View
220
Download
0
Category
Tags:
Preview:
Citation preview
SIMPLY CONNECTEDTHE NEW CAMPUS NETWORK, MOBILITY CHANGES EVERYTHING
Alain Levens
Sr. SE Campus & Branch
alevens@juniper.net
February 14, 2012
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AGENDA
Challenges in the campus network today
Becoming Simply Connected
Juniper technologies for the Simply Connected network
Questions
Copyright © 2011 Juniper Networks, Inc. www.juniper.net
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE WORLD IS ON THE MOVE THE NETWORK CAN’T STAND STILL
ClientsThe Network Becomes a Key Enabler
or Barrier to IT Success
Mobile
Home
Branch
Campus
Corp IT
Outsourced
Ad-HocChosen
Applications
Assuring Mobile Accessibility Is Now an Imperative
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MOBILITY REDEFINES BUSINESS PRACTICESAN OPPORTUNITY, NOT A PROBLEM
Business Applications Personal Applications
42%Increased Productivity
39%ReducedPaperwork
37%Increased Revenue
Source : Forrester, Frost &Sullivan, Business week, Gigaom pro, ABI research
Pulse
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
0
50000
100000
150000
200000
250000
300000
350000
400000
Unique Daily Wireless Sessions
Large American University ~50,000 Students, Multiple Devices Per Student
6x
FallSummerSpring
2011
INCREASED EXPECTATIONS FOR NETWORKS
FallSpring Summer
2010
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE SOLUTION IS TO BE SIMPLY CONNECTED
Switching
Security
Juniper Simply Connected Portfolio
Services
Wireless
Routing
Automated, uninterrupted service
Safe and simple mobility while protecting assets
An integrated portfolio of resilient wired, wireless and security products that simply enable mobility at scale.
Consistent Security
Performance at Scale
Highly Resilient
“All the great things are simple.”- Albert Einstein
Consistent Security
Performance at Scale
Highly Resilient
Scalability without complicating the network
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
1. CONSISTENT SECURITYBRINGING CONTROL BACK TO IT
MAG
EX
ServersAP
SRX
WLC
EXAP
Campus
Branch
Freedom to choose
and change
Security context and coordination
Device, Network and App Security
Qualify the Device 1
Provision and Authenticate the User
2
Enforce Security Policies in the User and Application Level
3
Control the Device and Avoid Data Leakage
4
SRX
MX MX
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
2. PERFORMANCE AT SCALESIMPLE & COST-EFFECTIVE SCALING
MAG
EX
ServersAP
SRX
WLC
EXAP
Campus
Branch
SRX
MX MX
Wired-like Performance Everywhere
1
Designed for BandwidthHungry Rich-Media Applications
2
No Performance Tradeoffs as Campus Scales
3
Protection for High Priority
Sessions
Optimized Distribution of Traffic on APs
Low Latency & Increased Throughput
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
3. HIGHLY RESILIENTFOR NON-STOP PRODUCTIVITY
MAG
Servers
SRX
WLC
MX
Campus
MX
Designed for Mission-Critical Networks
1
Layers of Protection for Planned and Unplanned Outages
2
Simplified Operations3
No Single Point of Failure
Carrier Class Network for Enterprise
80% Fewer Managed Devices
SRXEXAP
Branch
EX AP
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECED
Becoming Simpler and More Resilient
Lets look at a practical example…
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE SIMPLY CONNECTED STORY
We will show you how a Juniper network manages voice and video calls fromnon-company owned devices and how ourWL and EX series provide a uniquely resilient environment for the mobile user
We will detail some of the key differentiating technologies that we have to offer for wireless and ethernet switching
A DAY IN THE LIFEof a simply connected user
11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net
Our technical experts are standing by to take your detailed technical questions on any of the material presented at the end of this seminar
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ELEMENTS OF A “SIMPLY CONNECTED” CAMPUS
Apps
Data
Finance
Video
Active Directory/LDAP
MAG
Wireless AP’s
Junos Pulse Client
Wireless LANController
Ethernet coreswitches
Ethernet access switches
RouterFirewallIDP
SSLVPNRADIUS
UniversalAccessControl
SRX Router/Firewall/IDP
Internet
Corporate Data Center
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECTED
1
Network
Enter the building and associate with WLAN. Start SIP call over WLAN. Start video over WLAN.
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLAN ManagementWLAN Controller
COMPONENTS OF A WIRELESS LAN (WLAN)
Access Point
TrustedClient
802.1xAuthentication
EncryptedUAC/MAG
Access
Firewall
Wireless LAN CONTROLLER
(WLC)
CampusCore
(Location)WLM1200
WLANManagement
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
OPTIMAL ARCHITECTURE FOR VOICE AND VIDEOSmart Mobile Architecture
Centralized AND Distributed Switching
Security Management
Reliability Performance
CENTRALIZED
DISTRIBUTED
A
B
C
D
Local Switching
Inter-Module Switching
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECTED
2
1
Network
AJ walks past a conference room full of visitors who are all using WLAN to do email.
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MANAGING WIRELESS CONGESTION
Wired priority is mapped to 4 X WMM access categories for
over-the-air QoS
Packet prioritization applied to tunneled
traffic
AP and controllers classify and mark user
traffic
18 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
AUTOMATIC CLIENT LOAD BALANCING
5 GHz capable client ‘encouraged’ to connect at 5 GHz
2.4 GHz only client connects at 2.4 GHz
Automatic Load Balancing per RF
Band
Band Steering
19 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
WLA532 INDOOR 802.11N AP
Most Compact 11n AP 3x3 MIMO, 3 stream antenna 450Mbit support Integrated antenna design
Highly Integrated Client Access and Spectrum
Analysis Encrypted, high speed links to
Remote Aps Trusted Platform Module ensures
authenticity of HW, SW
Energy efficient Under 802.3af power limit Reduces consumption per
802.3az
20 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECTED
32
1
Network
Virtual Chassis extended L2domain transports sessions between multiple APs. Mobility domain allows seamless roaming
21 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Multiple switches acting asa single, logical device
One switch to configure,one switch to manage
Improved resiliencyand performance
Virtual Chassis
VIRTUAL CHASSISSIMPLIFYING THE NETWORK
22 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Dual 10GbE links used to extend EX4200/EX3300 Virtual Chassis across closets; each floor managed as single switch
EXAMPLE : HORIZONTAL MULTIPLE STORY BUILDING
10GbE
Closet 1.1
Closet 1.2Internet
WAN
WLC’s
Closet 2.1 Closet 2.2 Closet 3.1 Closet 3.2
LAGLAG
10GbE 10GbE
10GbE 10GbE
Floor 3
Floor 1
Floor 2
EX3300 Virtual Chassis
EX4200 Virtual Chassis
EX4200 Virtual Chassis
3xEX33003xEX33004xEX42004xEX4200
5xEX4200 4xEX42002xEX45002xEX4200
EX4500 Virtual Chassis provides redundant L2/L3 10GbE collapsed core
EX4200/EX3300 Virtual Chassis provides redundant L2 access
Access switches connect to core using 2x10GbE LAG
AP 1 Gbit connect to
Access switch
EX4500/EX4200 Virtual Chassis
23 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ACTIVE-ACTIVE CONTROLLERS
Client Session
State
Primary controllerauthenticates/
authorizes client
2
ClientSession
State
Primary propagates session details to backup controller
for use during failure
3
A new client associatesto the system
1
Member MemberMember
Secondary Seed
Primary Seed
24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECTED
4
Network
23
1
25 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
L2 and L3 STATEFUL FAILOVER
Master RE – EX4200 Backup RE – EX4200
Line card – EX4200 Line card – EX4200
Line card – EX4200
EX4500VC
WLC2 WLC1
Internet/DataCenter
Line card – EX4200
0
1
2
4
3
Normal traffic flow
5
AP1
EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down
EX-SW3 immediately switches to backup path
WLAN FAIL OVERIN 150
MILLISECONDS
All traffic is re-routed
Virtual Chassis via Fiber connection to
extend range
26 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
5
3
1
4
2
SIMPLY CONNECTED
Network
27 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ENFORCING NETWORK ACCESS POLICIES
PC user
Corporate Data Center
Apps
Data
Finance
Video
Active Directory/LDAP
Patch Remediation
MAG
WLCs
Pulse detects device is on corporate network andper user policy disables any active VPN sessions
1During 802.1x authentication. MAG verifies PC meets company software and security policy requirements
2Compliance check fails. Antivirus signatures are out of date and useris quarantined to remediation VLAN. Patch server updates signatures.User is now in compliance and granted network access
3
EX4500 VC and EX4200 VC
SRX
EX4200 VC
SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM
SRX AppSecure Polices block non-work related applications
6SRX enforces user policies allowing user basic access to all servers except finance
5
MAG pushes role based FW policies to EX and SRX
4
Virus SW too
old
Internet
28 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
SIMPLY CONNECTED
Network
5
3
1
4
2
6
29 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Wireless UserTablet/smartphone
Corporate Data CenterApps
Data
Video
Active Directory/LDAP
MAG with Radius,SSLVPN and UAC
modules
WLCs
User needs to access company intranet overnon-corporate network using iPad
1
User starts Junos Pulse and initiates a secure VPN session with MAG appliance
2
MAG verifies user login, establishes VPN and the device is allowed on the network.
3
SRX AppSecure polices blocknon-work related applications
6
EX4500 VC and EX4200 VCs
SRX with IDP/AppSecure
SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM
Finance
MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL
SRX enforces user policies allowing user access to all servers except finance
5
MAG pushes role based ACL and FW policies to the SRX and EX
4
Internet
30 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THIS AFTERNOON, USE CASE: BRING YOUR OWN DEVICE (BYOD)
More users connect their personal wireless devices to your network.
Employees need access to business-critical applications. How do you ensure that corporate information is not compromised?
Simple and secure access with point-and-click provisioning Role-based access depending on profile, identity, and role Nested application visibility and security enforcement Coordinated threat control automated for wired and
wireless environments including day zero attacks.
Juniper’s Differentiation
Performance at Scale
HighlyResilient
Consistent Security
Trend
Challenge
31 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE STEPS TO SIMPLY CONNECTED
Provide consistent security across users, applications and devices1
Build one general purpose network to better serve your new access devices and rich media applications
2
Design for an always-on wired-like wireless experience3
32 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
THE NEW CAMPUS & BRANCH
Orchestrated
Experience
Network
Recommended