mobility beyond byod - junipernetworksevents.net · video active directory /ldap patch remediation...

MOBILITY BEYOND BYOD

Jonas Gyllenhammar Consulting Engineer Junos Pulse solutions

2 Copyright © 2012 Juniper Networks, Inc. www.juniper.net

BYOD DEFINED

Today's business environment requires coordinated access

Employee Owned

Devices (BYOD) Guest Devices

Corporate Owned

Devices


USER EXAMPLES FOR MOBILITY

Visitors at a museum Visitors at an enterprise

Doctor’s own iPad Hotel employees on iPad

Teacher’s own iPad Student’s own iPad Employee owned laptops,

smartphones and tablets at an enterprise

Visitors at a hospital Visitors at a hotel

Hospital issued laptops School issued laptops

Hospital issued iPad School issued mobile

devices

Guest Devices

Employee Owned

Corporate Owned


Open Access, Guest Users

• Self provisioning

• Open, no encryption, captive portal

• Simple experience

• Device aware policy

• Differentiated access

MOBILE USER TYPES AND REQUIREMENTS

BYOD (Employee owned)

• Self provisioning

• Secure certificate based authentication

• User, application, device aware policies

• Device management

• On-device security

• Device, data loss, data theft prevention

• Secure network, cloud access

• Device agnostic “Follow-me policies”

Corporate Issued Devices • Self provisioning

• Secure certificate based authentication

• User, application, device aware policy

• Device management

• On-device security

• Secure network, cloud SSO

• Device agnostic “Follow-me policies”

• Application management

• Content monitoring

Guest Devices

Employee Owned Devices

Corporate Owned Devices


VISIT THE SIMPLY CONNECTED LIVE DEMO

AND TOMORROW’S

SIMPLY CONNECTED IN ACTION - AN

OVERVIEW OF DIFFERENT USE-CASES


MOBILITY BEYOND BYOD END TO END REMOTE ACCESS, ANYTIME, ANY DEVICE

“Enterprises should focus on mobile

data protection (MDP), network access

control (NAC), and mobile device

management (MDM) tools to support

their BYOD and new enterprise mobile

platform efforts.”


CREATE YOUR DEVICE ACCESS REQUIREMENTS

Client

Deployed

Mobile

Security

Mobile

Device/Appl

. Mgmt

LAN/WLAN

Access

Remote

Access

Access to

Corporate

Resources

Corporate

Device

Personal Device

(BYOD)

Guest Device

Contractor /

Consultant

Device

Its not about BYOD.. Its about an Access Management policy / solution.


JUNOS PULSE – SINGLE CLIENT, GATEWAY MULTIPLE SERVICES

Access

Enterprise

Resources

MAG Series Junos Pulse Gateway

Junos Pulse Services supported:

• Junos Pulse Secure Access Service (SSL VPN)

• Junos Pulse Access Control

Service (UAC)

• Junos Pulse Application

Acceleration Service

Junos Pulse

PCs & Macs

Junos Pulse

Smartphones & Tablets • Junos Pulse Mobile Security Suite


ANYTIME, ANY DEVICE FROM ANYWHERE

Identify • User

• Device

• Role

Onboard • Corporate or

Personal

• On Campus

• Offsite

• From Home

Secure • 24/7 Protection

• Anywhere

• Loss & Theft

Protection

• Device Location

Manage • Device-specific

• Ensure

Adherence to

Policy

2

3

1

4


EMPLOYEES ON PERSONAL/COMPANY OWNED DEVICE HOST CHECKING & APPLICATION RESTRICTION

Dr. Rose 369

Connect Connect Scan is Clean

Corporate Network

MAG Series Gateway running

Junos Pulse Secure Access

Service (SSL VPN)

Guest Devices

Employee Owned

Corporate Owned

Junos Pulse Mobile

Security Suite

Remote onboarding & access

and the highest level of

security with automatic scan

for latest OS, viruses

signatures, jail broken Any Device

Any

Complete

Access

Time


EMPLOYEES ON CORPORATE LIABLE DEVICE ON BOARDING, HOST CHECKING AND APPLICATION RESTRICTION

Mobile User

Corporate Data Center

Apps

Data

Finance

Video

Active Directory /LDAP

Patch Remediation

MAG Series Junos Pulse Gateway

running Secure Access

Service SSL VPN

User

downloads

Junos Pulse

Client from

App Store

1

JPMSS pushes:

• VPN Profile

• WiFi Profile

• SCEP Profile

JPMSS delivers

• 24/7 security via

AV & antimalware

• MDM such as

password mgmt

2 The device initiates a tunnel to the MAG Series Junos Pulse Gateway

3

User has appropriate

access to his role

8

Secure Access Service runs a HostCheck on the device

4

Compliant? Jailbroken/

Rooted?

Secure Access

authenticates

the user against

AD

5

Valid user on

AD; device is

OK

6 User

matched to

corporate

role

7


EMPLOYEES ON CORPORATE LIABLE DEVICE APPLICATION RESTRICTION AND COORDINATED THREAT CONTROL

Mobile User

Corporate Data Center

Apps

Data

Finance

Video

Active Directory /LDAP

Patch Remediation

MAG Series Junos Pulse Gateway running both

Secure Access Service

Access Control Service

User requests

data from

application

10

Client issues an attack

of some kind

12 SRX get the User/Role/IP information. Applies AppSecure polices

11

User/device is

Quarantined or

Disconnected

16

Session is published to

IF-MAP

9

SRX IPS detects

the attack and

issues a Sensor

Event to UAC

13

UAC takes

action or

publish event

to IF-MAP

14

SA gets the

event and

takes Action

15

SRX Series


DEMO


Q & A


Don’t forget:

You can copy-

paste this slide

into other

presentations,

and move or

resize the poll.

mobility beyond byod - junipernetworksevents.net · video active directory /ldap patch remediation...

Documents