Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Overview Of Supported Virtual Appliances

 

A virtual appliance provides the same visibility and function in your virtual network infrastructure that JSA appliances provide in your physical environment.

The following virtual appliances are available:

  • JSA Threat Analytics “All-in-one” or Console 3199

  • JSA Event and Flow Processor Combo

  • JSA Flow Processor Virtual 1799

  • JSA Event Processor Virtual 1699

  • JSA Event Collector Virtual 1599

  • JSA Flow Processor

  • JSA Flow Processor Virtual 1299

  • JSA Risk Manager 700

  • JSA Vulnerability Manager Processor 600

  • JSA Vulnerability Manager Scanner 610

  • JSA App Host 4000

JSA Threat Analytics “All-in-one” or Console 3199

This virtual appliance is a Juniper Secure Analytics system that profiles network behavior and identifies network security threats. The JSA JSA Threat Analytics “All-in-one” or Console 3199 virtual appliance includes an on-board Event Collector, a combined Event Processor and Flow Processor, and internal storage for events.

The JSA Threat Analytics “All-in-one” or Console 3199 virtual appliance supports the following items:

  • Up to 1,000 network objects

  • 1,200,000 flows per interval, depending on your license

  • 30,000 Events Per Second (EPS), depending on your license

  • External flow data sources for NetFlow, sFlow, J-Flow, Packeteer, and Flowlog files

  • Flow Processor and Layer 7 network activity monitoring

To expand the capacity of the JSA Threat Analytics “All-in-one” or Console 3199 beyond the license-based upgrade options, you can add one or more of the JSA Virtual Event Processor Virtual 1699 or Flow processor Virtual 1799 virtual appliances.

JSA Event and Flow Processor Combo

This virtual appliance is deployed with any JSA Console. The virtual appliance is used to increase storage and includes a combined Event Processor and Flow Processor and internal storage for events and flows.

JSA Event and Flow Processor Combo appliance supports the following items:

  • 1,200,000 flows per interval, depending on traffic types

  • 30,000 Events Per Second (EPS), depending on your license

  • 2 TB or larger dedicated flow storage

  • 1,000 network objects

  • JSA Flow Collector and Layer 7 network activity monitoring

You can add JSA Event and Flow Processor Combo appliances to any JSA Console to increase the storage and performance of your deployment.

JSA Flow Processor Virtual 1799

This virtual appliance is a dedicated Flow Processor that you can use to scale your JSA deployment to manage higher flows per interval rates. The JSA Flow Processor Virtual 1799 includes an onboard Flow Processor and internal storage for flows.

JSA Flow Processor Virtual 1799 appliance supports the following items:

  • 3,600,000 flows per interval, depending on traffic types

  • 2 TB or larger dedicated flow storage

  • 1,000 network objects

  • Flow Processor and Layer 7 network activity monitoring

The JSA Flow Processor Virtual 1799 is a distributed Flow Processor virtual appliance and requires a connection to JSA console. Flow Processor appliance and requires a connection to any series appliance.

JSA Event Processor Virtual 1699

This virtual appliance is a dedicated Event Processor that allows to scale your Juniper Secure Analytics (JSA) deployment to manage higher EPS rates. The JSA Event Processor Virtual 1699 includes an onboard Event Collector, Event Processor, and internal storage for events.

JSA Event Processor Virtual 1699 appliance supports the following items:

  • Up to 80,000 events per second

  • 2 TB or larger dedicated event storage

The JSA Event Processor Virtual 1699 is a distributed Event Processor virtual appliance and requires a connection to JSA console. Event Processor appliance and requires a connection to any series appliance.

JSA Event Collector Virtual 1599

This virtual appliance is a dedicated Event Collector that you can use to scale your JSA deployment to manage higher EPS rates. The JSA Event Collector Virtual 1599 includes an onboard Event Collector.

JSA Event Collector Virtual 1599 appliance supports the following items:

  • Up to 80,000 events per second

  • 2 TB or larger dedicated event storage

The JSA Event Collector Virtual 1599 is a distributed Event Collector virtual appliance and requires a connection to JSA console. Event Collector appliance and requires a connection to any series appliance.

JSA Flow Processor

This virtual appliance provides retention and storage for events and flows. The virtual appliance expands the available data storage of Event Processors and Flow Processors, and also improves search performance.

Note

Encrypted data transmission between Data Nodes and Event Processors is not supported. The following firewall ports must be opened for Data Node communication with the Event Processor:

  • Port 32006 between Flow Processor and the Event Processor appliance

  • Port 32006 between Flow Processor and the Event Processor appliance

Size your JSA Flow Processor appliance based on the EPS rate and data retention rules of the deployment.

Data retention policies are applied to a JSA Flow Processor appliance in the same way that they are applied to stand-alone Event Processors and Flow Processors. The data retention policies are evaluated on a node-by-node basis. Criteria, such as free space, is based on the individual JSA Flow Processor appliance and not the cluster as a whole.

JSA Flow Processor can be added to the following appliances:

  • Event Processor (16XX)

  • Flow Processor (17XX)

  • Event/Flow Processor (18XX)

  • All-In-One (31XX)

To enable all features included in the JSA Flow Processor appliance, install it by using the Flow Processor appliance type.

JSA Flow Processor Virtual 1299

This virtual appliance provides the same visibility and function in your virtual network infrastructure that a JSA Flow Processor offers in your physical environment. The JSA Flow Processor virtual appliance analyzes network behavior and provides Layer 7 visibility within your virtual infrastructure. Network visibility is derived from a direct connection to the virtual switch.

The JSA Flow Processor Virtual 1299 virtual appliance supports a maximum of the following items:

  • 10,000 flows per minute

  • Three virtual switches, with one more switch that is designated as the management interface.

JSA Vulnerability Manager Processor

This appliance is used to process vulnerabilities within the applications, systems, and devices on your network or within your DMZ. The vulnerability processor provides a scanning component by default. If required, you can deploy more scanners, either on dedicated JSA Vulnerability Manager managed host scanner appliances or JSA managed hosts. For example, you can deploy a vulnerability scanner on an Event Collector or JSA Flow Processor.

JSA Vulnerability Manager Scanner

This appliance is used to scan for vulnerabilities within the applications, systems, and devices on your network or within your DMZ.

JSA Risk Manager

This appliance is used for monitoring device configurations, simulating changes to your network environment, and prioritizing risks and vulnerabilities in your network.

JSA App Host 4000

This appliance is a managed host that is dedicated to running apps. App Hosts provide extra storage, memory, and CPU resources for your apps without impacting the processing capacity of your JSA Console. Apps such as User Behavior Analytics with Machine Learning Analytics require more resources than are currently available on the Console.

Related Documentation