GP - Fotolia
Juniper Networks Inc. has introduced a firewall for organizations building applications within containers, a software construct that is gaining traction with cloud operators and cutting-edge enterprises.
The cSRX container firewall applies security policies to traffic moving to and from groups of Containers running on a Linux kernel. Each container hosts an application and its dependencies as an enclosed process.
Policies within the firewall restrict communications to containers within a group. As a result, the security tool prevents hackers who have compromised one cluster of containers from traveling to another.
Juniper has aimed its container firewall at two of its largest customer segments: financial institutions and communication service providers. In those two industries, many developers are building new applications based on an open source container program, called Docker, which cSRX supports.
CSRX is the latest addition to Juniper's SRX portfolio. The company also has a firewall appliance, called SRX, and a software-based firewall, called vSRX. Juniper targets the latter at companies running virtualized applications in the data center.
"Juniper is covering all the bases," said Dan Conde, an analyst at the Enterprise Strategy Group Inc., in Milford, Mass.
Managing container firewalls
Companies can manage Juniper's container firewall through the vendor's Junos Space Security Director, which provides the tools for policy control across the SRX product family. For container orchestration, cSRX works with third-party tools, such as Docker Swarm and Google Kubernetes. Orchestration tools control how containers interact within a cluster.
Organizations with large cloud data centers are increasingly using containers, because they can boot up in seconds to handle spikes in computing demand. Also, containers are lightweight, so a host server can run hundreds at a time. Cloud operators can also quickly move containers, if the destination server is running the same operating system as the original system.
Juniper has made its container firewall small to keep the containers to which they're attached nimble. "The new cSRXs are so tiny that you don't pay any overhead," Conde said.
Juniper also introduced this week a faster software-based firewall for virtualized environments. The latest version of vSRX provides up to 100 Gbps in throughput.
A virtualized environment consolidates multiple applications on a single server. Each application runs on an operating system on top of a virtual machine. VMs can contain many types of enterprise workloads, such as databases, business software, and email, media or Web servers.
Benefits, drawbacks of container protection methods
Strategies for using Container orchestration tools
Getting to know Docker container technology