Contrail Service Orchestration Overview
Juniper Networks Contrail software-defined wide area network (SD-WAN), and SRX series next-generation firewall management solutions offer automated branch connectivity while improving network service delivery and agility. Contrail Service Orchestration (CSO) is a multitenant platform that manages physical and virtual network devices, creates and manages Juniper Networks and third-party virtualized network functions (VNFs), and uses those elements to deploy network solutions for both enterprises and service providers and their customers. CSO multitenancy provides security and tenant isolation that prevents the objects and users belonging to one tenant or operating company (OpCo) from seeing or interacting with the objects and users belonging to another tenant or operating company.
CSO can be deployed in one of two ways:
As a downloadable, on-premise platform in which you (or your company) function as the Service Provider administrator (cspadmin user). In an on-premise deployment, the cspadmin user has complete read-write management access and responsibility for the CSO microservices platforms, orchestration and management infrastructure, and all underlay networks needed to allow access to CSO and its solutions. All CSO releases are delivered in signed packages that contain digital signatures guarantee the authenticity of official Juniper Networks software.
As a software as a service (SaaS) platform, hosted in a public cloud, to which tenants and operating companies (OpCos) subscribe. In a SaaS deployment, Juniper Networks manages the necessary micro-services infrastructure, the secure orchestration and management (OAM) infrastructure, and the underlay networks that are required to enable access to CSO and its solutions.
CSO offers the following solutions:
Contrail SD-WAN solution—The Contrail SD-WAN solution offers a flexible and automated way to route traffic through the cloud by using overlay networks.
Next Generation Firewall (NGFW) solution—The NGFW solution provides remote network security through the use of SRX Series NGFW devices as CPE at the branch site.
CSO uses conceptual and logical elements as building blocks to complete deployments in the GUI. Portals in CSO help to separate the administrators from the customers. CSO has an Administration Portal and a Customer Portal available.
Administration Portal—GUI to manage resources, customers, and availability of network services. This portal uses the RESTful APIs of other CSO components.
Customer Portal—GUI to manage sites, CPE devices, and network services for organizations.
These two portals offer role-based access control (RBAC) for administrators and operators.
This guide provides information about installing the CSO Release 6.0.0 as an on-premise solution. Additionally, the guide covers information about upgrading CSO Release 5.1.2 to CSO Release 6.0.0.
Starting with CSO Release 6.0.0, Contrail AnalyticsNodes (CAN) run on CentOS version 7.7.1908. Upgrading CAN VMs from CSO Release 5.1.2 to CSO Release 6.0.0 is not supported because of the database schema changes. As a workaround, after the upgrade procedure is completed, you must maintain CSO Release 5.1.2 CAN VMs for 30 days. For details, see Upgrade Contrail Service Orchestration from Release 5.1.2 to Release 6.0.0.
Figure 1 shows CSO deployed on-premise.
For detailed information about configuring CSO, see the Contrail Service Orchestration (CSO) Deployment Guide.