Juniper Mist IoT Assurance is a cloud service that simplifies IT operations and secures connections for headless IoT as well as BYOD devices via a Multiple Pre-Shared Key (MPSK) mechanism. It incorporates a full suite of access control functionality leveraging MPSK or Private Pre-Shared Key (PPSK) as a new type of identity and policy vector.
IoT Assurance provides a simple yet comprehensive way to onboard client devices without relying on a client MAC address, allowing dynamic traffic engineering and enforcing granular network access control. The service reduces overall IT operational cost with Pre-Shared Key (PSK) life cycle management and organization-level visibility at cloud scale.
While the number of IoT/OT devices in the industry is exponentially increasing, most of these client devices today are “headless” with limited or no support for 802.1X authentication or even browser support for captive portal onboarding. Enterprises need an easy way to onboard, segment, and manage the life cycle of IoT device credentials at scale. The same is true for BYOD devices that traditionally were associated with complex 802.1X onboarding solutions or cumbersome and less secure captive portal-based solutions.
The MPSK mechanism solves these challenges with the onboarding of IoT and BYOD devices. IoT Assurance goes several steps further to make this service truly innovative and scalable while maintaining simplicity in operations.
Juniper Mist IoT Assurance is a “MAC-less” and “NAC-less” onboarding service that can leverage MPSK as a device type and user/endpoint identity. With the ever-increasing trend in client MAC randomization, this onboarding technique proves invaluable for networks of the next decade.
With PSK auto-expiration and PSK rotation, IoT Assurance allows IT to comply with password rotation security policies. PSK is used as a new type of identity to perform dynamic traffic transport based on the PSK role or assign traffic policies via the Juniper Mist WxLAN framework.
PSK Portal creation enables BYOD on-boarding workflows by automating PSK generation based on user identity, leveraging SAML for an SSO experience. It enables seamless client device onboarding via mobile QR code or by typing a personalized passphrase without installing any client software.
Being 100% API programmable, Juniper Mist IoT Assurance can be easily integrated into any mobile device management solution to streamline IoT device provisioning or into any user-facing self-provisioning portal.
|Maximize IoT and BYOD Experiences||Minimize IT Operations Costs When Managing MPSK|
|Simplified onboarding with Multiple-PSK identity||Key life cycle management (auto expiration, batch key rotation)|
|Dynamic traffic engineering (local or tunnel)||PSK usage visibility across the entire organization|
|WxLAN-powered policy based on PSK roles||100% programmable with APIs|
|On-board BYOD users with an SSO experience||Create self-provisioning PSK portals, easing client device provisioning|
MAC-Less Client Device Onboarding
In the new era of MAC randomization in all major client operating systems, the Juniper MPSK service becomes a new type of identity storage. It allows seamless client onboarding without relying on registering MAC addresses, providing seamless user and IT experience, while allowing full segmentation and policy control as with traditional 802.1X authentication.
Create, Rotate, Auto Expire Pre-Shared Keys at Cloud Scale
Juniper Mist IoT Assurance greatly simplifies Day 2 operations once the system is deployed at scale. Automatic PSK expiration in concert with automatic key rotation provides simple yet effective key migration technique that allows IT to keep PSKs regularly rotated and allows onsite personnel to avoid any disruptions in service during the key migration, no matter the scale of the deployment. Full PSK visibility provides an invaluable tool to verify key migration compliance across the entire organization.
Dynamic Traffic Engineering
With PSK as a user/endpoint or device type identifier, it has never been easier to determine how client traffic will be transported. Based on MPSK identity, client device traffic could be forwarded locally to an upstream access switch with specified VLAN tag, or alternatively tunnelled to a Juniper Mist Edge in a data center to seamlessly and securely transport IoT device traffic directly to the application server, isolating it from the rest of the network.
Key-Based WxLAN Policy
Juniper IoT Assurance further extends the WxLAN framework and leverages MPSK as the new policy vector. MPSK allows for an easy role tagging that can quickly assign network policy restriction to a client device using certain PSK. IT admins can easily restrict IoT devices to access only resources they require and block access to everything else.
Create your own personal wireless network (with personalized pre-shared key), enabling multicast between devices using the same key. This feature can be used to isolate traffic between clients using different pre-shared keys even within the same VLAN. The Juniper Mist AI-driven WLAN solution is the platinum standard for any digital deployment, helping enterprises deliver a dynamic user experience while simplifying management, planning, and troubleshooting for IT. This service includes comprehensive wireless, security, guest access, and network management functions with a single subscription.
Active Device Usage Tracking per PSK
Juniper Mist IoT Assurance provides full visibility into active devices for each PSK at the organization level, in addition to information about device operating systems, locations, and user roles. This enables IT admins to easily track which client devices are currently active on a given PSK or display top PSKs by current active client count.
Automation for Key Provisioning and Rotation
The Juniper Mist platform is 100% programmable, providing open REST APIs, which allow external tools such as mobile device management platforms to leverage Juniper Mist cloud APIs to automate pre-shared key provisioning and rotation for large-scale, managed IoT asset fleets.
Juniper IoT Assurance includes built-in tools that allow customers to create custom self-provisioning PSK portals to automate PSK generation based on user identity. This supports various BYOD workflows leveraging Juniper Mist native Security Assertion Markup Language (SAML) connectors for single sign-on (SSO) experience. It also enables easy-to-use automatic client device provisioning via mobile QR code or automatic Wi-Fi connection URL without a need to install any software on the client device.
About Juniper Networks
At Juniper Networks, we are dedicated to dramatically simplifying network operations and driving superior experiences for end users. Our solutions deliver industry-leading insight, automation, security and AI to drive real business results. We believe that powering connections will bring us closer together while empowering us all to solve the world’s greatest challenges of well-being, sustainability and equality.
1000723 - 002 - EN NOV 2022