Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Mobility is more than BYOD


Published on

It’s clear that wireless networks bring a lot of benefits to the enterprise. Today, BYOD creates a lot of new opportunities, but also opens your network to new risks and vulnerabilities. With Juniper Networks extensive product portfolio, Kappa Data can offer robust and reliable wireless LAN solutions that ideally can be combined with Juniper’s SSL solutions using the new JUNOS Pulse client for mobile users.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Mobility is more than BYOD

  1. 1. THE SIMPLY CONNECTED CAMPUSMOBILITY IS MORE THAN BYODFrank BaeyensKappaData seminarie,21 Juni 2012
  2. 2. DEVICE PROLIFERATION Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student400000 Top WLAN requirements350000300000250000200000 6x BYOD Unified Policy Performance at Scale150000 Highly Resilient100000 High Density 50000 High Scale 0 Spring Summer Fall Spring Summer Fall 2010 2011 2 Copyright © 2012 Juniper Networks, Inc.
  3. 3. MOBILITY REDEFINES BUSINESS PRACTICES APPLICATION PROLIFERATION Business Applications Personal Applications Pulse 42% 39% 37% Increased Reduced Increased Productivity Paperwork Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research3 Copyright © 2012 Juniper Networks, Inc.
  4. 4. CUSTOMER CHALLENGES DUE TO MAJOR TRENDS Type of Attack  Secure at the device  Secure at the edgeSecurity Risks APT  Secure L2 – L7 ( application ) Exploding Virus Worms Trojans DOS Malware Botnets  Security orchestration “Security at every node” New Devices & Platforms  Provisioning (On-boarding)  Profiling (Identify and track device types) Device  Management Proliferation  Compliance / Security Posture  Access to Applications Application  Control of Applications & Access Complexity4 Copyright © 2012 Juniper Networks, Inc.
  5. 5. MOBILITY IS MUCH MORE THAN BYOD Employee Owned Corporate Owned Guest Devices Devices (BYOD) Devices Todays business environment requires coordinated access5 Copyright © 2012 Juniper Networks, Inc.
  6. 6. MOBILE USER TYPES AND REQUIREMENTSOpen access, Captive Portal Employee • Self provisioning Guest Owned • Simple experience BYOD (Employee owned) • Device type aware policy Devices Devices • Self provisioning • Differentiated access • Secure Certificate based authenticatio • Simple guest access • User, App, Device aware policies provisioning/control • Device management • On-device security Corporate • Device, data loss/ Owned theft prevention Devices • Secure network, cloud access Corporate Issued Devices • Self provisioning • On-device Security • Content Monitoring • Secure Certificate based authentication • Device Management • Secure network, cloud SSO • User, App, Device aware policy • Application Management • Device agnostic “Follow-me policies” 6 Copyright © 2012 Juniper Networks, Inc.
  7. 7. DELIVERING ORCHESTRATED SECURITY BRINGING CONTROL BACK TO IT Branch 1 Qualify the device EX SRX AP Provision and authenticate 2 the user Campus Enforce user and application 3 policies across the network MX MX SRX MAG Control the device and avoid 4 data leakage WLC EX Servers AP Simple: Role/user-based Automated: Policy Secure: Application access with point-and-click proliferation for wired and visibility and enforcement provisioning wireless environments including day zero attacks.7 Copyright © 2012 Juniper Networks, Inc.
  8. 8. DELIVERING PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING Branch 1 Wire speed data plane EX SRX AP Seamless scalability across 2 wired and wireless Campus Architecturally 3 consistent QoS MX MX SRX MAG WLC EX AP Servers Designed for Wired-like No performance bandwidth performance tradeoffs hungry rich-media everywhere as campus scales applications8 Copyright © 2012 Juniper Networks, Inc.
  9. 9. DELIVERING HIGH RESILIENCY FOR NON-STOP PRODUCTIVITY Branch Uninterrupted service for 1 mission-critical applications EX SRX AP Seamless upgrade and 2 scalability Campus Simplified operations – 80% 3 fewer devices to manage MX MX SRX MAG WLC Servers EX AP Improved Carrier Class No Single operational Network for Point of Failure efficiency Enterprise9 Copyright © 2012 Juniper Networks, Inc.
  10. 10. ACCESS SOLUTIONS FOR CAMPUS AND BRANCH Security Challenge Juniper Advantage Juniper Solution  Mobile device security  Secure users and devices and management  Support BYOD  Extensive client support  Secure connectivity MAG Series  Secure remote access  Ubiquitous access  Consistent policy control  Employee remote access  Firewall with integrated AppSecure SRX Series and IPS  Application visibility  Unified threat management  “Always on” App-awareness  Identity, role, location and device UAC, SRX, EX  Context-based AAA based access control  Warranted access  Enforcement edge with UAC/JUEP on  Enterprise data protection EX, IF-MAP on WLC, JUEP on SRX  Clientless provisioning  Device finger printing - profiling with WLC WL Series  Clientless Provisioning  Device management with RingMaster,  Device profiling SmartPass10 Copyright © 2012 Juniper Networks, Inc.
  11. 11. JUNIPER WIRELESS - COMPLETE WLAN SOLUTION WLM – Management and Access Control RingMaster WLM - Appliance SmartPass Simple - Secure - Mobile WLA – Access Points WLC – Controllers11 Copyright © 2012 Juniper Networks, Inc.
  12. 12. JUNIPER WLA SERIES ACCESS POINT FAMILY Q2-2012  High performance  Intelligent switching 3x3 MIMO  AP and band steering 3 Stream Dual Radio  autotune RF management MIMO Dual Radio All Weather  Built-in spectrum analysis Max. Performanc  Bridging and mesh 2x2 MIMO e Dual Radio WLA Series Highlights High Density Dual Radio Functionality Entry-level WLA632 Single Radio AP Low Cost AP WLA532 Dual Radio Entry-level WLA522 AP Single Radio WLA322 Low Cost AP WLA321 WLA422 WLA371 Indoor 11n Outdoor 11n 802.11abg12 Copyright © 2012 Juniper Networks, Inc.
  13. 13. WLA321/WLA322 ENTRY LEVEL 802.11n WLAN ACCESS POINTS Overview • Indoor 802.11n wireless access points • 2x2 MIMO 2 spatial stream • Compact, discreet form factor, superior aesthetics • WLA321 Single Radio, WLA322 Dual Radio Target Markets • Entry-level price point and performance • Low to medium client density environments • Small Enterprises, Small-to-Medium Branch Offices (Private/Public enterprise) etc. Availability • WLA321: Now • WLA322: Early June 201213 Copyright © 2012 Juniper Networks, Inc.
  14. 14. JUNIPER WL SERIES FLAGSHIP ACCESS POINT WLA532 INDOOR 802.11N AP 3 Industry Bests  Highest Performance AP  Lowest Power Consumption AP  Smallest Form Factor AP Highest Performance  450Mbps data rate (3x3, 3 spatial stream)• Juniper WLAN is 15-20% less expensive whencomparing complete BOMs• Juniper WLA 532 outperforms Cisco and Aruba by upto 35% as validated by Novarum14 Copyright © 2012 Juniper Networks, Inc.
  15. 15. WLA532 VALUE PROPOSITION Superior performance for high density client environments  3X3:3 radio technology is designed for high performance, high density WiFi client environments Higher WLAN capacity at a lower cost  WLA532 improved RF subsystem delivers enhanced throughput over distance requiring less APs per floor whilst offering 50% more capacity Reduced energy consumption  Peak performance within 802.3af power draw limit  802.3az to improve wired side power efficiency Increased reliability and fewer IT support calls  WLA532 supports improved performance for concurrent spectrum monitoring and client service Enhanced Security to protect business communications  WLA532 supports Trusted Platform Module (TPM) for ensuring authenticity and integrity of both hardware and software  Improved performance for wired-crypto acceleration for secure high-speed link to remote WLAN site15 Copyright © 2012 Juniper Networks, Inc.
  16. 16. WLC - CONTROLLER FAMILY 64 - 512 11n AP  Cluster Reliability  In-Service Upgrades  One Software Platform  Distributed & Centralized WLC2800 WLC Series Highlights 16 - 256 11n AP 3-Stream WLC880 16 - 128 11n AP 3-Stream WLC800 12 AP 4 AP WLC8 WLC2 # of AP16 Copyright © 2012 Juniper Networks, Inc.
  17. 17. ACTIVE-ACTIVE CONTROLLERS 2 Primary controller 3 authenticates/ Primary propagates authorizes client session details to backup controller for use during failure Primary Seed Client Session State Secondary Seed Member Member Member Client Session State1 A new client associates to the system17 Copyright © 2012 Juniper Networks, Inc.
  18. 18. EX Series WL Series SMART MOBILE ARCHITECTURE (CENTRALIZED & DISTRIBUTED) Centralized Distributed Security Management Reliability Performance Or both combined/mixed (can be decided per VLAN)18 Copyright © 2012 Juniper Networks, Inc.
  19. 19. RINGMASTER VIEW19 Copyright © 2012 Juniper Networks, Inc.
  20. 20. PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING Alerting on interference source  Classification and other properties  RSSI  Duty Cycle  Channel(s) impacted  Associated events with that source  Per AP historical information  30 day history Spectrograph  All channels in 2.4GHz and 5GHz band  Multiple AP views  Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history Auto reconciliation for planned sources  Automatic correlation between planned and monitored source  Reduce false alarms20 Copyright © 2012 Juniper Networks, Inc.
  21. 21. SMARTPASS – ACCESS CONTROLSmartPass is a multi-faceted web-based, access control application suite  Guest access module  Ease of use / Bulk user creation  API for 3rd part application integration  SMS / Email creation of guest coupons with Self-Provisioning  Accounting database  Detailed client accounting history  Reporting available via RingMaster.  Access control module  RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic Radius)  Location awareness for client sessions. – Allow or deny access based on location Centralized Guest Access – Change any AAA attribute based on location Database  Access Rules (location based, time based or a combination of both)21 Copyright © 2012 Juniper Networks, Inc.
  22. 22. USE CASES  Guest onboarding  Employee onboarding  Provisioning  BYOD and access policies  Pulse registration  Remote access using Pulse22 Copyright © 2012 Juniper Networks, Inc.
  23. 23. GUEST USER ON CORP NETWORKGUEST SELF PROVISIONING & APPLICATION RESTRICT Hospital Network WLA532 Google ! Can’t access!!! WLC2800 Hospital Guest Login This Hospital Is keeping W/Smartpass GUEST ID bandwidth for (408) 569-9863 what matters most SRX 550 UAC/Pulse Mobile Security23 Copyright © 2012 Juniper Networks, Inc.
  24. 24. EMPLOYEE OWNED DEVICE ON CORP NETWORK EMPLOYEE SELF PROVISIONING & APPLICATION RESTRICT Hospital Network Electronic Medical Records WLA532 ! Can’t access!!! WLC2800 EMR Hospital Login This Hospital Is keeping W/Smartpass Now connecting to a secure hospital network bandwidth for DOCTOR ID Provisioning Server what matters most Dr. Brown 423 SRX 550 UAC/Pulse Mobile Security24 Copyright © 2012 Juniper Networks, Inc.
  25. 25. EMPLOYEES ON CORP LIABLE DEVICE HOST CHECKING & APPLICATION RESTRICT Hospital Network Electronic Medical Records WLA532 ! Can’t access!!! WLC2800 EMR This Hospital Dr. Rose 369 Is keeping W/Smartpass bandwidth for Scan is Clean whatConnect matters most SRX 550 UAC/Pulse Mobile Security/SA25 Copyright © 2012 Juniper Networks, Inc.
  26. 26. Juniper Networks Junos Pulse:Connect, Protect and Control Full Layer 3 Tunnel Secure Email (ActiveSync proxy) SSL VPN Web VPN (browser-based apps) Antivirus & Antimalware On Device Block SMS & voice spam Security Endpoint Firewall AntiSpam Mobile Device Management Monitor & Application inventory and control Control Content monitoring Remote lock and wipe Loss & Theft Backup & restore Protection GPS locate SIM change notification26 Copyright © 2012 Juniper Networks, Inc.
  27. 27. LOST OR STOLEN MOBILE DEVICE REMOTE LOCK AND WIPE Hospital Network WLA532 ! Can’t access!!! WLC2800 This device was reported as 369 Dr. Rose stolen W/Smartpass Wiping ipad Connect SRX 550 UAC/Pulse Mobile Security/SA27 Copyright © 2012 Juniper Networks, Inc.
  28. 28. JUNIPER SIMPLY CONNECTED PORTFOLIO DELIVERS Granular context based security that Orchestrated adjust policy enforcement to theSecurity Risks security associated security risks Contained Comprehensive Broad coverage for user devices, enterprise offering wired and wireless networks Devices Centralized policy creation and fully Simplicity automated enforcement, wired and Application wireless Access Controlled28 Copyright © 2012 Juniper Networks, Inc.
  29. 29. THANK YOU