Upload
others
View
8
Download
0
Embed Size (px)
Citation preview
MOBILITY BEYOND BYOD
Jonas Gyllenhammar Consulting Engineer Junos Pulse solutions
2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
BYOD DEFINED
Today's business environment requires coordinated access
Employee Owned
Devices (BYOD) Guest Devices
Corporate Owned
Devices
3 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
USER EXAMPLES FOR MOBILITY
Visitors at a museum Visitors at an enterprise
Doctor’s own iPad Hotel employees on iPad
Teacher’s own iPad Student’s own iPad Employee owned laptops,
smartphones and tablets at an enterprise
Visitors at a hospital Visitors at a hotel
Hospital issued laptops School issued laptops
Hospital issued iPad School issued mobile
devices
Guest Devices
Employee Owned
Corporate Owned
4 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Open Access, Guest Users
• Self provisioning
• Open, no encryption, captive portal
• Simple experience
• Device aware policy
• Differentiated access
MOBILE USER TYPES AND REQUIREMENTS
BYOD (Employee owned)
• Self provisioning
• Secure certificate based authentication
• User, application, device aware policies
• Device management
• On-device security
• Device, data loss, data theft prevention
• Secure network, cloud access
• Device agnostic “Follow-me policies”
Corporate Issued Devices • Self provisioning
• Secure certificate based authentication
• User, application, device aware policy
• Device management
• On-device security
• Secure network, cloud SSO
• Device agnostic “Follow-me policies”
• Application management
• Content monitoring
Guest Devices
Employee Owned Devices
Corporate Owned Devices
5 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
VISIT THE SIMPLY CONNECTED LIVE DEMO
AND TOMORROW’S
SIMPLY CONNECTED IN ACTION - AN
OVERVIEW OF DIFFERENT USE-CASES
6 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
MOBILITY BEYOND BYOD END TO END REMOTE ACCESS, ANYTIME, ANY DEVICE
“Enterprises should focus on mobile
data protection (MDP), network access
control (NAC), and mobile device
management (MDM) tools to support
their BYOD and new enterprise mobile
platform efforts.”
7 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
CREATE YOUR DEVICE ACCESS REQUIREMENTS
Client
Deployed
Mobile
Security
Mobile
Device/Appl
. Mgmt
LAN/WLAN
Access
Remote
Access
Access to
Corporate
Resources
Corporate
Device
Personal Device
(BYOD)
Guest Device
Contractor /
Consultant
Device
Its not about BYOD.. Its about an Access Management policy / solution.
8 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
JUNOS PULSE – SINGLE CLIENT, GATEWAY MULTIPLE SERVICES
Access
Enterprise
Resources
MAG Series Junos Pulse Gateway
Junos Pulse Services supported:
• Junos Pulse Secure Access Service (SSL VPN)
• Junos Pulse Access Control
Service (UAC)
• Junos Pulse Application
Acceleration Service
Junos Pulse
PCs & Macs
Junos Pulse
Smartphones & Tablets • Junos Pulse Mobile Security Suite
9 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
ANYTIME, ANY DEVICE FROM ANYWHERE
Identify • User
• Device
• Role
Onboard • Corporate or
Personal
• On Campus
• Offsite
• From Home
Secure • 24/7 Protection
• Anywhere
• Loss & Theft
Protection
• Device Location
Manage • Device-specific
• Ensure
Adherence to
Policy
2
3
1
4
10 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
EMPLOYEES ON PERSONAL/COMPANY OWNED DEVICE HOST CHECKING & APPLICATION RESTRICTION
Dr. Rose 369
Connect Connect Scan is Clean
Corporate Network
MAG Series Gateway running
Junos Pulse Secure Access
Service (SSL VPN)
Guest Devices
Employee Owned
Corporate Owned
Junos Pulse Mobile
Security Suite
Remote onboarding & access
and the highest level of
security with automatic scan
for latest OS, viruses
signatures, jail broken Any Device
Any
Complete
Access
Time
11 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
EMPLOYEES ON CORPORATE LIABLE DEVICE ON BOARDING, HOST CHECKING AND APPLICATION RESTRICTION
Mobile User
Corporate Data Center
Apps
Data
Finance
Video
Active Directory /LDAP
Patch Remediation
MAG Series Junos Pulse Gateway
running Secure Access
Service SSL VPN
User
downloads
Junos Pulse
Client from
App Store
1
JPMSS pushes:
• VPN Profile
• WiFi Profile
• SCEP Profile
JPMSS delivers
• 24/7 security via
AV & antimalware
• MDM such as
password mgmt
2 The device initiates a tunnel to the MAG Series Junos Pulse Gateway
3
User has appropriate
access to his role
8
Secure Access Service runs a HostCheck on the device
4
Compliant? Jailbroken/
Rooted?
Secure Access
authenticates
the user against
AD
5
Valid user on
AD; device is
OK
6 User
matched to
corporate
role
7
12 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
EMPLOYEES ON CORPORATE LIABLE DEVICE APPLICATION RESTRICTION AND COORDINATED THREAT CONTROL
Mobile User
Corporate Data Center
Apps
Data
Finance
Video
Active Directory /LDAP
Patch Remediation
MAG Series Junos Pulse Gateway running both
Secure Access Service
Access Control Service
User requests
data from
application
10
Client issues an attack
of some kind
12 SRX get the User/Role/IP information. Applies AppSecure polices
11
User/device is
Quarantined or
Disconnected
16
Session is published to
IF-MAP
9
SRX IPS detects
the attack and
issues a Sensor
Event to UAC
13
UAC takes
action or
publish event
to IF-MAP
14
SA gets the
event and
takes Action
15
SRX Series
13 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
DEMO
14 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Q & A
15 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.
16 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.
17 Copyright © 2012 Juniper Networks, Inc. www.juniper.net
Don’t forget:
You can copy-
paste this slide
into other
presentations,
and move or
resize the poll.