Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Juniper Mist Access Assurance Overview

Juniper Mist Access Assurance is an advanced, cloud-based network access control (NAC) service that secures your wireless and wired network by providing identity-based network access to devices and users. With this service, you can control who and what can access your network. You can set up simple rules to allow or deny access to different types of devices, such as guests, corporate devices, and devices generating IoT and BYOD traffic. The service checks the user and device identities before letting them connect to the network. The service uses 802.1X authentication for 802.1-enabled devices and MAC Authentication Bypass (MAB) verification for non-802.1X devices.

Watch the following video for a quick overview on how NAC has changed over time and what it looks like today:

various network access control solutions. We'll look at the evolution of the NAC use cases as they emerged over the past 20 or so years. We'll also look at the evolution of various NAC products. In particular, we'll look at the Cisco ISE engine. We'll also look at the Aruba ClearPass.

If we look at the 2000s, back then we really only had corporate access use cases where we actually connected workstations to our networks. They were primarily wired. Very few of them were wireless. Back in the day, Cisco ACS was number one AAA server or RADIUS server on the planet, and it actually started from a case where it was actually an authentication platform for dial-up modem users back in the day.

Later on, in 2007, Apple introduces an iPhone.

This is where we see guest access use case emerging. And followed by that, we see Cisco introduces new platforms or new applications that are standalone servers for a NAC profiler in that guest in response to that guest access use case appearance. In the same time, we see Amigopod emerge as the new company that tries to address that same guest use case.

Well, what we then see is, in 2010, Apple introduces Apple iPad, and with that, we see an emerge of BYOD use case. Now, employees started to bring their iPhones and iPads and other tablets and phones to their enterprise, and they wanted to get access to the network. At that time, Aruba came in, and Aruba actually acquired Amigopod, and Aruba also acquired Avenda, a company that was doing profiling just to address that guest and the BYOD use case as well.

So at that point, Cisco came into the picture and says, OK, we are actually introducing a new product called Cisco ISE, or identity service engine. And what is a Cisco ISE? Cisco ISE is actually a combination of Cisco ACS profiler and guest. So we are combining the three standalone servers into one server.

2011 and 2012, we see ClearPass emerging.

What is a ClearPass? ClearPass is a combination of Amigopod, Avenda, and a new .1x authentication server that was part of the ClearPass-- again, same picture.

What we see after that-- after that, we see a new trend, which is an introduction of the cloud-based identity-as-a-service products, namely Microsoft Azure and Okta Identity Services.

At that time, it's just a trend. It's still a slow adoption, but that's when it all started. In 2015, we see yet another trend. That's IoT.

So we have now four use cases. We have CORP, Guest, BYOD, and IoT, with IoT growing exponentially over the past couple of years.

What we see since then?

Well, we actually see Cisco updating ISE to version 2.0, 3.0. ClearPass gets a lot of upgrades. But fundamentally, the architecture has never changed since the early 2011 and 2012.

Watch the following video to understand how Juniper Mist Access Assurance delivers NAC based on modern cloud services built with Mist AI:

Legacy NAC solutions are brittle and obsolete. They place a burden on a customer to deploy and manage on-premise hardware, manually scale, design for high availability, and manage software upgrades and security patches, leaving network administrators scared to make changes. IT wants a cloud solution with visibility to the end-to-end user experience across the network based on identity and policy at scale.

Now for the first time, Juniper Mist Access Assurance natively integrates network operations under one cloud. Access Assurance gives you access management, policy creation and enforcement across the network in a familiar interface. How easy is integrated cloud network access management? Configure authentication policy rules.

Enable the Mist Access Assurance service with just a single click. It is that simple. See how easy it is to identify access issues.

Built on Mist AI, Access Assurance validates the end-to-end client connectivity experience across the entire network. AI-powered automation simplifies operations and delivers a better user experience. Like the rest of the AI-driven enterprise portfolio, Access Assurance uses Juniper's proven cloud microservices architecture, no hardware required.

So you become operational right now. Our smart connectors allow you to get additional context from external identity sources, MDM providers or XDR solutions. And our geo-aware authentication service reduces latency and boosts availability.

And Marvis, our AI-driven virtual network assistant consumes data from both the network and the authentication service to provide unprecedented contextual insights to detect and resolve problems before anyone notices. Now, network administrators have a near effortless way to manage the network and access control, natively integrated into the Mist cloud. Unlock the most powerful AI-driven Access Assurance service available today.

Juniper Mist Access Assurance, driven by Mist AI.

Features

  • Microservices architecture that ensures high availability and scalability to support large deployments at a global level.
  • Geo-affinity for automatic connections to access points and switches to the nearest authentication service port
  • X.509 certificate management that maintains network trustworthiness with efficient digital certificate handling
  • 802.1X and non-802.1X authentication to ensure versatile network security
  • Network policy and microsegmentation facilitate targeted traffic control and threat containment.
  • Integration with external directory services such as Google Workspace, Microsoft Entra ID (previously known as Microsoft Azure Active Directory), and Okta Identity
  • Third-party support for compatibility with non-Juniper network infrastructure
  • Marvis Virtual Network Assistant for AI-powered network insights, diagnostics, and troubleshooting

Benefits

  • User experience visibility—Visibility to user experience—Manage network operations—for example, monitor end-to-end user connections and troubleshoot network issues—from a single dashboard.
  • Single pane of glass for management and operations—Efficiently perform your day-to-day access assurance tasks on the Juniper Mist portal, which provides full-stack management capability in one dashboard for end-to-end visibility to operations.
  • Seemless onboarding—Easily onboard wired and wireless devices by using 802.1X or MAB validation methods.
  • Simplified management—With our geographically distributed cloud authentication service, you can remove dependency on standalone authentication, authorization, and accounting (AAA) servers. This service automates updates to latest software patches without service downtime.
  • Unified policy—Easily create authentication policies for both wired and wireless clients, replacing traditional complex AAA configurations.

Related Documentation