Education Use Case
Juniper, driven by Mist AI is the perfect fit for educational establishments that wish to get the very best out of their networks. With the modern day demands of IoT devices saturating wireless networks, organisations and establishments need a network that is resilient, responsive and intuitive. This is where the combined portfolio of Juniper Networks and Mist Systems will bring AI to IT, delivering on the promise of software defined enterprise. With the solution delivering unsurpassed end-to-end user and IT experiences.
Educational establishments face an increasing influx of IoT devices with more and more digital devices being added to an individual’s portfolio; mobile phones, tablets, laptops, smart watches and so on. This is on top of the digital demand that an educational premises requires on a day to day basis, coupled with the intrinsic security required for the vast amounts of sensitive data.
Mist AI is the first in the industry to use AI to simplify Wi-Fi operations and troubleshooting through automation and insight. Unique capabilities of the Mist AI platform include high density performance, visibility into the user experience, single-click root cause identification, dynamic packet capture (dPCAP), and simplified policy enforcement. All essential capabilities that enable maximum uptime by identifying problematic occurrences in real time.
- Reliable network for student testing and learning
- Faster troubleshooting with AI
- Eliminate density problems to allow BYOD
In this particular scenario, the school teaches students between the age of 3 to 18 years of age. They require a modern Wi-Fi solution that can satisfy the following requirements:
- Cope with the modern day network demands such as BYOD & high density environments
- Be easily manageable due to being located on a campus site
- Provide Active Directory capabilities
- Provide VPN capabilities
- Web filtering capabilities for student safeguarding
With the aforementioned information at hand, Juniper, driven by Mist AI’s offering already satisfies and surpasses those initial requirements.
The next step was to outline and understand more about the physical environment that the networking infrastructure was to reside in.
Exisiting Physical Environment
The site that the equipment will be residing in is a 16th century building, which brings with it numerous challenges. The main challenge being that the period building has thick walls, which affects AP (access point) coverage. Because of this, the decision was taken to increase the existing number to 100 AP’s with Wi-Fi 6 (802.11ax) capabilities. This was due to the sharp increase of IoT devices in the last decade an individual possesses, which Wi-Fi 6 is more than competent with managing the new normal.
Additionally, the school consists of 3 campuses with a varying layout. The challenges this can bring, is locating hardware if needing to gain access to it and if there are problems that arise during operational hours, it can cause disruption physically locating and troubleshooting. With the aforementioned factors in mind, the client was interested in a solution that provides a unified portal to orchestrate as much of their IT estate from. This is where Mist AI provides a perfect solution.
Mist AI provides the ability to upload floor plans of the clients premises. These floor plans can then be annotated with the location of the AP’s, thus providing the user with easy and instant access for trouble shooting. In addition, the AP’s contain patented dynamic vBLE (Virtual Bluetooth Low Energy) 16 antenna array, which provide location-based experiences that are engaging, accurate, real-time and scalable. A useful additional capability to provide the client with even more insight when needing to troubleshoot any issues remotely. Also, with the use of third-party tools, these floor plans can show Wi-Fi coverage, ensuring the user has the AP’s best place for maximised coverage.
As for remote orchestration, for the Juniper firewalls, Juniper Sky Enterprise can be utilised. Juniper Sky Enterprise makes cloud network management simple and quick for IT teams of all sizes and experience levels deploying Juniper switching and security devices. For the AP and switching estate, the Mist AI platform can be used.
The integrated user firewall fulfils the requirement for simplicity. It retrieves user-to-IP address mappings from the Windows Active Directory for the firewall policies usage as match criteria. This feature consists of the SRX Series device polling the event log of the Active Directory controller to determine, by username and source IP address, who has logged in to the device. Then the username and group information are queried from the LDAP service in the Active Directory controller. Once the device has the IP address, username, and group relationship information, it generates authentication entries. With the authentication entries, the device user firewall module enforces user-based and group-based policy control over traffic.
Juniper SRX devices provide both the ability for client VPNs to connect securely across a public WAN such as the Internet for remote working needs, but also site-to-site VPNs to link two or more LANs together. This satisfied the requirements for the school to provide staff with the ability to remote work and connect their 3 campuses up with site-to-site VPNs. This solution enables the school to operate as one logical LAN network, providing accessibility to systems that reside on other campuses. Please see here for more information on IPsec VPN.
Junipers SRX series firewalls have Enhanced Web Filtering (EWF) capabilities which can be enabled via additional licensing, which can be found here. Enhanced Web Filtering with Websense is an integrated URL filtering solution. When you enable the solution on the device, it intercepts the HTTP and the HTTPS requests and sends the HTTP URL or the HTTPS source IP to the Websense ThreatSeeker Cloud (TSC). The TSC categorises the URL into one of the 95 or more categories that are predefined and also provides site reputation information. The TSC further returns the URL category and the site reputation information to the device. The device determines if it can permit or block the request based on the information provided by the TSC. As there are an approximate of 1000 users, the suggested Juniper SRX Firewalls are the SRX380 or the SRX1500 as these devices have 10G capability, but have different offerings on their throughput requirements which the client can decide upon.
Student safety and wellbeing are an absolute top priority. One requirement is for the school to be able to monitor HTTPS content to ensure students are not accessing unauthorised websites and if they are, staff have the ability to interject as soon as possible and provide support where needed. SSL proxy is supported on SRX Series devices and provides the following benefits;
- Decrypts SSL traffic to obtain granular application information and enable you to apply advanced security services protection and detect threats.
- Enforces the use of strong protocols and ciphers by the client and the server.
- Provides visibility and protection against threats embedded in SSL encrypted traffic.
- Controls what needs to be decrypted by using Selective SSL Proxy.
Juniper, powered by Mist AI is the perfect solution for educational premises. It provides modern day solutions to modern day IT problems, alleviating the pressure from IT teams.
With centralised management, scalability, granular security settings, intuitive AI, patented vBLE and so much more, Mist AI’s offering is more than a network providing access to the internet, it proactively supports network engineers and delivers unsurpassed end to end user and IT experience.