Mist Access Assurance Overview: Juniper Mist Access Assurance is a network admission control and access management platform built from the ground up eliminating the need of the typical NAC infrastructure components. This quick start guide will guide users through the steps from enabling Access Assurance to simple troubleshooting. Prerequisites: Mist AP (running firmware 0.6.x or...
- Getting Started
- Getting Started
- Design Guides and Best Practices
- Wi-Fi Design
- Mist Edge
- Wi-Fi Basics and Design Best Practices
- WiFi Design Guides
- Wi-Fi Assurance
- Wi-Fi Troubleshooting
- Wired Switching
- WAN Edge
- Mist Access Assurance
- Location Based Services
- Premium Analytics
- Security and Cloud Administration
- Product Updates
- Security Alerts
What is NAC and how did we get here? A quick overview of how NAC evolved into what the landscape is today
How do we currently scale NAC in production???
– And now let’s add scale into perspective. Let’s take a look at a typical NAC deployment in a production environment. When you’re looking at any type of scale, obviously one box will not be enough just from a redundancy perspective. But more so from a scaling perspective because you’ll need to distribute the load,...
What do we want from a NAC solution today, if we would do it from a clean sheet of paper? First of all, the architecture has to be microservices based. Ideally, it should be a cloud NAC offering. It should be managed by the vendor. It should be highly available. Feature upgrades should just...
Architecture. So what we’ve done is actually we’ve separated the authentication service from the Mist cloud that you all know. We now have authentication service as its own separate cloud, actually spread out around the globe in different pods or points of presence, so we’ll talk about that a little bit later on.
Design of the Mist Access Assurance service. What we’ve done is we’ve placed various access assurance clouds that will do the authentication in various regions around the globe, such that you have a part in the West Coast, in the East Coast, in Europe and Asia/Pac, et cetera, et cetera.
Passwords vs Certificates – TL;DR Understand your use-cases. Select the right authentication method (802.1X or MPSK) that has the right balance between security vs client and user capabilities. Certificates are always recommended especially as a long-term solution, current onboarding mechanisms provide good way to control cert provisioning at scale for all your client population. Use...