Juniper Apstra Demo: Group Based Policies for Increased Assurance and Segmentation

Demo Drop Network Automation
A picture on the left of a man in a sweater standing in the light of a computer screen. The text on top of the image says, “Simplify End - End Policy Deployment.” Text on the right has the headline, Group Based Policies. There are three bullet points underneath outlining Apstra Group Policy capabilities.

Automate to great: Apstra offers a new approach to data center security.

Are you feeling the stress of managing an increasingly complex web of resources, policy models, methods, and a mix of infrastructures? Apstra, with its simple interface and complete end-to-end data center automation capabilities, can help. Here’s how. 

Show more

You’ll learn

  • How to create a security policy to segment traffic within an Apstra managed data center fabric 

  • Apstra’s intelligent capabilities for creating complex security policies when there are numerous rules, different networks with different tenants, and lots of commands

  • How Apstra automatically renders policies you specify in the vendor-specific syntax

Who is this for?

Network Professionals Business Leaders

Resources

Transcript

0:06 network administrators are always under

0:08 a lot of stress to manage an

0:09 increasingly complex web of resources

0:12 not to mention different policy models

0:15 methods and a mix of new and legacy

0:17 infrastructure appstra delivers complete

0:20 end-to-end data center automation with

0:22 hardware and device os vendor agnostic

0:25 templates that allows you to apply

0:28 security policies using a simple user

0:30 interface

0:32 you specify the policy and they are

0:34 automatically rendered in the

0:36 vendor-specific syntax and methods in

0:39 this short demo video we will see how to

0:41 create a security policy to segment

0:44 traffic within an abstra managed data

0:46 center fabric

0:47 juniper appstra and the fabric assurance

0:50 feature is also known as group based

0:52 policy

0:56 this feature is what creates a security

0:58 policy to segment traffic within an

1:00 appstra managed data center fabric

1:07 there are some very intelligent

1:08 capabilities when creating complex

1:10 security policies where there are

1:12 numerous rules different virtual

1:14 networks with different tenants lots of

1:16 commands and potentially conflicting

1:19 statements

1:21 these capabilities will take a policy

1:23 that's been created and go through the

1:25 components of how it's put together and

1:27 analyze it

1:28 on the right side you see this table

1:31 where you have policies

1:32 the ability to search if you have a vast

1:35 number of policies

1:36 conflicts where you have rules that are

1:38 contradictory and settings where you can

1:41 fine-tune the behavior of the system and

1:43 how it reacts when it does encounter

1:45 conflicting statements

1:48 an example of this might be a shadow

1:50 rule where one acl statement is a

1:52 superset of another acl statement

1:55 you might want to tell the system i want

1:57 to use the more specific rule rather

2:00 than the more vague rule or vice versa

2:03 so that's performed in the settings

2:06 on this page we have a very simple

2:08 policy that was created to block pings

2:11 between two servers here

2:18 these servers are known as endpoints

2:22 and here is the policy

2:27 we are denying icmp and permitting

2:30 everything else

2:34 there are some primitive elements here

2:36 that we need to take a look at

2:40 under the virtual tab we have another

2:42 set of objects where we can define

2:44 endpoints

2:48 these endpoints as you see on the right

2:51 side consist of internal endpoints which

2:54 are servers or workloads that are

2:56 considered inside the realm of the

2:58 appstra managed fabric

3:00 external endpoints which are the same

3:03 thing but outside of the managed fabric

3:06 enforcement points which are places

3:08 within the fabric where the access

3:09 control lists are placed and endpoint

3:12 groups where we can group together

3:14 individual endpoints either internal or

3:17 external into larger objects which make

3:19 them easier to be used in a policy

3:22 this is providing segmentation amongst

3:24 traffic with acls and some of those

3:26 intelligent features mentioned earlier

3:30 in this table you can see the web server

3:32 three in the first line and the virtual

3:34 network that is located within

3:37 and virtual networks are the overlays

3:44 this is the multi-tenancy capability

3:46 within an evpn vxlon environment

3:50 these endpoints represent the elements

3:52 in this lab platform and that are used

3:54 within the policy

3:56 we create these elements and assemble

3:59 them into a policy which is found under

4:01 the security policies tab

4:06 i hope this provides a little bit of an

4:08 overview of what appsta calls group

4:10 based policy and the feature called

4:12 fabric assurance

Show more

Next in the series

Watch
1:37
Enhance your network visibility with data center monitoring
Juniper Apstra Flow Data Demo: Granular Visibility into App Traffic and In-Depth Analysis Demo Drop
SaveRemove
Watch
2:12
Discover Apstra’s data center analytics for potential threats
Juniper Apstra Demo: Threat Detection with Flow Data Demo Drop
SaveRemove
Watch
2:08
Enhance data center troubleshooting with Juniper Apstra
Juniper Apstra Demo: Flow Data for Performance management and Capacity Planning Demo Drop
SaveRemove
Watch
1:06
Title slide shows a city viewed from above. Text says, “Dare to Compare Juniper SD-WAN: Session Awareness” And “Justin Melloni, Product Marketing Manager” who is the host.
Dare to Compare Juniper SD-WAN: Session Awareness Demo Drop SD-WANAI & ML
SaveRemove
Watch
2:53
Title slide shows a city viewed from above. Text says, “Deploying AI-Driven SD-WAN With Mist AI.” “Day 0 – Design.” And “Justin Melloni, Product Marketing Manager” who is the host.
Deploying AI-Driven SD-WAN With Mist AI Demo Drop SD-WANAI & ML
SaveRemove
Watch
1:23
A slide from the video showing network traffic failing over to another pathway. The text says, “Instant failover with Session Smart Neworking.”
Session Smart Networking Demo: Instant Failover Demo Drop SD-WANNetwork Automation
SaveRemove
Watch
1:01
Screen shot from the video with the words reading “Juniper Apstra Demo: Junos Show Commands.”
Juniper Apstra Demo: Execute CLI Show Command Demo Drop Data CenterNetwork Automation
SaveRemove
Watch
4:32
There is a screenshot of Paul Notzold, Director, Juniper Networks, with a green background behind him and his arms are gesturing as if he is talking and explaining something.
Automated WAN: Device Management—Onboarding With Guided Field Installation Demo Drop Network AutomationWAN
SaveRemove
Watch
3:06
Screen shot from the video with the words “Juniper Demo: Juniper Validated Designs (JDV)” running across the screen
Juniper Validated Designs (JVD) Overview Demo Drop Network Automation
SaveRemove

Experience More

Watch
0:55

Juniper Apstra: Unified Management from Core to Edge Data Centers

AI & MLData Center
SaveRemove
Watch
0:55

Juniper Apstra: Policy Assurance and Traffic Segmentation for a Zero Trust Data Center

AI & MLData Center
SaveRemove
Watch
16:43
Title slide with two people working in a data center on the left. Text on the right says, “Multi-vendor support. Freedom of choice and avoid vendor lock-in. Multiple data centers can be connected seamlessly.”

Customer Case Study: Advania Chooses Juniper Apstra for Simplified Data Center Operations

Industry Voices Data Center
SaveRemove
Watch
32:05
Title slide that says, “Experience-First Data Center Networking Series. Apstra: The Value is the Integration. Jeff Doyle | Director — Solutions Architecture, Majid Ansari | Architect — Cloud Vertical, Calvin Remsburg | Consulting Sales Engineer.”

Apstra: The Value Is the Integration

Network AutomationData Center
SaveRemove