Each System has a different directory and different identity – Single identity is the key to ease of useProvisioned separatelyDifferent administrators and skills requiredHigh Costs
Microsoft has been in the UC space for 11 yearsVoice capabilities added in 2007
The legacy UC environment (from competition) are based on controls and are purpose built for Telephony deploymentsand are showing several scalability and other limitations in handling bandwidth hungry video conferencing and communication-enabled applications from Oracle, SAP, PeopleSoft that requires more than 10 times the bandwidth of their LAN-based versions. This poses a serious implications on the network; hence requiring high-performance, reliability, and availability demands from the network. Plus in the distributed enterprise model, many of the OTT UC applications such SKYPE, Facebook, WebEX can be sources from multiple places in the cloud..creating a new challenge for IT to provide a consistent QoE for all managed, cloud or OTT UC&C applications.Other trend in the industry is employees bringing their own devices into the workplace. Even though this provides them flexibility and improves their productivity …it creates a new set of scalability, security and management challenges for IT departments that includes bandwidth pressures, insider security issues, demand for high-resiliency and wired-like experience on wireless infrastructure…thus creating a unique opportunity for juniper with it’s simplified and UC optimized simply connected architecture for branch and campus deployments.
Now let’s look at the Juniper framework for the UC&C solution…this shows a good representation of how we separate UC infra & application layer from the network infrastructure layer. Here we have UC&C apps on the top with all key hardware vendors. Juniper provides the networking infrastructure pillars that is high performance, resilient and open. Our juniper simply connected branch and campus designs are optimized for latency and jitter that are key requirement for the real-time media traffic. Plus, juniper offers several resilient and scalable pay-as-you-grow features such as VC, virtual WLC cluster in wireless, redundant devices & links capabilities, load balancing ,etc…that are required to keep pace with fast changing UC application developments
That’s what it means to be Simply Connected.1) Simple for users2) Simple for IT 3) Providing superb QoE at high level of economics. 4) How do we do that? 5) We are offering a portfolio of products working together, solving the problems we discussed. We will talk today about integrated security, always on resiliency, high performance, simplified architecture and automation, all means for delivering on the promise.Transition: I’m not here to tell you to take my word for it, so let’s take a look at how it actually works.
Like we mentioned earlier, Juniper’s new UC strategy for Unified Communication and collaboration, is to provide resilient, secure, always available and UC optimized end to end IP-based services for both wired and wireless access. Here is the reference architecture that provides a complete overview of what we have to offer over layed with the UC components. You have a Campus HQ, three branch locations of various types and a data centerThis simplified architecture reduces the number of managed devices while providing VC enabled 10GE aggregation for wiring closets in the campus. The call server and messaging servers sits in the DC and are connected to the VoIP end points in the branch and campus domains via internet VPN and/or MPLS WAN along with WAN redundancy options for WAN survivability for both voice and data traffic. Wireless deployment in the branch and campus domains are built with high resiliency. WLC cluster capability enables medium and small branches use HQ WLC for redundancy in case of local WLC failure.Similarly, EX VC and SRX clustering offers LAN resiliency and easier to manager architecture design.
The UCIF is a nonprofit vendor alliance that was created in April 2010 to enable interoperability of UC scenarios based on existing standards. It is not another standards body and the ultimate goal is to improve interoperability and protect the investments of customers. The alliance is a platform agnostic alliance. The main mission of UCIF is to define test plans, advance testing protocols, and facilitate verification testing for member’s UC solutions and scenarios, interfacing with other standards groups, and liaising with regulatory bodies that are involved in UC. The forum is open to anyone who wants to join and further the goal. Microsoft is one of the founding members along with HP, Juniper Networks, Logitech, and Polycom. Unique to the UCIF, a certification mark will be developed for use by member vendors, as a signal to customers that a scenario or solution meets the UCIF interoperability requirements.
Key differentiated technologies for Juniper WLAN1. Clustering – 32 controllers and 4096 AP’s can be managed as 1 IP address. ADVANTAGE – management simplicity2. Auto-distribution of AP’s – AP’s are assigned to controllers without network manager intervention. ADVANTAGE – management simplicityTransition: Let’s have a quick look at the product family that delivers this architecture.Components of a Wireless LAN-the WL solution is a controller-led architecture, no standalone AP-solution consists of indoor/outdoor AP, controllers and managementAccess Point1) Access PointConnection point for wireless clients to get on networkSingle/Dual RadioHouses transceivers (radio component)Converts 802.11 to Ethernet trafficACL and QoS enforcementPowered by PoE2) WLAN ControllerKeeps network configurationMobility Domain mgmtAggregation point for WLAN traffic from AP’sSwitches traffic between wireless clients and wired networkAP management (Images, client load)Seamless roamingRF Mgmt (Channel and Power Tuning)Security (WIDS/WIPS, ID based networking) 3) WLAN ManagementNetwork & RF planning and configurationWLAN Network MonitoringAlerts/EventsNetwork MapTroubleshootingCustomized Reports
There are three main reasons why Virtual Chassis is a tremendous network simplification tool:This technology allows to aggregate multiple switches (up to 10) into one single logical device.Switches that are virtualized together can now be managed as one single elements, simplifying the number of switches to manage by a factor of up to 10.Once switches are virtualized together using Virtual Chassis, the network is more resilient with no single point of failure in the Virtual Chassis.
Let’s now look at two examples of how packet switching works on a virtual chassis.Consider this 10 member mixed virtual chassis with two EX4500s and eight EX4200s.The links in orange are the high speed 64Gbps Virtual Chassis Interconnects that we call as VCP LinksFirst, Local Switching – is used when the traffic needs to be forwarded across destinations reachable via the same member VC switch port. It doesn’t need to traverse across the RE. And A to B in this case.And Secondly, Inter-module switching – if the traffic needs to flow between two destinations that are connected across two different member Virtual Chassis member switches. The traffic flows across the VCP link between the VC Member switches. With 128 Gbps backplane capacity on each member switch, we are able to achieve forwarding with No HOLB. C to D in this case.
VCCPd configures each VC ringed port with a backup ring port which is facing opposite direction, so there is a known failover path for each switch. Under normal condition, the traffic flow from AP1 to Internet is load balanced via SW3-SW4-SW5 and SW3-SW4-SW5-SW0. In the event of ring port failure(SW4 HW failure) all the packets queued in for failed port is internally looped back and unconditionally forwarded to backup ring port with <Packet is Looped> DSA tag field set. When EX-SW4 loses Power unexpectedly due to HW FailureEX-SW3 detects VC port to EX-SW4 is downEX-SW3 fails over traffic from EX-SW2 back to EX-SW2 but with a special tag saying “that optimal path is broken, engage backup path”EX-SW2 engages its backup path and sends all traffic via EX-SW1.
Client Load Balancing1) AP’s maintain awareness of "rf neighborhood" based on neighboring APs and client location, AP determines a target load the system uses various techniques to "coax" clients to less loaded AP’s. If devices are persistent the system will allow them on. [CLICK] The Juniper WLAN system uses various patented techniques to “coax” clients on to more lightly loaded APs, and therefore distribute the load more evenly. [CLICK] 2) In addition, if an AP detects a client on both 2.4Ghz and 5Ghz bands, the same techniques are used to "coax" a client to less loaded band. This gives these users a better QoE as the 5GHz band has more bandwidth and less overlapping channels causing interference. It also means that the devices left on the 2.4GHz band are also getting a better experience as there are less clients to share the available bandwidth.Transition: In summary then… The purpose of bandwidth control is to allow the setting of bandwidth limits to ensure reliable accessThere are three methods for controlling bandwidth:Maximum bandwidth per SSIDConfigured limit is full duplex in units of KbpsMaximum bandwidth per UserFull-duplex rate limit for aggregate of all packets through a clientWeighted fair queuing per Radio ProfileService-profiles compete for transmit opportunities based on the configured weightsBandwidth limits are defined in a QoS profileA VSA allows QoS profiles to be dynamically assigned
In order for A.J. to get access to the corporate network, he will have to have both sessions authenticated via the wireless network. Let’s take a look at the functional blocks involved. 1) Both his phone and iPad authenticate to the AP using 802.1x. 2) The AP then passes this information about A.J. to the wireless LAN controller. 3) The WLC, acting as the RADIUS Client, sends the request to the UAC/MAG for Radius authentication. 4) The UAC will then pass on this information to a LDAP or Active Directory server for user validation and authentication. Assuming a valid user is found, the authorisation information is passed back to the WLC and based on the user role, VLANs, access list, QoS profiles, etc. will be assigned.5) The WLC notes the new policy and sends appropriate user role based information back to the AP. 6) The AP sets the policies determined for A.J. 7) The end device can now initiate a DHCP request to obtain an IP address.Step one is complete. A.J. is authenticated for access on the company network.Transition: Now that AJ is connected to the wireless network, what happens next?
[CLICK]1) So the device is connected to the network. A DHCP request will be made in order to obtain an IP address.2) The DHCP server assigns an address to the device and then utilising the IF-MAP standard, shares this information with the UAC. This is a unique feature of the Juniper Networks solution which now allows the UAC to have full visibility of the user and match that to the username. 3) The UAC can now provision dynamic user role based policies on the Juniper SRX firewall and EX Switches.4) These policies will define what resources on the network the user will have access to. In this case, access is permitted to the internet and all corporate servers, except the Finance server.5) In addition, the AppSecure implementation on the Juniper SRX provides application based firewall capability to limit access to specific applications on the network, whether they are hosted in the corporate data centre or Over The Top services on the Internet. In this case, access has been blocked to Netflix and Hulu.6) All logging, including AppSecure data, is sent to the Juniper Networks Security Threat Response Manager (STRM) for correlation and reporting capabilities. The STRM can also take SNMP traps and syslog from other devices in the network.Key points – Juniper provides a complete set of wireless, Ethernet and security products to easily manage multiple devices per user. The same access policy is applied irrespective of the number of devices and it is specific to A.J.Transition: This completes the first use case scenario in AJ’s day. Before we move on, I just want to provide you with a bit more information about what AppSecure is as well as STRM.
1) AJ needs access to the corporate network and all he has is his iPad. Of course.2) AJ fires up the Junos Pulse application on his iPad and initiates a connection to the corporate network using the public WiFi at the cafe. The session terminates on the MAG/SSL VPN gateway.3) The MAG will authenticate AJ against the AD server in the same way as he is authenticated when he connects via the corporate WiFi or switched network. Upon successful authentication, a secure tunnel is established between the MAG and AJ’s iPad.4) At the same time, the MAG will push dynamic policy to the EX switches and SRX firewalls that prevent him from accessing resources that he is not allowed to. Sound familiar??5) The policies are enforced by the SRX allowing AJ access to everything except the finance server.6) As always, AppSecure on the SRX device is implementing application based policies to prevent AJ from using prohibited applications [CLICK] and all activity is tracked and logged on the STRM.AJ can now perform the tasks that he needed to do prior to his 1pm meeting.Transition: In summary…
1. Y OUR B USINESS F UTURET ODAY
2.  Business Session 11:00am – 12:30pmA GENDA  Activity Based Working  Unified Communications  Demo  Windows 8 Devices  Cloud Services  Office 365  IaaS  Technical Session 1:00pm – 2:30pm  BYOD  Network infrastructure  Wireless  Secure Remote Access  Policy and Control
3. H OW, W HEN , AND W HERE WE W ORK• Work Life Balance has become Work Life Integration• Work from home• Mobile work force• Collaborative environments and technologies
4. A CTIVITY B ASED W ORKING Microsoft - Sydney
5. A CTIVITY B ASED W ORKING Microsoft - Brisbane
6. A CTIVITY B ASED Macquarie Group - Sydney W ORKING
7. A CTIVITY B ASED W ORKING CBA – Darling Harbour
8. A CTIVITY B ASED W ORKING “Everyone uses a laptop, and the space has no fixed phones at all, with Microsoft’s Enterprise Voice solution providing converged telephony and messaging that is delivered to a person, not a desk.”
9. A CTIVITY B ASED “Activity Based Working is about W ORKING People, Place, and Technology” Technology Enablers  Unified Communications & Collaboration  Client devices  Wireless  Internet & WAN services  Secure remote access  Cloud Services  Location Services
10. L OCATION B ASED S ERVICES
11. A CTIVITY B ASED The Benefits W ORKING  Customer Satisfaction and Responsiveness  Mobility and flexibility  Sustainability and carbon reduction  Competitive advantage  Disaster recovery  Staff retention  Cost Savings in real estate and staff churn
12. Future of CommunicationsCommunications Today Instant Video Web E-mail and AudioMessaging (IM) Voice Mail Conferencing Telephony Conferencing Calendaring Conferencing Telephony Instant Unified Messaging and Voice Mail E-mail and Conferencing: Calendaring Audio, Video, Web Authentication Authentication Authentication Authentication Administration Administration Administration Administration Storage Storage Storage Storage Authentication Authentication Authentication Authentication Administration Administration Administration Storage Administration Storage Storage Storage Compliance On-Premises Hybrid In the Cloud
13. M ICROSOFT U NIFIED C OMMUNICATIONS Messaging Voicemail Telephony IM & Presence CollaborationAchieve higher Consolidate email VoIP solution that Contact based on Switch seamlesslyreliability and and voicemail onto allows users to presence via phone, between audio,performance and one inbox. communicate via PC, video or application. video and webenhance your desk phone or conferencing.communications at mobile.lower cost. On-Premise Solution Cloud Solution
14. T HE M ODERN W ORK P LACE Demo
15. W INDOWS 8 D EVICES
16. O FFICE 365
17. O FFICE 365 E4 Plan with Voice: $36.85
18. I AA S
19. H OW CAN A CTIVITY B ASED W ORKINGCONCEPTS DRIVE POSITIVE CHANGEFOR YOUR BUSINESS ?
20. Free Business Productivity AnalysisS PECIAL O FFER Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.  Normally valued at $3,000 – Free for attendees Don’t Forget: You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.
23. SIMPLY CONNECTED FOR UC&CWITH MICROSOFT LYNCOctober 2012
24. UC&C MARKET TRENDS AND ISSUESLegacy IT environment is based on control Available Applications Available Applications Office Employee HIGH Any time/ location PERFORMANCE HIGH NETWORK PERFORMANCE POS, ERP, PBX Email, CRM, ERP, HR NETWORK USER DRIVEN (purpose built) IT App INTERNET (best effort) 3rd Party BYOD POS, ERP, PBX IT App Paradigm shift – occurring on both ends, devices and applications Social Network’s role needs to step up significantly to meet new challenges24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
25. JUNIPER’S SIMPLY CONNECTED FOR UC&C UC&C Infrastructure and Applications High Performance, Resilient, Open Data Remote Campus WAN Branch Center User25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
26. THE GOAL IS TO BE SIMPLY CONNECTED Simplified switching Wired-like experience on architecture, now a wireless – resiliency and complete, feature-rich portfolio performance Simple for users Simple for IT EX Series WL Series Superb QoE Highly economic Integrated security SRX Series Always on resiliency High performanceSimplified architecture Automation Security follows user, and Device-agnostic secure application intelligence connectivity 26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
27. Agenda Reference Architecture For UC&C Network Resiliency (Wireless & Wired) Wireless Network Congestion & CAC Network Access and Policy Control Secure Remote Access and Integration27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
29. NETWORK REFERENCE ARCHITECTURE FOR UC&C29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
30. KEY REQUIREMENTS OF A UC&C NETWORK Open Reliable Secure Scalable30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
31. UNIFIED COMMUNICATIONS INTEROPERABILITY FORUM Non profit vendor alliance formed in April 2010 Open to all UC hardware, software vendors, service providers and network operators Mission - To enable interoperability of UC scenarios based on existing standards 31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
32. NETWORK RESILIENCY & RELIABILITY32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
33. COMPONENTS OF A JUNIPER WIRELESS LAN (WLAN) Access Point WLAN Controller WLAN Management Wireless LAN CONTROLLER (WLC) WLAN Management Campus Core Firewall MAG Encrypted Access (Location) WLM1200 802.1x Authentication Trusted Client33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
34. SINGLE POINT OF MANAGEMENT FOR ALLCONTROLLERS Primary Seed Secondary Seed Member Member Member34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
35. HOW THE CLUSTER ADDS A NEW CONTROLLER The seed pushes the 2 1 configuration to the The primary controller new member pushes configurations to the secondary seed and members Primary Seed Secondary Seed Member Member Member  3 Member When a member is removed and replaced the same process is used35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
36. HOW THE CLUSTER ADDS A NEW AP 2 The Primary Seed sends AP 1 config to the Primary controller A new AP is introduced and and the AP sets up a connection contacts the Primary Seed. Primary Seed Secondary Seed Member Member Member 3 Member The Primary Seed sends AP config to the Secondary controller and the AP sets up a connection36 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
37. HOW CLIENTS ARE ASSIGNED PRIMARY ANDSECONDARY CONTROLLERS 2 Primary controller authenticates/ 3 authorizes client Primary propagates session details to backup controller for use during failure Primary Seed Client Session State Secondary Seed Member Member Member Client Session State1 A new client associates to the system37 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
38. SELF-REPAIRING CONTROL ARCHITECTURE 1 Should the Primary be taken out of service, the Secondary immediately takes over Primary Seed Secondary Seed  Member Member Member38 Copyright © 2012 Juniper Networks, Inc. www.juniper.net • AP Re-homes to backup Member Controller..
39. NONSTOP OPERATION HITLESS FAILOVER 2 A new Secondary is designated and is given the AP configuration and Primary Seed client session state Secondary Seed Member Member39 • Primary-Seed identifies & updates 3www.juniper.net Copyright © 2012 Juniper Networks, Inc. rd controller (WLC) as new Backup Member for AP/Client Session State.
40. IN-SERVICE SOFTWARE UPGRADE HITLESS 1 UPGRADE Primary Controller initiates upgrade sequence; passes control to Secondary and upgrades 2 Secondary passes control back to Primary and upgrades Primary Seed Secondary Seed Member Member Member 34 Primary Seed coordinates individual AP moves associated stations member upgrades; Member moves APs to to alternate AP then upgrades backup controller and upgrades40 Copyright © 2012 Juniper Networks, Inc. www.juniper.net • Leverage Hitless Failover Functionality to provide ISSU..
41. LOCAL SWITCHING IMPROVED PERFORMANCE Anchored Mobility – Basic Roaming Smart Mobile - Seamless Mobility Mobility Controller A Controller B Controller A Domain Controller B Subnet 1 Subnet 2 Subnet 2 Subnet 1 Client A on Client A on Subnet 1 Subnet 1 Client A on Client B on Client A on Client B on Subnet 1 Subnet 1 Subnet 1 Subnet 141 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
42. VIRTUAL CHASSISSIMPLIFYING THE NETWORK Virtual Chassis Multiple switches acting as a single, logical device One switch to configure, one switch to manage Improved resiliency and performance • No Single Points of Failure.42 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
43. DISTRIBUTED SWITCHING Master Backup A VCP Local Switching Links B C Inter-Module Switching D43 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
44. L2 and L3 STATEFUL FAILOVER EX4500VC FAIL OVER IN SUB-50 Internet/Data EX-SW3 immediately MILLISECONDS! switches to backup path Center WLC2 WLC1 0 5 Line card – EX4200 Line card – EX4200 All traffic is re-routed 1 Master RE – EX4200  4 Backup RE – EX4200 AP1 2 3 Line card – EX4200 Line card – EX4200 Normal traffic flow EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down44 Copyright © 2012 Juniper Networks, Inc. www.juniper.net • Switch Failure & Re-Routing via Backup VCP-Path. New BackUp RE chosen.
45. WIRELESS NETWORK CONGESTION AND CALL ADMISSION CONTROL45 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
46. WIFI MULTIMEDIA ACCESS CATEGORIES Packet prioritization applied to tunneled traffic AP and controllers Wired priority is classify and mark user mapped to 4 X WMM traffic access categories for over-the-air QoS46 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
47. DYNAMIC CALL ADMISSION CONTROL 8 voice devices associated but idle 2 active calls New client session accepted! Roaming user session accepted! Roam accepted call preserved!47 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
48. AUTOMATIC CLIENT LOAD BALANCING Automatic Load Balancing per RF Band Band Steering 5 GHz capable client ‘encouraged’ to connect at 5 GHz 2.4 GHz only client connects at 2.4 GHz48 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
49. NETWORK ACCESS & POLICY CONTROL49 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
50. OVERVIEW – COORDINATED THREAT CONTROL Wireless LAN Controller Active Directory/ LDAP Data Junos RouterPulse Client IPS Firewall SRX Router/Firewall/IPS Finance Wireless AP’s Video Ethernet access Ethernet core switches Universal switches Access Apps Control RADIUS SSLVPN Corporate Data Center MAG Internet50 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
51. ESTABLISHING A WIRELESS CONNECTION 3 1 5 WLC sends information Smartphone start WLC sends user policy to Radius Server 802.1x authentication 2 information to AP to AP VLAN, ACLs, QoS AP sends Authorization request to WLC SRX with WLC IDP/AppSecure  Corporate Data Center Wireless User AP EX Series EX Series Tablet/smartphone 6 7 AP sets User policies 4 Smartphone VLAN, QoS, ACL’s Wireless Data Radius Server sends devices on WLAN MAG with Encrypted username/pass to IP addresses received Radius, SSLVPN Active Directory/LDAP via DHCP and UAC modules for validation. Then sends user policy to WLC51 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
52. NETWORK ACCESS AND POLICY CONTROL SRX AppTrack feature 1 2 combined with MAG data collects per user application information  Active Directory DHCP Server providing detailed /LDAP  Device authenticated communicates User and reports in STRM on wireless network IP information to MAG via IF-MAP WLC Data SRX  Finance Wireless User AP EX Series  VideoTablet/smartphone DHCP and IF-MAP  Apps 5 4 3 MAG Corporate Data Center SRX AppSecure SRX enforces userPolices block non-work policies allowing user MAG pushes role based   related applications basic access to all ACL and FW policies to like Hulu and Netflix servers except finance EX and SRX Internet52 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
53. ENFORCING NETWORK ACCESS POLICIES1 2 3Pulse detects During 802.1x authentication. Compliance check fails. Antivirus  Active Directorydevice is on signatures are out /LDAPcorporate MAG verifies of date and user  PC meets SRX AppTrack featurenetwork and is quarantined to company combined with MAGper user policy remediation VLAN. software and Patch server data collects per user Datadisables any security policy updates signatures. application informationactive VPNsessions Virus requirements User is now in compliance and providing detailed reports in STRM WLCs  SW too granted network Finance old access SRX   EX4200 VC Patch Remediation PC user EX4500 VC and EX4200 VC Video 6 5 4SRX AppSecure SRX enforces user policies allowing MAG pushes role Apps Polices block non- MAG user basic access based FW policies Corporate Data Centerwork related to all servers to EX and SRXapplications except finance  Internet  53 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
54. SECURE REMOTE ACCESS AND INTEGRATION54 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
55. MOBILE DEVICE REMOTE NETWORK ACCESSPOLICY AND ACCESS CONTROL SRX AppTrack feature 1 2 3  combined with MAG data collects per user User needs toUser starts application information Active Directory providing detailed /LDAP access Junos Pulse MAG verifies user company login, establishes reports in STRM and initiates a intranet over secure VPN non-corporate network session with VPN and the device is allowed on the network. Data  MAG appliance using iPad WLCs SRX with IDP/ AppSecure  Finance6 5 4SRX AppSecurepolices block SRX enforces user policies allowing MAG pushes role based ACL and FW  user access to all EX4500 VC and Videonon-work related policies to the SRX EX4200 VCs servers exceptapplications and EX  finance MAG with Radius, Apps SSLVPN and UAC Corporate Data Center modules  Internet Wireless User Tablet/smartphone 55 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
57. ONBOARDING GUEST USERSGUEST SELF PROVISIONING & APPLICATION RESTRICTION Hospital Network WLA532 Google www.youtube.com ! Can’t access!!! WLC2800 Hospital Guest Login This Hospital is keeping with Smartpass GUEST ID bandwidth for (408) 569-9863 what matters most SRX 550 MAG Series (UAC)57 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
58. ONBOARDING GUEST USERSGUEST SELF PROVISIONING 4 SmartPass sends 3 temporary credential User selects SmartPass to end user via Clickatell SMS self-registration and 1 Clickatell SMS Gateway service creates a temporary service user credential Unknown device connects to open captive portal SSID 2 User session is WLC  captured and redirected to SmartPass SmartPass EX Series EX Series Wireless User AP Tablet/smartphone 5 User uses temporary 6 credentials to User is connected to authenticate against the network using SmartPass mobile phone number and temporary password58 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
59. ROLE BASED NETWORK SEGREGATION 1 2  Active Directory Smartpass /LDAP  Device authenticates communicates User and on wireless network IP information to UAC via IF-MAP WLC Data SRX  Finance Wireless User AP EX Series  VideoTablet/smartphone SmartPass  Apps 4 3 UAC Corporate Data Center SRX enforces user policies allowing user UAC pushes role based basic access to all ACL and FW policies to servers except finance EX, WL and SRX59 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
60. ONBOARDING GUEST USERSGUEST SELF PROVISIONINGStep 1: connect device to SSID‘Juniper_Guest_Access’Step 2: open web browser and browse towww.juniper.net (or use bookmark) Acmegizmo captive portal page should come upStep 3: click on the ‘Create New User’ button toself-provision temporary user credentialsStep 4: enter a valid mobile number, name,email and company; click ‘send SMS’ Phone number must be able to receive SMS messages, other data can be bogus (except email must be well- formed) Within a minute or two phone should receive welcome messageStep 5: enter the temporary credentials into thecaptive portal login page to access the guestnetwork60 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
61. Free Business Productivity AnalysisS PECIAL O FFER Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.  Normally valued at $3,000 – Free for attendees Don’t Forget: You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.