Six and a half years after the federal government announced its “cloud first initiative,” government agencies have been steadily ramping up their cloud deployment efforts. In fact, according to Deltek, federal cloud computing spending is projected to grow to $6.4 billion in FY 2021 – an impressive Compound Annual Growth Rate (CAGR) of 15% since 2016.
At Juniper Networks, we’re proud to be at the forefront of this revolution by offering virtual solutions that meet and exceed the needs of cloud-driven federal agencies. These solutions offer the same features and power of their physical counterparts, but in a virtualized form that delivers results that scale to match network demand.
We feel strongly that it is important for these products to be made available to as many agencies, in as many places, as possible. As such, we’re excited to announce that Juniper’s vSRX Virtual Firewall is now available through Microsoft’s rapidly-growing Azure Government cloud.
Benefits of vSRX Virtual Firewall
Microsoft Azure Government customers can now experience all of the benefits of Juniper’s physical next-generation SRX appliance in an agile and secure package that is the industry’s fastest virtual firewall. The vSRX provides secure protection across private, public, and hybrid clouds with the scalability to meet ever-changing cloud demands – all while handling speeds up to 100 Gbps.
Like all of our virtual solutions, vSRX offers the chance for government agencies to safely extend investments in the cloud and virtualization. vSRX can dynamically create application-level security policies as new workloads are created, protecting mission-critical applications from known and unknown threats. Customers can enable up-to-date anti-malware and intrusion protection on vSRX to prevent the lateral spread of advanced threats between virtual machines. In addition, customers can leverage advanced malware defense through Juniper Networks® Sky Advanced Threat Prevention, a cloud-based service that uses machine learning to discover unknown malware before it can breach your cloud environment.
Ensuring the protection of sensitive workloads
Earlier this year, Azure Government became the first commercial cloud offering to achieve DoD Impact Level 5 Provisional Authorization by the Defense Information Systems Agency (DISA). As part of this authorization, Microsoft offers six government-only dedicated data center regions, two of which are dedicated exclusively to the Department of Defense.
Customers can deploy vSRX on the Azure Government cloud as an added level of protection for large-scale workloads and can securely protect customer virtual networks that are on Azure Government cloud.
Offering vSRX Virtual Firewall to Microsoft’s government customers is yet another example of Juniper working to ensure that federal agencies have the flexibility to have a consistent security posture regardless of their chosen infrastructure. Whether their teams are maintaining cloud, hybrid, or legacy environments, Juniper has the solutions necessary to ensure their infrastructures and workloads remain secure.
The concept of “running a government like a business” has been around for decades, but the idea has really started to gain traction among government IT teams over the past couple of years. During that timeframe, we’ve seen agencies at the federal, state and local levels begin to adopt Software-Defined Networking (SDN) and Network Functions Virtualization (NFV) -- just like their commercial counterparts before them. The General Services Administration (GSA) has brought a start-up mentality to the U.S. government and has helped other agencies become more agile and innovative while maintaining compliance with Federal regulations.
At Juniper Networks, we’re excited to enable digital transformation -- but that means more than just producing products. It also involves continually striving to make it easier for federal agencies to purchase and deploy the solutions and services they need to modernize their network infrastructures to better handle current and future needs.
That’s why we’re proud to announce that, beginning today, Juniper Networks® vSRX Virtual Firewall and vMX Virtual Router are available on AWS GovCloud, Amazon’s isolated AWS platform designed to host sensitive data and regulated workloads in the cloud. U.S. government agencies can use Amazon’s new government-specific region to procure and use vSRX and vMX to manage their AWS workloads. The vSRX provides unified protection for workloads in both private and public clouds, while vMX creates secure connections to the public cloud and moves data securely between AWS availability zones.
Benefits to Government Agencies
vSRX Virtual Firewall and vMX Virtual Router are available on the commercial AWS Marketplace, but their introduction to the AWS GovCloud region brings some unique government-specific benefits:
- Customers who purchase vSRX or vMX from Juniper Networks, or already have their own licenses for these offerings, can bring those licenses with them to AWS GovCloud. Customers can also opt to purchase the vSRX Virtual Firewall and vMX Virtual Router from AWS and pay hourly or annually, thereby avoiding significant upfront costs.
- Agencies that must comply with FedRAMP, ITAR, HIPAA and other regulations can now use Juniper Networks offerings in a region built specifically with those compliance frameworks in mind.
- Each offering has gone through Amazon’s rigorous testing process, ensuring optimal functionality, performance, and lock-down security, all of which are important for agencies handling sensitive data and large-scale workloads.
Further, availability on AWS GovCloud makes it easy for government customers to provision and use Juniper Networks’ offerings in their Amazon virtual private clouds. Before, agencies would need to go through the commercial AWS Marketplace and have the solutions vetted, whitelisted, and, finally, uploaded. Now, they simply need to log into their AWS GovCloud portal, select their preferred offerings and payment models, and spin up. Additionally, the vSRX and vMX both work with Amazon’s Transit VPC Solution, which allows organizations to connect multiple Virtual Private Clouds (VPCs) to a common VPC serving as a global network transit center.
Extending the Juniper Networks/Amazon Relationship
The introduction of Juniper Networks offerings on AWS GovCloud is a natural extension of our established and successful relationship with Amazon. In addition to having our products available on the AWS Marketplace since late last year, Juniper Networks is proud to be one of Amazon’s AWS “all-in” partners.
What that means is that we enable our customers to be cloud-first, helping our customers to migrate workloads running on-premise to both public cloud and private cloud with deep expertise in building hybrid cloud environments. Knowledge and expertise in AWS is important, especially given the continued growth of AWS in the public sector. As such, we understand how to combine Juniper Networks’ carrier-grade offerings with the enterprise-grade flexibility of AWS to provide true value, power, and innovation to our government customers.
We’re thrilled to be providing all of those attributes now through the new AWS GovCloud. By offering vSRX Virtual Firewall and vMX Virtual Router in this new region, we are giving government customers the same level of security and speed that once could be found only in an on-premise data center. In doing so, we are continuing to fulfill our promise to help agencies move beyond legacy networking technologies into modern, cloud-based, virtual network environments.
Cloud First and Software-Defined Networking (SDN) have become mainstay modernization initiatives within the Federal Government. As the number of efforts increase, IT managers are gaining a better understanding of how cloud implementations and SDN can solve real-world enterprise problems.Read more...
When the first highways were built, they changed the way people traveled. It became easy to get from one end of the country to another. They were exciting and necessary innovations – similar to IT networks in the early years.
Like highways, networks have become ubiquitous. Regardless of big data, applications, mobile devices, and more, networks are expected to “just work.” Federal IT managers are no longer trying to figure out how they work; as long as they’re getting a five nine's level of availability consistently, everything is OK.
But the world has changed, particularly in the government space. Cybersecurity threats have continued to evolve, even as budgets have tightened. It’s imperative that federal management teams step out of IT comfort zones and adopt innovative technologies that make their networks more secure and efficient.Read more...
As part of the continuing commitment by Juniper Networks to the Common Criteria/National Information Assurance Partnership (NIAP) certification program, we are pleased to report that EX, MX, PTX , and QFX devices recently completed Common Criteria Certification against the NIAP Network Device Protection Profile.Read more...
The annual advent of National Cybersecurity Awareness Month reminds us clearly that cybersecurity protection and resilience is a team sport and that only through partnership and collaboration can we improve our national and global capability to address the evolving risk in cyberspace.Read more...
Certifications were with Junos 12.1X46.
The Security Target for these devices is located here.
The Certification Report can be found here.
The SRX100-650 and the SRX5800 and the LN1000 and LN2600 were certified against the NIAP Network Device Protection Profile plus the Firewall Extended Package and the IPsec Gateway VPN Extended Package.
The Security Target for these devices is located here.
The Certification Report can be found here.
Listing on the NIAP PCL is required by Federal policy for many different cases. First, as the NIAP PCL webpage states- “U.S. Customers (designated approving authorities, authorizing officials, integrators, etc.) may treat these mutually-recognized evaluation results as complying with the Committee on National Security Systems Policy (CNSSP) 11 National Policy Governing the Acquisition of Information Assurance (IA) and IA-Enabled Information Technology (IT) Products - dated June 2013 (https://www.cnss.gov/policies.html)”.
CNSSP 11 applies to any US Government system carrying classified data at any level and to systems carrying certain command and control traffic regardless of the classification.
NIAP PCL listing is required by the DISA Security Technical Implementation Guide (STIG)s for many product categories. NIAP PCL listing is required for DoD Cloud providers who are handling Impact Level 5 and 6 information, and in other Federal Government acquisitions that require the NIST 800-53, rev 4- SA-4 (7) control.
Cyber threats today are evolving, becoming more sophisticated and making it critical for organizations to educate, implement and encourage employees to follow cyber best practices. In a recent RAND Corporation report, sponsored by Juniper Networks, it was projected that the cost to businesses in managing cybersecurity risk is set to increase 38 percent over the next 10 years.Read more...