Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAG (UAC,SSL) UPDATE Westcon 5 daagse 13 Februari 2012 Dennis de Leest Security Systems Engineer.

Published byAmberly Walker Modified over 8 years ago

Similar presentations

Presentation on theme: "MAG (UAC,SSL) UPDATE Westcon 5 daagse 13 Februari 2012 Dennis de Leest Security Systems Engineer."— Presentation transcript:

1 MAG (UAC,SSL) UPDATE Westcon 5 daagse 13 Februari 2012 Dennis de Leest Security Systems Engineer

2 2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net AGENDA Gartner overview (just published) Junos Pulse Gateways Licensing Changes

3 3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net SSL OVERVIEW GARTNER (LAST ONE !!)

4 4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net UAC OVERVIEW GARTNER

5 5 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE GATEWAYS

6 6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE GATEWAYS Introduction Hardware  Fixed Configuration  Chassis  Application Blades  Chassis Management Card Software  Junos  JWeb  Application Blade Software Pricing

7 7 Copyright © 2010 Juniper Networks, Inc. www.juniper.net INTRODUCTION Junos Pulse Gateway is a universal platform to run SA and IC applications on application blades  Junos Pulse Secure Access Service (SA)  Junos Pulse Access Control Service (IC)  Other applications in the future Next Generation purpose-built AABU hardware platforms  Smaller form factor  Same performance in half the space  Lower power consumption  Dual personality  SA today, IC tomorrow  Common ACCESS licensing

8 8 Copyright © 2010 Juniper Networks, Inc. www.juniper.net INTRODUCTION Includes both fixed and chassis-based systems  Two fixed configurations: MAG2600 and MAG4610  Two chassis configurations: MAG6610 and MAG6611  Shared power and cooling  Application blades  Optional Chassis Management Card (CMC)

9 9 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG2600

10 10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG2600 Fixed configuration appliance designed to be:  Equivalent to SA700/SA2500  New Enterprise Guest Access appliance  Currently Shipping Capacities  SA: 100 Concurrent Users  EGA: 200 Concurrent Users Physical  4” x 7”, < 20W power consumption  Single MAG-SM060 Blade embedded SKUs  MAG2600: SA or EGA appliance  MAG-PS260: spare/replacement external “brick” power supply Prepare for SA700 EOL  Due to parts shortages, the SA700 will be EOL’d soon (likely March 1 st )

11 11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG4610

12 12 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG4610 Fixed configuration appliance equivalent to:  SA4500  IC4500 Capacities  SA: 1000 Concurrent Users  IC: 5000 Concurrent Users Physical  1U, ½-width chassis can be deployed side-by-side in 1 RU  Single MAG-SM160 Blade embedded SKUs:  MAG4610: SA/IC, 2 node-cluster allowed  MAG-RK1U2 = Rack Kit, 1RU x 2 units

13 13 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6610

14 14 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6610 Chassis-based appliance, which depending upon the application blade(s) installed is designed to supplement:  SA4500/SA6500  IC4500/IC6500 Capacities  Dependent upon application blades installed Physical  1U modular chassis  Up to two application blades  One chassis management card (optional)  One power supply (AC or DC)  One or two hard drives per application blade  Two fan trays per application blade

15 15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6610 SKUS Chassis  MAG6610: Bare System Chassis with AC PS Application Blades  Max of 2 per chassis  MAG-SM160: SA/IC application blade (4500 equiv, 1K/5K users)  MAG-SM360: SA/IC application blade (6500 equiv, 10K/15K users) Management  MAG-CM060: Chassis Management Card (optional) Power Supplies  One Required, One Max per chassis  MAG-PS661: 250W AC Power Supply  MAG-PS663: 560W DC Power Supply Hard Drive Spares  MAG-HD060: Spare HD for SM160 and SM360

16 16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6610 APPLICATION BLADE CONFIGURATION One blade here another blade here Slot 1 Slot 2 CMC slot Chassis mgmt card fits in front slot

17 17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611

18 18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611 Chassis-based appliance, which depending upon the application blade(s) installed is designed to supplement:  SA4500/SA6500  IC4500/IC6500 Capacities  Dependent upon application blades installed Physical  2U  Up to four application blades  One chassis management card (optional)

19 19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611 SKUS Chassis  MAG6611: Bare System Chassis with AC PS Application Blades  Max of 4 per chassis  MAG-SM160: SA/IC application blade (4500 equiv, 1K/5K users)  MAG-SM360: SA/IC application blade (6500 equiv, 10K/15K users) Management  MAG-CM060: Chassis Management Card (optional) Power Supplies  Max of 2 per chassis, 1 Required per chassis  MAG-PS662: 560W AC Power Supply  MAG-PS663: 560W DC Power Supply Hard Drive Spares  MAG-HD060: Spare HD for SM160 and SM360

20 20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611 APPLICATION BLADE CONFIGURATION Slot 1Slot 2 Slot 3 CMC slot

21 21 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611 REAR VIEW Power supplies, fans, and hard drives are attached in the rear of the chassis  All components are hot-plug CAPABLE, but there is no software support for that function  Application blades should be powered off before replacement  In order to power on/off individual application blades, a CMC is required

22 22 Copyright © 2010 Juniper Networks, Inc. www.juniper.net APPLICATION BLADES Port Configuration  1 Serial Port  3 Ethernet Ports  Management (active only when SA)  Internal  External Hard Drive Configuration  The SM160 includes one hard drive  The SM360 includes an onboard RAID controller and multiple hard drives Additional hardware  SM360 includes Cavium CN1620 on-board  Trusted Platform Module (TPM) chip  Not used at this time, reserved for future use

23 23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net CHASSIS MANAGEMENT AND SINGLE SIGN-ON Chassis Management Card (CMC) is a daughter card that attaches to one of the application blades  Occupies an even-numbered slot CMC runs Junos v11.1 and provides  Chassis monitoring of “environmentals” such as power and cooling  Chassis control of application blades Slot 1 Slot 2 CMC slot

24 24 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JWEB DASHBOARD

25 25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net HARDWARE PRICING COMPARISON Curr HWCostMAG EquivCostDiff SA700$1,500MAG2600$1,5000% SA2500$2,500MAG2600$1,500-40% SA4500$7,000MAG4610$7,0000% SA4500$7,000MAG6610 MAG-SM160 $2,500 $4,500 0% SA4500 A/P Cluster $14,000Chassis + 2 x Blade$11,500-18% SA6500$27,000MAG6610 MAG-SM360 $2,500 $21,500 -11% SA6500 A/P Cluster $54,000Chassis + 2 x Blade$45,500-16%

26 26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net WHAT’S INCLUDED IN THE BOX SKUBladeHard DriveFan MAG-SM160MAG-SM160N 3-port Non-bypass MAG-HD060 160GB SATA 2 x MAG-FT060 MAG-SM360MAG-SM360N 3-port Non-bypass 2 x MAG-HD060 160GB SATA 2 x MAG-FT060 SKUChassisPower Supply MAG6610MAG6610CMAG-PS661 (250W AC) MAG6611MAG6611CMAG-PS662 (560W AC)

27 27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net LICENSING CHANGES

28 28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net OLD CLUSTER LICENSING N-node cluster with 10000 concurrent users needs  ADD-10000U licenses at one node – the license primary  CL-10000U licenses at other N-1 nodes  CL license at other N-1 nodes for IC  Any feature licenses at primary node Cluster licensed for at least 10000 users under all circumstances  Up to N-1 node failures  cluster partitions  Each partition licenses to support 10000 users If cluster is broken into standalone units  One node with licenses to support 10000 users  Rest of the nodes with no licensed capacity

29 29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net NEW CLUSTER LICENSING Introduced with SSLVPN 7.0 and UAC 4.1 No CL licenses needed  If already present, used in a backward compatible way Any license can be installed at any node  Total concurrent user capacity = sum total of all user count licenses  Licenses on unreachable nodes stop contributing towards total cluster capacity if they stay unreachable for longer than the cluster grace period (5 days)  Unless sufficient CL licenses are present  Starting 7.1r2 grace period increased to 10 days Customers encouraged to distribute ADD user count licenses evenly across the cluster  A node removed from a cluster takes its licenses with it Feature licenses need be present at only one node  No change from current behavior ICE Licenses need be present on all nodes you want to use in case of emergency  2 ICE licenses required for a 2-node cluster

30 30 Copyright © 2010 Juniper Networks, Inc. www.juniper.net CLUSTER CAPACITY EXAMPLE – GOOD Two node cluster  Node A with 500 user count licenses  Node B with 500 user count licenses Cluster capacity as seen by node A  Connected cluster  500 A + 500 B = 1000  Disconnected Cluster  Within grace period of 5 days: 500 A + min(500 A, 500 B ) = 1000  Past grace period: 500 A = 500  Customer has 5 days to diagnose/remedy the problem Even license distribution  Desirable system behavior during cluster disconnects

31 31 Copyright © 2010 Juniper Networks, Inc. www.juniper.net CLUSTER CAPACITY EXAMPLE – NOT RECOMMENDED Two node cluster  Node A with 250 user count licenses  Node B with 750 user count licenses Cluster capacity as seen by node A  Connected cluster  250 A + 750 B = 1000  Disconnected Cluster  Within grace period of 5 days: 250 A + min(250 A, 750 B ) = 500  Past grace period: 250 A = 250 Uneven license distribution  Undesirable drop in licensed capacity during cluster disconnects

32 32 Copyright © 2010 Juniper Networks, Inc. www.juniper.net SA2000/4000/6000 Old cluster licensing SAx000-ADD-xxU and –CL still valid. New cluster licensing SAx000-ADD-xxU on both nodes starting software 7.0. Remark: 7.1 is last release to be supported on SAx000 SA2500/4500/6500 Old cluster licensing SAx500-ADD-xxU and -CL still valid. New cluster licensing SAx500-ADD-xxU on both nodes starting software 7.0. MAG Requires ACCESS-X600 licenses. Licenses have dual personality, SA/IC depending on MAG deployment. Licensing based on new cluster licensing, no –CL licenses available. Minimale software release voor MAG is 7.1 voor SSL en 4.1 voor UAC. SSLVPN Licensing Review (also for UAC)

33 33 Copyright © 2010 Juniper Networks, Inc. www.juniper.net Offline verder praten over: - License server ? (grotere omgevingen) - Virtuele editie van SSL ? Do you love VMWARE, we do to !

34

Download ppt "MAG (UAC,SSL) UPDATE Westcon 5 daagse 13 Februari 2012 Dennis de Leest Security Systems Engineer."

Similar presentations

Cisco 6500 E-Series Chassis Up-grade

Cisco 6500 E-Series Chassis Up-grade
ACCESS LICENSING OVERVIEW sept 2011

ACCESS LICENSING OVERVIEW sept 2011
PowerEdge T20 Customer Presentation. Product overview Customer benefits Use cases Summary PowerEdge T20 Overview 2 PowerEdge T20 mini tower server.

PowerEdge T20 Customer Presentation. Product overview Customer benefits Use cases Summary PowerEdge T20 Overview 2 PowerEdge T20 mini tower server.
PowerEdge T20 Channel NDA presentation Dell Confidential – NDA Required.

PowerEdge T20 Channel NDA presentation Dell Confidential – NDA Required.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
| Copyright © 2009 Juniper Networks, Inc. | www.juniper.net 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.

| Copyright © 2009 Juniper Networks, Inc. | 1 Mike Banic VP, Product Marketing, EPBG Enterprise Infrastructure Solutions.
© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential.
What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect www.NetComLearning.com.

What’s New: Windows Server 2012 R2 Tim Vander Kooi Systems Architect
Cisco UCS Mini Martin Hegarty| Product Manager | Comstor

Cisco UCS Mini Martin Hegarty| Product Manager | Comstor
Brocade VDX 6746 switch module for Hitachi Cb500

Brocade VDX 6746 switch module for Hitachi Cb500
MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.

MUNIS Platform Migration Project WELCOME. Agenda Introductions Tyler Cloud Overview Munis New Features Questions.
PowerEdge M-Series CMC Management

PowerEdge M-Series CMC Management
Linux Clustering A way to supercomputing. What is Cluster? A group of individual computers bundled together using hardware and software in order to make.

Linux Clustering A way to supercomputing. What is Cluster? A group of individual computers bundled together using hardware and software in order to make.
Products Update for Partners December 2010 Asterisk is a registered trademark of Digium, Inc. VoIPon

Products Update for Partners December 2010 Asterisk is a registered trademark of Digium, Inc. VoIPon
Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.

Lesson 15 – INSTALL AND SET UP NETWARE 5.1. Understanding NetWare 5.1 Preparing for installation Installing NetWare 5.1 Configuring NetWare 5.1 client.
Module 8 Installation & Setup M1000e Chassis

Module 8 Installation & Setup M1000e Chassis
MUST HAVE SHOULD HAVE COULD HAVE Module # 010. Qi Hardware Objectives Recognize hardware Know how to interface to field equipment Know the 4 different.

MUST HAVE SHOULD HAVE COULD HAVE Module # 010. Qi Hardware Objectives Recognize hardware Know how to interface to field equipment Know the 4 different.
Introducing VMware vSphere 5.0

Introducing VMware vSphere 5.0
Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.

Virtual Network Servers. What is a Server? 1. A software application that provides a specific one or more services to other computers  Example: Apache.
Motherboard & System Unit. System Unit  The box in which the motherboard and other components of the computer is stored.  On a desktop computer it’s.

Motherboard & System Unit. System Unit  The box in which the motherboard and other components of the computer is stored.  On a desktop computer it’s.

Similar presentations

Ads by Google