2. Business Session 11:00am – 12:30pm
A GENDA Activity Based Working
Unified Communications
Demo
Windows 8 Devices
Cloud Services
Office 365
IaaS
Technical Session 1:00pm – 2:30pm
BYOD
Network infrastructure
Wireless
Secure Remote Access
Policy and Control
3. H OW, W HEN , AND W HERE WE
W ORK
• Work Life Balance has become Work Life Integration
• Work from home
• Mobile work force
• Collaborative environments and technologies
6. A CTIVITY B ASED Macquarie Group - Sydney
W ORKING
7. A CTIVITY B ASED
W ORKING
CBA – Darling Harbour
8. A CTIVITY B ASED
W ORKING
“Everyone uses a laptop, and the
space has no fixed phones at all,
with Microsoft’s Enterprise Voice
solution providing converged
telephony and messaging that is
delivered to a person, not a desk.”
9. A CTIVITY B ASED “Activity Based Working is about
W ORKING
People, Place, and Technology”
Technology Enablers
Unified Communications & Collaboration
Client devices
Wireless
Internet & WAN services
Secure remote access
Cloud Services
Location Services
11. A CTIVITY B ASED The Benefits
W ORKING
Customer Satisfaction and
Responsiveness
Mobility and flexibility
Sustainability and carbon reduction
Competitive advantage
Disaster recovery
Staff retention
Cost Savings in real estate and staff churn
12. Future of Communications
Communications Today
Instant Video Web E-mail and Audio
Messaging (IM) Voice Mail Conferencing Telephony Conferencing Calendaring Conferencing
Telephony Instant
Unified Messaging
and
Voice Mail E-mail and Conferencing:
Calendaring Audio, Video,
Web
Authentication Authentication
Authentication Authentication
Administration Administration
Administration Administration
Storage Storage
Storage Storage
Authentication Authentication
Authentication
Authentication
Administration Administration
Administration
Storage Administration
Storage
Storage
Storage
Compliance
On-Premises Hybrid In the Cloud
13. M ICROSOFT U NIFIED
C OMMUNICATIONS
Messaging Voicemail Telephony IM & Presence Collaboration
Achieve higher Consolidate email VoIP solution that Contact based on Switch seamlessly
reliability and and voicemail onto allows users to presence via phone, between audio,
performance and one inbox. communicate via PC, video or application. video and web
enhance your desk phone or conferencing.
communications at mobile.
lower cost.
On-Premise Solution
Cloud Solution
19. H OW CAN A CTIVITY B ASED W ORKING
CONCEPTS DRIVE POSITIVE CHANGE
FOR YOUR BUSINESS ?
20. Free Business Productivity Analysis
S PECIAL O FFER
Generation-e’s MBA qualified business expert will
spend one day onsite with you, helping you
understand your IT infrastructure capabilities and
building a roadmap with an actionable plan for
embracing the technologies we’ve spoken about
today to evolve your business and build your
competitive advantage.
Normally valued at $3,000 – Free for attendees
Don’t Forget:
You will be emailed a feedback
survey after this event. Please
complete it to be registered to win
a Microsoft Surface.
61. Free Business Productivity Analysis
S PECIAL O FFER
Generation-e’s MBA qualified business expert will
spend one day onsite with you, helping you
understand your IT infrastructure capabilities and
building a roadmap with an actionable plan for
embracing the technologies we’ve spoken about
today to evolve your business and build your
competitive advantage.
Normally valued at $3,000 – Free for attendees
Don’t Forget:
You will be emailed a feedback
survey after this event. Please
complete it to be registered to win
a Microsoft Surface.
Editor's Notes
Each System has a different directory and different identity – Single identity is the key to ease of useProvisioned separatelyDifferent administrators and skills requiredHigh Costs
Microsoft has been in the UC space for 11 yearsVoice capabilities added in 2007
The legacy UC environment (from competition) are based on controls and are purpose built for Telephony deploymentsand are showing several scalability and other limitations in handling bandwidth hungry video conferencing and communication-enabled applications from Oracle, SAP, PeopleSoft that requires more than 10 times the bandwidth of their LAN-based versions. This poses a serious implications on the network; hence requiring high-performance, reliability, and availability demands from the network. Plus in the distributed enterprise model, many of the OTT UC applications such SKYPE, Facebook, WebEX can be sources from multiple places in the cloud..creating a new challenge for IT to provide a consistent QoE for all managed, cloud or OTT UC&C applications.Other trend in the industry is employees bringing their own devices into the workplace. Even though this provides them flexibility and improves their productivity …it creates a new set of scalability, security and management challenges for IT departments that includes bandwidth pressures, insider security issues, demand for high-resiliency and wired-like experience on wireless infrastructure…thus creating a unique opportunity for juniper with it’s simplified and UC optimized simply connected architecture for branch and campus deployments.
Now let’s look at the Juniper framework for the UC&C solution…this shows a good representation of how we separate UC infra & application layer from the network infrastructure layer. Here we have UC&C apps on the top with all key hardware vendors. Juniper provides the networking infrastructure pillars that is high performance, resilient and open. Our juniper simply connected branch and campus designs are optimized for latency and jitter that are key requirement for the real-time media traffic. Plus, juniper offers several resilient and scalable pay-as-you-grow features such as VC, virtual WLC cluster in wireless, redundant devices & links capabilities, load balancing ,etc…that are required to keep pace with fast changing UC application developments
That’s what it means to be Simply Connected.1) Simple for users2) Simple for IT 3) Providing superb QoE at high level of economics. 4) How do we do that? 5) We are offering a portfolio of products working together, solving the problems we discussed. We will talk today about integrated security, always on resiliency, high performance, simplified architecture and automation, all means for delivering on the promise.Transition: I’m not here to tell you to take my word for it, so let’s take a look at how it actually works.
Like we mentioned earlier, Juniper’s new UC strategy for Unified Communication and collaboration, is to provide resilient, secure, always available and UC optimized end to end IP-based services for both wired and wireless access. Here is the reference architecture that provides a complete overview of what we have to offer over layed with the UC components. You have a Campus HQ, three branch locations of various types and a data centerThis simplified architecture reduces the number of managed devices while providing VC enabled 10GE aggregation for wiring closets in the campus. The call server and messaging servers sits in the DC and are connected to the VoIP end points in the branch and campus domains via internet VPN and/or MPLS WAN along with WAN redundancy options for WAN survivability for both voice and data traffic. Wireless deployment in the branch and campus domains are built with high resiliency. WLC cluster capability enables medium and small branches use HQ WLC for redundancy in case of local WLC failure.Similarly, EX VC and SRX clustering offers LAN resiliency and easier to manager architecture design.
The UCIF is a nonprofit vendor alliance that was created in April 2010 to enable interoperability of UC scenarios based on existing standards. It is not another standards body and the ultimate goal is to improve interoperability and protect the investments of customers. The alliance is a platform agnostic alliance. The main mission of UCIF is to define test plans, advance testing protocols, and facilitate verification testing for member’s UC solutions and scenarios, interfacing with other standards groups, and liaising with regulatory bodies that are involved in UC. The forum is open to anyone who wants to join and further the goal. Microsoft is one of the founding members along with HP, Juniper Networks, Logitech, and Polycom. Unique to the UCIF, a certification mark will be developed for use by member vendors, as a signal to customers that a scenario or solution meets the UCIF interoperability requirements.
Key differentiated technologies for Juniper WLAN1. Clustering – 32 controllers and 4096 AP’s can be managed as 1 IP address. ADVANTAGE – management simplicity2. Auto-distribution of AP’s – AP’s are assigned to controllers without network manager intervention. ADVANTAGE – management simplicityTransition: Let’s have a quick look at the product family that delivers this architecture.Components of a Wireless LAN-the WL solution is a controller-led architecture, no standalone AP-solution consists of indoor/outdoor AP, controllers and managementAccess Point1) Access PointConnection point for wireless clients to get on networkSingle/Dual RadioHouses transceivers (radio component)Converts 802.11 to Ethernet trafficACL and QoS enforcementPowered by PoE2) WLAN ControllerKeeps network configurationMobility Domain mgmtAggregation point for WLAN traffic from AP’sSwitches traffic between wireless clients and wired networkAP management (Images, client load)Seamless roamingRF Mgmt (Channel and Power Tuning)Security (WIDS/WIPS, ID based networking) 3) WLAN ManagementNetwork & RF planning and configurationWLAN Network MonitoringAlerts/EventsNetwork MapTroubleshootingCustomized Reports
There are three main reasons why Virtual Chassis is a tremendous network simplification tool:This technology allows to aggregate multiple switches (up to 10) into one single logical device.Switches that are virtualized together can now be managed as one single elements, simplifying the number of switches to manage by a factor of up to 10.Once switches are virtualized together using Virtual Chassis, the network is more resilient with no single point of failure in the Virtual Chassis.
Let’s now look at two examples of how packet switching works on a virtual chassis.Consider this 10 member mixed virtual chassis with two EX4500s and eight EX4200s.The links in orange are the high speed 64Gbps Virtual Chassis Interconnects that we call as VCP LinksFirst, Local Switching – is used when the traffic needs to be forwarded across destinations reachable via the same member VC switch port. It doesn’t need to traverse across the RE. And A to B in this case.And Secondly, Inter-module switching – if the traffic needs to flow between two destinations that are connected across two different member Virtual Chassis member switches. The traffic flows across the VCP link between the VC Member switches. With 128 Gbps backplane capacity on each member switch, we are able to achieve forwarding with No HOLB. C to D in this case.
VCCPd configures each VC ringed port with a backup ring port which is facing opposite direction, so there is a known failover path for each switch. Under normal condition, the traffic flow from AP1 to Internet is load balanced via SW3-SW4-SW5 and SW3-SW4-SW5-SW0. In the event of ring port failure(SW4 HW failure) all the packets queued in for failed port is internally looped back and unconditionally forwarded to backup ring port with <Packet is Looped> DSA tag field set. When EX-SW4 loses Power unexpectedly due to HW FailureEX-SW3 detects VC port to EX-SW4 is downEX-SW3 fails over traffic from EX-SW2 back to EX-SW2 but with a special tag saying “that optimal path is broken, engage backup path”EX-SW2 engages its backup path and sends all traffic via EX-SW1.
Client Load Balancing1) AP’s maintain awareness of "rf neighborhood" based on neighboring APs and client location, AP determines a target load the system uses various techniques to "coax" clients to less loaded AP’s. If devices are persistent the system will allow them on. [CLICK] The Juniper WLAN system uses various patented techniques to “coax” clients on to more lightly loaded APs, and therefore distribute the load more evenly. [CLICK] 2) In addition, if an AP detects a client on both 2.4Ghz and 5Ghz bands, the same techniques are used to "coax" a client to less loaded band. This gives these users a better QoE as the 5GHz band has more bandwidth and less overlapping channels causing interference. It also means that the devices left on the 2.4GHz band are also getting a better experience as there are less clients to share the available bandwidth.Transition: In summary then… The purpose of bandwidth control is to allow the setting of bandwidth limits to ensure reliable accessThere are three methods for controlling bandwidth:Maximum bandwidth per SSIDConfigured limit is full duplex in units of KbpsMaximum bandwidth per UserFull-duplex rate limit for aggregate of all packets through a clientWeighted fair queuing per Radio ProfileService-profiles compete for transmit opportunities based on the configured weightsBandwidth limits are defined in a QoS profileA VSA allows QoS profiles to be dynamically assigned
In order for A.J. to get access to the corporate network, he will have to have both sessions authenticated via the wireless network. Let’s take a look at the functional blocks involved. 1) Both his phone and iPad authenticate to the AP using 802.1x. 2) The AP then passes this information about A.J. to the wireless LAN controller. 3) The WLC, acting as the RADIUS Client, sends the request to the UAC/MAG for Radius authentication. 4) The UAC will then pass on this information to a LDAP or Active Directory server for user validation and authentication. Assuming a valid user is found, the authorisation information is passed back to the WLC and based on the user role, VLANs, access list, QoS profiles, etc. will be assigned.5) The WLC notes the new policy and sends appropriate user role based information back to the AP. 6) The AP sets the policies determined for A.J. 7) The end device can now initiate a DHCP request to obtain an IP address.Step one is complete. A.J. is authenticated for access on the company network.Transition: Now that AJ is connected to the wireless network, what happens next?
[CLICK]1) So the device is connected to the network. A DHCP request will be made in order to obtain an IP address.2) The DHCP server assigns an address to the device and then utilising the IF-MAP standard, shares this information with the UAC. This is a unique feature of the Juniper Networks solution which now allows the UAC to have full visibility of the user and match that to the username. 3) The UAC can now provision dynamic user role based policies on the Juniper SRX firewall and EX Switches.4) These policies will define what resources on the network the user will have access to. In this case, access is permitted to the internet and all corporate servers, except the Finance server.5) In addition, the AppSecure implementation on the Juniper SRX provides application based firewall capability to limit access to specific applications on the network, whether they are hosted in the corporate data centre or Over The Top services on the Internet. In this case, access has been blocked to Netflix and Hulu.6) All logging, including AppSecure data, is sent to the Juniper Networks Security Threat Response Manager (STRM) for correlation and reporting capabilities. The STRM can also take SNMP traps and syslog from other devices in the network.Key points – Juniper provides a complete set of wireless, Ethernet and security products to easily manage multiple devices per user. The same access policy is applied irrespective of the number of devices and it is specific to A.J.Transition: This completes the first use case scenario in AJ’s day. Before we move on, I just want to provide you with a bit more information about what AppSecure is as well as STRM.
1) AJ needs access to the corporate network and all he has is his iPad. Of course.2) AJ fires up the Junos Pulse application on his iPad and initiates a connection to the corporate network using the public WiFi at the cafe. The session terminates on the MAG/SSL VPN gateway.3) The MAG will authenticate AJ against the AD server in the same way as he is authenticated when he connects via the corporate WiFi or switched network. Upon successful authentication, a secure tunnel is established between the MAG and AJ’s iPad.4) At the same time, the MAG will push dynamic policy to the EX switches and SRX firewalls that prevent him from accessing resources that he is not allowed to. Sound familiar??5) The policies are enforced by the SRX allowing AJ access to everything except the finance server.6) As always, AppSecure on the SRX device is implementing application based policies to prevent AJ from using prohibited applications [CLICK] and all activity is tracked and logged on the STRM.AJ can now perform the tasks that he needed to do prior to his 1pm meeting.Transition: In summary…
