Académique Documents
Professionnel Documents
Culture Documents
A converged secure remote access solution that will support all device types and all applications
Challenge Todays enterprises are rapidly moving toward a much more mobile workforce. It is essential that employees be able to access confidential information when on the move. This put a premium on secure remote access. Solution Juniper Networks has developed a converged remote access VPN solution that leverages both network-based and client-based technologies for maximum flexibility. Benefits Custom enterprise devices that are SIM-based can easily be securely connected to the enterprise data center Standard smartphones can be securely connected to the mobile operators data center via an SSL VPN while at the same time have the option to also connect directly to the Internet
All enterprise connectivity can be managed by the operator and brought back to the enterprise data center over an MPLS (or IPsec) VPN
The smartphone revolution is sweeping through many enterprises. It started with RIM Blackberry devices in the hands of a small number of executives and has now spread to a variety of different smartphone devices in the hands of just about everyone in the company. These sma rtphones are really mobile computers that need secure access to enterprise data centers, and they must be secured against attacks that might compromise the data stored on them. Juniper offers a converged, managed VPN that will address almost every conceivable mobile business services u se case. It consists of a network-based solution that makes use of access point name (APN) technology within the mobile operators network, and a client -based solution that makes use of an SSL VPN client on the smartphone working with an SSL VPN gateway in the mobile operators data center. In both cases, enterprise traffic is brought back to the enterprise data center via an MPLS (or IPsec) VPN.
The Challenge
Network-Based Access Solutions
Network-based remote access solutions are typically used in applica tions that require a custom device that is supplied by a company for a specialized purpose. The classic example here is the mobile scanning devices used by package delivery companies. Those mobile devices onl y connect to the enterprises data center and are very well served by an APN-based solution that leverages the mobile operators infrastructure. The elements of a network-based solution include a mobile device with a SIM card, a mobile network with an enterprise GGSN (Gateway GPRS Support Node), and a corporate MPLS (or IPsec) VPN. The GGSNs that support enterprise APNs are often different from the GGSNs that support consumer APNs. One difference between these APNs relates to the need to be able to support thousands of separate APNs, as eac h enterprise or small to medium sized business (SMB) would need its own APN. Enterprise APNs are mapped to an enterprise MPLS VPN by the GGSN . This puts a premium on a robust MPLS VPN implementation. Finally, a robust APN management system is required, as there could e asily be thousands of enterprise APNs in a mobile network. In an APN-based solution, the mobile devices SIM card is programmed with an APN that is specific to that particular enterprise. The mo bile network, specifically the SGSN (Serving GPRS Support Node), uses that information to route the subscriber to the GGSN that is serving that specific enterprise. Most operators use a dedicated GGSN for this application, as the feature set required is different from what is normally requ ired for consumer traffic. The net result for the business application is secure connectivity to their data center.
client-based remote access solution does require that the SSL VPN client software operate, or be accessible, across all applicable s martphone operating systems. This list is reasonably short and usually includes Apple iOS, Google Andriod, Nokia Sym bian, RIM BlackBerry, and Microsoft Windows Mobile. It is very likely that this list will shrink in the years to come as application developers and handset manuf acturers settle on a couple of industry winners. An SSL VPN enables secure connectivity over ei ther the mobile operators cellular network or a third-partys Wi-Fi network. This provides much needed flexibility as Wi-Fi becomes more broadly deployed. A well designed SSL VPN can easily adapt to changes in point of attachment, which allows a smartpho ne to seamlessly switch between mobile and WiFi radios without impacting the subscriber. One disadvantage with a client -based solution is that the enterprise (or SMB) must manage the head -end SSL VPN concentrator in its data center. This limitation is eas ily addressed by going to a managed solution where the head -end SSL VPN concentrator is located in the mobile operators data center.
Client-based solutions typically make sense in business applications that require support for a variety of different smar tphone operating systems. Some enterprises can enforce discipline when it comes to the smartphones they will support and which they will not; but for most e nterprises, it is the employees who decide via their own purchasing decisions. In many cases, smartp hones are usually purchased by the employee, but do hold company confidential information. In these applications, a client -based solution makes a great deal of sense as it gives the employee the option of connecting to the corporate intranet by initiating an SSL VPN session or to connect directly to the Internet for personal communications.
Junos Pulse
Juniper Networks Junos Pulse is an integrated, multi-service network client that delivers secure, highly scalable mobile remote access. Integrating with Junipers award-winning, market-leading SA Series SSL VPN, Junos Pulse delivers a very compelling and widely deployed SSL VPN solution that can be managed and hosted by a mobile operator. It provides simple, secure, and accelerated network access through virtually any device and for a broad array of operating systems. Junos Pulse delivers secure, mobile remote access and powerful data -in-transit protection for mobile devices notebooks, netbooks, smartphones, tablet devices, and more running most major operating systems including Microsoft Windows, Apple iOS, Google Andriod, Nokia Symbian, and Microsoft Windows Mobile. As the industrys first multi-service network client, Junos Pulse integrates several industry proven appliances and gateways into one, intelligent, comprehensive client delivering secure, accelerated connectivity and access control for: Secure, remote accessJunos Pulse provides authorized remote users with network access by interfacing to the market -leading Juniper Networks SA Series SSL VPN Appliances to deliver secure access over SSL VPN for remote users to corporate network resources and applic ations. Enterprise access controlJunos Pulse delivers network access control (NAC) across an enterprise by integrating with Juniper Networks Unified Access Control (UAC), Junipers standards-based, comprehensive network and application access control solution providing identity-based, location-aware, granular access controls, as well as robust endpoint security and integrity checks. Accelerated application accessJunos Pulse offers identity-enabled, optimized, and accelerated access, interfacing with Juniper Ne tworks WXC Series Application Acceleration Platforms to deliver vital application acceleration. By deploying the WXC Series alongside SA Series SSL VPN Appliances, enterprises can provide role-based accelerated remote access via SSL VPN to their users. Platform for third-party integrationsJunos Pulse is also a platform for the integration of select third -party, best-in-class network and endpoint
security applications, building a network access, security, and acceleration client ecosystem.
Next Steps
Please contact your Juniper Networks representative for more information on our MobileNext solution, or any of our secure access products.