Juniper Mist IoT Assurance
Streamlines IT Operations and Secures Network Connections
While the number of IoT/OT devices in the industry is exponentially increasing, most of these client devices today are "headless" with limited or no support for 802.1X authentication or even browser support for captive portal onboarding. Enterprises need an easy way to onboard, segment, and manage the life cycle of IoT device credentials at scale. The same is true for BYOD devices that traditionally were associated with complex 802.1X onboarding solutions or cumbersome and less secure captive portal-based solutions.
The MPSK mechanism solves these challenges with the onboarding of IoT and BYOD devices. IoT Assurance goes several steps further to make this service truly innovative and scalable while maintaining simplicity in operations.
Juniper Mist IoT Assurance is a "MAC-less" and "NAC-less" onboarding service that can leverage MPSK as a device type and user/endpoint identity. With the ever-increasing trend in client MAC randomization, this onboarding technique proves invaluable for networks of the next decade.
With PSK auto-expiration and PSK rotation, IoT Assurance allows IT to comply with password rotation security policies. PSK is used as a new type of identity to perform dynamic traffic transport based on the PSK role or assign traffic policies via the Juniper Mist WxLAN framework.
Being 100% API programmable, Juniper Mist IoT Assurance can be easily integrated into any mobile device management solution to streamline IoT device provisioning or into any user-facing self-provisioning portal.
- MAC-less client device onboarding
- Ability to create, rotate, and auto-expire PSKs at cloud scale
- Dynamic traffic engineering
- Key-based WxLAN policy
- Personal WLAN
- Active device usage tracking per PSK
- Automated key provisioning and rotation
Juniper Mist IoT Assurance is a cloud service that simplifies IT operations and secures connections for headless IoT as well as BYOD devices via a Multiple Pre-Shared Key (MPSK) mechanism. It incorporates a full suite of access control functionality leveraging MPSK or Private Pre-Shared Key (PPSK) as a new type of identity and policy vector.
IoT Assurance provides a simple yet comprehensive way to onboard client devices without relying on a client MAC address, allowing dynamic traffic engineering and enforcing granular network access control. The service reduces overall IT operational cost with PreShared Key (PSK) life cycle management and organizationlevel visibility at cloud scale.
Onboard client devices without relying on MAC addresses for seamless experiences and the same secure segmentation and policy control you get with traditional 802.1X authentication.
Dynamic traffic engineering
Based on MPSK identity, IoT traffic can be forwarded locally to an upstream access switch with a specified VLAN tag or tunneled to a Juniper Mist Edge in the data center for secure transport to the application server. In both scenarios, traffic remains isolated from the rest of the network.
PSK role-based WxLAN policy
Assign network policy restrictions to client devices based on PSK role using the Juniper Mist cloud-based WxLAN policy framework. IT admins can easily allow IoT devices to access only required resources and block access to everything else.
Key lifecycle management
Simplify Day 2 operations at scale with automatic PSK expiration. A simple, effective key migration technique allows IT to keep PSKs regularly rotated while onsite personnel avoid any disruption in service.
End-to-end PSK usage visibility
IoT Assurance provides full visibility into active devices for each PSK at the organization level. IT admins can easily track which client devices are currently active on a given PSK and display top PSKs by current active client count.
100% programmable APIs
Easily integrate IoT Assurance into any mobile device management solution to streamline IoT device provisioning or into any user self-provisioning portal.
|Maximize IoT and BYOD Experiences
|Minimize IT Operations Costs When Managing MPSK
|Simplified onboarding with Multiple-PSK identity
|Key life cycle management (auto expiration, batch key rotation)
|Dynamic traffic engineering (local or tunnel)
|PSK usage visibility across the entire organization
|WxLAN-powered policy based on PSK roles
|100% programmable with APIs
MAC-Less Client Device Onboarding
In the new era of MAC randomization in all major client operating systems, the Juniper MPSK service becomes a new type of identity storage. It allows seamless client onboarding without relying on registering MAC addresses, providing seamless user and IT experience, while allowing full segmentation and policy control as with traditional 802.1X authentication.
Create, Rotate, Auto Expire Pre-Shared Keys at Cloud Scale
Juniper Mist IoT Assurance greatly simplifies Day 2 operations once the system is deployed at scale. Automatic PSK expiration in concert with automatic key rotation provides simple yet effective key migration technique that allows IT to keep PSKs regularly rotated and allows onsite personnel to avoid any disruptions in service during the key migration, no matter the scale of the deployment. Full PSK visibility provides an invaluable tool to verify key migration compliance across the entire organization.
Dynamic Traffic Engineering
With PSK as a user/endpoint or device type identifier, it has never been easier to determine how client traffic will be transported. Based on MPSK identity, client device traffic could be forwarded locally to an upstream access switch with specified VLAN tag, or alternatively tunnelled to a Juniper Mist Edge in a data center to seamlessly and securely transport IoT device traffic directly to the application server, isolating it from the rest of the network
Key-Based WxLAN Policy
Juniper IoT Assurance further extends the WxLAN framework and leverages MPSK as the new policy vector. MPSK allows for an easy role tagging that can quickly assign network policy restriction to a client device using certain PSK. IT admins can easily restrict IoT devices to access only resources they require and block access to everything else.
Active Device Usage Tracking per PSK
Juniper Mist IoT Assurance provides full visibility into active devices for each PSK at the organization level, in addition to information about device operating systems, locations, and user roles. This enables IT admins to easily track which client devices are currently active on a given PSK or display top PSKs by current active client count.
Download the Juniper Mist IoT Assurance Data Sheet (PDF).