Management
Reply
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SPACE 11.4, security design

It's got some of the most common features ready. Less often-used features are not yet supported. Example: Route-based VPN yes; policy-based VPN to come.

 

Device-level configuration is done at the SPACE framework level, not the SD level. That's a bit cumbersome, for now.

 

I think it's a much better showing than previous efforts. I don't know that I'd be quite ready to use it in production, yet.

 

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

how does it "feel" compared to NSM? is it a relief? is it quick and responsive? how about architectural differences? is it still java? do my collegues need to learn something completely new or can they dive right in and feel home? questions upon questions. I need to install this myself. I assume us beaten NSM customers get a free upgrade when it's ready. right?
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SPACE 11.4, security design

It's not Java, it's web-based.

 

It's reasonably responsive for me, but I only use it in the lab and have no real load on it. It does support clustering, which allows you to add processing power.

 

Particularly with the device-level management (outside of what SD handles), people used to NSM will not be able to dive right in. I'd wait until device-based functionality is pulled into SD before thinking about deploying it in production.

 

Definitely, install it and play with it. If you'd like to see something that's less a work-in-progress, you'd want to wait another quarter or two before evaluating.

 

Free upgrades are between you and your Juniper rep. I'm not even going to speculate :smileyhappy:.

 

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

thanks. how about the backend? I understand the frontend is now web based, but the backend? it is java on NSM (not just the gui, NSM itself is Java too).
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SPACE 11.4, security design

Looks like there's Java, postgres and mysql under the hood.

Distinguished Expert
keithr
Posts: 979
Registered: ‎09-10-2009
0

Re: SPACE 11.4, security design


tbehrens wrote:

...postgres and mysql under the hood.


It's running two completely different SQL databases simultaneously?

-kr


---
If this solves your problem, please mark this post as "Accepted Solution."
Kudos are always appreciated.
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SPACE 11.4, security design

At least the processes for both are running. Whether mysql is just running by default, or it is handling something completely unrelated to SPACE, or there are actually two DB engines in use - I wouldn't know. :smileyhappy:

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

can I install this baby in a virtual machine? just for testing of course....
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Super Contributor
tbehrens
Posts: 348
Registered: ‎04-30-2010
0

Re: SPACE 11.4, security design

Yes, there's a VM version of SPACE. Go to http://www.juniper.net/support/products/space/#sw, and you'll find an "image for virtual appliance" right at the top of the page.


SPACE without any additional license is free, and I have seen Juniper encourage all customers to use it just for the service modules it comes with.

 

For Security Design, you'll want the "Standard" package. Talk to your Juniper AE regarding a time-limited demo license.

 

The question is: Do you want to see the evolution of SD, or do you want to see a more functional product? If the latter, waiting until Q3 to demo SD on SPACE may make sense.

 

Super Contributor
cryptochrome
Posts: 498
Registered: ‎03-29-2008
0

Re: SPACE 11.4, security design

Is there any migration path from NSM to SPACE? I am thinking about nested groups in particular. SRX does support nested object groups since Junos 11.x, but NSM still does not. So if you use nested groups on NSM, it will actually push a non-nested config to the device. So how would we migrate firewall policies over to SPACE? Importing the device would only give us the non-nested version. Any thoughts on this? Is Juniper thinking about things like that? Sascha
Twitter: @cryptochrome
--------------------------------
plus.google.com/11635909860
Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.