Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation
keyboard_arrow_up
close
keyboard_arrow_left
Juniper Mist Access Assurance Guide
Table of Contents Expand all
list Table of Contents

Juniper Mist NAC Architecture

date_range 14-Mar-25

Watch videos to get familiar with the architecture behind Juniper Mist Access Assurance. Learn more about microservices and how they Juniper Mist leverages them to provide high availability and scalability.

Juniper Mist Access Assurance leverages a microservices architecture. This architecture prioritizes uptime, redundancy, and automatic scaling, enabling an optimized network connection across wired, wireless, and wide area networks.

Watch the following video for Mist Access Assurance architecture:

Video 1: Mist Access Assurance Architecture 1
Show Transcript

Juniper Mist Access Assurance enhances its authentication service by incorporating external directory services such as Google Workspace, Microsoft Entra ID, Okta Identity and mobile device management (MDM) providers, such as Jamf and Microsoft Intune. This integration helps in accurately identifying users and devices, and enhances security measures by granting network access to only verified, trusted identities.

Figure 1 shows the framework of Mist Access Assurance network access control (NAC).

Figure 1: Juniper Mist Access Assurance Architecture Juniper Mist Access Assurance Architecture

The Juniper Mist authentication service, decoupled from the Juniper Mist cloud, acts as a standalone cloud service. The authentication and authorization service is distributed globally across various points of presence for enhanced performance and reliability.

This Juniper Mist authentication service uses a microservices approach. That is, a dedicated group or pool of microservices manages the functions of each of the service components, such as policy enforcement or user device authentication. Similarly, individual microservices manage each of the additional tasks, such as session management, endpoint database maintenance, and connectivity to the Juniper Mist cloud.

Devices managed by the Juniper Mist cloud, such as Juniper® Series of High-Performance Access Points or Juniper Networks® EX Series Switches, send authentication requests to the Juniper Mist Authentication Service. These requests are automatically encrypted using RADIUS over TLS (RadSec) and sent through a secure Transport Layer Security (TLS) tunnel to the Authentication Service.

The Mist Authentication Service processes these requests and then connects to external directory services (Google Workspace, Microsoft Azure AD, Okta Identity, and others) and PKI and MDM providers (Jamf, Microsoft Intune, and others). The purpose of this connection is to further authenticate and provide context about the devices and users trying to connect the network.

In addition to the authentication tasks, the Juniper Mist Authentication Service relays back key metadata, session information, and analytics to the Juniper Mist cloud. This data sharing offers users end-to-end visibility and centralized management.

We use a Juniper Mist Edge platform as an authentication proxy to integrate a third-party network infrastructure with Juniper Mist Access Assurance. The third-party infrastructure interacts with the Juniper Mist Edge platform through RADIUS. The Juniper Mist Edge platform, in turn, uses RadSec to secure the communication and then proceeds with authentication.

This cloud-native microservices architecture enhances authentication and authorization services and supports regular feature updates and necessary security patches with minimal network downtime.

Watch the following video for Mist Access Assurance high-availability architecture:

Video 2: Mist Access Assurance Architecture 2
Show Transcript

Watch the following video for Mist Access Assurance workflow:

Video 3: Introduction to Mist Access Assurance
Show Transcript

Watch the following video for information about scaling Mist Access Assurance architecture:

Video 4: Scaling NAC in Production
Show Transcript

Watch the following video for an overview of micro-services based architecture:

Video 5: What Should NAC Look Like
Show Transcript
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
keyboard_arrow_right
footer-navigation
keyboard_arrow_down
file_download
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
language