600 likes | 1.16k Views
Juniper Networks Simply Connected Workshop. Agenda. 10h00 : Introduction Westcon Juniper Team 10h15 : Juniper WLAN Solution in depth 11h30 : WLAN technical Virtual WLAN controller 802.11ac Developments 12h30 : Lunch 13h30 : WLAN demo-time Ringmaster Demo SmartPass Demo
E N D
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Our Company Notre entreprise • En France : • 50 collaborateurs • Fondée en 1992, 5 agences • 80m $ • ATC et centre de support Paris Nantes Lyon Toulouse Marseille
Our Company Notre entreprise Produits●Services●Formations • Partenariats avec les leaders du marché de la sécurité • Des services innovants : • Prestations d’installation • Support téléphonique 24x7 et support matériel sous 4h • Centre de formation agréé • Nous intervenons sur des problématiques de : • Sécurité (réseau, web, postes clients, nomadisme…) • Mobilité • Disponibilité et optimisation des applications • Conformité légale • Wifi
Des équipes dédiées pour vous accompagnerà chaque étape du cycle de vente Déploiement et support Formations Nouveaux clients Nouveaux Projets Offre commerciale Argumentation Architecture
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Juniper Wireless LAN Product Portfolio Controller Scalable, Flexible, Fastest, Highest capacity Mobility Mgmt & Services Unified Infrastructure and services Wlan Life Cycle Mngt Guest Access Location Awareness Access Points Best price performance, Mass deployment ready Mobility System Software Secure, Reliable, Seamless Mobility Services
Juniper WLC Series controller family WLC SeriesHighlights • Simplest solution in the Industry • Highest reliability in the industry • Only vendor with in-service upgrades • Full featured distributed deployment Enterprise New Campus 4- 32 11n AP New 16 - 128 11n AP 16 - 256 11n AP 64 - 512 11n AP WLC100 JunosV WLC 4 AP WLC800 WLC880 12 AP WLC2800 WLC2 Branch WLC8 4 12 16 32 64 128 192 256 512 # of AP
Juniper WLA Series Access PointNext Generation Family • Highest performance APs in the industry • Most cost effective APs in the industry • Full featured Intelligent switching • Spectrum analysis across the portfolio • Bridging and mesh Q3/ 2014 Q2/ 2014 WLA Series Highlights 11ac 3x3 MIMO Dual Radio Gigabit Performance 3 Stream MIMO Dual Radio High Performance 11ac 3x3 MIMO Dual Radio All Weather 3x3 MIMO Dual Radio All Weather NG Outdoor Dual Radio Entry-level AP Single Radio Low Cost AP Functionality WLA532/E RAPTOR NG Indoor WLA322 Firefox WLA632 WLA321 Outdoor 11n/11ac Entry level 802.11n Indoor 11n/11ac
Interfaces Concurrent 3-stream dual-radio operation Up to 450Mbps link speed on 5GHz Up to 195Mbps link speed on 2.4GHz 10x better performance than 802.11a/g 802.3af PoE power Security Encryption at “air” rate 802.11i, WPA2/AES, WPA/TKIP, WEP No stored configuration, no serial port, special tool lock screw on bracket AP to MX data path encryption Performance and Mobility Local switching for low latency, high performance Advanced AP VLAN tunneling WLA532: High Performance, Enterprise-Grade AP Features • Management • AutoTune Dynamic RF management • Antenna • Six Internal cross-polarized antennas with 5 degree down-tilt for best signal strength Usability & Ease-of-Installation • Versatile mounting options for ceiling, wall mount and wall plugs • Product Ordering • WLA532-US: For US operation • WLA532-IL: For Israel operation • WLA532-WW: For Worldwide operation except US and IL
Juniper WLM Series Life Cycle Management • Planning and deployment • 3D predictive planning tool • Indoor and outdoor network plan • Configuration and Verification • Complete offline configuration • System and service wizards • Pushes configuration to WLCs • Monitoring and reporting • By user, radio, AP, WLC, SSID • 30 day history aids compliance • WIDS/WIPS integration • Location aware • Search by location • Roaming history • Geo fencing RingMaster
Juniper WLM Series Guest Management SmartPass • Web-based access control suite • Guest access module • Ease of use / Bulk user creation • API for 3rd part application integration • SMS / Email creation of guest coupons with Self-Provisioning • Accounting database • Detailed client accounting history • Reporting available via RingMaster • Access control module • RFC 3576 (Dynamic Radius) • Location awareness for client sessions. • Allow or deny access based on location • Change any AAA attribute based on location • Access Rules (location based, time based or a combination of both) Centralized Guest Access Database
Juniper WLM Series Device Onboarding • Automated, Self-Service Onboarding • Automatically provision client devices • Secure 802.1x or PSK access to the wireless network • Secure 802.1x access to the wired network • Authentication • Leverages built-in supplicants in today’s modern OSs • Credentials (PEAP, TTLS) or Certificates (TLS) • Automates certificate enrollment process • Self service client certificate deployment from Microsoft CA • Devices • iOS, Android, Windows, Mac SmartPass Connect
Secure Client Mobility Roaming across APs, controllers Identity-based networking Controller Virtualization (cluster) 150 msec AP failover for controller outages. No session losses Single point of configuration Many-to-many in-service resiliency Dynamic AP load balancing across controllers In service maintenance - adds, moves, changes, upgrades cluster Distributed Forwarding Efficient and flexible data path forwarding AP to WLC, WLC to WLC tunneling Voice application awareness Active call management (CAC) SIP inspection / prioritization Call details record, audit trail Device Profiling Automatically detects client operation system Option to assign policies, depending on operating system AP Load Balancing APs dynamically assigned to least loaded controllers Eliminates management chore of AP-Controller mapping Scale capacity w/ zero config Less waste of AP licenses Band Steering & Client Load Balancing Preserves b/g bandwidth Prevents “front door” problem Maximizes per-user bandwidth QoS Management L2/L3/L4 classification, bandwidth, QoS controls By user, SSID or application Wireless Security WIDS/WIPS AAA, guest services Location Aware WLAN Access Per session, port, VLAN, AP ACLs Dynamic authentication (location, time, bandwidth usage…) Software Feature Highlights
Persistent AP Configuration X • Allows APs to survive reboot • Enhanced Branch Survivability • Enables deployments with periodic WLC access • Feature Description • AP boots without controller • Service using ‘last-known’ config • Seamless re-entry to WLC • Needs APOS on the AP • Supported on WLA-532/322/321
Remote AP RADIUS Client Campus SRX WLC Centralized RADIUS WAN Branch SRX EX Local RADIUS • Overview • Enhances Remote AP capabilities • Extends Branch Survivability • Enables longer latency WAN links • Feature Description • 802.1X/RADIUS authentication • RADIUS MAC authentication • RADIUS CoA • Device Fingerprinting • Failover/back session persistence
Controller ClusteringWhy order the HA-license? • The cluster/HA feature is always available • Why do I need the license? • The cluster/HA license adds AP-count redundancy: • Scenario: redundant setup for 250 AP’s • Without the license: • Each controller needs 256 AP licenses • With the license: • Each controller needs 128 AP licenses + HA license • During a fail situation, the remaining controller will support 256 AP’s • On WLC-880: HA license = $ 3895 // 128 AP licenses = $ 18580
Juniper WirelessDesinged to scale • Vlan Pooling • Ability to setup a pool of 32 VLANs per pool and 16 pools per Cluster • Users connecting to that pool will be balanced across the member VLANs • Vlan assignment is done using Round Robin mechanism
MICROSOFT LYNC WIFI PARTNER PROGRAM Set of certifications intended to ensure compatibility between Lync software and WiFi infrastructure networks 3 levels of certification requirements • Fixed data: IM, web-conference, file-sharing • Fixed RealTime Multimedia: audio or video conferencing from desk/conference room • Mobile RealTime Multimedia: audio/video while on the move Juniper and a few other vendors have completed certification for wired networking products
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
What is JunosV Wireless LAN Controller? Virtualized Environment JunosV WLC VM1 VM2 VM3 Hypervisor X86 server platform Juniper is delivering its industry-leading Mobility System Software as a software appliance for deployment in virtualized environments
JunosV Wireless LAN Controller Overview • Virtual WLAN Appliance • WLC delivered as a virtual appliance on VMware-based hypervisors • Runs on standard x86 hardware • Maintains features and functionalities of appliance based WLCs • Supports mix-and-match deployment with physical WLCs • Performance and capacities dependent on host hardware • APs, data plane throughput, session counts scale with host resources • Supports Hypervisor VM functionality • vMotion, snapshots, cloning, templates VMWare vCenter VM VM VM VM JunosV WLC EX Series WLC Virtual Distributed Switch Hypervisor on x86 HW WLA Access Points
JunosV Wireless LAN Controller Specifications • Supports up to 256 APs (cluster up to 2048 APs) • Supports 6400 users sessions • 100% SW feature Parity with Appliance WLC • Managed via RingMaster or Network Director 1.5 • Requirements: • VMware ESXi 5.0 (or higher) • Minimum 320 MB RAM • Recommended 2G RAM (for 256 APs/6400 user sessions) • Minimum 16GB disk space • Minimum 1 Ethernet Adapter, recommended 2 • E1000 Network Adapter
JunosV WLCJSA Licensing • 2 License options: • Perpetual licenses one time charge. • Maintenance must be purchased separately • Subscription licensees include maintenance service • Renewed annually • Voice, Mesh and High-Availability included in AP license • no separate license required • You still need a Spectrum Analysis license
JunosV WLCImplementation • Single vCPU / VM instance = 630Mbit/s throughput • Not enough for .11n / .11ac implementations • Your proposal/design should advise local switching • Remember you can mix & match local & central switching per SSID • Practical remark: • Don’t setup all the interfaces in the same vlan • The virtual controller doesn’t support STP (unlike physical WLC’s) • Change the default config before you start your newly installed virtual appliance!
JunosV WLCLimitations • No Webview interface in FRS (will return in MR1) • No support for port groups • No Spanning Tree • No LLDP support
JunosV WLCWhy? • JunosV WLC is another step towards virtualisation of the control plane • What will be next? • Sooner • CAPWAP tunnel termination on EX9200 • New control-plane controller (used with EX9200) • Later • Tunnel termination on the access layer • Embedded WLAN service on the access layer
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Access Point technology evolution Gigabit Gigabit 450Mbps Per Radio Speed 300 Mbps 54 Mbps 11 Mbps 802.11n 2 Spatial Streams 802.11n 3 Spatial Streams 802.11ac Multi-user MIMO 802.11ac Base 802.11b 802.11g Time
802.11ac High Speed WLAN • Up to 7 gbps (aggregate) • Wider channel bandwidth (80 MHz or 160 MHz) • Be aware: wider channels leaes less overlapping free channel sets • we have a max of 18 5 GHz channels • 5 GHz Band • High speed modulation (256 QAM) • Up to 8 spatial streams (= up to 8 Antennas) • Up to 4 per client
802.11ac Daterates with one spatial stream 6.933,6Mbit/s with 8 Spatial Streams!
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Wireless Management & Access Control WLM – Management and Access Control SmartPass RingMaster WLM - Appliance Plan - Configure - Monitor - Troubleshoot - Report WLM – RMTS WLM1200 – RMTS WLM – SP Software Licenses With 8.0: 64 bit SW 5 – 1,000 APs -> 3500 Optimized Linux Server Platform 250 – 5,000 APs Software Licenses WLAN Access ControlGuest Provisioning
Guest Server RingMaster Architecture Controllers CAMPUS 1 Unified Management Console RingMaster Server LAN / WAN CAMPUS 2 CAMPUS 3 Controller Controllers
RingMaster Lifecycle Management 3D RF Planning Configuration Management Monitoring and Troubleshooting Reporting
Management: Next StepJuniper Network Director 1.5 • Module for Junos Space • Common Management for WLAN and LAN • Configuration and Monitoring for WLAN and LAN devices • Ringmaster feature parity in version 2.0
SmartPass, Controller and RingMaster Location Appliance SOAP/XML Login Page: from Controller or SmartPass REST API for Mngt Integration RingMaster RADIUS Capture Function: Controller WLAN Controller Guest User
BYOD Issues to solveProvisioning • How to configure high number of personal devices for access to secure SSID? SmartPass Connect • Automated self-service onboarding of (mobile) devices: • Windows, Linux, MAC, iOS, Andoid • Vanishing Agent • downloads from web server, performs configuration tasks, then deletes itself • Java, ActiveX or html based • depending on platform and capabilities (SPC server automatically figures out the best vehicle for a given platform) • Credentials (PEAP) or Certificates (TLS) • Install Client Certificates & Trusted Root CAs • Handle Additional Dependencies (Software, Proxies, etc.) • Cloud based service with local configuration server
How does SmartPass Connect Work? Web Server (locally deployed= 1 2 AAA Server Network Management Admin Console (Cloud Service) Open SSID Secure SSID SPC allows agent-less network provisioning: 4 • IT Admin configures network parameters • IT Admin deploys the configuration files to local web server • User connects to local web server downloads configuration • SPC’s (dissolvable) client runs through configuration on device • User device connects to secure network • After successfully accessing the network, SPC Client dissolves 1 6 3 5 2 3 4 5 6
Integration module for Microsoft CA The CA Integration Module allows the Configuration Wizard to request certificates from a MS PKI infrastructure • Extends TLS (certificate based authentication) to Non-Domain Devices • Plug & Play Integration with Microsoft Certificate Services • Module requires that wizard package be installed on Windows IIS server (domain membership required) • Works with MS CA only SPC Config Wizard Web Server MS CA
Employee Owned Device On Corporate Network Employee Self Provisioning 3 1 • Unknown device connects to open captive portal SSID • SmartPass web portal presents captive portal and redirects client to provisioning portal 5 • Provisioning portal gets user credentials from wizard; validates against AD; and requests user cert for end user 2 • User session is captured and redirected to SmartPass SmartPass WLC UAC EX Series EX Series Wireless User Tablet/smartphone AP AD/Certificate Authority 6 4 • Provisioning wizard gets EAP-TLS configuration profile (and cert) from provisioning portal; agent dissolves • Provisioning portal pushes native supplicant config wizard to client device 7 • User selects secure wireless network and device authenticates to RADIUS without requiring user to enter credentials SmartPass connect Corporate Data Center
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Agenda 10h00 : Introduction Westcon Juniper Team10h15 : Juniper WLAN Solution in depth11h30 : WLAN technical • Virtual WLAN controller • 802.11ac Developments 12h30 : Lunch13h30 : WLAN demo-time • Ringmaster Demo • SmartPass Demo 15h00 : Break15h20 : Simply Connected Concept16h00 : Q&A16h15 : Network Drink - Closing Cocktail
Simply ConnectedThe Concept Holistic approach to enterprise mobility and BYOD access Coordinated Security Safe and simple mobility while protecting assets Switching Wireless Performance at Scale Scalability without complicating the network Security Routing HighlyResilient Automated,uninterrupted service
EX With UAC Enforce Security Policy Allows automatic and dynamic policy enforcement at the edge of the network including role based dynamic ACLs without any manual intervention MAG/UAC 3rd Party Supplicants EX Protected Resources Juniper Client