Case Study- Enterprise Mobility & BYOD Assessment At A Leading Two-Wheeler Manufacturer
Mobility is more than BYOD
-
Upload
kappa-data -
Category
Technology
-
view
813 -
download
2
description
Transcript of Mobility is more than BYOD
THE SIMPLY CONNECTED CAMPUSMOBILITY IS MORE THAN BYOD
Frank Baeyens
KappaData seminarie,
21 Juni 2012
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Top WLAN requirements
BYODUnified Policy
Performance at ScaleHighly Resilient
High DensityHigh Scale
DEVICE PROLIFERATION
0
50000
100000
150000
200000
250000
300000
350000
400000
Unique Daily Wireless Sessions
Large American University ~50,000 Students, Multiple Devices Per Student
6x
FallSummerSpring2011
FallSpring Summer2010
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MOBILITY REDEFINES BUSINESS PRACTICESAPPLICATION PROLIFERATIONBusiness Applications Personal Applications
42%Increased Productivity
39%ReducedPaperwork
37%Increased Revenue
Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research
Pulse
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Type of Attack
Botnets TrojansVirus Worms DOS
APT
Malware
Secure at the device Secure at the edge Secure L2 – L7 ( application ) Security orchestration “Security at every node”
CUSTOMER CHALLENGES DUE TO MAJOR TRENDS
Application & Access
Complexity
Security Risks
Exploding
New Devices & Platforms Provisioning (On-boarding) Profiling (Identify and track device types) Management Compliance / Security Posture
Device
Proliferation
Access to Applications Control of Applications
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MOBILITY IS MUCH MORE THAN BYOD
Today's business environment requires coordinated access
Employee Owned Devices (BYOD)
Corporate Owned DevicesGuest Devices
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Open access, Captive Portal• Self provisioning • Simple experience• Device type aware policy• Differentiated access• Simple guest access
provisioning/control
MOBILE USER TYPES AND REQUIREMENTS
BYOD (Employee owned)• Self provisioning• Secure Certificate based authentication• User, App, Device aware policies • Device management• On-device security• Device, data loss/
theft prevention• Secure network, cloud access
Corporate Issued Devices• Self provisioning• Secure Certificate based authentication• User, App, Device aware policy
• Content Monitoring• Secure network, cloud SSO• Device agnostic “Follow-me policies”
• On-device Security• Device Management• Application Management
GuestDevices
Employee OwnedDevices
CorporateOwnedDevices
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DELIVERING ORCHESTRATED SECURITYBRINGING CONTROL BACK TO IT
MAG
EXServers AP
SRX
WLC
EXAP
Campus
Branch Qualify the device 1
Provision and authenticate the user 2
Enforce user and application policies across the network3
Control the device and avoid data leakage4
SRX
MX MX
Simple: Role/user-based access with point-and-click
provisioning
Automated: Policy proliferation for wired and
wireless environments
Secure: Application visibility and enforcement
including day zero attacks.
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DELIVERING PERFORMANCE AT SCALESIMPLE & COST-EFFECTIVE SCALING
MAG
EX
ServersAP
SRX
WLC
EXAP
Campus
Branch
SRX
MX MX
Wire speed data plane1
Seamless scalability across wired and wireless2
Architecturally consistent QoS3
Wired-like performance everywhere
Designed for bandwidth
hungry rich-media applications
No performance tradeoffs
as campus scales
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DELIVERING HIGH RESILIENCYFOR NON-STOP PRODUCTIVITY
MAG
Servers
SRX
WLC
MX
Campus
MX
Uninterrupted service for mission-critical applications1
Seamless upgrade and scalability2
Simplified operations – 80% fewer devices to manage3
SRXEXAP
Branch
EX AP
Improved operational efficiency
Carrier Class Network for Enterprise
No Single Point of Failure
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ACCESS SOLUTIONS FOR CAMPUS AND BRANCH
Juniper Advantage
Secure remote access Consistent policy control
Identity, role, location and device based access control
Enforcement edge with UAC/JUEP on EX, IF-MAP on WLC, JUEP on SRX
Firewall with integrated AppSecure and IPS
Unified threat management “Always on” App-awareness
Mobile device security and management
Extensive client support
Security Challenge
SRX Series
MAG Series
UAC, SRX, EX
Juniper Solution
Application visibility
Context-based AAA Warranted access Enterprise data protection
Secure users and devices Support BYOD
Secure connectivity Ubiquitous access Employee remote access
Clientless provisioning Device finger printing - profiling with WLC Device management with RingMaster,
SmartPass
Clientless Provisioning Device profiling
WL Series
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLM – Management and Access Control
RingMaster WLM - Appliance SmartPass
JUNIPER WIRELESS - COMPLETE WLAN SOLUTION
WLC – Controllers
Simple - Secure - Mobile
WLA – Access Points
Plan
Config
MonitorTroubleshoot
Report
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WLA SERIES ACCESS POINT FAMILYQ2-2012
802.11abg Indoor 11n Outdoor 11n
Single Radio Low Cost AP
WLA321
Dual Radio Entry-level AP
WLA322
2x2 MIMODual
RadioHigh
Density
WLA522
WLA Series Highlights
High performance Intelligent switching AP and band steering autotune RF management Built-in spectrum analysis Bridging and mesh
3 StreamMIMO
Dual RadioMax.
Performance
WLA532
Fu
nct
ion
alit
y
3x3 MIMODual RadioAll Weather
WLA632
Single Radio
Low Cost AP
WLA371
Dual Radio Entry-level
AP
WLA422
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLA321/WLA322ENTRY LEVEL 802.11n WLAN ACCESS POINTS
Overview• Indoor 802.11n wireless access points
• 2x2 MIMO 2 spatial stream
• Compact, discreet form factor, superior aesthetics
• WLA321 Single Radio, WLA322 Dual Radio
Target Markets• Entry-level price point and performance
• Low to medium client density environments
• Small Enterprises, Small-to-Medium Branch Offices (Private/Public enterprise) etc.
Availability• WLA321: Now
• WLA322: Early June 2012
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER WL SERIES FLAGSHIP ACCESS POINTWLA532 INDOOR 802.11N AP
3 Industry Bests Highest Performance AP Lowest Power Consumption AP Smallest Form Factor AP
Highest Performance 450Mbps data rate (3x3, 3 spatial stream)
Did you know?
• Juniper WLAN is 15-20% less expensive when comparing complete BOMs
• Juniper WLA 532 outperforms Cisco and Aruba by up to 35% as validated by Novarum
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLA532 VALUE PROPOSITION
Superior performance for high density client environments 3X3:3 radio technology is designed for high performance,
high density WiFi client environments
Higher WLAN capacity at a lower cost WLA532 improved RF subsystem delivers enhanced throughput
over distance requiring less APs per floor whilst offering 50% more capacity
Reduced energy consumption Peak performance within 802.3af power draw limit 802.3az to improve wired side power efficiency
Increased reliability and fewer IT support calls WLA532 supports improved performance for concurrent
spectrum monitoring and client service
Enhanced Security to protect business communications WLA532 supports Trusted Platform Module (TPM) for ensuring
authenticity and integrity of both hardware and software Improved performance for wired-crypto acceleration for secure
high-speed link to remote WLAN site
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLC - CONTROLLER FAMILY
WLC Series Highlights
Cluster Reliability In-Service Upgrades One Software Platform Distributed & Centralized
4 12 16 32 128 192 256 51264
4 AP
WLC2
WLC8
12 AP
16 - 128 11n AP 3-Stream
WLC800
Bra
nch
Cam
pu
sE
nte
rpri
se
16 - 256 11n AP 3-Stream
WLC880
64 - 512 11n AP
WLC2800
# of AP
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ACTIVE-ACTIVE CONTROLLERS
Client Session
State
Primary controllerauthenticates/
authorizes client
2
ClientSession
State
Primary propagates session details to backup controller
for use during failure
3
A new client associatesto the system
1
Member MemberMember
Secondary Seed
Primary Seed
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SMART MOBILE ARCHITECTURE (CENTRALIZED & DISTRIBUTED)
Centralized
Distributed
Security Management
Reliability Performance Or both combined/mixed
(can be decided per VLAN)
WL SeriesEX Series
19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
RINGMASTER VIEW
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
PERFORMANCE - SPECTRUM MANAGEMENT - MONITORING AND ALERTING
Alerting on interference source Classification and other properties
RSSI
Duty Cycle
Channel(s) impacted
Associated events with that source
Per AP historical information
30 day history
Spectrograph All channels in 2.4GHz and 5GHz band
Multiple AP views
Real time FFT (min, max average of interference signal), Swept spectrum, Duty cycle, 5 minute rolling history
Auto reconciliation for planned sources Automatic correlation between planned
and monitored source
Reduce false alarms
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SMARTPASS – ACCESS CONTROL
SmartPass is a multi-faceted web-based, access control application suite
Guest access module Ease of use / Bulk user creation API for 3rd part application integration SMS / Email creation of guest coupons with
Self-Provisioning
Accounting database Detailed client accounting history Reporting available via RingMaster.
Access control module RFC 3576 support to change authorization attributes or disconnect client sessions (Dynamic
Radius) Location awareness for client sessions.
– Allow or deny access based on location
– Change any AAA attribute based on location Access Rules (location based, time based or a combination of both)
Centralized Guest Access
Database
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
USE CASES
Guest onboarding Employee onboarding Provisioning BYOD and access policies Pulse registration Remote access using Pulse
23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
GUEST USER ON CORP NETWORKGUEST SELF PROVISIONING & APPLICATION RESTRICT
GUEST ID
Hospital Guest Login
(408) 569-9863
www.youtube.com
Can’t access!!!
This HospitalIs keeping
bandwidth for what matters most
!
Hospital Network
SRX 550
UAC/Pulse Mobile Security
WLA532
WLC2800
W/Smartpass
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
EMPLOYEE OWNED DEVICE ON CORP NETWORKEMPLOYEE SELF PROVISIONING & APPLICATION RESTRICT
Hospital Network
SRX 550
Provisioning Server
WLA532
WLC2800
W/Smartpass
DOCTOR ID
Hospital Login
Dr. Brown 423
UAC/Pulse Mobile Security
Now connecting to a secure hospital network
Electronic Medical Records
EMRCan’t access!!!
This HospitalIs keeping
bandwidth for what matters most
!
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
EMPLOYEES ON CORP LIABLE DEVICEHOST CHECKING & APPLICATION RESTRICT
Hospital Network
SRX 550
UAC/Pulse Mobile Security/SA
WLA532
WLC2800
W/SmartpassDr. Rose 369
ConnectConnectScan is Clean
Electronic Medical Records
EMRCan’t access!!!
This HospitalIs keeping
bandwidth for what matters most
!
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
On DeviceSecurity
Antivirus & AntimalwareBlock SMS & voice spamEndpoint FirewallAntiSpam
Loss & TheftProtection
Remote lock and wipeBackup & restoreGPS locateSIM change notification
SSL VPNFull Layer 3 TunnelSecure Email (ActiveSync proxy)Web VPN (browser-based apps)
Monitor &Control
Mobile Device Management Application inventory and control Content monitoring
Juniper Networks Junos Pulse: Connect, Protect and Control
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
LOST OR STOLEN MOBILE DEVICEREMOTE LOCK AND WIPE
Hospital Network
WLA532
WLC2800
W/Smartpass
SRX 550
UAC/Pulse Mobile Security/SA
Dr. Rose 369
ConnectConnect
Can’t access!!!
This device was reported as stolen
!
Wiping ipad
28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Orchestrated security
Granular context based security that adjust policy enforcement to the associated security risks
Application Access
Controlled
Security Risks
Contained
Devices
Comprehensive enterprise offering
Broad coverage for user devices, wired and wireless networks
SimplicityCentralized policy creation and fully automated enforcement, wired and wireless
JUNIPER SIMPLY CONNECTED PORTFOLIO DELIVERS
THANK YOU