Mobility is more than BYOD

THE SIMPLY CONNECTED CAMPUSMOBILITY IS MORE THAN BYOD

Frank Baeyens

KappaData seminarie,

21 Juni 2012

2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net

Top WLAN requirements

BYODUnified Policy

Performance at ScaleHighly Resilient

High DensityHigh Scale

DEVICE PROLIFERATION

0

50000

100000

150000

200000

250000

300000

350000

400000

Unique Daily Wireless Sessions

Large American University ~50,000 Students, Multiple Devices Per Student

6x

FallSummerSpring2011

FallSpring Summer2010


MOBILITY REDEFINES BUSINESS PRACTICESAPPLICATION PROLIFERATIONBusiness Applications Personal Applications

42%Increased Productivity

39%ReducedPaperwork

37%Increased Revenue

Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research

Pulse


Type of Attack

Botnets TrojansVirus Worms DOS

APT

Malware

Secure at the device Secure at the edge Secure L2 – L7 ( application ) Security orchestration “Security at every node”

CUSTOMER CHALLENGES DUE TO MAJOR TRENDS

Application & Access

Complexity

Security Risks

Exploding

New Devices & Platforms Provisioning (On-boarding) Profiling (Identify and track device types) Management Compliance / Security Posture

Device

Proliferation

Access to Applications Control of Applications


MOBILITY IS MUCH MORE THAN BYOD

Today's business environment requires coordinated access

Employee Owned Devices (BYOD)

Corporate Owned DevicesGuest Devices


Open access, Captive Portal• Self provisioning • Simple experience• Device type aware policy• Differentiated access• Simple guest access

provisioning/control

MOBILE USER TYPES AND REQUIREMENTS

BYOD (Employee owned)• Self provisioning• Secure Certificate based authentication• User, App, Device aware policies • Device management• On-device security• Device, data loss/

theft prevention• Secure network, cloud access

Corporate Issued Devices• Self provisioning• Secure Certificate based authentication• User, App, Device aware policy

• Content Monitoring• Secure network, cloud SSO• Device agnostic “Follow-me policies”

• On-device Security• Device Management• Application Management

GuestDevices

Employee OwnedDevices

CorporateOwnedDevices


DELIVERING ORCHESTRATED SECURITYBRINGING CONTROL BACK TO IT

MAG

EXServers AP

SRX

WLC

EXAP

Campus

Branch Qualify the device 1

Provision and authenticate the user 2

Enforce user and application policies across the network3

Control the device and avoid data leakage4

SRX

MX MX

Simple: Role/user-based access with point-and-click

provisioning

Automated: Policy proliferation for wired and

wireless environments

Secure: Application visibility and enforcement

including day zero attacks.


DELIVERING PERFORMANCE AT SCALESIMPLE & COST-EFFECTIVE SCALING

MAG

EX

ServersAP

SRX

WLC

EXAP

Campus

Branch

SRX

MX MX

Wire speed data plane1

Seamless scalability across wired and wireless2

Architecturally consistent QoS3

Wired-like performance everywhere

Designed for bandwidth

hungry rich-media applications

No performance tradeoffs

as campus scales


DELIVERING HIGH RESILIENCYFOR NON-STOP PRODUCTIVITY

MAG

Servers

SRX

WLC

MX

Campus

MX

Uninterrupted service for mission-critical applications1

Seamless upgrade and scalability2

Simplified operations – 80% fewer devices to manage3

SRXEXAP

Branch

EX AP

Improved operational efficiency

Carrier Class Network for Enterprise

No Single Point of Failure


ACCESS SOLUTIONS FOR CAMPUS AND BRANCH

Juniper Advantage

Secure remote access Consistent policy control

Identity, role, location and device based access control

Enforcement edge with UAC/JUEP on EX, IF-MAP on WLC, JUEP on SRX

Firewall with integrated AppSecure and IPS

Unified threat management “Always on” App-awareness

Mobile device security and management

Extensive client support

Security Challenge

SRX Series

MAG Series

UAC, SRX, EX

Juniper Solution

Application visibility

Context-based AAA Warranted access Enterprise data protection

Secure users and devices Support BYOD

Secure connectivity Ubiquitous access Employee remote access

Clientless provisioning Device finger printing - profiling with WLC Device management with RingMaster,

SmartPass

Clientless Provisioning Device profiling

WL Series


WLM – Management and Access Control

RingMaster WLM - Appliance SmartPass

JUNIPER WIRELESS - COMPLETE WLAN SOLUTION

WLC – Controllers

Simple - Secure - Mobile

WLA – Access Points

Plan

Config

MonitorTroubleshoot

Report


JUNIPER WLA SERIES ACCESS POINT FAMILYQ2-2012

802.11abg Indoor 11n Outdoor 11n

Single Radio Low Cost AP

WLA321

Dual Radio Entry-level AP

WLA322

2x2 MIMODual

RadioHigh

Density

WLA522

WLA Series Highlights

High performance Intelligent switching AP and band steering autotune RF management Built-in spectrum analysis Bridging and mesh

3 StreamMIMO

Dual RadioMax.

Performance

WLA532

Fu

nct

ion

alit

y

3x3 MIMODual RadioAll Weather

WLA632

Single Radio

Low Cost AP

WLA371

Dual Radio Entry-level

AP

WLA422


WLA321/WLA322ENTRY LEVEL 802.11n WLAN ACCESS POINTS

Overview• Indoor 802.11n wireless access points

• 2x2 MIMO 2 spatial stream

• Compact, discreet form factor, superior aesthetics

• WLA321 Single Radio, WLA322 Dual Radio

Target Markets• Entry-level price point and performance

• Low to medium client density environments

• Small Enterprises, Small-to-Medium Branch Offices (Private/Public enterprise) etc.

Availability• WLA321: Now

• WLA322: Early June 2012


JUNIPER WL SERIES FLAGSHIP ACCESS POINTWLA532 INDOOR 802.11N AP

3 Industry Bests Highest Performance AP Lowest Power Consumption AP Smallest Form Factor AP

Highest Performance 450Mbps data rate (3x3, 3 spatial stream)

Did you know?

• Juniper WLAN is 15-20% less expensive when comparing complete BOMs

• Juniper WLA 532 outperforms Cisco and Aruba by up to 35% as validated by Novarum


WLA532 VALUE PROPOSITION

Superior performance for high density client environments 3X3:3 radio technology is designed for high performance,

high density WiFi client environments

Higher WLAN capacity at a lower cost WLA532 improved RF subsystem delivers enhanced throughput

over distance requiring less APs per floor whilst offering 50% more capacity

Reduced energy consumption Peak performance within 802.3af power draw limit 802.3az to improve wired side power efficiency

Increased reliability and fewer IT support calls WLA532 supports improved performance for concurrent

spectrum monitoring and client service

Enhanced Security to protect business communications WLA532 supports Trusted Platform Module (TPM) for ensuring

authenticity and integrity of both hardware and software Improved performance for wired-crypto acceleration for secure

high-speed link to remote WLAN site


WLC - CONTROLLER FAMILY

WLC Series Highlights

Cluster Reliability In-Service Upgrades One Software Platform Distributed & Centralized

4 12 16 32 128 192 256 51264

4 AP

WLC2

WLC8

12 AP

16 - 128 11n AP 3-Stream

WLC800

Bra

nch

Cam

pu

sE

nte

rpri

se

16 - 256 11n AP 3-Stream

WLC880

64 - 512 11n AP

WLC2800

# of AP


ACTIVE-ACTIVE CONTROLLERS

Client Session

State

Primary controllerauthenticates/

authorizes client

2

ClientSession

State

Primary propagates session details to backup controller

for use during failure

3

A new client associatesto the system

1

Member MemberMember

Secondary Seed

Primary Seed


SMART MOBILE ARCHITECTURE (CENTRALIZED & DISTRIBUTED)

Centralized

Distributed

Security Management

Reliability Performance Or both combined/mixed

(can be decided per VLAN)

WL SeriesEX Series


RINGMASTER VIEW


PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING

Alerting on interference source Classification and other properties

RSSI

Duty Cycle

Channel(s) impacted

Associated events with that source

Per AP historical information

30 day history

Spectrograph All channels in 2.4GHz and 5GHz band

Multiple AP views

Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history

Auto reconciliation for planned sources Automatic correlation between planned

and monitored source

Reduce false alarms


SMARTPASS – ACCESS CONTROL

SmartPass is a multi-faceted web-based, access control application suite

Guest access module Ease of use / Bulk user creation API for 3rd part application integration SMS / Email creation of guest coupons with

Self-Provisioning

Accounting database Detailed client accounting history Reporting available via RingMaster.

Access control module RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic

Radius) Location awareness for client sessions.

– Allow or deny access based on location

– Change any AAA attribute based on location Access Rules (location based, time based or a combination of both)

Centralized Guest Access

Database


USE CASES

Guest onboarding Employee onboarding Provisioning BYOD and access policies Pulse registration Remote access using Pulse


GUEST USER ON CORP NETWORKGUEST SELF PROVISIONING & APPLICATION RESTRICT

GUEST ID

Hospital Guest Login

(408) 569-9863

Google

www.youtube.com

Can’t access!!!

This HospitalIs keeping

bandwidth for what matters most

!

Hospital Network

SRX 550

UAC/Pulse Mobile Security

WLA532

WLC2800

W/Smartpass


EMPLOYEE OWNED DEVICE ON CORP NETWORKEMPLOYEE SELF PROVISIONING & APPLICATION RESTRICT

Hospital Network

SRX 550

Provisioning Server

WLA532

WLC2800

W/Smartpass

DOCTOR ID

Hospital Login

Dr. Brown 423

UAC/Pulse Mobile Security

Now connecting to a secure hospital network

Electronic Medical Records

EMRCan’t access!!!



!


EMPLOYEES ON CORP LIABLE DEVICEHOST CHECKING & APPLICATION RESTRICT

Hospital Network

SRX 550

UAC/Pulse Mobile Security/SA

WLA532

WLC2800

W/SmartpassDr. Rose 369

ConnectConnectScan is Clean

Electronic Medical Records

EMRCan’t access!!!



!


On DeviceSecurity

Antivirus & AntimalwareBlock SMS & voice spamEndpoint FirewallAntiSpam

Loss & TheftProtection

Remote lock and wipeBackup & restoreGPS locateSIM change notification

SSL VPNFull Layer 3 TunnelSecure Email (ActiveSync proxy)Web VPN (browser-based apps)

Monitor &Control

Mobile Device Management Application inventory and control Content monitoring

Juniper Networks Junos Pulse: Connect, Protect and Control


LOST OR STOLEN MOBILE DEVICEREMOTE LOCK AND WIPE

Hospital Network

WLA532

WLC2800

W/Smartpass

SRX 550

UAC/Pulse Mobile Security/SA

Dr. Rose 369

ConnectConnect

Can’t access!!!

This device was reported as stolen

!

Wiping ipad


Orchestrated security

Granular context based security that adjust policy enforcement to the associated security risks

Application Access

Controlled

Security Risks

Contained

Devices

Comprehensive enterprise offering

Broad coverage for user devices, wired and wireless networks

SimplicityCentralized policy creation and fully automated enforcement, wired and wireless

JUNIPER SIMPLY CONNECTED PORTFOLIO DELIVERS

THANK YOU

Technology

Mobility is more than BYOD