Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Mist Edge Overview

The Juniper Mist™ Edge solution uses the Juniper Mist™ cloud and its distributed software architecture for scalable and resilient operations, management, troubleshooting, and analytics. The Juniper Mist Edge solution extends select microservices to the customer premises while using the Juniper Mist cloud and its distributed software architecture. The Juniper Mist Edge appliance allows you split management between the cloud and your on-premises network. You can deploy a Juniper Mist Edge appliance as a standalone appliance. The appliance has multiple variants for deployments of different sizes.

Juniper Mist leverages Juniper Mist Edge appliance when an organization needs to retain a centralized datapath architecture for campus or branch deployments. The Juniper Mist Edge appliance provides a centralized datapath for user traffic, a task that legacy wireless controllers traditionally performed. Additionally, the appliance keeps all the control and management functions in the Juniper Mist cloud. Juniper Mist Edge extends VLANs to distributed branches and telecommuters to replace remote VPN technology. Juniper® Series of High-Performance Access Points can form a Layer 2 Tunneling Protocol Version 3 (L2TPv3) tunnel to simultaneously extend VLANs from each of the Juniper Mist edge devices located in a campus, data center, or DMZ.

Juniper Mist Edge can be a hardware or virtual appliance. Just like the APs, the hardware appliance comes with a claim-code. To add the device to an organization inventory, you can claim the device through the Juniper Mist Portal. You can also scan the claim code by using Mist AI app. For information on onboarding the Mist Edge device and to set up the initial configuration, see Juniper Mist Edge Quick Start Guide.

Juniper Mist Edge solution offers several key benefits:

  • Agility—Rapidly develop and deploy new microservices.

  • Scalability—Meet the demands of small and large campuses.

  • Simplicity—Ease deployment and management with zero-touch configuration and cloud management.

Features

The Juniper Mist Edge solution offers the following features:

Tunneling Microservice

With tunneling microservice, you can seamlessly transition from the existing centralized data plane with legacy controller architectures to the modern Juniper Mist microservices cloud architecture. This transition does not affect the existing network architecture. The access points (APs) leverage standards-based L2TPv3 technology to tunnel VLAN traffic to and from the Juniper Mist Edge for selected wireless LANs (WLANs). When you deploy Juniper Mist Edge, your network can support both locally bridged and tunneled WLANs.

Tunneled WLANs and Flexible Traffic Redirection

The Juniper Mist microservices architecture provides the flexibility to form multiple tunnels to different Juniper Mist Edge appliances to meet the wireless configuration requirements. A Juniper Mist Edge deployment can support both locally bridged and tunneled WLANs. For example, you can:

  • Locally bridge one site of the WLAN.

  • Tunnel a guest WLAN to the Juniper Mist Edge deployment at the DMZ.

  • Tunnel the corporate service set identifier (SSID) to the Juniper Mist Edge deployment at the data center.

With SSID tunneling, the Juniper Mist Edge solution can access corporate resources.

High Availability and Clustering

Juniper Mist Edge supports an elastically scalable cluster that has an unlimited number of nodes. The support also extends to backup clusters. The Juniper Mist Edge cluster design for the tunneling microservice supports optimizing the aggregate capacity for APs and clients. The cluster design also supports meeting throughput expectations.

In case of a catastrophic network failure, Juniper Mist Edge supports multiple layers of redundancy to ensure WLAN survivability. If an entire cluster goes offline within a data center, Juniper Access Points can fail over to a different cluster hosted in a different data center to ensure network survivability.

Use Cases and Benefits

The following are some of the typical use cases for a Juniper Mist Edge deployment:

Centralized Datapath Architecture for Campus or Branch Deployment

With a simple, on-premises deployment of Juniper Mist Edge, you can establish a centralized data plane. This use case offers the following benefits:

    • Agility

      • Zero-touch provisioning—Remove prior-staging requirement for APs.

      • Network management with minimal effort —Leverage Marvis® Virtual Network Assistant and manage network performance with analytics about Juniper Mist service-level exception (SLE) metrics.

      • Firmware independence—Remove firmware dependency between an AP and Juniper Mist Edge. You can independently update the Juniper Mist Edge services in less than 3 seconds.

    • Security

      • Traffic isolation—The level of traffic control is similar to the level in the original wireless LAN controller architecture. Enable transparent movement of user traffic to a single central location, isolating the traffic from your access switches.

      • Automated security—Enable machine-driven site deployment without any credential exposure.

      • Secure WebSocket to communicate to the cloud.

      • Provide IPsec tunnel support for remote workers.

    • Resiliency

      • Support high availability, fail over, automatic preemption, and load balancing.

    • Scalability

      • Support scaling from a few branches to thousands of branches.

      • Support any campus with AP count ranging from a few hundreds to a few thousands.

      • Support up to 10,000 APs and 100,000 clients on a single Juniper Mist Edge (X-10).

      • Support unlimited horizontal scaling within a cluster, that is, with this capability, dozens of Juniper Mist Edge appliances can exist within a cluster.

Remote Worker Use Case

Juniper Mist Edge leverages IPsec tunnels from APs to Juniper Mist Edge to offer secure and reliable networks to remote workers. By using Juniper Mist to support remote workers, customers can extend their corporate WLAN to employees' homes whenever the employees work remotely. The use case provides remote workers the same level of security and access to corporate resources as the on-premises workers experience. In addition, this use case extends visibility into the user’s network experience. This use case offers the following benefits:

    • Agility

      • Zero-touch Provisioning—Remove the need for prior staging of an AP.

      • Network management with minimal effort—Leverage Marvis and manage network performance with analytics about Juniper Mist SLE metrics.

    • Security

      • Traffic isolation—Maintain the same level of traffic control as you maintain on-premises.

      • Automated Security—Enable machine-driven site deployment without any credential exposure.

      • Endpoint protection—Easily secure wireless and wired endpoints through Power Over Ethernet (PoE)-out.

    • Flexibility

      • Reuse hardware.

      • Support flexible all-home coverage with secure mesh capabilities.

      • Enable employees to self-manage their home SSID.

Switch Proxy Service

The switch proxy service in Juniper Mist™ Edge enables you to proxy all the data packets received from the Juniper EX series switches to the Juniper Mist™ cloud. You can benefit from this service when switches are behind an HTTP proxy or a firewall with port 2200 blocked. If a firewall exists between the Juniper Mist Edge device and the switch, you need to allow outbound access on TCP port 2222 (configurable) to the management port of the switch.

RADIUS Proxy Service

In a Juniper Mist™ network, you can use access points (APs) as the source of Remote Authentication Dial-In User Service (RADIUS) Access-Request messages. With the RADIUS proxy feature, you can use your Juniper Mist Edge appliance as the source of RADIUS Access-Request messages instead.

When you set up a RADIUS proxy, instead of adding the APs as individual clients, you can use only one IP (the RADIUS proxy).

The RADIUS proxy acts as a server toward the wireless AP RADIUS clients and as a client toward the RADIUS servers.