Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Connected Security Distributed Services (CSDS) Architecture

  • CSDS Architecture (MX240, MX304, MX480, MX960, MX10004, MX10008, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—The Connected Security Distributed Services (CSDS) Architecture delivers a scalable, distributed security architecture design that fully decouples the forwarding and security services layers. In this design, MX Series routers serve as intelligent forwarding engines for load balancing while SRX Series Firewalls help expand your data centers securely. The solution supports carrier-grade NAT (CGNAT), IPsec VPN, and stateful firewall security services.

    The architecture ensures redundancy in forwarding and services layers. It uses ECMP-based consistent hashing for the routers, and Multinode High Availability for the physical and virtual firewalls.

    You can manage nodes with Junos Node Unifier (JNU) and orchestrate vSRX Virtual Firewalls with Junos Device Manager (JDM).

    [See Connected Security Distributed Services Architecture Deployment Guide, and Release Notes: Connected Security Distributed Services Architecture.]

  • Junos Device Manager support in CSDS for vSRX orchestration (vSRX 3.0)—Use Junos Device Manager (JDM) to orchestrate vSRX Virtual Firewalls in the Connected Security Distributed Services (CSDS) services plane. JDM is a Linux container that offers a Junos OS-like CLI environment for the virtual machine (VM) life-cycle management. You can use JDM to deploy and manage vSRX Virtual Firewalls on Intel or AMD baremetal servers with Ubuntu OS.

    You must use the MX Series Junos Node Unifier (JNU) controller to centrally manage JDM and vSRX Virtual Firewalls that serve as the JNU satellites.

    [See Junos Device Manager for CSDS, csds, request csds add-vsrx, request csds authenticate-host, request csds delete-vsrx, request csds extract-vsrx-keys, request csds jdm, and request csds sync-controller.]

  • Junos Node Unifier support in CSDS for unified CLI management (MX240, MX304, MX480, MX960, MX10004, MX10008, SRX4600, SRX5400, SRX5600, SRX5800, and vSRX 3.0)—We support centralized management of devices in the Connected Security Distributed Services (CSDS) Architecture with the Junos Node Unifier (JNU) single-touchpoint solution. The JNU topology uses MX Series routers as JNU controllers, and SRX Series Firewalls and Junos Device Manager (JDM) as JNU satellites. From the controller, you can perform the following operations on the satellites:

    • Configure and manage the nodes using Junos OS configuration commands.

    • Run Junos OS operational mode commands.

    [See Junos Node Unifier for CSDS, request jnu satellite sync, show chassis jnu satellite, and jnu-management.]