Self-Service Security — Powered by SRX and Junos Space

Every month, our customer support teams handle around 400 requests from customers to make changes to or ask questions about their firewall configuration. The process is time consuming and usually involves multiple interactions between our customers and us to confirm that the changes had the desired impact. In short, not the greatest customer experience. Especially since our customers are willing and capable of managing this themselves if given the right toolset.

It is this customer problem that we set out to solve when we began building our SRX product last year. From the start, we had a few basic technical requirements to support the experience that our customers wanted:

  1. Customers need to be able to push changes in real time – they cannot be queued up behind changes submitted by other customers.
  2. Changes made locally to the firewall need to be reflected in the portal as they’re committed so that the portal and the local device are never out of sync.
  3. Communication between our portal and the customer’s installation must be via some standard programmatic interface and transport.
  4. Solutions cannot impact our ability to access the device locally for day-to-day management and troubleshooting.

After discussing our requirements with our Juniper team, the recommendation was to use the Junos Space platform as an integration layer rather than querying the firewalls directly. This model was preferable to us because it gave us a single interface to talk to rather than the whole of our managed firewall install base.

During our evaluation, we were able to successfully hit all of our UX criteria. One of the most critical was the ability to keep Junos Space and the device in sync with changes being actively made from both ends (locally via the CLI and remotely via Junos Space). Having seen dozens of management platforms completely fail at this relatively simple task, I was happy to see someone finally get this right. The API also allows us to pull sync state so that we can prevent customers from committing changes via our portal if the configuration is being edited locally.

The result was a fairly simple integration process that allowed us to create a great experience for our customers, allowing them to manage both security policy and Dynamic VPN users through a single, simple interface in our portal:

 

Working in product development at HOSTING is a lot like being a traffic cop. We have to make a lot of complex technologies play nicely with one another and make sure everyone stays in their lane. The goal is creating a seamless customer experience that’s worthy of the mission-critical workload that our customers trust us with. In this case, the combination of Junos Space and SRX gave us the ability to do exactly that.

Categories

Leave a Reply

Your email address will not be published. Required fields are marked *