging a mix of automation features such as Zero Touch Provisioning or tools like Ansible, Python and Salt or Cloud-based management packages, such as Sky Enterprise, to simplify management and the visualization of the network. Keep in mind, however, that the emphasis is not about the tooling. It’s about demonstrating simplified solutions.
In step three, workflows in the campus begin to formalize, as these started to be identified and perhaps cataloged in step two.
Also, adding on more granular security with user and group segmentation allows management access of users or devices in the campus consistently, regardless of where they are in the campus, keeping resources protected, and by isolating “lanes of activity,” such as engineering department versus finance department activities.
Step Four – The Agile, Secure Campus
An agile, secure campus in step four is event driven, automatically reacting to triggers to drive workflows. Continuous improvement and continuous delivery pipelines ensure fully tested and reliable features are introduced in the campus environment to deliver the best user experience. It allows quick adoption of new applications and reaction to business requirements, as needed.
For security, we apply advanced threat protection with real-time cloud-based intelligence and enforcement. The Juniper Software-Defined Secure Network (SDSN) solution even automates remediation where an infected device is automatically quarantined and the resulting newly acquired threat intelligence is propagated to protect all network elements, including enforcement at the switch level.
Step Five – The Secure and Automated Multicloud Campus
At this point the campus is more connected with the software stack. There is a fully implemented intent-based network with a unified cloud security policy.
Also, by step five, traditional network engineers have made the pivot to a Network Reliability Engineer and the campus networking is more aligned with the business. In fact, the campus is, for the most part, invisible! It’s much more reliable and just works.