Presentation is loading. Please wait.

Presentation is loading. Please wait.

SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012.

Published byScot Caldwell Modified over 9 years ago

Similar presentations

Presentation on theme: "SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012."— Presentation transcript:

1 SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch alevens@juniper.net February 14, 2012

2 2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net AGENDA  Challenges in the campus network today  Becoming Simply Connected  Juniper technologies for the Simply Connected network  Questions Copyright © 2011 Juniper Networks, Inc. www.juniper.net

3 3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THE WORLD IS ON THE MOVE THE NETWORK CAN’T STAND STILL Clients The Network Becomes a Key Enabler or Barrier to IT Success Mobile Home Branch Campus Corp IT Outsourced Ad-Hoc Chosen Applications Assuring Mobile Accessibility Is Now an Imperative

4 4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net MOBILITY REDEFINES BUSINESS PRACTICES AN OPPORTUNITY, NOT A PROBLEM Business ApplicationsPersonal Applications 42% 42% Increased Productivity 39% 39% Reduced Paperwork 37% 37% Increased Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research Pulse

5 5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student 6x FallSummerSpring 2011 INCREASED EXPECTATIONS FOR NETWORKS FallSpringSummer 2010

6 6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THE SOLUTION IS TO BE SIMPLY CONNECTED Switching Security Juniper Simply Connected Portfolio Services Wireless Routing Automated, uninterrupted service Safe and simple mobility while protecting assets An integrated portfolio of resilient wired, wireless and security products that simply enable mobility at scale. Consistent Security Performance at Scale Highly Resilient “All the great things are simple.” - Albert Einstein Consistent Security Performance at Scale Highly Resilient Scalability without complicating the network

7 7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net 1. CONSISTENT SECURITY BRINGING CONTROL BACK TO IT MAG EX Servers AP SRX WLC EX AP Campus Branch Freedom to choose and change Security context and coordination Device, Network and App Security Qualify the Device 1 Provision and Authenticate the User 2 Enforce Security Policies in the User and Application Level 3 Control the Device and Avoid Data Leakage 4 SRX MX

8 8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net 2. PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING MAG EX Servers AP SRX WLC EX AP Campus Branch SRX MX Wired-like Performance Everywhere 1 Designed for Bandwidth Hungry Rich-Media Applications 2 No Performance Tradeoffs as Campus Scales 3 Protection for High Priority Sessions Optimized Distribution of Traffic on APs Low Latency & Increased Throughput

9 9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net 3. HIGHLY RESILIENT FOR NON-STOP PRODUCTIVITY MAG Servers SRX WLC MX Campus MX Designed for Mission-Critical Networks 1 Layers of Protection for Planned and Unplanned Outages 2 Simplified Operations 3 No Single Point of Failure Carrier Class Network for Enterprise 80% Fewer Managed Devices SRX EX AP Branch EX AP

10 10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECED Becoming Simpler and More Resilient Lets look at a practical example…

11 11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THE SIMPLY CONNECTED STORY  We will show you how a Juniper network manages voice and video calls from non-company owned devices and how our WL and EX series provide a uniquely resilient environment for the mobile user  We will detail some of the key differentiating technologies that we have to offer for wireless and ethernet switching A DAY IN THE LIFE of a simply connected user 11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net Our technical experts are standing by to take your detailed technical questions on any of the material presented at the end of this seminar

12 12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net ELEMENTS OF A “SIMPLY CONNECTED” CAMPUS Apps Data Finance Video Active Directory/ LDAP MAG Wireless AP’s Junos Pulse Client Wireless LAN Controller Ethernet core switches Ethernet access switches Router Firewall IDP SSLVPN RADIUS Universal Access Control SRX Router/Firewall/IDP Internet Corporate Data Center

13 13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECTED 1 1 Network Enter the building and associate with WLAN. Start SIP call over WLAN. Start video over WLAN.

14 14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLAN ManagementWLAN Controller COMPONENTS OF A WIRELESS LAN (WLAN) Access Point Trusted Client 802.1x Authentication Encrypted UAC/MAG Access Firewall Wireless LAN CONTROLLER (WLC) Campus Core (Location) WLM1200 WLAN Management

15 15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net OPTIMAL ARCHITECTURE FOR VOICE AND VIDEO Smart Mobile Architecture Centralized AND Distributed Switching Security Management Reliability Performance CENTRALIZED DISTRIBUTED A B C D Local Switching Inter-Module Switching

16 16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECTED 2 2 1 1 Network AJ walks past a conference room full of visitors who are all using WLAN to do email.

17 17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net MANAGING WIRELESS CONGESTION Wired priority is mapped to 4 X WMM access categories for over-the-air QoS Packet prioritization applied to tunneled traffic AP and controllers classify and mark user traffic

18 18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net AUTOMATIC CLIENT LOAD BALANCING 5 GHz capable client ‘encouraged’ to connect at 5 GHz 2.4 GHz only client connects at 2.4 GHz Automatic Load Balancing per RF Band Band Steering

19 19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net WLA532 INDOOR 802.11N AP Most Compact 11n AP  3x3 MIMO, 3 stream antenna  450Mbit support  Integrated antenna design Highly Integrated  Client Access and Spectrum Analysis  Encrypted, high speed links to Remote Aps  Trusted Platform Module ensures authenticity of HW, SW Energy efficient  Under 802.3af power limit  Reduces consumption per 802.3az

20 20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECTED 3 3 2 2 1 1 Network Virtual Chassis extended L2 domain transports sessions between multiple APs. Mobility domain allows seamless roaming

21 21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Multiple switches acting as a single, logical device One switch to configure, one switch to manage Improved resiliency and performance Virtual Chassis VIRTUAL CHASSIS SIMPLIFYING THE NETWORK

22 22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Dual 10GbE links used to extend EX4200/EX3300 Virtual Chassis across closets; each floor managed as single switch EXAMPLE : HORIZONTAL MULTIPLE STORY BUILDING 10GbE Closet 1.1 Closet 1.2 InternetWAN WLC’s Closet 2.1Closet 2.2 Closet 3.1 Closet 3.2 LAG 10GbE Floor 3 Floor 1 Floor 2 EX3300 Virtual Chassis EX4200 Virtual Chassis EX4200 Virtual Chassis 3xEX3300 4xEX4200 5xEX4200 4xEX4200 2xEX4500 2xEX4200 EX4500 Virtual Chassis provides redundant L2/L3 10GbE collapsed core EX4200/EX3300 Virtual Chassis provides redundant L2 access Access switches connect to core using 2x10GbE LAG AP 1 Gbit connect to Access switch EX4500/EX4200 Virtual Chassis

23 23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net ACTIVE-ACTIVE CONTROLLERS Client Session State Primary controller authenticates/ authorizes client 2 2 Client Session State Primary propagates session details to backup controller for use during failure 3 3 A new client associates to the system 1 1 Member Secondary Seed Primary Seed

24 24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECTED 4 4 Network 2 2 3 3 1 1

25 25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net L2 and L3 STATEFUL FAILOVER Master RE – EX4200Backup RE – EX4200 Line card – EX4200 EX4500VC WLC2WLC1 Internet/Data Center Line card – EX4200 0 0 1 1 2 2 4 4 3 3 Normal traffic flow 5 5 AP1 EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down EX-SW3 immediately switches to backup path WLAN FAIL OVER IN 150 MILLISECONDS  All traffic is re-routed Virtual Chassis via Fiber connection to extend range

26 26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net 5 5 3 3 1 1 4 4 2 2 SIMPLY CONNECTED Network

27 27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net ENFORCING NETWORK ACCESS POLICIES PC user Corporate Data Center Apps Data Finance Video Active Directory /LDAP Patch Remediation MAG WLCs Pulse detects device is on corporate network and per user policy disables any active VPN sessions 1 1 During 802.1x authentication. MAG verifies PC meets company software and security policy requirements 2 2 Compliance check fails. Antivirus signatures are out of date and user is quarantined to remediation VLAN. Patch server updates signatures. User is now in compliance and granted network access 3 3 EX4500 VC and EX4200 VC SRX  EX4200 VC SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM  SRX AppSecure Polices block non- work related applications 6 6 SRX enforces user policies allowing user basic access to all servers except finance 5 5 MAG pushes role based FW policies to EX and SRX 4 4 Virus SW too old Internet

28 28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net SIMPLY CONNECTED Network 5 5 3 3 1 1 4 4 2 2 6 6

29 29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Wireless User Tablet/smartphone Corporate Data Center Apps Data Video Active Directory /LDAP MAG with Radius, SSLVPN and UAC modules WLCs User needs to access company intranet over non-corporate network using iPad 1 1 User starts Junos Pulse and initiates a secure VPN session with MAG appliance 2 2 MAG verifies user login, establishes VPN and the device is allowed on the network. 3 3 SRX AppSecure polices block non-work related applications 6 6 EX4500 VC and EX4200 VCs SRX with IDP/ AppSecure  SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM Finance MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL SRX enforces user policies allowing user access to all servers except finance 5 5 MAG pushes role based ACL and FW policies to the SRX and EX 4 4  Internet

30 30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THIS AFTERNOON, USE CASE: BRING YOUR OWN DEVICE (BYOD) More users connect their personal wireless devices to your network. Employees need access to business-critical applications. How do you ensure that corporate information is not compromised? Simple and secure access with point-and-click provisioning Role-based access depending on profile, identity, and role Nested application visibility and security enforcement Coordinated threat control automated for wired and wireless environments including day zero attacks. Juniper’s Differentiation Performance at Scale Highly Resilient Consistent Security Trend Challenge

31 31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THE STEPS TO SIMPLY CONNECTED Provide consistent security across users, applications and devices 1 Build one general purpose network to better serve your new access devices and rich media applications 2 Design for an always-on wired-like wireless experience 3

32 32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net THE NEW CAMPUS & BRANCH O rchestrated E xperience N etwork

33

Download ppt "SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012."

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
© 2011 Aerohive Networks CONFIDENTIAL WI-FI DESIGN 101: QUESTIONS EVERY MANAGER SHOULD ANSWER BEFORE PURCHASING WI-FI.

© 2011 Aerohive Networks CONFIDENTIAL WI-FI DESIGN 101: QUESTIONS EVERY MANAGER SHOULD ANSWER BEFORE PURCHASING WI-FI.
Chapter 7: Intranet LAN Design

Chapter 7: Intranet LAN Design
1 Copyright © 2012 Juniper Networks, Inc. www.juniper.net Executive Intro Slide Turn Trends into Opportunities Vertical Wide Michael Tjon-En-Fa Industry,

1 Copyright © 2012 Juniper Networks, Inc. Executive Intro Slide Turn Trends into Opportunities Vertical Wide Michael Tjon-En-Fa Industry,
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
Brocade VDX 6746 switch module for Hitachi Cb500

Brocade VDX 6746 switch module for Hitachi Cb500
End to End Security Westcon / Juniper 5 daagse Pieter van Dijk Dennis de Leest.

End to End Security Westcon / Juniper 5 daagse Pieter van Dijk Dennis de Leest.
Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.
Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.
 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.

 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.
The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.
Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.

Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.
Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.
LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.

LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.
Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.
Chapter 12 Network Security.

Chapter 12 Network Security.
Unified Logs and Reporting for Hybrid Centralized Management

Unified Logs and Reporting for Hybrid Centralized Management
Ch.6 - Switches CCNA 3 version 3.0.

Ch.6 - Switches CCNA 3 version 3.0.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, 2009 05/30/2009.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

Similar presentations

Ads by Google