Your SlideShare is downloading. ×
0
×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Mobility is more than BYOD

867

Published on

It’s clear that wireless networks bring a lot of benefits to the enterprise. Today, BYOD creates a lot of new opportunities, but also opens your network to new risks and vulnerabilities. With Juniper …

It’s clear that wireless networks bring a lot of benefits to the enterprise. Today, BYOD creates a lot of new opportunities, but also opens your network to new risks and vulnerabilities. With Juniper Networks extensive product portfolio, Kappa Data can offer robust and reliable wireless LAN solutions that ideally can be combined with Juniper’s SSL solutions using the new JUNOS Pulse client for mobile users.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
867
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
47
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Presenter transcript: Hello everyone. Welcome to the “Simply Connected – Wireless” product training presentation.
  • Presenter transcript: To double click on some of the trends, here is an example from one of Juniper’s large university deployments. Their student population has not increased dramatically from Spring 2010 to Fall 2011, yet the devices that are coming onto the wireless network have exponentially grown from averaging to around 50,000 devices for the entire university to almost about 250,000 devices averaged across the Fall semester of 2011. Very specifically, the spring of 2010 we saw the introduction of the iPad from Apple and it has permanently changed the device trend in campus settings, such as a university. So, to recap some of the discussion from the previous slide: bring-your-own-device, an expectation of consistent policy across wired/wireless VPN, an expectation of high performance, high density, high resiliency and high scale are the basic requirements of a strong WLAN offering. Juniper today has the strongest offering in the industry with respect to the bring-your-own-device unified policy, performance, scale, resiliency, and density expectations. ___________________________Reference:Global mobile data traffic to grow 26x in next 5 years to over 6M terabytes per month, Example:if you take a look at this graph we’ve got right here, I call that the “I” phenomenon. It’s a very large Midwestern university, about 9,000 access points, 300 acres, 50,000 students and you can see in the spring of 2010, about 40,000 wireless sessions per day, a little bit of a lull over the summer break and then come back in the fall of 2010 and more than three times the number of daily wireless sessions. Now look at the Fall of 2011 300000 wireless sessions .Now, the university didn’t go out and get another 100,000 students. This is students coming back with mobile devices, iPads, that kind of thing.
  • As we discussed, boundaries are blurring between business and personal/private applications. As Enterprises adopt mobility, we see a trend of increasing number of business applications– enhancing business process by leveraging mobility to put the right information in the hands of the user at the right time, making critical decision making faster and more accurate. Some examples would be CRM access for your sales teams, or Electronic Medical Files heavily deployed and relied upon in hospitals. Talking with customers we have learned that they have redefined their business practices, utilizing mobility, to create competitive advantage and higher end-user productivity.A good example I like to use is Evernote – an app a lot of people I know have downloaded on their personal mobile devices. It’s not delivered or driven by corporate IT. But employees are bringing it in to the network, and storing senstive data on it.Why enterprises use APP ?42% Increased Productivity39% Reduced Paperwork37% Increased Revenue
  • As we discussed earlier, each successful exploit has three parts – the attacker, threat type, and target – we continue to see change in each. Attacker - in 2005, we saw a shift starting from attackers wanting notoriety to wanting profitability. Today, cybercrime is fully organized and we see crime syndicates out to profit from attacks. These attackers are now well funded, use sophisticated and purpose built tools and target organizations purely for profit. While this is nothing new, what we are seeing today is a move to not only attack “.gov/.com” but to attack “.me/.you”. Attackers are becoming increasingly sophisticated and are profiling not only companies but also individuals. They understand that we all have online identities but also “physical profiles” or “connection points” where we connect to the internet from a variety of places……work, internet café, airport lounge, home. They have realized that often times our security defenses are down or weak at some of these connection points and penetrating individuals’ devices can work quite well outside of the work place. If you can infect a business user at an internet café and then have them walk that device into the enterprise then you can infiltrate the enterprise infrastructure and bypass many of the defenses that are in place today. Attackers understand this and have adopted their behavior. Threat – The threat landscape is also undergoing a change both in terms of the types of attacks and the sophistication and maturation of existing attacks. As expected, we continue to see new types of attacks to bypass the latest technologies that enterprises deploy. Historically, the first large virus outbreak was on the Apple II in 1981. Since then there have been many well documented outbreaks that include the “iLOVEYOU” worm in 2000, SQL Slammer and Blaster worm in 2003 and countless worms, Trojans and other forms of malware. Today, DOS has given way to DDOS and newer threats such as rootkits and botnets have taken hold. The most recent threat is APT which is not only a new type of threat but also a new way to profile and attack networks, systems and organizations. While we see new types of attacks we also see the morphing of existing attack types. As an example a few years ago, the majority of malware was in cleartext which could often be detected by AV or IDP solutions. Today over 80% of malware uses encryption, compression or file packing to bypass traditional AV or IDP technologies. Target - Finally, we also see significant changes with attack targets. Over the past few years there has been an explosion in devices that attackers target ranging from smartphones, to tablets to cloud services. What is particularly interesting about these new targets is the variation of the architecture of these platforms that ranges from more secure platforms such as the iPhone to more open platforms such as the the Android OS. The other primary change we see is around the types of applications being attacked. Historically, most attacks have been focused on traditional corporate application servers and productivity applications such as office. Today, have seen a significant shift to web 2.0 type applications and social networking apps where attackers take advantage of a trusted relationship that is built amongst online users. They understand that there is a real tendency for online users to trust links that other users send within these applications and have used this vector as a target of malware. Transition: The challenge for enterprises today is how do they address the and new and emerging threats in a way that is both scalable and does not significantly drive up cost.
  • The network has continued to evolve.
  • End to End security1. Qualify the Device : With Juniper simply connected solution you can scan the device to make sure all the credentials that are needed to on board the device to your network are up-to-date. You will be able to force an update if needed, and quarantine the device until it is compliant. This is automatically performed by Juniper MAG and pulse.2. Authenticate the User There are two side effect to consumerization of IT: One is a shift to multi devices per one user with a mix of corporate and privately own. The second is that the user will try to connect to the corporate network from any location he is in.To get control back you will need to shift from securing your network by ports and location to secure your network by users and applications, assigning relevant polices to support the user responsibilities and the business needs. With juniper simply connected we make it easy for Enterprises to build this user centric data base importing their existing information to the centralized policy platform. Unified access control (MAG/UAC) is orchestrated for a wired or wireless clients accessing the network.3. Enforce Security Policies in the User and Application Level Now that we have an approved device with user and application based security policies, we need to have the ability to enforce it in the network. Juniper MAG/UAC will populate the policies to all elements in the network delivering consistent enforcement and ensuring access to the right content from any location. Remote workers will be authenticated through MAG/SSL.With fast pace attackers today, you need fast pace enforcement. The SRX Series Services Gateway includes zero-day protection. In particular, it includes protocol anomaly detection and same-day coverage for newly found vulnerabilities. Additionally, through scheduled security updates configurable by the network security administrator, the SRX gateway can automatically be updated with new attack objects/signatures. Therefore, up-to-the-minute security coverage is provided without manual intervention.4. Control the Device and Avoid Data LeakageWe have an approved device and approved user on the network, working in conjunction with the business needs and capabilities.You will find that the customer may now have concerns around data leakage from lost devices. And no wonder,“ In London more than 30,000 mobile phoned are left behind in taxis every day “ With Juniper solution you can control the mobile device whether it is corporate or privately owned. In a case of lost or stolen device you will be able to track the device location, lock , copy and wipe all corporate data remotely .Simply connected Brings the control back to the corporate Juniper advantage:Easy provisioning and consistent end-to-end enforcement of security policies for users, regardless of device or locationJuniper differentiation:security policies enforced at every part of the networkSimple and secure access with point-and-click provisioningRole-based access depending on user’s profile, identity, and roleNested application visibility and security enforcementCoordinated threat control automated for wired and wireless environments including day zero attacks.
  • Wire speed data plane – Asic, Ipsec acceleration, 10GE uplinks, 802.1n,…Seamless scalability – add resources as required with no service impactArchitecturally consistent QoS – queues, bandwidth rate limiting, CAC, automatics distribution of traffic across APs.Wired-like Performance Everywhere: User moves within campus, gets on mobile n/w, logs on from a branch location– seamless experience as he/she moves – feels like always connected to a wired connection at his/her desk. 802.1n AP’s (talk about new WLA532). (Talk about 10GE uplinks on all switches). (Talk about 4 member VC on EX8200 is an industry differentiator) Designed for Bandwidth Hungry Rich-MediaVoice, video. Data traffic across both the wireless and wired access, core switches and security devices. You need large tables and buffers to ensure bursty video traffic can be streamed on mobile devices.3. No Performance Tradeoffs as Campus Scales No tradeoffs between scale and performance as you change and evolve your campus. So, more locations, more users, more apps – same IT budget!To add: Talk about security services with minimal performance impact.
  • Designed for Mission-Critical Networks: Enterprise tested , SP proven Redundant components, power supplies, software protocolsEX &WLC : In-Service Software Upgrades allowing for 24/7 operation 2. Layers of Protection for Planned and Unplanned Outages : No single point of failure- animation MAG : MAG support application clustering on one box with hardware redundancy SRX : SRX clustering - no single point of failure . WAN backup using ETH, xDSL, 3G/4G WLC : controller clustering -> all AP in a cluster maintain two active connections EX virtual chassis - Robust design->no single point of failure and superior backplane capacity, Zero Impact Network Fail Over With the combination of MAG & PULSE you will be able to restore content from a stolen or lost device and placed it easily on a new hardware delivering resiliency all the way to the user device. 3. Simplified Operations, simplified wired and wireless, less devices, more automation. Mobility improves business process and not only to support BYODNo Moore’s law for network management costs. You cannot reduce the number of devices but can certainly reduce the number of devices to manage. This is where Juniper is focused and different from all other solutions. Multiple levels of redundancyExperience continuity with Virtual Chassis, Virtual Cluster, and industry’s most resilient coreSimplified operations to reduce human errors and downtime Coordinated Threat Control automated for wired and wireless environments including day zero attacks.
  • Pulse MSSApplication access concerns with role based app aware firewallControls apps with “On Device” firewallControl of apps on mobile devices using PulseFull L2-L7 security with App ware firewall
  • The WLA321 and WLA322 are next generation, 2x2 indoor 802.11n wireless access points for low to medium client density environments with an attractive price point, compact form factor, superior aesthetics and best-in-class features. These two new access points round out Juniper’s 11n portfolio and provide even greater choice for customer deployments where reliable business class wireless mobility service is needed to serve smaller number of wireless users.
  • Presenter transcript: The WLA 532 has had three design goals. We wanted to design the highest performance 11n AP in the industry, the smallest form factor 11n AP in the industry, and the lowest power consumption 11n AP in the industry. We are pleased to announce that we have built an industry best on all three vectors in the form of the WLA532, which is the industry’s highest performance three stream 3x3 11n access point, by all data sheet comparisons it is the lowest power consumption 11n 3x3 three stream AP in the industry and the smallest form factor. Again, simple data sheet comparison proves it’s the smallest form factor 11n AP in the industry.  When we mandate this technology in an RFP, we are winning because, as this graph proves, the 532 beats Cisco and Aruba and many other competitors handily. At any given distance on any client, Juniper handily beat the competition from a performance perspective. Juniper also in many of these RFPs is coming at least 15-20%, sometimes even more, less expensive than the competing bill of materials. So, a very strong offering for a high performance 11n AP, that is also low power consuming and small form factor. ___________________________Reference:WLA532 is Junipers next generation 802.11n AP. It is our flagship access point with a discreet form factor, superior aesthetics and best in class performance, out performing similar products from other vendors (beats Aruba 135 with 20% better throughput over distance).WLA 532 is the most compact 3 stream AP on the market. Its refined shape and form factor blends in with most building interiors and its small footprint allows for discreet, safe, easy installations. It has a revolutionary patent pending cross polarized indoor, integrated antenna design that enhances 5Ghz coverage, improving load balancing across 2.4 and 5 GHz and enables seemless roaming. This dual radio design delivers 20% more throughput and 50% more capacity for multimedia applications and very dense mobile WiFi client environments. This highly integrated design delivers high value providing concurrent client access and spectrum analysis. Additionally, it supports encrypted, secure high speed links to remote AP deployments. And the trusted platform module ensures the integrity and authenticity of hardware and software.Energy efficient - Efficient power system design consumes less power than previous generation; it works under 802.3af power draw limit even under peak load and adheres to IEEE802.3az energy efficient Ethernet design to reduce energy consumption when not in use.TECHNICAL Specs:Interfaces Concurrent dual-radio (11an/11gn) operation Up to 450Mbps link speed on 5GHz Up to 195Mbps link speed on 2.4GHz 10x better performance than 802.11a/g 802.3af PoE powerSecurity Encryption at “air” rate 802.11i, WPA2/AES, WPA/TKIP, WEP No stored configuration, no serial port, Kensington lockPerformance and Mobility Local switching for low Latency, high performance Advanced AP to AP VLAN tunnelingManagementAutoTune Dynamic RF managementAntennaSix Internal cross-polarized antennas with 5 degree down-tilt for best signal strengthExternal Antenna model (available Q1)Usability & Ease-of-InstallationVersatile mounting options for ceiling, wall mount and wall plugs
  • To safely support a broad variety of mobile devices on your network, both personal and corporate issued, the following should be deployed to protect against today’s and tomorrow’s threats:Secure accessAntivirusPersonal firewallAnti-spamLoss/theft protectionDevice controlSecure accessConsistent end-user experience regardless of device (laptop, netbook, smartphone, tablet)Consistent access policies across devicesSupport for mulitifactor authentication across devicesSupport for a broad range of application and traffic types, including VDIAntivirus (detail provided if you need notes)Real-time protection updated automaticallyScans files received over all network connectionsOn-demand scans of all memory or full deviceAlerts on detectionPersonal Firewall (detail provided if you need notes)Inbound/Outbound Port+IP Filtering automaticallyFull control of alerts/loggingDefault (high/low) filtering options + customizableAntispam (detail provided if you need notes)Blacklist filtering – blocks voice and SMS spamMessage settingsDisable alerts for incoming messages (option)Automatic denial for unknown or unwanted callsLoss theft protection (detail provided if you need notes)Remote Lock and/or Wipe GPS Locate/TrackDevice Backup/RestoreRemote Alarm/NotificationSIM Change Notification Device monitoring (detail provided if you need notes)Application inventory and removalMonitor SMS, MMS, email message contentView phone call log and address book/contactsView photos stored on device T: This suite solves our customer’s problems like nothing else currently available in the market…
  • As we discussed earlier, each successful exploit has three parts – the attacker, threat type, and target – we continue to see change in each. Attacker - in 2005, we saw a shift starting from attackers wanting notoriety to wanting profitability. Today, cybercrime is fully organized and we see crime syndicates out to profit from attacks. These attackers are now well funded, use sophisticated and purpose built tools and target organizations purely for profit. While this is nothing new, what we are seeing today is a move to not only attack “.gov/.com” but to attack “.me/.you”. Attackers are becoming increasingly sophisticated and are profiling not only companies but also individuals. They understand that we all have online identities but also “physical profiles” or “connection points” where we connect to the internet from a variety of places……work, internet café, airport lounge, home. They have realized that often times our security defenses are down or weak at some of these connection points and penetrating individuals’ devices can work quite well outside of the work place. If you can infect a business user at an internet café and then have them walk that device into the enterprise then you can infiltrate the enterprise infrastructure and bypass many of the defenses that are in place today. Attackers understand this and have adopted their behavior. Threat – The threat landscape is also undergoing a change both in terms of the types of attacks and the sophistication and maturation of existing attacks. As expected, we continue to see new types of attacks to bypass the latest technologies that enterprises deploy. Historically, the first large virus outbreak was on the Apple II in 1981. Since then there have been many well documented outbreaks that include the “iLOVEYOU” worm in 2000, SQL Slammer and Blaster worm in 2003 and countless worms, Trojans and other forms of malware. Today, DOS has given way to DDOS and newer threats such as rootkits and botnets have taken hold. The most recent threat is APT which is not only a new type of threat but also a new way to profile and attack networks, systems and organizations. While we see new types of attacks we also see the morphing of existing attack types. As an example a few years ago, the majority of malware was in cleartext which could often be detected by AV or IDP solutions. Today over 80% of malware uses encryption, compression or file packing to bypass traditional AV or IDP technologies. Target - Finally, we also see significant changes with attack targets. Over the past few years there has been an explosion in devices that attackers target ranging from smartphones, to tablets to cloud services. What is particularly interesting about these new targets is the variation of the architecture of these platforms that ranges from more secure platforms such as the iPhone to more open platforms such as the the Android OS. The other primary change we see is around the types of applications being attacked. Historically, most attacks have been focused on traditional corporate application servers and productivity applications such as office. Today, have seen a significant shift to web 2.0 type applications and social networking apps where attackers take advantage of a trusted relationship that is built amongst online users. They understand that there is a real tendency for online users to trust links that other users send within these applications and have used this vector as a target of malware. Transition: The challenge for enterprises today is how do they address the and new and emerging threats in a way that is both scalable and does not significantly drive up cost.
  • Presenter transcript: Next we’ll take a look at the specific product pieces of WLAN that separate Juniper from the rest of the market.
  • Transcript

    • 1. THE SIMPLY CONNECTED CAMPUSMOBILITY IS MORE THAN BYODFrank BaeyensKappaData seminarie,21 Juni 2012
    • 2. DEVICE PROLIFERATION Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student400000 Top WLAN requirements350000300000250000200000 6x BYOD Unified Policy Performance at Scale150000 Highly Resilient100000 High Density 50000 High Scale 0 Spring Summer Fall Spring Summer Fall 2010 2011 2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 3. MOBILITY REDEFINES BUSINESS PRACTICES APPLICATION PROLIFERATION Business Applications Personal Applications Pulse 42% 39% 37% Increased Reduced Increased Productivity Paperwork Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 4. CUSTOMER CHALLENGES DUE TO MAJOR TRENDS Type of Attack  Secure at the device  Secure at the edgeSecurity Risks APT  Secure L2 – L7 ( application ) Exploding Virus Worms Trojans DOS Malware Botnets  Security orchestration “Security at every node” New Devices & Platforms  Provisioning (On-boarding)  Profiling (Identify and track device types) Device  Management Proliferation  Compliance / Security Posture  Access to Applications Application  Control of Applications & Access Complexity4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 5. MOBILITY IS MUCH MORE THAN BYOD Employee Owned Corporate Owned Guest Devices Devices (BYOD) Devices Todays business environment requires coordinated access5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 6. MOBILE USER TYPES AND REQUIREMENTSOpen access, Captive Portal Employee • Self provisioning Guest Owned • Simple experience BYOD (Employee owned) • Device type aware policy Devices Devices • Self provisioning • Differentiated access • Secure Certificate based authenticatio • Simple guest access • User, App, Device aware policies provisioning/control • Device management • On-device security Corporate • Device, data loss/ Owned theft prevention Devices • Secure network, cloud access Corporate Issued Devices • Self provisioning • On-device Security • Content Monitoring • Secure Certificate based authentication • Device Management • Secure network, cloud SSO • User, App, Device aware policy • Application Management • Device agnostic “Follow-me policies” 6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 7. DELIVERING ORCHESTRATED SECURITY BRINGING CONTROL BACK TO IT Branch 1 Qualify the device EX SRX AP Provision and authenticate 2 the user Campus Enforce user and application 3 policies across the network MX MX SRX MAG Control the device and avoid 4 data leakage WLC EX Servers AP Simple: Role/user-based Automated: Policy Secure: Application access with point-and-click proliferation for wired and visibility and enforcement provisioning wireless environments including day zero attacks.7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 8. DELIVERING PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING Branch 1 Wire speed data plane EX SRX AP Seamless scalability across 2 wired and wireless Campus Architecturally 3 consistent QoS MX MX SRX MAG WLC EX AP Servers Designed for Wired-like No performance bandwidth performance tradeoffs hungry rich-media everywhere as campus scales applications8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 9. DELIVERING HIGH RESILIENCY FOR NON-STOP PRODUCTIVITY Branch Uninterrupted service for 1 mission-critical applications EX SRX AP Seamless upgrade and 2 scalability Campus Simplified operations – 80% 3 fewer devices to manage MX MX SRX MAG WLC Servers EX AP Improved Carrier Class No Single operational Network for Point of Failure efficiency Enterprise9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 10. ACCESS SOLUTIONS FOR CAMPUS AND BRANCH Security Challenge Juniper Advantage Juniper Solution  Mobile device security  Secure users and devices and management  Support BYOD  Extensive client support  Secure connectivity MAG Series  Secure remote access  Ubiquitous access  Consistent policy control  Employee remote access  Firewall with integrated AppSecure SRX Series and IPS  Application visibility  Unified threat management  “Always on” App-awareness  Identity, role, location and device UAC, SRX, EX  Context-based AAA based access control  Warranted access  Enforcement edge with UAC/JUEP on  Enterprise data protection EX, IF-MAP on WLC, JUEP on SRX  Clientless provisioning  Device finger printing - profiling with WLC WL Series  Clientless Provisioning  Device management with RingMaster,  Device profiling SmartPass10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 11. JUNIPER WIRELESS - COMPLETE WLAN SOLUTION WLM – Management and Access Control RingMaster WLM - Appliance SmartPass Simple - Secure - Mobile WLA – Access Points WLC – Controllers11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 12. JUNIPER WLA SERIES ACCESS POINT FAMILY Q2-2012  High performance  Intelligent switching 3x3 MIMO  AP and band steering 3 Stream Dual Radio  autotune RF management MIMO Dual Radio All Weather  Built-in spectrum analysis Max. Performanc  Bridging and mesh 2x2 MIMO e Dual Radio WLA Series Highlights High Density Dual Radio Functionality Entry-level WLA632 Single Radio AP Low Cost AP WLA532 Dual Radio Entry-level WLA522 AP Single Radio WLA322 Low Cost AP WLA321 WLA422 WLA371 Indoor 11n Outdoor 11n 802.11abg12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 13. WLA321/WLA322 ENTRY LEVEL 802.11n WLAN ACCESS POINTS Overview • Indoor 802.11n wireless access points • 2x2 MIMO 2 spatial stream • Compact, discreet form factor, superior aesthetics • WLA321 Single Radio, WLA322 Dual Radio Target Markets • Entry-level price point and performance • Low to medium client density environments • Small Enterprises, Small-to-Medium Branch Offices (Private/Public enterprise) etc. Availability • WLA321: Now • WLA322: Early June 201213 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 14. JUNIPER WL SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP 3 Industry Bests  Highest Performance AP  Lowest Power Consumption AP  Smallest Form Factor AP Highest Performance  450Mbps data rate (3x3, 3 spatial stream)• Juniper WLAN is 15-20% less expensive whencomparing complete BOMs• Juniper WLA 532 outperforms Cisco and Aruba by upto 35% as validated by Novarum14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 15. WLA532 VALUE PROPOSITION Superior performance for high density client environments  3X3:3 radio technology is designed for high performance, high density WiFi client environments Higher WLAN capacity at a lower cost  WLA532 improved RF subsystem delivers enhanced throughput over distance requiring less APs per floor whilst offering 50% more capacity Reduced energy consumption  Peak performance within 802.3af power draw limit  802.3az to improve wired side power efficiency Increased reliability and fewer IT support calls  WLA532 supports improved performance for concurrent spectrum monitoring and client service Enhanced Security to protect business communications  WLA532 supports Trusted Platform Module (TPM) for ensuring authenticity and integrity of both hardware and software  Improved performance for wired-crypto acceleration for secure high-speed link to remote WLAN site15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 16. WLC - CONTROLLER FAMILY 64 - 512 11n AP  Cluster Reliability  In-Service Upgrades  One Software Platform  Distributed & Centralized WLC2800 WLC Series Highlights 16 - 256 11n AP 3-Stream WLC880 16 - 128 11n AP 3-Stream WLC800 12 AP 4 AP WLC8 WLC2 # of AP16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 17. ACTIVE-ACTIVE CONTROLLERS 2 Primary controller 3 authenticates/ Primary propagates authorizes client session details to backup controller for use during failure Primary Seed Client Session State Secondary Seed Member Member Member Client Session State1 A new client associates to the system17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 18. EX Series WL Series SMART MOBILE ARCHITECTURE (CENTRALIZED & DISTRIBUTED) Centralized Distributed Security Management Reliability Performance Or both combined/mixed (can be decided per VLAN)18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 19. RINGMASTER VIEW19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 20. PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING Alerting on interference source  Classification and other properties  RSSI  Duty Cycle  Channel(s) impacted  Associated events with that source  Per AP historical information  30 day history Spectrograph  All channels in 2.4GHz and 5GHz band  Multiple AP views  Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history Auto reconciliation for planned sources  Automatic correlation between planned and monitored source  Reduce false alarms20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 21. SMARTPASS – ACCESS CONTROLSmartPass is a multi-faceted web-based, access control application suite  Guest access module  Ease of use / Bulk user creation  API for 3rd part application integration  SMS / Email creation of guest coupons with Self-Provisioning  Accounting database  Detailed client accounting history  Reporting available via RingMaster.  Access control module  RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic Radius)  Location awareness for client sessions. – Allow or deny access based on location Centralized Guest Access – Change any AAA attribute based on location Database  Access Rules (location based, time based or a combination of both)21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 22. USE CASES  Guest onboarding  Employee onboarding  Provisioning  BYOD and access policies  Pulse registration  Remote access using Pulse22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 23. GUEST USER ON CORP NETWORKGUEST SELF PROVISIONING & APPLICATION RESTRICT Hospital Network WLA532 Google www.youtube.com ! Can’t access!!! WLC2800 Hospital Guest Login This Hospital Is keeping W/Smartpass GUEST ID bandwidth for (408) 569-9863 what matters most SRX 550 UAC/Pulse Mobile Security23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 24. EMPLOYEE OWNED DEVICE ON CORP NETWORK EMPLOYEE SELF PROVISIONING & APPLICATION RESTRICT Hospital Network Electronic Medical Records WLA532 ! Can’t access!!! WLC2800 EMR Hospital Login This Hospital Is keeping W/Smartpass Now connecting to a secure hospital network bandwidth for DOCTOR ID Provisioning Server what matters most Dr. Brown 423 SRX 550 UAC/Pulse Mobile Security24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 25. EMPLOYEES ON CORP LIABLE DEVICE HOST CHECKING & APPLICATION RESTRICT Hospital Network Electronic Medical Records WLA532 ! Can’t access!!! WLC2800 EMR This Hospital Dr. Rose 369 Is keeping W/Smartpass bandwidth for Scan is Clean whatConnect matters most SRX 550 UAC/Pulse Mobile Security/SA25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 26. Juniper Networks Junos Pulse:Connect, Protect and Control Full Layer 3 Tunnel Secure Email (ActiveSync proxy) SSL VPN Web VPN (browser-based apps) Antivirus & Antimalware On Device Block SMS & voice spam Security Endpoint Firewall AntiSpam Mobile Device Management Monitor & Application inventory and control Control Content monitoring Remote lock and wipe Loss & Theft Backup & restore Protection GPS locate SIM change notification26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 27. LOST OR STOLEN MOBILE DEVICE REMOTE LOCK AND WIPE Hospital Network WLA532 ! Can’t access!!! WLC2800 This device was reported as 369 Dr. Rose stolen W/Smartpass Wiping ipad Connect SRX 550 UAC/Pulse Mobile Security/SA27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 28. JUNIPER SIMPLY CONNECTED PORTFOLIO DELIVERS Granular context based security that Orchestrated adjust policy enforcement to theSecurity Risks security associated security risks Contained Comprehensive Broad coverage for user devices, enterprise offering wired and wireless networks Devices Centralized policy creation and fully Simplicity automated enforcement, wired and Application wireless Access Controlled28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
    • 29. THANK YOU

    ×