MANAGED REMOTE ACCESS FOR ENTERPRISE APPLICATIONS

A converged secure remote access solution that will support all device types and all applications

Challenge Todays enterprises are rapidly moving toward a much more mobile workforce. It is essential that employees be able to access confidential information when on the move. This put a premium on secure remote access. Solution Juniper Networks has developed a converged remote access VPN solution that leverages both network-based and client-based technologies for maximum flexibility. Benefits Custom enterprise devices that are SIM-based can easily be securely connected to the enterprise data center Standard smartphones can be securely connected to the mobile operators data center via an SSL VPN while at the same time have the option to also connect directly to the Internet

All enterprise connectivity can be managed by the operator and brought back to the enterprise data center over an MPLS (or IPsec) VPN

The smartphone revolution is sweeping through many enterprises. It started with RIM Blackberry devices in the hands of a small number of executives and has now spread to a variety of different smartphone devices in the hands of just about everyone in the company. These sma rtphones are really mobile computers that need secure access to enterprise data centers, and they must be secured against attacks that might compromise the data stored on them. Juniper offers a converged, managed VPN that will address almost every conceivable mobile business services u se case. It consists of a network-based solution that makes use of access point name (APN) technology within the mobile operators network, and a client -based solution that makes use of an SSL VPN client on the smartphone working with an SSL VPN gateway in the mobile operators data center. In both cases, enterprise traffic is brought back to the enterprise data center via an MPLS (or IPsec) VPN.

The Challenge
Network-Based Access Solutions
Network-based remote access solutions are typically used in applica tions that require a custom device that is supplied by a company for a specialized purpose. The classic example here is the mobile scanning devices used by package delivery companies. Those mobile devices onl y connect to the enterprises data center and are very well served by an APN-based solution that leverages the mobile operators infrastructure. The elements of a network-based solution include a mobile device with a SIM card, a mobile network with an enterprise GGSN (Gateway GPRS Support Node), and a corporate MPLS (or IPsec) VPN. The GGSNs that support enterprise APNs are often different from the GGSNs that support consumer APNs. One difference between these APNs relates to the need to be able to support thousands of separate APNs, as eac h enterprise or small to medium sized business (SMB) would need its own APN. Enterprise APNs are mapped to an enterprise MPLS VPN by the GGSN . This puts a premium on a robust MPLS VPN implementation. Finally, a robust APN management system is required, as there could e asily be thousands of enterprise APNs in a mobile network. In an APN-based solution, the mobile devices SIM card is programmed with an APN that is specific to that particular enterprise. The mo bile network, specifically the SGSN (Serving GPRS Support Node), uses that information to route the subscriber to the GGSN that is serving that specific enterprise. Most operators use a dedicated GGSN for this application, as the feature set required is different from what is normally requ ired for consumer traffic. The net result for the business application is secure connectivity to their data center.

Client-Based Access Solutions

Client-based remote access solutions now are almost always based on SSL VPN technology, although some legacy solutions involve IPsec VPNs. A

client-based remote access solution does require that the SSL VPN client software operate, or be accessible, across all applicable s martphone operating systems. This list is reasonably short and usually includes Apple iOS, Google Andriod, Nokia Sym bian, RIM BlackBerry, and Microsoft Windows Mobile. It is very likely that this list will shrink in the years to come as application developers and handset manuf acturers settle on a couple of industry winners. An SSL VPN enables secure connectivity over ei ther the mobile operators cellular network or a third-partys Wi-Fi network. This provides much needed flexibility as Wi-Fi becomes more broadly deployed. A well designed SSL VPN can easily adapt to changes in point of attachment, which allows a smartpho ne to seamlessly switch between mobile and WiFi radios without impacting the subscriber. One disadvantage with a client -based solution is that the enterprise (or SMB) must manage the head -end SSL VPN concentrator in its data center. This limitation is eas ily addressed by going to a managed solution where the head -end SSL VPN concentrator is located in the mobile operators data center.

Client-based solutions typically make sense in business applications that require support for a variety of different smar tphone operating systems. Some enterprises can enforce discipline when it comes to the smartphones they will support and which they will not; but for most e nterprises, it is the employees who decide via their own purchasing decisions. In many cases, smartp hones are usually purchased by the employee, but do hold company confidential information. In these applications, a client -based solution makes a great deal of sense as it gives the employee the option of connecting to the corporate intranet by initiating an SSL VPN session or to connect directly to the Internet for personal communications.

MobileNext Broadband Gateway

Juniper Networks MobileNext Broadband Gateway has been designed to address the enterprise GGSN application. It supports both the Serving a nd PDN Gateway functions for Long Term Evolution (LTE) radio deployments as well as the GGSN function for 2G/3G radio deployment s. The MobileNext Broadband Gateway is part of the Juniper Networks MobileNext solution for the mobile packet core. The MobileNext Broadband Gateway has a number of capabilities that were developed specifically to address the enterprise opportunity. The se include industry-leading APN scaling numbers, an industry-leading APN management system, best-in-class MPLS VPN support from the long time leader in MPLS technology, and real-time charging support.

Features and Benefits

Junipers mobile business services solution offers several advantages: Juniper has developed APN management capabilities based on Juniper Networks Junos Space to automate routine tasks. These tools provide a task-based workflow for rapid APN deployment using predefined custom templates. This process involves the MobileNext Broadband Gat eway, the Domain Name Server (DNS), and all other service elements, with the fin al step being an automated end-to-end service validation check. Automated provisioning is exposed via the Juniper Networks Junos Space SDK APIs, allowing the enterprise to configure and man age its own APNs via the mobile operators customer care portal The MobileNext Broadband Gateway offers a combination of best -in-class PDN Gateway/GGSN functionality, as well as a fully featured IP/MPLS edge router. This provides the basis for a strong converged VPN solution for operators looking to offer secure business services. The MobileNext Broadband Gateway supports up to 8,000 APNs, which map into 8,000 enterprise MPLS (or IPsec) VPNs. IPv4 and IPv6 addressing is supported with full scale and performance. Junipers solution for secure mobile business services enables mobile operators to create new revenue streams in areas such as secure remote access for smartphones and laptops, branch office remote access, disaster recovery, and more.

Junos Pulse
Juniper Networks Junos Pulse is an integrated, multi-service network client that delivers secure, highly scalable mobile remote access. Integrating with Junipers award-winning, market-leading SA Series SSL VPN, Junos Pulse delivers a very compelling and widely deployed SSL VPN solution that can be managed and hosted by a mobile operator. It provides simple, secure, and accelerated network access through virtually any device and for a broad array of operating systems. Junos Pulse delivers secure, mobile remote access and powerful data -in-transit protection for mobile devices notebooks, netbooks, smartphones, tablet devices, and more running most major operating systems including Microsoft Windows, Apple iOS, Google Andriod, Nokia Symbian, and Microsoft Windows Mobile. As the industrys first multi-service network client, Junos Pulse integrates several industry proven appliances and gateways into one, intelligent, comprehensive client delivering secure, accelerated connectivity and access control for: Secure, remote accessJunos Pulse provides authorized remote users with network access by interfacing to the market -leading Juniper Networks SA Series SSL VPN Appliances to deliver secure access over SSL VPN for remote users to corporate network resources and applic ations. Enterprise access controlJunos Pulse delivers network access control (NAC) across an enterprise by integrating with Juniper Networks Unified Access Control (UAC), Junipers standards-based, comprehensive network and application access control solution providing identity-based, location-aware, granular access controls, as well as robust endpoint security and integrity checks. Accelerated application accessJunos Pulse offers identity-enabled, optimized, and accelerated access, interfacing with Juniper Ne tworks WXC Series Application Acceleration Platforms to deliver vital application acceleration. By deploying the WXC Series alongside SA Series SSL VPN Appliances, enterprises can provide role-based accelerated remote access via SSL VPN to their users. Platform for third-party integrationsJunos Pulse is also a platform for the integration of select third -party, best-in-class network and endpoint

security applications, building a network access, security, and acceleration client ecosystem.

Junos Pulse delivers:

Intelligent, anytime, anywhere access which automatically enables the appropriate technologies and connectivity options witho ut requiring involvement from the end user. A consistent, simple, elegant user interface that focuses on providing only neces sary information, presenting a consistent and simplified end user experience. Simplicity by being easy to deploy and maintain, as administrators can either package and dynamically deploy a single client with all necessary access, security, and acceleration components for their notebook and netbook equipped mobile users; or, simply instruct users with mobile devices such as smartphones and tablet devices to download the free Junos Pulse application from their respective mobile oper ating system application store or marketplace.

The Juniper Networks SA Series SSL VPN Virtual Appliances delivers:

Industry-leading SSL VPN capability running on VMware software, with the ability to scale to support a virtually unlimited number of c ustomers, making it ideally suited to service providers who want to offer a managed SSL VPN end -to-end service from their data centers

Converged VPN Service from a Mobile Operator

A compelling service offering is created by merging the network -based and the client-based solutions into a converged secure business service. The mobile operator can support secure remote access for all types of enterprise devices and all types of applications. Highly sp ecialized devices that are used strictly for business applications would be supported with a SIM-based solution that directs traffic to a specific APN, and from there to a specific enterprise MPLS VPN. General purpose enterprise users that are connecting via a personal smartphone would use an SSL VPN clie nt. The head-end concentrator in the mobile operators data center would hand the SSL-based traffic off to the very same enterprise MPLS VPN that handles the APN based traffic. All enterprise traffic is brought back to the enterprise data center on the same MPLS VPN. The enterprise gets an extremely flexible managed service from the operator and the operator can easily support all types of devices and all types of applications. Junipers expertise in secure remote access through the Junos Pulse SSL VPN implementation in concert with a network appro ach via MobileNext, will position operators to address the growing demand for secure enterprise remote access. The numbers for Junos Pulse alone are a s follows: Supports over 26 million people using Juniper client software to securely access corporate data Industrys first standards-based, dynamically provisioned, multiservice client enabling connectivity, security, and acceleration Addresses 90% of all smartphones in use worldwide Provides the only converged multi-application access solution for mobile and non-mobile devices Represents the industrys most scalable SSL VPN mobile solution supporting many thousands of concurrent users

Next Steps
Please contact your Juniper Networks representative for more information on our MobileNext solution, or any of our secure access products.

About Juniper Networks

Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, J uniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net.