Your Business' Future - Today

YOUR BUSINESS FUTURE TODAY

http://www.xcpus.com/wp-content/uploads/2011/05/juniper_logo.png

AG

EN

DA

Business Session 11:00am – 12:30pm Activity Based Working Unified Communications

Demo Windows 8 Devices Cloud Services

Office 365 IaaS

Technical Session 1:00pm – 2:30pm BYOD Network infrastructure

Wireless Secure Remote Access Policy and Control


HOW, WHEN, AND WHERE WE WORK

• Work Life Balance has become Work Life Integration• Work from home• Mobile work force• Collaborative environments and technologies

http://www.mobile-workforce.co/images/mobile_workforce_solution.jpg

http://us.123rf.com/400wm/400/400/zurijeta/zurijeta1204/zurijeta120400222/13381861-businsss-people-having-coffee-at-office-meeting.jpg

AC

TIV

ITY

BA

SE

D

WO

RK

ING

Microsoft - Sydney


AC

TIV

ITY

BA

SE

D

WO

RK

ING

Microsoft - Brisbane


AC

TIV

ITY

BA

SE

D

WO

RK

ING

Macquarie Group - Sydney


AC

TIV

ITY

BA

SE

D

WO

RK

ING

CBA – Darling Harbour


AC

TIV

ITY

BA

SE

D

WO

RK

ING

“Everyone uses a laptop, and the space has no fixed phones at all, with Microsoft’s Enterprise Voice solution providing converged telephony and messaging that is delivered to a person, not a desk.”


AC

TIV

ITY

BA

SE

D

WO

RK

ING

“Activity Based Working is about People, Place, and Technology”

Technology Enablers

Unified Communications & Collaboration

Client devices Wireless Internet & WAN services Secure remote access Cloud Services Location Services


LOCATION BASED SERVICES

AC

TIV

ITY

BA

SE

D

WO

RK

ING

The Benefits Customer Satisfaction and

Responsiveness Mobility and flexibility Sustainability and carbon reduction Competitive advantage Disaster recovery Staff retention Cost Savings in real estate and staff

churn


Authentication

Administration

Storage

Compliance

Unified Inbox & Presence

AudioConferencin

gE-mail and

CalendaringWeb

Conferencing Telephony

VideoConferencin

g Voice MailInstant

Messaging (IM)

Communications Today

Authentication

Administration

Storage

User ExperienceAuthentication

Administration

Storage

UserExperience

Authentication

Administration

Storage

User Experience

Authentication

Administration

Storage

UserExperience Authentication

Administration

Storage

User Experience

Authentication

Administration

Storage

UserExperience

Authentication

Administration

Storage

User Experience

Telephony and

Voice Mail

InstantMessaging

E-mail andCalendarin

g

Unified Conferencin

g: Audio, Video, Web

Future of Communications

On-Premises Hybrid In the Cloud

MICROSOFT UNIFIED COMMUNICATIONS

Messaging Voicemail Telephony IM & Presence Collaboration

Achieve higher reliability and performance and enhance your communications at lower cost.

Consolidate email and voicemail onto one inbox.

VoIP solution that allows users to communicate via PC, desk phone or mobile.

Contact based on presence via phone, video or application.

Switch seamlessly between audio, video and web conferencing.

On-Premise Solution

Cloud Solution


TH

E M

OD

ER

N

WO

RK

PLA

CE

Demo


WINDOWS 8 DEVICES


OFFICE 365

BRINGING TOGETHER CLOUD VERSIONS OF OUR MOST TRUSTED COMMUNICATIONS AND COLLABORATION PRODUCTS WITH THE LATEST VERSION OF OUR DESKTOP SUITE FOR BUSINESSES

OF ALL SIZES.

OFFICE 365

E4 Plan with Voice: $36.85

http://www.telstra.com.au/business-enterprise/download/image/business-office-365-professional-plan-comparison-1.png


IAAS


HOW CAN ACTIVITY BASED WORKING CONCEPTS DRIVE POSITIVE CHANGE FOR YOUR BUSINESS?

SP

EC

IAL O

FFE

R

Free Business Productivity Analysis

Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.

Normally valued at $3,000 – Free for attendees

Don’t Forget:You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.


BREAK

BYOD

• Scope• Budget• Device Support• Security• Application

accessibility• Network Access


SIMPLY CONNECTED FOR UC&C WITH MICROSOFT LYNC

October 2012

24 Copyright © 2012 Juniper Networks, Inc. www.juniper.net

UC&C MARKET TRENDS AND ISSUES

Paradigm shift – occurring on both ends, devices and applications

Network’s role needs to step up significantly to meet new challenges

Available ApplicationsLegacy IT environment is based on control

Available Applications

IT AppEmail, CRM, ERP, HR

BYOD

HIGH PERFORMANCE

NETWORK (purpose built)

HIGH PERFORMANCE

NETWORK

USER DRIVEN INTERNET

(best effort)

Office Employee

IT AppPOS, ERP, PBX

Social

IT AppPOS, ERP, PBX

3rd Party

Any time/ location

http://www.juniper.net/


JUNIPER’S SIMPLY CONNECTED FOR UC&C

WANCampusRemote

UserBranch

Data Center

High Performance, Resilient, Open

UC&C Infrastructure and Applications



THE GOAL IS TO BE SIMPLY CONNECTED

WL Series

SRX Series

EX Series

Wired-like experience on wireless – resiliency and

performance

Simplified switching architecture, now a complete,

feature-rich portfolio

Device-agnostic secure connectivity

Security follows user, and application intelligence

Simple for usersSimple for IT

Superb QoEHighly economic

Integrated securityAlways on resiliency

High performanceSimplified architecture

Automation



Agenda

Reference Architecture For UC&C

Network Resiliency (Wireless & Wired)

Wireless Network Congestion & CAC

Network Access and Policy Control

Secure Remote Access and Integration



REFERENCE ARCHITECTURE – UC&C



NETWORK REFERENCE ARCHITECTURE FOR UC&C



KEY REQUIREMENTS OF A UC&C NETWORK

Open

Reliable

Secure

Scalable



UNIFIED COMMUNICATIONS INTEROPERABILITY FORUM

Non profit vendor alliance formed in April 2010

Open to all UC hardware, software vendors, service providers and network operators

Mission - To enable interoperability of UC scenarios based on existing standards

Founders Contributors


http://www.polycom.com/index.html?showme=y

http://www.microsoft.com/


NETWORK RESILIENCY & RELIABILITY



WLAN ManagementWLAN Controller

COMPONENTS OF A JUNIPER WIRELESS LAN (WLAN)

Access Point

TrustedClient

802.1xAuthentication

EncryptedMAG

Access

Firewall

Wireless LAN CONTROLLER

(WLC)

CampusCore

(Location)WLM1200

WLANManagement



SINGLE POINT OF MANAGEMENT FOR ALL CONTROLLERS

Primary Seed

MemberMember Member

Secondary Seed



Member

HOW THE CLUSTER ADDS A NEW CONTROLLERThe seed pushes the configuration to the

new member

2

The primary controllerpushes configurations to the

secondary seed and members

1

Primary Seed

Secondary Seed

Member

When a member is removedand replaced the same

process is used

3

Member

Member

Member



HOW THE CLUSTER ADDS A NEW AP

Member

Secondary Seed

The Primary Seed sends AP config to the Primary controller and the AP sets up a connection

2

MemberMember

Primary Seed

A new AP is introduced and contacts the Primary Seed.

1

Member

The Primary Seed sends AP config to the Secondary controller and the

AP sets up a connection

3



HOW CLIENTS ARE ASSIGNED PRIMARY AND SECONDARY CONTROLLERS

Client Session

State

Primary controllerauthenticates/

authorizes client

2

ClientSession

State

Primary propagates session details to backup controller

for use during failure

3

A new client associatesto the system

1

Member MemberMember

Secondary Seed

Primary Seed



SELF-REPAIRING CONTROL ARCHITECTURE

Member MemberMember

Secondary Seed

Primary Seed

Should the Primary betaken out of service, the Secondary immediately

takes over

1

• AP Re-homes to backup Member Controller..



NONSTOP OPERATION

Member Member

Secondary Seed

Primary Seed

A new Secondary isdesignated and is given the

AP configuration andclient session state

2

HITLESSFAILOVER

• Primary-Seed identifies & updates 3rd controller (WLC) as new Backup Member for AP/Client Session State.



IN-SERVICE SOFTWARE UPGRADE

Member MemberMember

Secondary Seed

Primary Seed

AP moves associated stationsto alternate AP then upgrades

4

HITLESSUPGRADE

Secondary passes control back to Primary and

upgrades

2

Primary Controller initiates upgrade sequence; passes control to

Secondary and upgrades

1

Primary Seed coordinates individual member upgrades; Member moves APs to

backup controller and upgrades

3

• Leverage Hitless Failover Functionality to provide ISSU..



Smart Mobile - Seamless Mobility

Controller A Controller B

Subnet 1 Subnet 2

LOCAL SWITCHING IMPROVED PERFORMANCE

Controller A Controller B

Anchored Mobility – Basic Roaming

Roam

Client A on Subnet 1

Client B on Subnet 1


Subnet 1 Subnet 2


Client B on Subnet 1

RoamClient A on Subnet 1

Mobility Domain



Virtual Chassis

Multiple switches acting asa single, logical device

One switch to configure,one switch to manage

Improved resiliencyand performance

VIRTUAL CHASSISSIMPLIFYING THE NETWORK

• No Single Points of Failure.



Master

Backup

DISTRIBUTED SWITCHING

Local Switching

Inter-Module Switching

A

B

C

D

VCP Links



L2 and L3 STATEFUL FAILOVER

Master RE – EX4200 Backup RE – EX4200

Line card – EX4200 Line card – EX4200

Line card – EX4200

EX4500VC

WLC2 WLC1

Internet/DataCenter

Line card – EX4200

0

1

2

4

3

Normal traffic flow

5

AP1

EX-SW4 fails and EX-SW5 and EX-SW3 detect VC port to EX-SW4 is down

EX-SW3 immediately switches to backup path

FAIL OVERIN SUB-50

MILLISECONDS!

All traffic is re-routed

• Switch Failure & Re-Routing via Backup VCP-Path. New BackUp RE chosen.



WIRELESS NETWORK CONGESTION AND CALL ADMISSION CONTROL



WIFI MULTIMEDIA ACCESS CATEGORIES

Wired priority is mapped to 4 X WMM access categories for

over-the-air QoS

Packet prioritization applied to tunneled

traffic

AP and controllers classify and mark user

traffic



New clientsession accepted!

2 active calls

8 voice devicesassociated but idle

DYNAMIC CALL ADMISSION CONTROL

Roaming usersession accepted!

Roam acceptedcall preserved!



AUTOMATIC CLIENT LOAD BALANCING

5 GHz capable client ‘encouraged’ to connect at 5 GHz

2.4 GHz only client connects at 2.4 GHz

Automatic Load Balancing per RF

Band

Band Steering



NETWORK ACCESS & POLICY CONTROL



OVERVIEW – COORDINATED THREAT CONTROL

Apps

Data

Finance

Video

Active Directory/LDAP

MAG

Wireless AP’s

Junos Pulse Client

Wireless LANController

Ethernet coreswitches

Ethernet access switches

RouterFirewallIPS

SSLVPNRADIUS

UniversalAccessControl

SRX Router/Firewall/IPS

Internet

Corporate Data Center



WLC

Wireless UserTablet/smartphone

Corporate Data

Center

MAG with Radius, SSLVPN and UAC

modules

Smartphone start 802.1x authentication

to AP

1

AP sends Authorization request to WLC

2

WLC sends information to Radius Server

3

WLC sends user policy information to APVLAN, ACLs, QoS

5

Radius Server sends username/pass to

Active Directory/LDAP for validation. Then sends user policy to

WLC

4AP sets User policies VLAN, QoS, ACL’s

Wireless Data Encrypted

6

Smartphonedevices on WLAN

IP addresses received via DHCP

7

ESTABLISHING A WIRELESS CONNECTION

SRX with IDP/AppSecure

EX SeriesAP

EX Series



NETWORK ACCESS AND POLICY CONTROL

Device authenticated on wireless network

1DHCP Server

communicates User and IP information to MAG

via IF-MAP

2

MAG pushes role based ACL and FW

policies to EX and SRX

3SRX AppSecure

Polices block non-work related

applications like Hulu and Netflix

5SRX enforces user

policies allowing user basic access to all

servers except finance

4Apps

Data

Finance

Video

Active Directory /LDAP


WLC


MAG

SRX

AP

DHCP and IF-MAP

SRX AppTrack feature combined with MAG

data collects per user application information

providing detailed reports in STRM

Internet

EX Series



ENFORCING NETWORK ACCESS POLICIES

PC user


Apps

Data

Finance

Video


Patch Remediation

MAG

WLCs

Pulse detects device is on corporate network andper user policy disables any active VPN sessions

1During 802.1x authentication. MAG verifies PC meets company software and security policy requirements

2Compliance check fails. Antivirus signatures are out of date and useris quarantined to remediation VLAN. Patch server updates signatures.User is now in compliance and granted network access

3

EX4500 VC and EX4200 VC

SRX

EX4200 VC

SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM

SRX AppSecure Polices block non-work related applications

6SRX enforces user policies allowing user basic access to all servers except finance

5

MAG pushes role based FW policies to EX and SRX

4

Virus SW too

old

Internet



SECURE REMOTE ACCESS AND INTEGRATION




Corporate Data CenterApps

Data

Video


MAG with Radius,SSLVPN and UAC

modules

WLCs

User needs to access company intranet overnon-corporate network using iPad

1

User starts Junos Pulse and initiates a secure VPN session with MAG appliance

2

MAG verifies user login, establishes VPN and the device is allowed on the network.

3

SRX AppSecure polices blocknon-work related applications

6

EX4500 VC and EX4200 VCs

SRX with IDP/AppSecure

SRX AppTrack feature combined with MAG data collects per user application information providing detailed reports in STRM

Finance

MOBILE DEVICE REMOTE NETWORK ACCESS POLICY AND ACCESS CONTROL

SRX enforces user policies allowing user access to all servers except finance

5

MAG pushes role based ACL and FW policies to the SRX and EX

4

Internet



BYOD: ONBOARDING GUEST USERSDEMO



ONBOARDING GUEST USERSGUEST SELF PROVISIONING & APPLICATION RESTRICTION

GUEST ID

Hospital Guest Login

(408) 569-9863

Google

www.youtube.com

Can’t access!!!

This Hospitalis keeping

bandwidth for what matters most

!

Hospital Network

SRX 550

MAG Series (UAC)

WLA532

WLC2800

with Smartpass



WLC


Unknown device connects to open captive portal SSID

1

User session is captured and redirected to SmartPass

2

User selects SmartPass self-registration and creates a temporary user credential

3

User uses temporary credentials to authenticate against SmartPass

5

SmartPass sends temporary credential to end user via Clickatell SMS service

4

User is connected to the network using mobile phone number and temporary password

6

SmartPass

EX SeriesAP

EX Series

ONBOARDING GUEST USERSGUEST SELF PROVISIONING

Clickatell SMS Gateway service



ROLE BASED NETWORK SEGREGATION

Device authenticates on wireless network

1Smartpass

communicates User and IP information to UAC

via IF-MAP

2

UAC pushes role based ACL and FW policies to

EX, WL and SRX

3SRX enforces user

policies allowing user basic access to all

servers except finance

4Apps

Data

Finance

Video

Active Directory /LDAP


WLC


UAC

SRX

AP

SmartPass

EX Series



ONBOARDING GUEST USERSGUEST SELF PROVISIONING

Step 1: connect device to SSID ‘Juniper_Guest_Access’

Step 2: open web browser and browse to www.juniper.net (or use bookmark)

Acmegizmo captive portal page should come up

Step 3: click on the ‘Create New User’ button to self-provision temporary user credentials

Step 4: enter a valid mobile number, name, email and company; click ‘send SMS’

Phone number must be able to receive SMS messages, other data can be bogus (except email must be well-formed)

Within a minute or two phone should receive welcome message

Step 5: enter the temporary credentials into the captive portal login page to access the guest network



SP

EC

IAL O

FFE

R

Free Business Productivity Analysis

Generation-e’s MBA qualified business expert will spend one day onsite with you, helping you understand your IT infrastructure capabilities and building a roadmap with an actionable plan for embracing the technologies we’ve spoken about today to evolve your business and build your competitive advantage.

Normally valued at $3,000 – Free for attendees

Don’t Forget:You will be emailed a feedback survey after this event. Please complete it to be registered to win a Microsoft Surface.


Date post:	08-Jun-2015
Category:	Technology
Upload:	generation-e
View:	347 times
Download:	5 times