SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012.

Slides:

Advertisements

Similar presentations

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Advertisements

© 2011 Aerohive Networks CONFIDENTIAL WI-FI DESIGN 101: QUESTIONS EVERY MANAGER SHOULD ANSWER BEFORE PURCHASING WI-FI.

Chapter 7: Intranet LAN Design

1 Copyright © 2012 Juniper Networks, Inc. Executive Intro Slide Turn Trends into Opportunities Vertical Wide Michael Tjon-En-Fa Industry,

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

Brocade VDX 6746 switch module for Hitachi Cb500

End to End Security Westcon / Juniper 5 daagse Pieter van Dijk Dennis de Leest.

Wireless and Network Security Integration Defense by Hi-5 Marc Hogue Chris Jacobson Alexandra Korol Mark Ordonez Jinjia Xi.

Module 5 - Switches CCNA 3 version 3.0 Cabrillo College.

 Category 6 Ethernet Cable, Single-mode Fiber Cable, and RJ45 Jacks  APC Netshelter SX 48U Racks and NetShelter AV Roof Fan Tray 825mm  Cisco 3800 ISR.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

Cisco 3 - Switches Perrine - Brierley Page 15/10/2015 Module 5 Switches LAN Design LAN Switches.

Multi-Layer Switching Layers 1, 2, and 3. Cisco Hierarchical Model Access Layer –Workgroup –Access layer aggregation and L3/L4 services Distribution Layer.

LAN DESIGN. Functionality - the network must work with reasonable speed and reliability.

Copyright © 2004 Juniper Networks, Inc. Proprietary and Confidentialwww.juniper.net 1 Provider Opportunities for Enterprise MPLS APRICOT 2006, Perth Matt.

Chapter 12 Network Security.

Unified Logs and Reporting for Hybrid Centralized Management

Ch.6 - Switches CCNA 3 version 3.0.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.

WIRELESS SECURITY DEFENSE T-BONE & TONIC: ALY BOGHANI JOAN OLIVER MIKE PATRICK AMOL POTDAR May 30, /30/2009.

SECURE CLOUD-READY DATA CENTERS AppSecure development IDC IT Security conference – 2011 Budapest.

MIGRATION FROM SCREENOS TO JUNOS based firewall

D-Link Unified Access Point

All Rights Reserved © Alcatel-Lucent | Dynamic Enterprise Tour – Safe NAC Solution | 2010 Protect your information with intelligent Network Access.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Copyright Microsoft Corp Ramnish Singh IT Advisor Microsoft Corporation Secure Remote Access Challenges, Choices, Best Practices.

Virtual Private Network prepared by Rachna Agrawal Lixia Hou.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Routing and Switching in the Enterprise – Chapter 1 Networking.

Mobility at CERN 29/10/2013 HEPiX Fall IT/Communication Systems HEPiX Fall 2013.

Chapter 1: Hierarchical Network Design

Dartmouth’s Wireless Network May 16, 2005 David W. Bourque.

1 MICHAEL BANIC VP ENTERPRISE MAKETING. THE NEW DATA CENTER NETWORK.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Welcome to the Human Network Matt Duke 11/29/06.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Exploring the Network Introduction to Networks.

Exploring the Network.

© 2013 Avaya Inc. All rights reserved Avaya UC Collaboration Solution A complete solution for midsize companies Mobility Video SecurityNetworking.

© 2006 Cisco Systems, Inc. All rights reserved. Optimizing Converged Cisco Networks (ONT) Module 6: Implement Wireless Scalability.

LAN Switching and Wireless – Chapter 1

11 Copyright © 2009 Juniper Networks, Inc. ANDY INGRAM VP FST PRODUCT MARKETING & BUSINESS DEVELOPMENT.

JUNIPER TECHNOLOGY UPDATE Debbie Montano Jan 31, 2011.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Introducing Network Design Concepts Designing and Supporting Computer Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Introduction to Scaling Networks Scaling Networks.

The Cable Guys Inc. Drew Leach Tom McLoughlin Philip Mauldin Bill Smith.

1 ABNER GERMANOW DIRECTOR ENTERPRISE MARKETING. 2 NEW ATTACK SURFACES DATACENTER CONSOLIDATIONNEW DEVICESBRANCH LOCATIONS.

1 © 2003, Cisco Systems, Inc. All rights reserved. CCNP 1 v3.0 Module 1 Overview of Scalable Internetworks.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Introducing Network Design Concepts Designing and Supporting Computer Networks.

Cisco 3 - Switches Perrine - Brierley Page 112/1/2015 Module 5 Switches.

Leading provider of secure mobility for the enterprise Aruba MOVE Architecture Industry’s most secure WLAN Easiest BYOD & Guest Access Zero-touch.

Copyright © 2014 Juniper Networks, Inc. 1 Juniper Unite Cloud-Enabled Enterprise Juniper’s Innovation in Enterprise Networks.

Advanced Computer Networks Lecturer: E EE Eng. Ahmed Hemaid Office: I 114.

The role of networking in the Dynamic Data Center Niels Friis-Hansen Senior IT Specialist, CCIE IBM Communication & Collaboration.

Copyright © 2008 Juniper Networks, Inc. 1 Juniper Networks Access Control Solutions Delivering Comprehensive and Manageable Network Access Control Solutions.

Copyright © 2008 Juniper Networks, Inc. 1 Simplifying the Data Center Network Advancing the Fundamentals and Economics of Networking.

PROPRIETARY © Copyright Aruba Networks, Inc. All rights reserved PROPRIETARY © Copyright Aruba Networks, Inc. All rights reserved Aruba Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 1: Hierarchical Network Design Connecting Networks.

JUNIPER NETWORKS OVERVIEW March 2012 Ing Stephen Vella Computime Ltd. Head of Technology Solutions.

©2013 Check Point Software Technologies Ltd. Small Business. Big Security New SMB Appliances Clinton Cutajar Team Leader – Information Security Computime.

EX SERIES SWITCHES KEEPING IT SIMPLE Ing. Stephen Attard Computime Ltd Senior Network Engineer.

JUNOS PULSE Junos PULSE for Windows Junos PULSE Mobile Security Suite.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Creating the Network Design Designing and Supporting Computer Networks – Chapter.

Cisco Discovery 3 Chapter 1 Networking in the Enterprise JEOPARDY.

CAMPUS LAN DESIGN GUIDE Design Considerations for the High-Performance Campus LAN.

Chapter 1: Explore the Network

Chapter 1: Exploring the Network

STEPS TO A CLOUD READY DATA CENTER

Advanced Borderless Network Architecture Sales Exam practice-questions.html.

IS3120 Network Communications Infrastructure

Module 5 - Switches CCNA 3 version 3.0.

Virtual Private Network

Presentation transcript:

SIMPLY CONNECTED THE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING Alain Levens Sr. SE Campus & Branch February 14, 2012

2 Copyright © 2012 Juniper Networks, Inc. AGENDA  Challenges in the campus network today  Becoming Simply Connected  Juniper technologies for the Simply Connected network  Questions Copyright © 2011 Juniper Networks, Inc.

3 Copyright © 2012 Juniper Networks, Inc. THE WORLD IS ON THE MOVE THE NETWORK CAN’T STAND STILL Clients The Network Becomes a Key Enabler or Barrier to IT Success Mobile Home Branch Campus Corp IT Outsourced Ad-Hoc Chosen Applications Assuring Mobile Accessibility Is Now an Imperative

4 Copyright © 2012 Juniper Networks, Inc. MOBILITY REDEFINES BUSINESS PRACTICES AN OPPORTUNITY, NOT A PROBLEM Business ApplicationsPersonal Applications 42% 42% Increased Productivity 39% 39% Reduced Paperwork 37% 37% Increased Revenue Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research Pulse

5 Copyright © 2012 Juniper Networks, Inc. Unique Daily Wireless Sessions Large American University ~50,000 Students, Multiple Devices Per Student 6x FallSummerSpring 2011 INCREASED EXPECTATIONS FOR NETWORKS FallSpringSummer 2010

6 Copyright © 2012 Juniper Networks, Inc. THE SOLUTION IS TO BE SIMPLY CONNECTED Switching Security Juniper Simply Connected Portfolio Services Wireless Routing Automated, uninterrupted service Safe and simple mobility while protecting assets An integrated portfolio of resilient wired, wireless and security products that simply enable mobility at scale. Consistent Security Performance at Scale Highly Resilient “All the great things are simple.” - Albert Einstein Consistent Security Performance at Scale Highly Resilient Scalability without complicating the network

7 Copyright © 2012 Juniper Networks, Inc CONSISTENT SECURITY BRINGING CONTROL BACK TO IT MAG EX Servers AP SRX WLC EX AP Campus Branch Freedom to choose and change Security context and coordination Device, Network and App Security Qualify the Device 1 Provision and Authenticate the User 2 Enforce Security Policies in the User and Application Level 3 Control the Device and Avoid Data Leakage 4 SRX MX

8 Copyright © 2012 Juniper Networks, Inc PERFORMANCE AT SCALE SIMPLE & COST-EFFECTIVE SCALING MAG EX Servers AP SRX WLC EX AP Campus Branch SRX MX Wired-like Performance Everywhere 1 Designed for Bandwidth Hungry Rich-Media Applications 2 No Performance Tradeoffs as Campus Scales 3 Protection for High Priority Sessions Optimized Distribution of Traffic on APs Low Latency & Increased Throughput

9 Copyright © 2012 Juniper Networks, Inc HIGHLY RESILIENT FOR NON-STOP PRODUCTIVITY MAG Servers SRX WLC MX Campus MX Designed for Mission-Critical Networks 1 Layers of Protection for Planned and Unplanned Outages 2 Simplified Operations 3 No Single Point of Failure Carrier Class Network for Enterprise 80% Fewer Managed Devices SRX EX AP Branch EX AP

10 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECED Becoming Simpler and More Resilient Lets look at a practical example…

11 Copyright © 2012 Juniper Networks, Inc. THE SIMPLY CONNECTED STORY  We will show you how a Juniper network manages voice and video calls from non-company owned devices and how our WL and EX series provide a uniquely resilient environment for the mobile user  We will detail some of the key differentiating technologies that we have to offer for wireless and ethernet switching A DAY IN THE LIFE of a simply connected user 11 Copyright © 2010 Juniper Networks, Inc. Our technical experts are standing by to take your detailed technical questions on any of the material presented at the end of this seminar

12 Copyright © 2012 Juniper Networks, Inc. ELEMENTS OF A “SIMPLY CONNECTED” CAMPUS Apps Data Finance Video Active Directory/ LDAP MAG Wireless AP’s Junos Pulse Client Wireless LAN Controller Ethernet core switches Ethernet access switches Router Firewall IDP SSLVPN RADIUS Universal Access Control SRX Router/Firewall/IDP Internet Corporate Data Center

13 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED 1 1 Network Enter the building and associate with WLAN. Start SIP call over WLAN. Start video over WLAN.

14 Copyright © 2012 Juniper Networks, Inc. WLAN ManagementWLAN Controller COMPONENTS OF A WIRELESS LAN (WLAN) Access Point Trusted Client 802.1x Authentication Encrypted UAC/MAG Access Firewall Wireless LAN CONTROLLER (WLC) Campus Core (Location) WLM1200 WLAN Management

15 Copyright © 2012 Juniper Networks, Inc. OPTIMAL ARCHITECTURE FOR VOICE AND VIDEO Smart Mobile Architecture Centralized AND Distributed Switching Security Management Reliability Performance CENTRALIZED DISTRIBUTED A B C D Local Switching Inter-Module Switching

16 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network AJ walks past a conference room full of visitors who are all using WLAN to do .

17 Copyright © 2012 Juniper Networks, Inc. MANAGING WIRELESS CONGESTION Wired priority is mapped to 4 X WMM access categories for over-the-air QoS Packet prioritization applied to tunneled traffic AP and controllers classify and mark user traffic

18 Copyright © 2012 Juniper Networks, Inc. AUTOMATIC CLIENT LOAD BALANCING 5 GHz capable client ‘encouraged’ to connect at 5 GHz 2.4 GHz only client connects at 2.4 GHz Automatic Load Balancing per RF Band Band Steering

19 Copyright © 2012 Juniper Networks, Inc. WLA532 INDOOR N AP Most Compact 11n AP  3x3 MIMO, 3 stream antenna  450Mbit support  Integrated antenna design Highly Integrated  Client Access and Spectrum Analysis  Encrypted, high speed links to Remote Aps  Trusted Platform Module ensures authenticity of HW, SW Energy efficient  Under 802.3af power limit  Reduces consumption per 802.3az

20 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network Virtual Chassis extended L2 domain transports sessions between multiple APs. Mobility domain allows seamless roaming

21 Copyright © 2012 Juniper Networks, Inc. Multiple switches acting as a single, logical device One switch to configure, one switch to manage Improved resiliency and performance Virtual Chassis VIRTUAL CHASSIS SIMPLIFYING THE NETWORK

22 Copyright © 2012 Juniper Networks, Inc. Dual 10GbE links used to extend EX4200/EX3300 Virtual Chassis across closets; each floor managed as single switch EXAMPLE : HORIZONTAL MULTIPLE STORY BUILDING 10GbE Closet 1.1 Closet 1.2 InternetWAN WLC’s Closet 2.1Closet 2.2 Closet 3.1 Closet 3.2 LAG 10GbE Floor 3 Floor 1 Floor 2 EX3300 Virtual Chassis EX4200 Virtual Chassis EX4200 Virtual Chassis 3xEX3300 4xEX4200 5xEX4200 4xEX4200 2xEX4500 2xEX4200 EX4500 Virtual Chassis provides redundant L2/L3 10GbE collapsed core EX4200/EX3300 Virtual Chassis provides redundant L2 access Access switches connect to core using 2x10GbE LAG AP 1 Gbit connect to Access switch EX4500/EX4200 Virtual Chassis

23 Copyright © 2012 Juniper Networks, Inc. ACTIVE-ACTIVE CONTROLLERS Client Session State Primary controller authenticates/ authorizes client 2 2 Client Session State Primary propagates session details to backup controller for use during failure 3 3 A new client associates to the system 1 1 Member Secondary Seed Primary Seed

24 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED 4 4 Network

25 Copyright © 2012 Juniper Networks, Inc. L2 and L3 STATEFUL FAILOVER Master RE – EX4200Backup RE – EX4200 Line card – EX4200 EX4500VC WLC2WLC1 Internet/Data Center Line card – EX Normal traffic flow 5 5 AP1 EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down EX-SW3 immediately switches to backup path WLAN FAIL OVER IN 150 MILLISECONDS  All traffic is re-routed Virtual Chassis via Fiber connection to extend range

26 Copyright © 2012 Juniper Networks, Inc SIMPLY CONNECTED Network

27 Copyright © 2012 Juniper Networks, Inc. ENFORCING NETWORK ACCESS POLICIES PC user Corporate Data Center Apps Data Finance Video Active Directory /LDAP Patch Remediation MAG WLCs Pulse detects device is on corporate network and per user policy disables any active VPN sessions 1 1 During 802.1x authentication. MAG verifies PC meets company software and security policy requirements 2 2 Compliance check fails. Antivirus signatures are out of date and user is quarantined to remediation VLAN. Patch server updates signatures. User is now in compliance and granted network access 3 3 EX4500 VC and EX4200 VC SRX  EX4200 VC SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM  SRX AppSecure Polices block non- work related applications 6 6 SRX enforces user policies allowing user basic access to all servers except finance 5 5 MAG pushes role based FW policies to EX and SRX 4 4 Virus SW too old Internet

28 Copyright © 2012 Juniper Networks, Inc. SIMPLY CONNECTED Network

29 Copyright © 2012 Juniper Networks, Inc. Wireless User Tablet/smartphone Corporate Data Center Apps Data Video Active Directory /LDAP MAG with Radius, SSLVPN and UAC modules WLCs User needs to access company intranet over non-corporate network using iPad 1 1 User starts Junos Pulse and initiates a secure VPN session with MAG appliance 2 2 MAG verifies user login, establishes VPN and the device is allowed on the network. 3 3 SRX AppSecure polices block non-work related applications 6 6 EX4500 VC and EX4200 VCs SRX with IDP/ AppSecure  SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM Finance MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL SRX enforces user policies allowing user access to all servers except finance 5 5 MAG pushes role based ACL and FW policies to the SRX and EX 4 4  Internet

30 Copyright © 2012 Juniper Networks, Inc. THIS AFTERNOON, USE CASE: BRING YOUR OWN DEVICE (BYOD) More users connect their personal wireless devices to your network. Employees need access to business-critical applications. How do you ensure that corporate information is not compromised? Simple and secure access with point-and-click provisioning Role-based access depending on profile, identity, and role Nested application visibility and security enforcement Coordinated threat control automated for wired and wireless environments including day zero attacks. Juniper’s Differentiation Performance at Scale Highly Resilient Consistent Security Trend Challenge

31 Copyright © 2012 Juniper Networks, Inc. THE STEPS TO SIMPLY CONNECTED Provide consistent security across users, applications and devices 1 Build one general purpose network to better serve your new access devices and rich media applications 2 Design for an always-on wired-like wireless experience 3

32 Copyright © 2012 Juniper Networks, Inc. THE NEW CAMPUS & BRANCH O rchestrated E xperience N etwork