Security as a service

The Star MPLS managed security service is delivered using Juniper Networks NetScreen Security technology. Juniper Networks technology is recognised worldwide for its class-leading security capabilities and performance, and is acknowledged frequently in independent tests and product comparisons. By partnering with Juniper Networks, Star ensures that its customers receive the latest level of MPLS-VPN security and maximum protection against network-based attacks.

All Juniper Networks devices are purpose-built to perform essential security functions. For optimised or maximum performance, they are controlled by a security-specific, real-time operating system called ScreenOS. This operating system has been designed from the ground up to perform security functions without the overhead that can create vulnerabilities in other security products that rely on general-purpose operating systems.

The Future: Virtualisation

Star leverages a key capability of Juniper ScreenOS to bring security services to its customers - Virtualization.  By utilizing virtualization, Star can support many customer connections from a single hardware platform located within the Star network. Benefits of this Centralized Service deployment include:

• Savings of installation time and cost and speed of service switch on
• Secure hosting centre ensuring security device is protected from power outages, physical damage and environmental impacts
• 24 x 7 'hands-on' operation from a highly skilled Star security team
• Simplified security policy management to ensure minimum risk of misconfiguration or downtime
• competitively priced and reliable service with leading security capabilities and no compromise to customer data

Additionally, one important virtualization technology, Virtual Routers, directly increases security by separating the network routing instances and network routing updates of the various customer security domains from one other. Thus both network and security level segmentation is assured.

How does it work?

All customer traffic is channelled through the centralized Star Managed Firewall. The key requirement of a virtualized capability is security, with no benefit of virtualization being worth any trade off in security effectiveness.  This has been the design principle of Juniper Networks NetScreen virtualization technologies, and it means that there is no compromise to security or performance with the use of virtualization.

The Juniper NetScreen security systems can be logically partitioned into multiple firewall/VPN instances called Virtual Systems (VSYS), each with its own  totally separated set of security zones, virtual routers, address book, policy rule set and management domain.  It is the VSYS that segments a system into multiple security devices, and makes it practical and safe to manage the multiple security domains that can range from the tens to hundreds.

VSYS enables the single high performance security device to support multiple individual customers; leveraging the device cost and lowering overall total cost of ownership (TCO) with easier maintenance, management and support. All benefits that Star can pass on to its customers.

The management interfaces are also specific to the VSYS being configured and managed-each VSYS appears as a discreet security device.  This means that each distinct VSYS will have its own WebUI interface, and operational management connections and views.  Importantly, the administrator(s) of one VSYS are isolated to the configuration and operation of their own virtual system.  This per VSYS management is crucial where customers require a management interface into "their own" security system as part of the service, and is also a necessity in environments where a single central administrator is responsible for configuring and maintaining a number of virtual systems in a complex multi-customer deployment.

The Juniper ScreenOS virtualization features ensure that each customer can be offered an isolated and customized security service but with the operational benefits of a centralized system, leading to a more competitive and secure service offering.