Transcript Slide 1
JUNOS PULSE Ing Stephen Vella Computime Ltd. Head of Technology Solutions AGENDA Trends, Challenges and Opportunities Junos Pulse Overview Junos Pulse for Windows Overview Junos Pulse for Mobile OS Overview Junos Pulse Gateways Summary Q&A 2 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MORE USERS, MORE NOTEBOOKS, NETBOOKS, AND SMARTPHONES… 3 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MORE USERS, MORE NOTEBOOKS, NETBOOKS, AND SMARTPHONES… Freedom and Flexibility to Use Any Device 4 Copyright © 2010 Juniper Networks, Inc. www.juniper.net EXPLOSIVE GROWTH IN MOBILITY World's mobile worker population to surpass 1B people in 2010 and grow to > 1/3 of world's workforce by 2013* By 2012, smartphone penetration to roughly double globally (~9% to 20%)* 5 *Forrester Research; ** IDC Copyright © 2010 Juniper Networks, Inc. 14% of information workers use smartphones in 2010 to access data; expected to reach 30% by 2013** About 1/4 of employees use smartphones that are not “corporate-standard” or managed* www.juniper.net SECURITY CLIENT ADOPTION GROWTH Security Client Revenue by Category Copyright © 2010 Infonetics Research, Inc. $8 100% 90% $7 80% $6 Revenue (US$B) 70% $5 60% $4 50% 40% $3 30% $2 20% $1 10% $0 0% CY08 CY09 CY10 Desktop security clients CY11 CY12 Mobile security clients CY13 CY14 % Growth • PC shipments grew 1% in 2009 • Smartphones continued to fly off shelves • Combined with very successful launch of Microsoft Windows 7 and continuing development of an incredibly hostile threat environment, client security revenue increased almost 10% in 2009 6 Copyright © 2010 Juniper Networks, Inc. www.juniper.net WHAT IS JUNOS PULSE? Junos Pulse Gateways Junos Pulse Client Applications (of any type) MAGSeries SSL VPN Junos Pulse Client IC Series UAC Juniper Extensive “Clientless”/ Browser Support 7 WXC Series Application Acceleration Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE AS AN INTEGRATION PLATFORM Junos Pulse is also an integration platform for select 3rd party applications and services Junos Pulse Applications Junos Pulse Platform A P P A P P A P P A P P 1 2 3 4 Applications • SSL VPN • NAC • Application Acceleration • EES • and more Junos Pulse Client NOTE: Applications different per OS Copyright © 2010 Juniper Networks, Inc. A P P A P P A P P 1 2 3 4 Junos Pulse Gateways Base OS 8 A P P www.juniper.net BASED ON SUCCESSFUL, TESTED, LEADING TECHNOLOGY 24 of Fortune 25 are using one core Pulse service: Juniper SA Series SSL VPN Over 25M people use Juniper client software to securely access corporate data Only Converged Solution Support for many thousands of users Broadest Device Coverage Covers majority of all desktop, laptop, netbook, and smartphones worldwide Most Scalable Only Standardsbased Solution 9 Secure application access for mobile and non-mobile devices Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE ANYTIME/ANYWHERE ENTERPRISE MOBILITY Microsoft Windows and Apple Mac OS – Full-featured connectivity + security + acceleration + collaboration Junos Pulse v1.0: Q210 Standalone clients available TODAY Mobile OS - Appropriate functionality, evolving with the industry Secure Access to Email Applications, Web Applications and Full Layer 3 Access to Corporate Applications 10 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE FOR WINDOWS Integrated multi-service network client delivering anytime/anywhere/everywhere connectivity, security, and acceleration with a simplified user experience Dynamically provisioned software client (Junos Pulse) for: Connectivity Security Acceleration Collaboration Integrated multi-service gateways to terminate/control client Location awareness and session migration deliver anytime/anywhere access automatically, without user intervention Identity-enabled Builds on Juniper’s market leading SA Series SSL VPN, UAC solution, and WXC Series technology! Standards-based, future-proofing network investments Integration platform for select 3rd party apps 11 Copyright © 2010 Juniper Networks, Inc. www.juniper.net SMART LOCATION BASED VPN AND LAN ACCESS For notebooks and netbooks: Location Awareness – Seamless access as the user moves from remote access to LAN access Pulse Client auto discovers High Speed/Low Latency connections Seamless session migration – No need to re-authenticate HQ SA Series Remote Location (Hotel, Partner, etc.) WXC Series IC Series (UAC) Remote Users/Telecommuters 12 Branch Office/Locations/Campus Copyright © 2010 Juniper Networks, Inc. www.juniper.net Mobile Users GLOBAL IDENTITY AWARE NETWORKING Data Center Tokyo Data Center NY Finance Server Engineering Server SRX UAC Corporate Network User: Adam Role: Finance Head Quarters Engineering Server SRX IF-MAP SSL VPN LAN 13 Finance Server UAC IF-MAP SSL VPN REMOTE SSL VPN in now Finance attempts Adam is remote in Asiato access the Engineering and attempts to access the Servers in the NY data center Tokyo data center remotely from his mobile wired desktop HQ, device. atThe but access is denied. is same access policiesAdam applied only allowed access the to Adam when at HQto follow Finance Serverand based on his him anywhere anytime he credentials and access attempts network access. policies. Copyright © 2010 Juniper Networks, Inc. www.juniper.net User: Adam Role: Finance Remote Site FUNDAMENTAL CHANGE IN MOBILE SECURITY Smartphones ARE computers Threat vectors are at the device, application and network level Threat landscape has evolved from SMS-based attacks 15 Copyright © 2010 Juniper Networks, Inc. www.juniper.net GROWING SMARTPHONE USAGE Rapid ongoing adoption of smartphones By 2012, we expect penetration of smartphones to roughly double globally (~9% to 20%)* Roughly 25% of employees use smartphones that are not “corporate-standard” – expected to further increase rapidly * Forrester Report, Q4 2009, http://fixed-mobileconvergence.tmcnet.com/topics/pbx/articles/70967still-lots-room-upside-enterprise-smartphones.htm 16 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE ANYTIME/ANYWHERE ENTERPRISE MOBILITY Windows and Mac – Full-featured connectivity + security + acceleration + collaboration Junos Pulse v1.0: Q210 Standalone clients available TODAY Mobile OS - Appropriate functionality, evolving with the industry Secure Access to Email Applications, Web Applications and Full Layer 3 Access to Corporate Applications 17 Copyright © 2010 Juniper Networks, Inc. www.juniper.net INCREASING ENTERPRISE MOBILE PRODUCTIVITY Driven by employees who want to use personal devices Mobility = Productivity Good for employees and the company! But why haven’t companies allowed/done it to date? Lack of encryption No multifactor authentication Lack of robust antivirus/anti-malware Inconsistent security policies Application rendering (small screens) Difficult to enter passwords Wide range of backend applications # of Devices Mobile Device Growth in the Enterprise Personal Enterprise Smartphones Smartphones Increases enterprise productivity by empowering employees to access corporate applications on personal handsets 18 Copyright © 2010 Juniper Networks, Inc. www.juniper.net SECURE ACCESS FROM MOBILE DEVICES Junos Pulse for mobile devices enables smartphone and mobile device access to email, Web, and corporate applications Applications Corporate Apps Web Apps Email More Applications on More Devices Over Time 19 Copyright © 2010 Juniper Networks, Inc. www.juniper.net AGENDA Trends, Challenges and Opportunities Junos Pulse Overview Junos Pulse for Windows Overview Junos Pulse and Mobile OS/Devices Overview Junos Pulse Gateways Summary Q&A 20 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE GATEWAYS MAG SERIES, UAC, WXC SERIES Junos Pulse Gateways Junos Pulse Client Applications (of any type) MAGSeries/SSL VPN Junos Pulse Client IC Series/UAC Juniper Extensive “Clientless”/ Browser Support 21 WXC Series/ Application Acceleration Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG SERIES SSL VPN 1. Employee Remote Access Employees with Home PCs Employees with Mobile Devices 2. Extranet Portals Employees with Corporate Laptops Increased Productivity Anytime, anywhere access from any device No endpoint software to install or manage Easy access from common browsers Suppliers Customers Administrative Ease of Use Easier management of authorized users No client software enforced on users Access from any Web-enabled device MAG Corporate Intranet 3. Business Continuity Partners Email Server 4. Mobile Device Access % of Participants Who Experienced an Insider Incident Employees Partners Applications Server Customers Continued Business Operations High remote access demand during emergency Simple scalability to increased demand Sustain access for partners and customers 22 Copyright © 2010 Juniper Networks, Inc. iPhone Improved Ease of Use, Higher Productivity Access from any mobile device ActiveSync provides secure access to Exchange Enforce mobile device integrity and security www.juniper.net INTRODUCING MAG SERIES JUNOS PULSE GATEWAYS Next Generation Purpose-built Gateways Supporting 3rd Party Applications/VM’s - future SSL VPN NAC Application Acceleration (WX) - future Junos Pulse Gateway – Single Gateway! Single Client! Single, designed gateway to run SSL VPN & NAC Integrated with Junos Pulse client 4 models to meet needs of companies of all sizes Smaller form factor Lower power consumption Common access licensing Investment protection SSL VPN Module NAC Module MAG6611 Junos Pulse Gateway 23 Copyright © 2010 Juniper Networks, Inc. www.juniper.net UNIQUE MAG SERIES FEATURES 24 Feature Description Single client, single gateway - One converged gateway for SSL VPN & NAC - Single client for SSL VPN & NAC (Junos Pulse) Personality switching Easily change between SSL VPN & NAC personalities (e.g., SSL VPN today, NAC tomorrow) Modular design Mix & match service modules in chassis models to meet changing enterprise access needs Scalable architecture Max. support of up to 40,000 SSL VPN users and up to 60,000 NAC users in highest model Common access licenses Same license can be used either for SSL VPN user sessions or NAC user sessions Long-term investment Future support for 3rd party applications & application acceleration Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG SERIES MODELS MAG2600—Single application engine, fixed HW config. 1U high, 30W power consumption. Typical deployment up to 100 SSL VPN users or 200 guest access users MAG4610—Single application engine, fixed HW config. 1U, ½-width (may be deployed side-by-side in 1U rack space). Typical deployment up to 1000 SSL VPN users or 5000 NAC users MAG6610—1U high chassis modular configuration supports up to two service modules Optional management module. Typical deployment up to 20,000 SSL VPN users or 30,000 NAC users MAG6611—2U high chassis modular configuration supports up to four service modules Optional management module. Typical deployment up to 40,000 SSL VPN users or 60,000 NAC users 25 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG2600 JUNOS PULSE GATEWAY Ideal for small and medium enterprise customers Equivalent to SA700/SA2500 Small form factor design (1U high) Rack mountable or can be placed on desk Fixed configuration Can be used for SSL VPN OR enterprise guest access (EGA) capability Supports up to 100 SSL VPN users or 200 guest access users SSL VPN mode includes SA 7.1 (or higher) software features Guest access mode includes all EGA features (must order EGA license - MAGX600-GUESTACCESS) 26 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG4610 JUNOS PULSE GATEWAY Ideal for medium to large sized enterprise customers Equivalent to SA4500 or IC4500 1U , ½-width (may be deployed side-by-side in 1U rack space) for two node cluster Fixed configuration Can be used for SSL VPN OR NAC capability Supports up to 1000 SSL VPN users or 5000 NAC users SSL VPN mode includes SA 7.1 (or higher) software features NAC mode includes UAC 4.1 (or higher) software features 27 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6610 JUNOS PULSE GATEWAY Ideal for scalable large enterprise customers Equivalent to SA4500/SA6500 or IC4500/IC6500 1U high chassis modular configuration Supports up to two service modules Service Modules (MAG-SM160 or MAG-SM360) for SSL VPN AND/OR NAC capability Can enable SSL VPN mode on one module & NAC mode on another module Max. support of up to 20,000 SSL VPN or 30,000 NAC users Optional management module available (MAG-CM060) SSL VPN mode includes SA 7.1 (or higher) software features NAC mode includes UAC 4.1 (or higher) software features 28 Copyright © 2010 Juniper Networks, Inc. www.juniper.net MAG6611 JUNOS PULSE GATEWAY Ideal for highest access needs of enterprises Equivalent to SA4500/SA6500 or IC4500/IC6500 2U high chassis modular configuration Supports up to four service modules (MAG-SM160 or MAG-SM360) for SSL VPN AND/OR NAC capability Can enable SSL VPN mode on one or more modules & NAC mode on one or more modules Service Modules Max. support of up to 40,000 SSL VPN or 60,000 NAC users Optional management module available (MAG-CM060) Additional power supply available for redundancy SSL VPN mode includes SA 7.1 (or higher) software features NAC mode includes UAC 4.1 (or higher) software features 29 Copyright © 2010 Juniper Networks, Inc. www.juniper.net WXC SERIES APPLICATION ACCELERATION Application acceleration services in Junos Pulse are targeted to improve the performance of remote / mobile / home users accessing centrally hosted applications such as: Access to Microsoft Office data held on Windows shared drives Access to Web and Portal type applications FTP data repository DATA CENTER NSM Unified Access Control Data SA Series SSL VPN Wide Area Network WXC Series Finance IDP Series Enterprise IT Video Firewall STRM Series Apps 30 Copyright © 2010 Juniper Networks, Inc. www.juniper.net IC SERIES UNIFIED ACCESS CONTROL Ensures Secure Guest Access LAN Threat by Users Addresses Regulatory Compliance 58% Guests Employee, remote access Employee, Wireless LAN Contractors/ outsourced labor Unmanageable devices Employee, wired LAN 57% 47% Protects Against Insider Threats 100 44% 80 % of Participants Who Experienced Insider Threats 60 42% 40 20 30% 0 2004 Mike Fratto | InformationWeek Analytics | 2008 NAC Survey 31 Copyright © 2010 Juniper Networks, Inc. 2005 2006 2007 e-Crime Watch Survey www.juniper.net 2007 INDUSTRY LEADERSHIP AND RECOGNITION 2008 Gartner Magic Quadrant for SSL VPN Gartner SSL VPN Magic Quadrant 32 Copyright © 2010 Juniper Networks, Inc. Gartner NAC Magic Quadrant www.juniper.net JUNIPER AND JUNOS PULSE LEADING THE WAY Over 25M people use Juniper client software to securely access corporate data Industry’s 1st standards-based, dynamically provisioned multi-service client enabling connectivity, security and acceleration Addresses 76% of all smartphones in use world-wide Only Converged Multi-Application Access Solution for Mobile and NonMobile devices Industry’s most scalable SSL VPN mobile solution – supports many thousands of concurrent users 33 Copyright © 2010 Juniper Networks, Inc. www.juniper.net iPAD Demo ADDITIONAL SLIDES JUNOS PULSE REMOTE ACCESS Features Benefits Layer 3 SSL VPN (Network Connect) • Layer 3 VPN connectivity with granular access control • SSL mode only (no ESP mode) Location Awareness • Seamless roaming from remote access (to Juniper SA Series gateway) to local LAN access (via Juniper UAC) • Pulse can be pre-configured by admins to automatically prompt end users for credentials to authenticate to the SA Series gateway when they are remote Endpoint security • Full Host Checker capability to check endpoint integrity • EES delivers on-the-fly malware protection, pre-connection scanning policies and real time protection, supported by both the SA Series SSL VPN and the UAC Split tunneling options • Enabled or disable without route monitoring • Key split tunneling options of Network Connect • Enforces secure, granular access control Flexible launch options • Standalone client • Browser-based launch • Users can easily launch Junos Pulse via the web from the SA Series SSL VPN landing page • Remote users can simply launch Junos Pulse from their desktop Pre-configuration options • Pre-configured installer to contain list of SA Series gateways • Admin can pre-configure a Pulse deployment with a list of corporate SSLVPN gateways for end users to choose from Connectivity Options • Max/Idle Session Timeouts • Automatic Reconnect • Logging • Admins can set up flexible connectivity options for remote users 37 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE LAN ACCESS CONTROL Features Benefits Location Awareness • Simplified end user interface: automatically prompts user for credentials to the IC Series appliance • Reduces support costs due to simplified user interface Session Migration • Automatically migrates authenticated user sessions between SA Series and IC Series appliances • Avoids end user from having to authenticate multiple times to different devices Pre-configuration options • Administrative ease of configuring predefined SSID’s corresponding to corporate networks • Simplified end user interface: avoids them to configure these SSID’s manually Wired/Wireless 802.1x support • Good critical mass of features to facilitate IC Series/UAC customers to migrate from UAC Agent/OAC to Junos Pulse • Broad Authentication support, Endpoint Security, Windows support and IPSec tunneling features enable majority of IC Series use cases EAP-TTLS, EAP-JUAC Username-password, Certbased auth Endpoint Security IPSec tunneling 38 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE APPLICATION ACCELERATION Features Benefits LZ compression • LZ compression delivers first and repeated-pass optimization for ‘cold’ never seen data patterns. Delivering improvements to application and data access for remote and mobile users. TCP Acceleration • WX Pulse provides for TCP layer optimization aiding in delivering application acceleration and mitigating network latency for remote and mobile users. CIFS Acceleration • Protocol specific acceleration for CIFS transactions, in conjunction with CIFS Object store to provide significant performance improvements. Improved User Interface • Easy to use and understand Interface (GUI). Pulse Auto-Installation • Pulse can be automatically distributed to client endpoints without users intervention, installation and running of the client can be performed under the Juniper Installer Services (JIS) ensuring users do not require Admin access. Temporary Evaluation Licenses • LMS can generate temporary license keys for WXC appliance without the need to load factory-defaults. WX Pulse AutoConfiguration sync • Each time the WX Pulse client forms an adjacency with the head-end WXC Series appliance, any new or updated application definitions are automatically synchronized to ensure optimum application optimization is happening for the user. Head-End auto-discovery • Auto-Discovery, Pulse will auto discover the head-end WXC Series appliance with our specific IP addressing via dynamic use of TCP Options field. 39 Copyright © 2010 Juniper Networks, Inc. www.juniper.net JUNOS PULSE LICENSING • Licensing model identical to current standalone clients Concurrent user licensing enforced on SA Series, IC Series, SRX Series and WXC Series appliances SA Series and IC Series admin UI can be configured to deploy either Junos Pulse or standalone clients 40 Copyright © 2010 Juniper Networks, Inc. www.juniper.net