your business' future - today
TRANSCRIPT
YOUR BUSINESS FUTURE TODAY
AG
EN
DA
Business Session 11:00am – 12:30pm Activity Based Working Unified Communications
Demo Windows 8 Devices Cloud Services
Office 365 IaaS
Technical Session 1:00pm – 2:30pm BYOD Network infrastructure
Wireless Secure Remote Access Policy and Control
HOW, WHEN, AND WHERE WE WORK
• Work Life Balance has become Work Life Integration• Work from home• Mobile work force• Collaborative environments and technologies
AC
TIV
ITY
BA
SE
D
WO
RK
ING
Microsoft - Sydney
AC
TIV
ITY
BA
SE
D
WO
RK
ING
Microsoft - Brisbane
AC
TIV
ITY
BA
SE
D
WO
RK
ING
Macquarie Group - Sydney
AC
TIV
ITY
BA
SE
D
WO
RK
ING
CBA – Darling Harbour
AC
TIV
ITY
BA
SE
D
WO
RK
ING
“Everyone uses a laptop, and the space has no fixed phones at all, with Microsoft’s Enterprise Voice solution providing converged telephony and messaging that is delivered to a person, not a desk.”
AC
TIV
ITY
BA
SE
D
WO
RK
ING
“Activity Based Working is about People, Place, and Technology”
Technology Enablers
Unified Communications & Collaboration
Client devices Wireless Internet & WAN services Secure remote access Cloud Services Location Services
LOCATION BASED SERVICES
AC
TIV
ITY
BA
SE
D
WO
RK
ING
The Benefits Customer Satisfaction and
Responsiveness Mobility and flexibility Sustainability and carbon reduction Competitive advantage Disaster recovery Staff retention Cost Savings in real estate and staff
churn
Authentication
Administration
Storage
Compliance
Unified Inbox & Presence
AudioConferencin
gE-mail and
CalendaringWeb
Conferencing Telephony
VideoConferencin
g Voice MailInstant
Messaging (IM)
Communications Today
Authentication
Administration
Storage
User ExperienceAuthentication
Administration
Storage
UserExperience
Authentication
Administration
Storage
User Experience
Authentication
Administration
Storage
UserExperience Authentication
Administration
Storage
User Experience
Authentication
Administration
Storage
UserExperience
Authentication
Administration
Storage
User Experience
Telephony and
Voice Mail
InstantMessaging
E-mail andCalendarin
g
Unified Conferencin
g: Audio, Video, Web
Future of Communications
On-Premises Hybrid In the Cloud
MICROSOFT UNIFIED COMMUNICATIONS
Messaging Voicemail Telephony IM & Presence Collaboration
Achieve higher reliability and performance and enhance your communications at lower cost.
Consolidate email and voicemail onto one inbox.
VoIP solution that allows users to communicate via PC, desk phone or mobile.
Contact based on presence via phone, video or application.
Switch seamlessly between audio, video and web conferencing.
On-Premise Solution
Cloud Solution
WINDOWS 8 DEVICES
OFFICE 365
BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE FOR BUSINESSES
OF ALL SIZES.
OFFICE 365
E4 Plan with Voice: $36.85
HOW CAN ACTIVITY BASED WORKING CONCEPTS DRIVE POSITIVE CHANGE FOR YOUR BUSINESS?
SP
EC
IAL O
FFE
R
Free Business Productivity Analysis
Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.
Normally valued at $3,000 – Free for attendees
Don’t Forget:You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.
BREAK
BYOD
• Scope• Budget• Device Support• Security• Application
accessibility• Network Access
SIMPLY CONNECTED FOR UC&C WITH MICROSOFT LYNC
October 2012
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
UC&C MARKET TRENDS AND ISSUES
Paradigm shift – occurring on both ends, devices and applications
Network’s role needs to step up significantly to meet new challenges
Available ApplicationsLegacy IT environment is based on control
Available Applications
IT AppEmail, CRM, ERP, HR
BYOD
HIGH PERFORMANCE
NETWORK (purpose built)
HIGH PERFORMANCE
NETWORK
USER DRIVEN INTERNET
(best effort)
Office Employee
IT AppPOS, ERP, PBX
Social
IT AppPOS, ERP, PBX
3rd Party
Any time/ location
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNIPER’S SIMPLY CONNECTED FOR UC&C
WANCampusRemote
UserBranch
Data Center
High Performance, Resilient, Open
UC&C Infrastructure and Applications
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE GOAL IS TO BE SIMPLY CONNECTED
WL Series
SRX Series
EX Series
Wired-like experience on wireless – resiliency and
performance
Simplified switching architecture, now a complete,
feature-rich portfolio
Device-agnostic secure connectivity
Security follows user, and application intelligence
Simple for usersSimple for IT
Superb QoEHighly economic
Integrated securityAlways on resiliency
High performanceSimplified architecture
Automation
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Agenda
Reference Architecture For UC&C
Network Resiliency (Wireless & Wired)
Wireless Network Congestion & CAC
Network Access and Policy Control
Secure Remote Access and Integration
28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
REFERENCE ARCHITECTURE – UC&C
29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NETWORK REFERENCE ARCHITECTURE FOR UC&C
30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
KEY REQUIREMENTS OF A UC&C NETWORK
Open
Reliable
Secure
Scalable
31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
UNIFIED COMMUNICATIONS INTEROPERABILITY FORUM
Non profit vendor alliance formed in April 2010
Open to all UC hardware, software vendors, service providers and network operators
Mission - To enable interoperability of UC scenarios based on existing standards
Founders Contributors
32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NETWORK RESILIENCY & RELIABILITY
33 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLAN ManagementWLAN Controller
COMPONENTS OF A JUNIPER WIRELESS LAN (WLAN)
Access Point
TrustedClient
802.1xAuthentication
EncryptedMAG
Access
Firewall
Wireless LAN CONTROLLER
(WLC)
CampusCore
(Location)WLM1200
WLANManagement
34 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SINGLE POINT OF MANAGEMENT FOR ALL CONTROLLERS
Primary Seed
MemberMember Member
Secondary Seed
35 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Member
HOW THE CLUSTER ADDS A NEW CONTROLLERThe seed pushes the configuration to the
new member
2
The primary controllerpushes configurations to the
secondary seed and members
1
Primary Seed
Secondary Seed
Member
When a member is removedand replaced the same
process is used
3
Member
Member
Member
36 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HOW THE CLUSTER ADDS A NEW AP
Member
Secondary Seed
The Primary Seed sends AP config to the Primary controller and the AP sets up a connection
2
MemberMember
Primary Seed
A new AP is introduced and contacts the Primary Seed.
1
Member
The Primary Seed sends AP config to the Secondary controller and the
AP sets up a connection
3
37 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
HOW CLIENTS ARE ASSIGNED PRIMARY AND SECONDARY CONTROLLERS
Client Session
State
Primary controllerauthenticates/
authorizes client
2
ClientSession
State
Primary propagates session details to backup controller
for use during failure
3
A new client associatesto the system
1
Member MemberMember
Secondary Seed
Primary Seed
38 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SELF-REPAIRING CONTROL ARCHITECTURE
Member MemberMember
Secondary Seed
Primary Seed
Should the Primary betaken out of service, the Secondary immediately
takes over
1
• AP Re-homes to backup Member Controller..
39 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NONSTOP OPERATION
Member Member
Secondary Seed
Primary Seed
A new Secondary isdesignated and is given the
AP configuration andclient session state
2
HITLESSFAILOVER
• Primary-Seed identifies & updates 3rd controller (WLC) as new Backup Member for AP/Client Session State.
40 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
IN-SERVICE SOFTWARE UPGRADE
Member MemberMember
Secondary Seed
Primary Seed
AP moves associated stationsto alternate AP then upgrades
4
HITLESSUPGRADE
Secondary passes control back to Primary and
upgrades
2
Primary Controller initiates upgrade sequence; passes control to
Secondary and upgrades
1
Primary Seed coordinates individual member upgrades; Member moves APs to
backup controller and upgrades
3
• Leverage Hitless Failover Functionality to provide ISSU..
41 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Smart Mobile - Seamless Mobility
Controller A Controller B
Subnet 1 Subnet 2
LOCAL SWITCHING IMPROVED PERFORMANCE
Controller A Controller B
Anchored Mobility – Basic Roaming
Roam
Client A on Subnet 1
Client B on Subnet 1
Client A on Subnet 1
Subnet 1 Subnet 2
Client A on Subnet 1
Client B on Subnet 1
RoamClient A on Subnet 1
Mobility Domain
42 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Virtual Chassis
Multiple switches acting asa single, logical device
One switch to configure,one switch to manage
Improved resiliencyand performance
VIRTUAL CHASSISSIMPLIFYING THE NETWORK
• No Single Points of Failure.
43 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Master
Backup
DISTRIBUTED SWITCHING
Local Switching
Inter-Module Switching
A
B
C
D
VCP Links
44 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
L2 and L3 STATEFUL FAILOVER
Master RE – EX4200 Backup RE – EX4200
Line card – EX4200 Line card – EX4200
Line card – EX4200
EX4500VC
WLC2 WLC1
Internet/DataCenter
Line card – EX4200
0
1
2
4
3
Normal traffic flow
5
AP1
EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down
EX-SW3 immediately switches to backup path
FAIL OVERIN SUB-50
MILLISECONDS!
All traffic is re-routed
• Switch Failure & Re-Routing via Backup VCP-Path. New BackUp RE chosen.
45 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIRELESS NETWORK CONGESTION AND CALL ADMISSION CONTROL
46 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WIFI MULTIMEDIA ACCESS CATEGORIES
Wired priority is mapped to 4 X WMM access categories for
over-the-air QoS
Packet prioritization applied to tunneled
traffic
AP and controllers classify and mark user
traffic
47 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
New clientsession accepted!
2 active calls
8 voice devicesassociated but idle
DYNAMIC CALL ADMISSION CONTROL
Roaming usersession accepted!
Roam acceptedcall preserved!
48 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AUTOMATIC CLIENT LOAD BALANCING
5 GHz capable client ‘encouraged’ to connect at 5 GHz
2.4 GHz only client connects at 2.4 GHz
Automatic Load Balancing per RF
Band
Band Steering
49 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NETWORK ACCESS & POLICY CONTROL
50 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
OVERVIEW – COORDINATED THREAT CONTROL
Apps
Data
Finance
Video
Active Directory/LDAP
MAG
Wireless AP’s
Junos Pulse Client
Wireless LANController
Ethernet coreswitches
Ethernet access switches
RouterFirewallIPS
SSLVPNRADIUS
UniversalAccessControl
SRX Router/Firewall/IPS
Internet
Corporate Data Center
51 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLC
Wireless UserTablet/smartphone
Corporate Data
Center
MAG with Radius, SSLVPN and UAC
modules
Smartphone start 802.1x authentication
to AP
1
AP sends Authorization request to WLC
2
WLC sends information to Radius Server
3
WLC sends user policy information to APVLAN, ACLs, QoS
5
Radius Server sends username/pass to
Active Directory/LDAP for validation. Then sends user policy to
WLC
4AP sets User policies VLAN, QoS, ACL’s
Wireless Data Encrypted
6
Smartphonedevices on WLAN
IP addresses received via DHCP
7
ESTABLISHING A WIRELESS CONNECTION
SRX with IDP/AppSecure
EX SeriesAP
EX Series
52 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
NETWORK ACCESS AND POLICY CONTROL
Device authenticated on wireless network
1DHCP Server
communicates User and IP information to MAG
via IF-MAP
2
MAG pushes role based ACL and FW
policies to EX and SRX
3SRX AppSecure
Polices block non-work related
applications like Hulu and Netflix
5SRX enforces user
policies allowing user basic access to all
servers except finance
4Apps
Data
Finance
Video
Active Directory /LDAP
Corporate Data Center
WLC
Wireless UserTablet/smartphone
MAG
SRX
AP
DHCP and IF-MAP
SRX AppTrack feature combined with MAG
data collects per user application information
providing detailed reports in STRM
Internet
EX Series
53 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ENFORCING NETWORK ACCESS POLICIES
PC user
Corporate Data Center
Apps
Data
Finance
Video
Active Directory/LDAP
Patch Remediation
MAG
WLCs
Pulse detects device is on corporate network andper user policy disables any active VPN sessions
1During 802.1x authentication. MAG verifies PC meets company software and security policy requirements
2Compliance check fails. Antivirus signatures are out of date and useris quarantined to remediation VLAN. Patch server updates signatures.User is now in compliance and granted network access
3
EX4500 VC and EX4200 VC
SRX
EX4200 VC
SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM
SRX AppSecure Polices block non-work related applications
6SRX enforces user policies allowing user basic access to all servers except finance
5
MAG pushes role based FW policies to EX and SRX
4
Virus SW too
old
Internet
54 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SECURE REMOTE ACCESS AND INTEGRATION
55 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Wireless UserTablet/smartphone
Corporate Data CenterApps
Data
Video
Active Directory/LDAP
MAG with Radius,SSLVPN and UAC
modules
WLCs
User needs to access company intranet overnon-corporate network using iPad
1
User starts Junos Pulse and initiates a secure VPN session with MAG appliance
2
MAG verifies user login, establishes VPN and the device is allowed on the network.
3
SRX AppSecure polices blocknon-work related applications
6
EX4500 VC and EX4200 VCs
SRX with IDP/AppSecure
SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM
Finance
MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL
SRX enforces user policies allowing user access to all servers except finance
5
MAG pushes role based ACL and FW policies to the SRX and EX
4
Internet
56 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
BYOD: ONBOARDING GUEST USERSDEMO
57 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ONBOARDING GUEST USERSGUEST SELF PROVISIONING & APPLICATION RESTRICTION
GUEST ID
Hospital Guest Login
(408) 569-9863
www.youtube.com
Can’t access!!!
This Hospitalis keeping
bandwidth for what matters most
!
Hospital Network
SRX 550
MAG Series (UAC)
WLA532
WLC2800
with Smartpass
58 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLC
Wireless UserTablet/smartphone
Unknown device connects to open captive portal SSID
1
User session is captured and redirected to SmartPass
2
User selects SmartPass self-registration and creates a temporary user credential
3
User uses temporary credentials to authenticate against SmartPass
5
SmartPass sends temporary credential to end user via Clickatell SMS service
4
User is connected to the network using mobile phone number and temporary password
6
SmartPass
EX SeriesAP
EX Series
ONBOARDING GUEST USERSGUEST SELF PROVISIONING
Clickatell SMS Gateway service
59 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ROLE BASED NETWORK SEGREGATION
Device authenticates on wireless network
1Smartpass
communicates User and IP information to UAC
via IF-MAP
2
UAC pushes role based ACL and FW policies to
EX, WL and SRX
3SRX enforces user
policies allowing user basic access to all
servers except finance
4Apps
Data
Finance
Video
Active Directory /LDAP
Corporate Data Center
WLC
Wireless UserTablet/smartphone
UAC
SRX
AP
SmartPass
EX Series
60 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ONBOARDING GUEST USERSGUEST SELF PROVISIONING
Step 1: connect device to SSID ‘Juniper_Guest_Access’
Step 2: open web browser and browse to www.juniper.net (or use bookmark)
Acmegizmo captive portal page should come up
Step 3: click on the ‘Create New User’ button to self-provision temporary user credentials
Step 4: enter a valid mobile number, name, email and company; click ‘send SMS’
Phone number must be able to receive SMS messages, other data can be bogus (except email must be well-formed)
Within a minute or two phone should receive welcome message
Step 5: enter the temporary credentials into the captive portal login page to access the guest network
SP
EC
IAL O
FFE
R
Free Business Productivity Analysis
Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.
Normally valued at $3,000 – Free for attendees
Don’t Forget:You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.