We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byScot Caldwell
Modified about 1 year ago
SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012
2 Copyright © 2012 Juniper Networks, Inc. AGENDA Challenges in the campus network today Becoming Simply Connected Juniper technologies for the Simply Connected network Questions Copyright © 2011 Juniper Networks, Inc.
3 Copyright © 2012 Juniper Networks, Inc. THE WORLD IS ON THE MOVE THE NETWORK CAN’T STAND STILL Clients The Network Becomes a Key Enabler or Barrier to IT Success Mobile Home Branch Campus Corp IT Outsourced Ad-Hoc Chosen Applications Assuring Mobile Accessibility Is Now an Imperative
4 Copyright © 2012 Juniper Networks, Inc. MOBILITY REDEFINES BUSINESS PRACTICES AN OPPORTUNITY, NOT A PROBLEM Business ApplicationsPersonal Applications 42% 42% Increased Productivity 39% 39% Reduced Paperwork 37% 37% Increased Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research Pulse
5 Copyright © 2012 Juniper Networks, Inc. Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student 6x FallSummerSpring 2011 INCREASED EXPECTATIONS FOR NETWORKS FallSpringSummer 2010
6 Copyright © 2012 Juniper Networks, Inc. THE SOLUTION IS TO BE SIMPLY CONNECTED Switching Security Juniper Simply Connected Portfolio Services Wireless Routing Automated, uninterrupted service Safe and simple mobility while protecting assets An integrated portfolio of resilient wired, wireless and security products that simply enable mobility at scale. Consistent Security Performance at Scale Highly Resilient “All the great things are simple.” - Albert Einstein Consistent Security Performance at Scale Highly Resilient Scalability without complicating the network
7 Copyright © 2012 Juniper Networks, Inc. 1. CONSISTENT SECURITY BRINGING CONTROL BACK TO IT MAG EX Servers AP SRX WLC EX AP Campus Branch Freedom to choose and change Security context and coordination Device, Network and App Security Qualify the Device 1 Provision and Authenticate the User 2 Enforce Security Policies in the User and Application Level 3 Control the Device and Avoid Data Leakage 4 SRX MX
8 Copyright © 2012 Juniper Networks, Inc. 2. PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING MAG EX Servers AP SRX WLC EX AP Campus Branch SRX MX Wired-like Performance Everywhere 1 Designed for Bandwidth Hungry Rich-Media Applications 2 No Performance Tradeoffs as Campus Scales 3 Protection for High Priority Sessions Optimized Distribution of Traffic on APs Low Latency & Increased Throughput
9 Copyright © 2012 Juniper Networks, Inc. 3. HIGHLY RESILIENT FOR NON-STOP PRODUCTIVITY MAG Servers SRX WLC MX Campus MX Designed for Mission-Critical Networks 1 Layers of Protection for Planned and Unplanned Outages 2 Simplified Operations 3 No Single Point of Failure Carrier Class Network for Enterprise 80% Fewer Managed Devices SRX EX AP Branch EX AP
10 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECED Becoming Simpler and More Resilient Lets look at a practical example…
11 Copyright © 2012 Juniper Networks, Inc. THE SIMPLY CONNECTED STORY We will show you how a Juniper network manages voice and video calls from non-company owned devices and how our WL and EX series provide a uniquely resilient environment for the mobile user We will detail some of the key differentiating technologies that we have to offer for wireless and ethernet switching A DAY IN THE LIFE of a simply connected user 11 Copyright © 2010 Juniper Networks, Inc. Our technical experts are standing by to take your detailed technical questions on any of the material presented at the end of this seminar
12 Copyright © 2012 Juniper Networks, Inc. ELEMENTS OF A “SIMPLY CONNECTED” CAMPUS Apps Data Finance Video Active Directory/ LDAP MAG Wireless AP’s Junos Pulse Client Wireless LAN Controller Ethernet core switches Ethernet access switches Router Firewall IDP SSLVPN RADIUS Universal Access Control SRX Router/Firewall/IDP Internet Corporate Data Center
13 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED 1 1 Network Enter the building and associate with WLAN. Start SIP call over WLAN. Start video over WLAN.
14 Copyright © 2012 Juniper Networks, Inc. WLAN ManagementWLAN Controller COMPONENTS OF A WIRELESS LAN (WLAN) Access Point Trusted Client 802.1x Authentication Encrypted UAC/MAG Access Firewall Wireless LAN CONTROLLER (WLC) Campus Core (Location) WLM1200 WLAN Management
15 Copyright © 2012 Juniper Networks, Inc. OPTIMAL ARCHITECTURE FOR VOICE AND VIDEO Smart Mobile Architecture Centralized AND Distributed Switching Security Management Reliability Performance CENTRALIZED DISTRIBUTED A B C D Local Switching Inter-Module Switching
16 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network AJ walks past a conference room full of visitors who are all using WLAN to do .
17 Copyright © 2012 Juniper Networks, Inc. MANAGING WIRELESS CONGESTION Wired priority is mapped to 4 X WMM access categories for over-the-air QoS Packet prioritization applied to tunneled traffic AP and controllers classify and mark user traffic
18 Copyright © 2012 Juniper Networks, Inc. AUTOMATIC CLIENT LOAD BALANCING 5 GHz capable client ‘encouraged’ to connect at 5 GHz 2.4 GHz only client connects at 2.4 GHz Automatic Load Balancing per RF Band Band Steering
19 Copyright © 2012 Juniper Networks, Inc. WLA532 INDOOR N AP Most Compact 11n AP 3x3 MIMO, 3 stream antenna 450Mbit support Integrated antenna design Highly Integrated Client Access and Spectrum Analysis Encrypted, high speed links to Remote Aps Trusted Platform Module ensures authenticity of HW, SW Energy efficient Under 802.3af power limit Reduces consumption per 802.3az
20 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network Virtual Chassis extended L2 domain transports sessions between multiple APs. Mobility domain allows seamless roaming
21 Copyright © 2012 Juniper Networks, Inc. Multiple switches acting as a single, logical device One switch to configure, one switch to manage Improved resiliency and performance Virtual Chassis VIRTUAL CHASSIS SIMPLIFYING THE NETWORK
22 Copyright © 2012 Juniper Networks, Inc. Dual 10GbE links used to extend EX4200/EX3300 Virtual Chassis across closets; each floor managed as single switch EXAMPLE : HORIZONTAL MULTIPLE STORY BUILDING 10GbE Closet 1.1 Closet 1.2 InternetWAN WLC’s Closet 2.1Closet 2.2 Closet 3.1 Closet 3.2 LAG 10GbE Floor 3 Floor 1 Floor 2 EX3300 Virtual Chassis EX4200 Virtual Chassis EX4200 Virtual Chassis 3xEX3300 4xEX4200 5xEX4200 4xEX4200 2xEX4500 2xEX4200 EX4500 Virtual Chassis provides redundant L2/L3 10GbE collapsed core EX4200/EX3300 Virtual Chassis provides redundant L2 access Access switches connect to core using 2x10GbE LAG AP 1 Gbit connect to Access switch EX4500/EX4200 Virtual Chassis
23 Copyright © 2012 Juniper Networks, Inc. ACTIVE-ACTIVE CONTROLLERS Client Session State Primary controller authenticates/ authorizes client 2 2 Client Session State Primary propagates session details to backup controller for use during failure 3 3 A new client associates to the system 1 1 Member Secondary Seed Primary Seed
24 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED 4 4 Network
25 Copyright © 2012 Juniper Networks, Inc. L2 and L3 STATEFUL FAILOVER Master RE – EX4200Backup RE – EX4200 Line card – EX4200 EX4500VC WLC2WLC1 Internet/Data Center Line card – EX Normal traffic flow 5 5 AP1 EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down EX-SW3 immediately switches to backup path WLAN FAIL OVER IN 150 MILLISECONDS All traffic is re-routed Virtual Chassis via Fiber connection to extend range
26 Copyright © 2012 Juniper Networks, Inc SIMPLY CONNECTED Network
27 Copyright © 2012 Juniper Networks, Inc. ENFORCING NETWORK ACCESS POLICIES PC user Corporate Data Center Apps Data Finance Video Active Directory /LDAP Patch Remediation MAG WLCs Pulse detects device is on corporate network and per user policy disables any active VPN sessions 1 1 During 802.1x authentication. MAG verifies PC meets company software and security policy requirements 2 2 Compliance check fails. Antivirus signatures are out of date and user is quarantined to remediation VLAN. Patch server updates signatures. User is now in compliance and granted network access 3 3 EX4500 VC and EX4200 VC SRX EX4200 VC SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM SRX AppSecure Polices block non- work related applications 6 6 SRX enforces user policies allowing user basic access to all servers except finance 5 5 MAG pushes role based FW policies to EX and SRX 4 4 Virus SW too old Internet
28 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network
29 Copyright © 2012 Juniper Networks, Inc. Wireless User Tablet/smartphone Corporate Data Center Apps Data Video Active Directory /LDAP MAG with Radius, SSLVPN and UAC modules WLCs User needs to access company intranet over non-corporate network using iPad 1 1 User starts Junos Pulse and initiates a secure VPN session with MAG appliance 2 2 MAG verifies user login, establishes VPN and the device is allowed on the network. 3 3 SRX AppSecure polices block non-work related applications 6 6 EX4500 VC and EX4200 VCs SRX with IDP/ AppSecure SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM Finance MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL SRX enforces user policies allowing user access to all servers except finance 5 5 MAG pushes role based ACL and FW policies to the SRX and EX 4 4 Internet
30 Copyright © 2012 Juniper Networks, Inc. THIS AFTERNOON, USE CASE: BRING YOUR OWN DEVICE (BYOD) More users connect their personal wireless devices to your network. Employees need access to business-critical applications. How do you ensure that corporate information is not compromised? Simple and secure access with point-and-click provisioning Role-based access depending on profile, identity, and role Nested application visibility and security enforcement Coordinated threat control automated for wired and wireless environments including day zero attacks. Juniper’s Differentiation Performance at Scale Highly Resilient Consistent Security Trend Challenge
31 Copyright © 2012 Juniper Networks, Inc. THE STEPS TO SIMPLY CONNECTED Provide consistent security across users, applications and devices 1 Build one general purpose network to better serve your new access devices and rich media applications 2 Design for an always-on wired-like wireless experience 3
32 Copyright © 2012 Juniper Networks, Inc. THE NEW CAMPUS & BRANCH O rchestrated E xperience N etwork
Copyright© 2004 Avaya Inc. All rights reserved Responsive Communications for the Mobile Worker Making Wireless as Good as Wired Micky Tsui, Vice President.
Field TDM Deck Optimize and Secure Your Core Infrastructure for Midsize Businesses.
1 © 2007 Avaya Inc. All rights reserved. Understanding SIPs Role in Intelligent Communications Tom Doria Director – Avaya P2P Technical Business Development.
Objectives: Chapter 7: Intranet LAN Design * Goals and considerations in LAN design * Understand the steps in systematic LAN design * Design issues associated.
© 2012 Aerohive Networks CONFIDENTIAL Redefining Enterprise Access AEROHIVE BYOD OVERVIEW.
Trends in Endpoint Security by Richard Lau Trends in Endpoint Security by Richard Lau 29 September 2005.
Wireless Technology. Similarities Between WLAN and LAN A wireless LAN is an 802 LAN. Transmits data using RF carriers vs. data over the wire Looks like.
Is Wi-Fi Ready for This?. High Performance Wi-Fi for Education: Planning, Deploying, and Managing Wi-Fi in Campus Environments © 2011 Xirrus, Inc. All.
Branch Repeater 5.6, 5.7 & VPX Technical Presentation.
Windows Server 2012: New Features. Administering Servers with Server Manager Using Server Manager, you can: Manage multiple servers from one instance.
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Windows 2008 Active Directory Configuration – Week 4 of 6 Microsoft Test: Mark McCoy MCSE, CNE, CISSP.
Copyright © Siemens Enterprise Communications GmbH & Co. KG All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee.
Venkatesh Gopalakrishnan Group Program Manager Microsoft Corporation WSV305 Lambert Green Development Lead Microsoft Corporation.
© Copyright XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO.
© Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. Enabling Cloud with SDN/Virtual.
1 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 11: Its a Network Introduction to Networking 11.0.
Network Services for Enhanced Cloud Computing T. V. Lakshman Bell Labs (Jointly with F. Hao, S. Mukherjee, H. Song)
Technical Track n – Wireless Performance for Control? Paul Brooks, Rockwell Automation Paul Didier, Cisco.
1 Copyright © 2011 M. E. Kabay. All rights reserved. Wireless LANs CSH5 Chapter 33 Wireless LAN Security Gary L. Tagg.
Copyright 2011 John Wiley & Sons, Inc6 - 1 Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
Joey Snow Technical Evangelist Microsoft Corporation Session Code: WSV207.
21st Century Learning with Wireless LAN in Schools.
Copyright © 2005 SOA Software, Inc. All Rights Reserved. Specifications Subject to Change Without Notice. Overcoming the SOA Network Fallacy Roberto Medrano.
Where are we going?. 2 Some of the forces driving WLAN (re)design Migration to IPv6 Consumer devices in the enterprise Migration to the.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.
1/4/2014 Enterprise to Cloud Mobilize, Secure & Accelerate your Business Customer Date `
Copyright © signal Solutions, Inc. Wi-Fi / WLAN Performance Management and Optimization Veli-Pekka Ketonen CTO, 7signal Solutions.
© 2016 SlidePlayer.com Inc. All rights reserved.