01-05-2012 09:13 AM
SPACE 11.4 is out, and with it the new and revamped Security Design. First impression is favorable: This moves away from the too-abstract model that SD used before.
I had to uninstall and then reinstall SD, as an upgrade from SD 11.1 left me with a version mismatch error. This is not a great loss, as the old SD was so very much unlike the new SD that I do not expect that anything meaningful would have carried over, anyway. A clean slate suits me just as well.
That said, I haven't gone and tried to use it in anger, yet. That will come when I have lab time, likely early February. In the meantime, feel free to use this thread to share your experiences with the newly born SD.
01-05-2012 01:22 PM
Just launched the new SD in the lab. Impressions so far:
- Importing a device is poor
- The XML configlet does not work ( caused a crash loop on my SRX-100)
- Had to manually add the lines that the configlet wanted to use ( The stanza's werent even right anyway.)
- Once i had my SRX in there it seems ok. Creating security policies and Nat are made in a nice screen kinda of like NSM was.
- Making changes other then security rules or nat to the device via space has a LONG way to go. Basicly they just list all the options in a list. If you know the CLI you can hack you way through making changes to the parts you need but its unuasble to someone who is new to the platform.
Il update later as I play with it more
Thanks for starting the thread!
01-09-2012 06:30 AM
**bleep**. And I thought they would have learned something from the NSM disaster. How very disappoiting to read this.
01-13-2012 08:01 AM
In Juniper's defense they do state it wont be ready for production until 12.1 but I dont see them making that big of a change in one version release.
Still.... After the disaster with NSM I really wonder why they release something that is obvisouly not even close to being finished. This doesn't even deserve a "beta" stamp. At best, this is pre-alpha. Not exactly what I would present to a broad audience.
This still seems VERY far away which means we need to live much longer with NSM.
02-07-2012 06:02 AM
So what are your impressions so far guys? Is it worth the time to install and check it out? Is it ready to really do something with it yet?
02-08-2012 09:05 AM
We have installed it and trying to manage SRX device.
What Space managed to do (and what I liked ) is to configure 3 SRX in hub-n-spoke multipoint topology with nat/dynamic ip support. That was nice and I like it. It can help not well qualified customers in deployment of new VPN services.
Still we coulndn't determine if it is possible to manage SRX from the ground: create zones and manage ALG, also couldn't find anything about cluster management.
Have seen that is can manage even QFX with port templates (FC too).
But anyway it is too childish, it would be better if Space has more striaght and serious interface. CIO and VIP's would not understand that the icon with "fireplace and a RJ45 jeck " means NAT config or that the Spy icon is VPN config! Could that cost 1M$?)) Ha-ha --
10-15K$ -- yes.
02-14-2012 09:45 AM
It's got some of the most common features ready. Less often-used features are not yet supported. Example: Route-based VPN yes; policy-based VPN to come.
Device-level configuration is done at the SPACE framework level, not the SD level. That's a bit cumbersome, for now.
I think it's a much better showing than previous efforts. I don't know that I'd be quite ready to use it in production, yet.
02-14-2012 11:26 AM
02-15-2012 11:05 AM
It's not Java, it's web-based.
It's reasonably responsive for me, but I only use it in the lab and have no real load on it. It does support clustering, which allows you to add processing power.
Particularly with the device-level management (outside of what SD handles), people used to NSM will not be able to dive right in. I'd wait until device-based functionality is pulled into SD before thinking about deploying it in production.
Definitely, install it and play with it. If you'd like to see something that's less a work-in-progress, you'd want to wait another quarter or two before evaluating.
Free upgrades are between you and your Juniper rep. I'm not even going to speculate .
02-15-2012 11:13 AM