Juniper Networks Infranet Controller 6000 and UAC Agent

Juniper Networks Infranet Controller 6000

The hardened, centralized policy management server at the heart of Juniper's Unified Access Control (UAC) solution

Built on Juniper's proven, best-in-class security and access control products

High-performance platform for the largest, most complex deployments

Overview

At the heart of Juniper's Unified Access Control (UAC) solution is the Infranet Controller, a hardened policy management server that leverages Juniper's proven, best-in-class security and access control products. The Infranet Controller can push the UAC Agent down to the endpoint to collect user authentication, endpoint security state and device location information; or, alternatively, can gather that same information in agent-less mode.

Here is how the IC 6000 works:

Once user or device credentials have been submitted, the Infranet Controller features a comprehensive authentication, authorization and accounting (AAA) engine for seamless deployment into almost all popular AAA settings

After the credentials have been validated and the endpoint security state established, the Infranet Controller creates and implements a dynamic access policy for each user/session and pushes that policy to enforcement points throughout the network. The enforcement points can include:

Any vendor's standards-compliant 802.1X-enabled switches or access points

Any Juniper Networks firewall/VPN platform, including the Integrated Services Gateway (ISG) with Intrusion Detection and Prevention (IDP) and the Secure Services Gateway (SSG) secure routing platforms

Or both for even greater granularity

The IC 6000 also integrates the RADIUS processing capabilities of Juniper's Steel-Belted Radius® (SBR), the de facto standard in RADIUS servers and appliances. This lets the IC 6000 support an 802.1X transaction over vendor-agnostic, 802.1X-enabled switches and access points when an endpoint attempts network access.

The IC 6000 is designed to address the needs of large enterprises, multinational organizations and government agencies, with the capability to handle up to tens of thousands of concurrent endpoints. The IC 6000 includes a number of high-availability features, including a hot-swappable power supply and hard disk that are both field upgradeable. The IC 6000 can be deployed in multi-unit clusters to increase performance and provide additional scalability.

UAC Agent

The UAC Agent collects user credentials and assesses an endpoint's security state and includes integrated 802.1X functionality from Juniper's Odyssey® Access Client (OAC) 802.1X client/supplicant, as well as Layer 3 - 7 functionality.

The UAC Agent is a dynamically downloaded agent that can be preconfigured, provisioned in real time by the Infranet Controller, installed using Juniper's Installer Service or deployed by other means.

The capabilities of the UAC Agent include:

An integrated personal firewall for dynamic client-side policy enforcement.

Specific functionality for Windows devices that includes IPSec VPN and Single SignOn to Active Directory.

Host Checker functionality, familiar from thousands of Juniper Secure Access SSL VPN deployments, scanning endpoints for a variety of security applications/states, as well as custom checks of elements, such as registry and port status, and an MD5 checksum to verify application validity. Deployment is simplified with predefined Host Checker policies, as well as automatic monitoring of antivirus signature files.

Access can also be provisioned in agent-less mode in cases where software downloads are not practical, such as in guest deployments. Access through agent-less mode also includes provisioning of Host Checker, guaranteeing the security state of all network users.

The UAC Agent can also be delivered based on role, linking agent-less or agent-based access dynamically to user and/or device identity.