SIMPLY CONNECTED
THE NEW CAMPUS NETWORK, MOBILITY CHANGES
EVERYTHING
Alain Levens
Sr. SE Campus & Branch
alevens@juniper.net
February 14, 2012
AGENDA
 Challenges in the campus network today
 Becoming Simply Connected
 Juniper technologies for the Simply Connected
network
 Questions
2
Copyright
Copyright©©2012
2011Juniper
JuniperNetworks,
Networks,Inc.
Inc. www.juniper.net
www.juniper.net
THE WORLD IS ON THE MOVE
THE NETWORK CAN’T STAND STILL
Clients
The Network Becomes a Key Enabler
or Barrier to IT Success
Applications
Mobile
Corp IT
Home
Outsourced
Branch
Campus
3
Ad-Hoc
Chosen
Assuring Mobile Accessibility
Is Now an Imperative
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
MOBILITY REDEFINES BUSINESS PRACTICES
AN OPPORTUNITY, NOT A PROBLEM
Business Applications
Personal Applications
Pulse
42%
39%
37%
Increased
Productivity
Reduced
Paperwork
Increased
Revenue
Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research
4
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
INCREASED EXPECTATIONS FOR NETWORKS
Unique Daily Wireless Sessions
Large American University ~50,000 Students, Multiple Devices Per Student
400000
350000
6x
300000
250000
200000
150000
100000
50000
0
Spring
Summer
Fall
Spring
2010
5
Summer
2011
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Fall
THE SOLUTION IS TO BE SIMPLY CONNECTED
An integrated portfolio of resilient wired,
wireless and security products that
simply enable mobility at scale.
Consistent
Consistent
Security
Security
Safe and simple
mobility while
protecting assets
Highly
Performance
Resilient
at Scale
Scalability without
complicating
the network
Juniper Simply Connected Portfolio
Performance
Highly
at
Scale
Resilient
Automated,
uninterrupted
service
Switching
Wireless
Security
Routing
“All the great things are simple.”
- Albert Einstein
Services
6
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
1. CONSISTENT SECURITY
BRINGING CONTROL BACK TO IT
Branch
1
Qualify the Device
EX
AP
2
SRX
Provision and Authenticate the
User
Campus
3
4
Enforce Security Policies in the
User and Application Level
Control the Device and Avoid
Data Leakage
MX
MAG
MX
SRX
WLC
Device,
Network and
App Security
7
Security
context and
coordination
Freedom
to choose
and change
EX
Servers
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
AP
2. PERFORMANCE AT SCALE
SIMPLE & COST-EFFECTIVE SCALING
1
Wired-like
Performance Everywhere
2
Designed for Bandwidth
Hungry Rich-Media
Applications
3
Branch
EX
AP
SRX
Campus
No Performance Tradeoffs
as Campus Scales
MX
MAG
MX
SRX
WLC
Low Latency
& Increased
Throughput
8
Optimized
Distribution of
Traffic on APs
Protection
for High
Priority
Sessions
EX
Servers
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
AP
3. HIGHLY RESILIENT
FOR NON-STOP PRODUCTIVITY
1
Designed for
Mission-Critical Networks
2
Layers of Protection
for Planned and
Unplanned Outages
3
Branch
EX
AP
SRX
Campus
Simplified Operations
MX
MAG
MX
SRX
WLC
80% Fewer
Managed
Devices
9
Carrier Class
Network for
Enterprise
No Single
Point of
Failure
EX
Servers
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
AP
SIMPLY CONNECED
Becoming Simpler and More Resilient
Lets look at a practical example…
10
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
THE SIMPLY CONNECTED STORY
A DAY IN
THE LIFE
of a simply
connected user
 We will show you how a Juniper network
manages voice and video calls from
non-company owned devices and how our
WL and EX series provide a uniquely resilient
environment for the mobile user
 We will detail some of the key differentiating
technologies that we have to offer for wireless
and ethernet switching
Our technical experts are standing by to take
your detailed technical questions on any of the
material presented at the end of this seminar
11
Copyright
Copyright ©©2012
2010 Juniper
JuniperNetworks,
Networks,Inc.
Inc. www.juniper.net
www.juniper.net
ELEMENTS OF A “SIMPLY CONNECTED” CAMPUS
Wireless LAN
Controller
Active Directory/
LDAP
Data
Junos
Pulse Client
Router
SRX
IDP
Firewall
Router/Firewall/IDP
Finance
Wireless AP’s
Ethernet access
switches
Ethernet core
Universal
switches
Access
Control
RADIUS
SSLVPN
MAG
12
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Video
Apps
Corporate Data Center
Internet
Network
SIMPLY CONNECTED


13
1
Enter the building and associate with WLAN. Start SIP call
Copyright © 2012 Juniper Networks, Inc. www.juniper.net
over WLAN. Start video over WLAN.
COMPONENTS OF A WIRELESS LAN (WLAN)
Access Point
WLAN Controller
WLAN Management
Wireless LAN
CONTROLLER
(WLC)
Campus
Core
Encrypted
WLAN
Management
Firewall
UAC/MAG
Access
(Location)
WLM1200
802.1x
Authentication
Trusted
Client
14
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
OPTIMAL ARCHITECTURE FOR VOICE AND VIDEO
Smart Mobile Architecture
Centralized AND Distributed
Switching
CENTRALIZED
Local Switching
A
B
DISTRIBUTED
C
D
15
Security
Management
Reliability
Performance
Inter-Module
Switching
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Network
SIMPLY CONNECTED


1
2
16
AJ walks
past a conference room full of visitors who are all
Copyright © 2012 Juniper Networks, Inc. www.juniper.net
using WLAN to do email.
MANAGING WIRELESS CONGESTION
Packet prioritization
applied to tunneled
traffic
AP and controllers
classify and mark user
traffic
17
Copyright © 2012 Juniper Networks, Inc.
Wired priority is
mapped to 4 X WMM
access categories for
over-the-air QoS
www.juniper.net
AUTOMATIC CLIENT LOAD BALANCING
Automatic Load
Balancing per RF
Band
Band Steering
5 GHz capable
client ‘encouraged’
to connect at 5 GHz
2.4 GHz only client
connects at 2.4 GHz
18
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
WLA532 INDOOR 802.11N AP
Most Compact 11n AP



3x3 MIMO, 3 stream antenna
450Mbit support
Integrated antenna design
Highly Integrated



Client Access and Spectrum
Analysis
Encrypted, high speed links to
Remote Aps
Trusted Platform Module ensures
authenticity of HW, SW
Energy efficient


19
Under 802.3af power limit
Reduces consumption per
802.3az
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Network
SIMPLY CONNECTED
Virtual Chassis extended L2
domain transports sessions between
multiple APs.
Mobility domain allows seamless roaming


1
3
2
20
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
VIRTUAL CHASSIS
SIMPLIFYING THE NETWORK
Virtual Chassis
Multiple switches acting as
a single, logical device
One switch to configure,
one switch to manage
Improved resiliency
and performance
21
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
EXAMPLE : HORIZONTAL MULTIPLE STORY BUILDING
Floor 3
Floor 2
Closet 2.1
Closet 3.1
Closet 2.2
EX4200
Virtual Chassis
EX3300
Virtual Chassis
10GbE
3xEX3300
4xEX4200
4xEX4200
Closet 3.2
10GbE
EX4500 Virtual Chassis
provides redundant L2/L3
10GbE collapsed core
3xEX3300
EX4200/EX3300 Virtual
Chassis provides
redundant L2 access
10GbE
10GbE
Floor 1
LAG
LAG
Access switches
connect to core using
2x10GbE LAG
Closet 1.1
WAN
AP 1 Gbit connect to
EX4500/EX4200
Virtual Chassis
Closet 1.2
EX4200
Virtual Chassis
Internet
2xEX4500
2xEX4200
Dual 10GbE links used to
extend EX4200/EX3300
Virtual Chassis across
closets; each floor
managed as single switch
10GbE
5xEX4200
4xEX4200
WLC’s
22
Copyright © 2012 Juniper Networks, Inc.
Access switch
www.juniper.net
ACTIVE-ACTIVE CONTROLLERS
Primary controller
authenticates/
authorizes client
2
3
Primary propagates
session details to
backup controller
for use during failure
Primary Seed
Client
Session
State
Secondary Seed
Member
1
Member
Client
Session
State
A new client associates
to the system
23
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Member
Network
SIMPLY CONNECTED
4


1
3
2
24
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
L2 and L3 STATEFUL FAILOVER
EX4500VC
WLAN FAIL OVER
IN 150
MILLISECONDS
EX-SW3 immediately
Internet/Data
switches
to backup path
Center
WLC2
WLC1
5
0
Line card – EX4200
Line card – EX4200
All traffic is re-routed

4
1
Master RE – EX4200
2
Virtual Chassis via
Fiber connection to
extend range
Line card – EX4200
Backup RE – EX4200
AP1
3
Line card – EX4200
Normal traffic flow
EX-SW4 fails and EX-SW5
and EX-SW3 detect VC
port to EX-SW4 is down
25
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Network
SIMPLY CONNECTED
5
4

1
3
2
26
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
ENFORCING NETWORK ACCESS POLICIES
3
1
2
Pulse detects
device is on
corporate
network and
per user policy
disables any
active VPN
sessions
Virus
SW too
old
During 802.1x
authentication.
MAG verifies
PC meets
company
software and
security policy
requirements

Compliance check
fails. Antivirus
signatures are out
of date and user
is quarantined to
remediation VLAN.
Patch server
updates signatures.
User is now in
compliance and
granted network
access

Active Directory
/LDAP
SRX AppTrack feature
combined with MAG
data collects per user
application information
providing detailedWLCs
reports in STRM

Finance
SRX
EX4200 VC
Patch
Remediation
EX4500 VC and
EX4200 VC
PC user
6
5
4
SRX AppSecure
Polices block nonwork related
applications
SRX enforces user
policies allowing
user basic access
to all servers
except finance
MAG pushes role
based FW policies
to EX and SRX
Video
Copyright © 2012 Juniper Networks, Inc.



Apps
MAG
Corporate Data Center

Internet
27

Data
www.juniper.net

Network
SIMPLY CONNECTED
6
5
4

1
3
2
28
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
MOBILE DEVICE REMOTE NETWORK ACCESS
POLICY AND ACCESS CONTROL
1
2
3
User needs toUser starts
access
Junos Pulse
company
and initiates a
intranet over secure VPN
non-corporatesession with
network
MAG appliance
using iPad
MAG verifies user
login, establishes
VPN and the
device is allowed
on the network.
SRX AppTrack feature
combined with MAG
data collects per user
application information
providing detailed
reports in STRM

Active Directory
/LDAP
Data

WLCs

SRX with IDP/
AppSecure
Finance
6
5
4
SRX AppSecure
polices block
non-work related
applications
SRX enforces user
policies allowing
user access to all
servers except
finance
MAG pushes role
based ACL and FW
policies to the SRX
and EX
Copyright © 2012 Juniper Networks, Inc.
EX4500 VC and
EX4200 VCs
Video
MAG with Radius,
SSLVPN and UAC
modules
Apps

Corporate Data Center
 Internet
Wireless User
Tablet/smartphone
29

www.juniper.net

Consistent
Security
THIS AFTERNOON, USE CASE: BRING YOUR OWN
DEVICE (BYOD)
Trend
More users connect their personal wireless devices to your network.
Challenge
Employees need access to business-critical applications. How do you ensure that
corporate information is not compromised?
Juniper’s Differentiation
Simple and secure access with point-and-click provisioning
Role-based access depending on profile, identity, and role
Nested application visibility and security enforcement
Coordinated threat control automated for wired and
wireless environments including day zero attacks.
30
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
Performance
at Scale
Highly
Resilient
THE STEPS TO SIMPLY CONNECTED
31
1
Provide consistent security across
users, applications and devices
2
Build one general purpose network
to better serve your new access
devices and rich media applications
3
Design for an always-on wired-like
wireless experience
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net
THE NEW CAMPUS & BRANCH
Orchestrated
Network
Experience
32
Copyright © 2012 Juniper Networks, Inc.
www.juniper.net