Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Juniper Mist Edge Overview

Juniper Mist leverages Juniper Mist Edge appliance when an organization needs to retain a centralized datapath architecture for campus or branch deployments. The Juniper Mist Edge appliance provides a centralized datapath for user traffic, a task that legacy wireless controllers traditionally performed. Additionally, the appliance keeps all the control and management functions in the Juniper Mist cloud.

Juniper Mist Edge can be a hardware or virtual appliance. Just like the APs, the hardware appliance comes with a claim-code. To add the device to an organization inventory, you can claim the device through the Juniper Mist Portal. You can also scan the claim code by using Mist AI app. For information on onboarding the Mist Edge device and to set up the initial configuration, see Juniper Mist Edge Quick Start Guide.

Juniper Mist Edge solution offers several key benefits:

  • Agility—Rapidly develop and deploy new microservices.

  • Scalability—Meet the demands of small and large campuses.

  • Simplicity—Ease deployment and management with zero-touch configuration and cloud management.

Features

The Juniper Mist Edge solution offers the following features:

Tunneling Microservice

With tunneling microservice, you can seamlessly transition from the existing centralized data plane with legacy controller architectures to the modern Juniper Mist microservices cloud architecture. The access points (APs) leverage standards-based L2TPv3 technology to tunnel VLAN traffic to and from the Juniper Mist Edge for selected wireless LANs (WLANs).

Flexible Traffic Redirection

The Juniper Mist microservices architecture provides the flexibility to form multiple tunnels to different Juniper Mist Edge appliances to meet the wireless configuration requirements. A Juniper Mist Edge deployment can support both locally bridged and tunneled WLANs. For example, you can:

  • Locally bridge one site of the WLAN.

  • Tunnel a guest WLAN to the Juniper Mist Edge deployment at the DMZ.

  • Tunnel the corporate service set identifier (SSID) to the Juniper Mist Edge deployment at the data center.

With SSID tunneling, the Juniper Mist Edge solution can access corporate resources.

High Availability and Clustering

Juniper Mist Edge supports an elastically scalable cluster that has an unlimited number of nodes. The support also includes :

  • Backup clusters

  • Meeting throughput expectations

  • Optimizing the aggregate capacity for APs and clients

In case of a catastrophic network failure, Juniper Mist Edge supports multiple layers of redundancy to ensure WLAN survivability. If an entire cluster goes offline within a data center, Juniper Access Points can fail over to a different cluster hosted in a different data center to ensure network survivability.

Use Cases and Benefits

The following are some of the typical use cases for a Juniper Mist Edge deployment:

Centralized Datapath Architecture for Campus or Branch Deployment

With a simple, on-premises deployment of Juniper Mist Edge, you can establish a centralized data plane. The Juniper Mist Edge appliance provides a centralized datapath for user traffic, a task that legacy wireless controllers traditionally performed. Additionally, the appliance keeps all the control and management functions in the Juniper Mist cloud, while providing micro services architecture to the campus. Juniper Mist Edge solution provids access to corporate resources, while extending visibility into user network experience and streamlining IT operations through cloud management. This use case offers the following benefits:

    • Agility

      • Network management with minimal effort —Leverage Marvis® Virtual Network Assistant and manage network performance with analytics about Juniper Mist service-level exception (SLE) metrics.

      • Firmware independence—Remove firmware dependency between an AP and Juniper Mist Edge. You can independently update the Juniper Mist Edge services in less than 3 seconds.

    • Security

      • Traffic isolation—The level of traffic control is similar to the level in the original wireless LAN controller architecture. Enable transparent movement of user traffic to a single central location, isolating the traffic from your access switches.

      • Automated security—Enable machine-driven site deployment without any credential exposure.

      • Secure WebSocket to communicate to the cloud.

      • Provide IPsec tunnel support for remote workers.

    • Resiliency

      • Support high availability, fail over, automatic preemption, and load balancing.

    • Scalability

      • Support scaling from a few branches to thousands of branches.

      • Support any campus with AP count ranging from a few hundreds to a few thousands.

      • Support up to 10,000 APs and 100,000 clients on a single Juniper Mist Edge (X-10).

      • Support unlimited horizontal scaling within a cluster, that is, with this capability, dozens of Juniper Mist Edge appliances can exist within a cluster.

Remote Worker Use Case

Juniper Mist Edge extends virtual LANs (VLANs) to distributed branches and telecommuters to replace remote virtual private network (VPN) technology. It also provides dynamic traffic segmentation for IoT devices. Split tunneling allows for guest access and corporate traffic.This use case offers the following benefits:

    • Agility

      • Zero-touch Provisioning—Remove the need for prior staging of an AP.

      • Network management with minimal effort—Leverage Marvis and manage network performance with analytics about Juniper Mist SLE metrics.

    • Security

      • Traffic isolation—Maintain the same level of traffic control as you maintain on-premises.

      • Automated Security—Enable machine-driven site deployment without any credential exposure.

      • Endpoint protection—Easily secure wireless and wired endpoints through Power Over Ethernet (PoE)-out.

    • Flexibility

      • Reuse hardware.

      • Support flexible all-home coverage with secure mesh capabilities.

      • Enable employees to self-manage their home SSID.

The following image illustrates the Juniper Mist Teleworker solution:

Use Cases and Benefits

Switch Proxy Service

The switch proxy service in Juniper Mist™ Edge enables you to proxy all the data packets received from the Juniper EX series switches to the Juniper Mist™ cloud. You can benefit from this service when switches are behind an HTTP proxy, a firewall with port 2200 blocked, or when the switch cannot access the Internet. If a firewall exists between the Juniper Mist Edge device and the switch, you need to allow outbound access on TCP port 2222 (configurable) to the management port of the switch.

RADIUS Proxy Service

In a Juniper Mist™ network, you can use access points (APs) as the source of Remote Authentication Dial-In User Service (RADIUS) Access-Request messages. If your network requires a centralized source of RADIUS requests, then you can benefit from the RADIUS proxy service on Juniper Mist Edge. The RADIUS proxy acts as a RadSec (Secure Radius) server toward the wireless AP (acting as NAS - Network access server) and as a client toward the RADIUS servers.

When you enable RADIUS proxy service on Mist Edge, instead of adding each AP in the site as individual RADIUS clients, you just need to add only one IP (the RADIUS proxy).