Juniper Mist IoT Assurance Overview Datasheet

Download Datasheet

Product Overview

Juniper Mist IoT Assurance is a cloud service that simplifies IT operations and secures connections for headless IoT as well as BYOD devices via a Multiple Pre-Shared Key (MPSK) mechanism. It incorporates a full suite of access control functionality leveraging MPSK or Private Pre-Shared Key (PPSK) as a new type of identity and policy vector. 

IoT Assurance provides a simple yet comprehensive way to onboard client devices without relying on a client MAC address, allowing dynamic traffic engineering and enforcing granular network access control. The service reduces overall IT operational cost with Pre-Shared Key (PSK) life cycle management and organization-level visibility at cloud scale.

 

Product Description

While the number of IoT/OT devices in the industry is exponentially increasing, most of these client devices today are “headless” with limited or no support for 802.1X authentication or even browser support for captive portal onboarding. Enterprises need an easy way to onboard, segment, and manage the life cycle of IoT device credentials at scale. The same is true for BYOD devices that traditionally were associated with complex 802.1X onboarding solutions or cumbersome and less secure captive portal-based solutions. 

The MPSK mechanism solves these challenges with the onboarding of IoT and BYOD devices. IoT Assurance goes several steps further to make this service truly innovative and scalable while maintaining simplicity in operations. 

Juniper Mist IoT Assurance is a “MAC-less” and “NAC-less” onboarding service that can leverage MPSK as a device type and user/endpoint identity. With the ever-increasing trend in client MAC randomization, this onboarding technique proves invaluable for networks of the next decade. 

With PSK auto-expiration and PSK rotation, IoT Assurance allows IT to comply with password rotation security policies. PSK is used as a new type of identity to perform dynamic traffic transport based on the PSK role or assign traffic policies via the Juniper Mist WxLAN framework. 

PSK Portal creation enables BYOD on-boarding workflows by automating PSK generation based on user identity, leveraging SAML for an SSO experience. It enables seamless client device onboarding via mobile QR code or by typing a personalized passphrase without installing any client software.

Being 100% API programmable, Juniper Mist IoT Assurance can be easily integrated into any mobile device management solution to streamline IoT device provisioning or into any user-facing self-provisioning portal.

 

Key Benefits

Maximize IoT and BYOD ExperiencesMinimize IT Operations Costs When Managing MPSK
Simplified onboarding with Multiple-PSK identityKey life cycle management (auto expiration, batch key rotation)
Dynamic traffic engineering (local or tunnel)PSK usage visibility across the entire organization
WxLAN-powered policy based on PSK roles100% programmable with APIs
On-board BYOD users with an SSO experienceCreate self-provisioning PSK portals, easing client device provisioning

 

MAC-Less Client Device Onboarding

In the new era of MAC randomization in all major client operating systems, the Juniper MPSK service becomes a new type of identity storage. It allows seamless client onboarding without relying on registering MAC addresses, providing seamless user and IT experience, while allowing full segmentation and policy control as with traditional 802.1X authentication.

 

Screenshot of Juniper Mist IoT Assurance cloud service

Create, Rotate, Auto Expire Pre-Shared Keys at Cloud Scale

Juniper Mist IoT Assurance greatly simplifies Day 2 operations once the system is deployed at scale. Automatic PSK expiration in concert with automatic key rotation provides simple yet effective key migration technique that allows IT to keep PSKs regularly rotated and allows onsite personnel to avoid any disruptions in service during the key migration, no matter the scale of the deployment. Full PSK visibility provides an invaluable tool to verify key migration compliance across the entire organization.

Create, Rotate, Auto Expire Pre-Shared Keys at Cloud Scale
Image of duplicate pre-shared keys web form

Dynamic Traffic Engineering

With PSK as a user/endpoint or device type identifier, it has never been easier to determine how client traffic will be transported. Based on MPSK identity, client device traffic could be forwarded locally to an upstream access switch with specified VLAN tag, or alternatively tunnelled to a Juniper Mist Edge in a data center to seamlessly and securely transport IoT device traffic directly to the application server, isolating it from the rest of the network.

 

Juniper Mist Edge Diagram with flow chart

Key-Based WxLAN Policy

Juniper IoT Assurance further extends the WxLAN framework and leverages MPSK as the new policy vector. MPSK allows for an easy role tagging that can quickly assign network policy restriction to a client device using certain PSK. IT admins can easily restrict IoT devices to access only resources they require and block access to everything else.

 

Juniper Mist Diagram with flow chart

Personal WLAN

Create your own personal wireless network (with personalized pre-shared key), enabling multicast between devices using the same key. This feature can be used to isolate traffic between clients using different pre-shared keys even within the same VLAN. The Juniper Mist AI-driven WLAN solution is the platinum standard for any digital deployment, helping enterprises deliver a dynamic user experience while simplifying management, planning, and troubleshooting for IT. This service includes comprehensive wireless, security, guest access, and network management functions with a single subscription.

 

Active Device Usage Tracking per PSK

Juniper Mist IoT Assurance provides full visibility into active devices for each PSK at the organization level, in addition to information about device operating systems, locations, and user roles. This enables IT admins to easily track which client devices are currently active on a given PSK or display top PSKs by current active client count.

 

1000723-fig6

Automation for Key Provisioning and Rotation

The Juniper Mist platform is 100% programmable, providing open REST APIs, which allow external tools such as mobile device management platforms to leverage Juniper Mist cloud APIs to automate pre-shared key provisioning and rotation for large-scale, managed IoT asset fleets.

 

Self-Provisioning Portals

Juniper IoT Assurance includes built-in tools that allow customers to create custom self-provisioning PSK portals to automate PSK generation based on user identity. This supports various BYOD workflows leveraging Juniper Mist native Security Assertion Markup Language (SAML) connectors for single sign-on (SSO) experience. It also enables easy-to-use automatic client device provisioning via mobile QR code or automatic Wi-Fi connection URL without a need to install any software on the client device.

 

1000723-fig7

About Juniper Networks

At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.

 

 

1000723 - 002 - EN NOV 2022