Juniper at Mobility Field Day 11

It's no secret that I love my Juniper Mist wireless. Since coming out of stealth mode at Mobility Field Day 2, they have continued to deliver some fantastic presentations every time they present. If you're not familiar with Mobility Field Day (MFD), it's a mobile device-focused event where presenting sponsors (vendors) present to a group of delegates (industry people). This was the 11th installment of this twice-a-year event. For more info, you can click on the links. The videos of previous events (and soon this one) are available to watch there also.

productlaunchesJuniper gave a packed 4-hour presentation focused on a ton of new features and integrations. But before we talk about what they presented. What didn't we hear about? A Wi-Fi 7 Access Point. And honestly? I'm ok with that. Given that we're still seeing enterprise clients trying to get to 6Ghz and Wi-Fi 6E, the push to 7 has me less concerned right now. As expected, a slew of "Wi-Fi 7" devices are out there, even before the standard is fully ratified (lots of discussions can be had around this, of course). And while I'd love that new hotness of the supposed 46Gbps of bandwidth. The reality behind those numbers is a little less stable. So yes, Wi-Fi 7 is coming, probably a little earlier than I expected. But until the clients really kick in, I'm less concerned with seeing it on an enterprise AP. While I know it's a chicken-and-egg scenario (clients or aps first?), I'd rather see enterprises focusing on a migration to WPA3 rather than Wi-Fi 7 right now.

Let's get into what this article is all about. Rather than my blow-by-blow of how the presentation went (check my Twitter for that, or even better, search the mfd11 hashtag on Twitter to get a ton more information), I will go through 5 of my favorite announcements and why I think they are important. I'd ask if that's ok, but this is a blog, and if it's not, you'll just stop reading and move on anyway. So I'm going to just roll with it.

1. Dynamic Wired Packet Capturewired dPCAP

I adore the wireless counterpart to this. I've used it multiple times to dive into what happened when there was a failure. And while I know that "everything is wireless" and wired clients aren't as sexy as wireless, troubleshooting them efficiently is just as important, if not more so. Because we're seeing more and more regular access clients move to wireless, the wired clients tend to be the "important" ones. That might be something that serves a group of users like a printer, or it may be something that we need the stability and reliability of that wired connection. While we could do on-demand packet captures (PCAPS) from switches, we still had to recreate the issue or manage to catch the problem when it was occurring. With this feature release, we're seeing wired gain more parity with wireless in the Mist system.

That is still one of my big points when talking with Juniper. Understandably, Wireless is ahead (they had a few-year head start!), but I want to see full parity between the two. My clients have gotten used to all the helpful troubleshooting Mist puts at their fingertips. When they have to go "back to the old way" of doing things, it reminds them that there is still a ways to go to get where we all want to be. While this feature may seem like a small thing, this gets us one step closer to not needing a CLI. I know, I love my CLI, but we'll be ok.

2. Dynamic Spectrum CapturedSpecCap

Sticking to the automated capture theme, this next one was even more awesome. You can't talk about wireless without Radio Frequencies (RF). And in the world of RF, there is a lot more going on than what we want. Interference comes from all kinds of different sources. Some we know about and can detect easily. Like other Wi-Fi APs. Others we can't see without special equipment, proper timing, and some luck. But this feature just made this a whole lot easier. Much like dynamic packet capture brought to our wireless troubleshooting, this feature is going to make finding out "why does the Wi-Fi suck" much much easier. Using the built-in hardware on the Mist APs, the system will now capture details on RF interference. Automatically. When it happens. So when that 35-year-old microwave that someone only uses every 3rd Wednesday kicks on and blasts out enough RF interference to make the Wi-Fi next door stop working, now Mist will be able to record details on the event. And since it can detect it across multiple APs, you can triangulate the source and finally deal with it. Without rolling a truck, without special equipment, and without having to catch Jane from accounting in the act of reheating those tuna leftovers! As a network engineer with a wide scope of responsibilities, I can be much more efficient. And as much as I love new toys, Spectrum Analyzers are not cheap. And when I don't do this every day, it can be difficult to justify. So I'm now much more efficient also. And finally, it's not just me who can use and understand this. Now, someone just getting into the wonderful world of RF has access to incredibly important information.

3. Access Assurance

accessassuranceMist joined the Network Access Control (NAC) fray last year when they announced Access Assurance. While they weren't the first cloud-based NAC, they made it so easy. From 1 click Radius Security (RadSec) to having a simple drag-and-drop style interface for building policy, they simplified what lots of network administrators detest deploying. Since the announcement, they have onboarded hundreds of customers, expanded the availability, and even done 14 software updates with zero customer impact. That is crazy impressive. 

But there were still some gaps. And with the multiple announcements at MFD, they've closed a few of the big ones. First, they are adding functionality into the Mist Edge to help with site survivability in case the connection to the Access Assurance cloud is lost. One of the major reasons I hear clients pause at moving NAC into the cloud is, "What if the ISP goes down? How will people work?". Well, with the enhancements, data will be cached on the Mist Edge at the site. This will allow previously authorized users the same access as they would have had if the connection was up. And if the user wasn't authenticated before, there is the ability to specify some default critical services access so that they can still access some things. Next, integration with Mobile Device Management (MDM) systems. This allows for posture-checking and client isolation when the MDM says it's out of compliance. Integrating this into the existing policy engine gives you a single view of your network access policy. By making it MDM-controlled, you don't have to deploy another user agent just for posture checks.

clientonboardingBut what about getting clients onto the network? Until now, there have been a few methods for onboarding clients, but they weren't integrated into the workflow. During the presentation, they demonstrated an enhancement to the onboarding process, so it's built right into Mist. Onboarding clients has long been a thorn for administrators who must allow unmanaged devices onto their secured networks. You had to balance ease of use with security. How do you deploy the right profiles and certificates onto that end-user device in a way that doesn't require them to run through a 25-page "How-To" treatise? Well, now they access the Mist onboarding portal. And it walks them through the process. But wait, doesn't that require a Private Key Infrastructure (PKI)? What if I don't want them in my corporate one? Why don't you just let Mist take care of that for you, too? That's right, there is now a PKI built in that can be used for the certificates. Removing yet another barrier to security with a couple of easy setup screens.

And I can't leave out what Higher Ed folks have been asking for since the launch: Eduroam integration. While I don't deal with this a ton, I know it can be quite challenging. Mist has now added the ability to integrate with Eduroam directly to the cloud platform, so it's easy, scalable, and simple.

4. Marvis Application Experienceapplicationexperienceinsights

Juniper announced the Mist integration with Microsoft Teams and Zoom late last year. This integration brought performance metrics from those 2 applications directly into the Mist dashboard. One of those metrics is user-reported experience. This allows administrators the ability to directly troubleshoot a user's experience with an application on the network with network information without having to leave their dashboard. But more than that, they don't even have to be in the dashboard. It's historical. And can be accessed via the conversational interface. Before someone calls to report an issue. So with a simple "Who is having a bad Zoom call" question to Marvis (my favorite little Virtual Network Assistant!), the IT person (maybe even the helpdesk *gasp*) can see a list of potential issues correlated with the network data. The more links in the chain that Mist can access give it more information to correlate. So maybe that Zoom stuttering had nothing to do with the wireless. Maybe the uplink on the distribution switch the access switch the AP plugs into was overloaded for a couple of minutes. Marvis can tell you that.

But what if I don't want to see this information just when I'm troubleshooting? The Mist Service Level Expectations (SLE) are a differentiator between Mist and other wireless vendors. For years, they have said, "Up is not equal to good" and "User experience is the key metric for the network." So, it's only natural that bringing this application data to the forefront in an SLE was the next step. But instead of just giving you one little SLE on the wireless page, they created a whole new workspace for it. It was referenced that they have much loftier goals than just Teams and Zoom. And I think that by making this a whole new section, they're giving themselves that runway. This gives them flexibility to extend the SLEs across access types, applications, locations, etc.

But this doesn't stop at the data they get from direct user experiences. Probably one of my favorite announcements from Mist has been Marvis Minis. I went so far as to create the #MarvisMiniArmy and have distributed over 200 of the physical avatars of the digital twin (so far!). Marvis Minis is the name for the feature where Mist uses its APs to simulate user traffic on the network to validate that things are working. It started with the basics like DHCP, DNS, ARP, and connectivity. The AI (yes, I finally said it) in the Mist system systematically targets tests and expands the testing scope if needed to more accurately determine the blast radius of the problem. So it doesn't just run a test on every AP in the system. It cycles through and determines the right ones to use to detect issues and only goes beyond that if there are issues to find.minisapplicationtests

And now that's being extended in multiple ways. First, to wired connections. Marvis Minis now run on Juniper switches. This not only brings even more parity to the wired client side of the full stack, it allows even more insight into how the network is functioning without users even being there. Next, they extended the scope of the Minis tests by adding speed tests and RADIUS server interactions. It was hinted that more application-centric tests could be included. So now you wouldn't have to have a user report an issue with a Zoom call. Minis could test the Zoom application and report a bad experience before anyone arrives. Oh, and remember those dynamic PCAPS? Yes, minis can trigger those too. And don't forget about the Spectrum Captures too. So now, without deploying any additional hardware, your network can detect, test, determine the scope, and provide direction actionable feedback on what it thinks the root of the problem is. All without anyone on site or even looking for a problem. This is game-changing. Especially when you extrapolate into the future to allow the system to then *fix* the issue itself. A scheduled network configuration change broke DNS on a single VLAN at a single remote site on a Friday night? Of a Holiday Weekend? Marvis could detect the issue at that site immediately after it occurred and not only alert on it but roll back the config change for just that single site. While this wasn't part of the announcement (and some would argue you don't even want this), it's where I could see things go. That is my thoughts on what the "AI-Driven Network" that Juniper is talking about looks like.

meetinginsightsSo, we have user experience metrics, we have testing, but what about reporting? Mist's Premium Analytics wasn't left out. There is a new dashboard for the Zoom and Teams data, which will be extended to even more Applications as they are added. So now you have the ability to generate a nice report that can present and analyze the data in all kinds of ways that help clarify to management that, no, the network isn't the reason that one Zoom call was a problem. In fact, here's the data on all of the Zoom calls at that site over the last month, and it really was a one-off issue that caused the problem. The issue wasn't even the wireless's problem. The user was not just on the Zoom call, but it was that the laptop the user was using was overloaded and the CPU was maxed out. Or some similar scenario ;) Whew! Marvis is really getting his workout here!

5. Live RF Troubleshooting

haminaWhile this was not the last announcement in the overall flow of the presentation, it had such a "but wait, there's more!" style I had to put it last in this list. But this announcement wasn't just a Mist one. In fact, they brought in my other favorite wireless tool, Hamina. There is an existing integration for planning and even live survey between Hamina and Mist. But this announcement took it to the next level. There is now an integration of live radio resource management (RRM) data from Mist into a live Hamina view. While this is a simple statement, the impact is pretty huge! If you dive into the world of RRM in Mist, you realize there is a huge amount of data behind how Mist calculates RRM changes. In Mist, the AI (drink!) uses live RF measurements from APs to their neighbor APs to calculate how RF propagates between APs. And in Hamina, you have all kinds of crazy modeling technology that allows it to understand RF propagation and what that means. And now, by their powers combined, you get almost a live remote RF survey! While it may not fully replace a human survey, it can help extend those surveys' functionality. Site surveys are expensive. Both in time and money. So with this integration, you get a continuous on-demand RF survey in your browser with the click of a mouse. And without drawing walls. For those of you who have spent days click-clicking to draw walls on a map, you hopefully understand how cool this is!

6. Location services automation

But wait, there's more! (sorry I couldn't help it)

autoplacementMist's powerful location services functions have allowed it to be one of the few wifi vendors in the Gartner Magic Quadrant for indoor location services. But one piece of this is ensuring your location is set up for location services. This starts with the "simple" uploading and scaling of a map. It then requires accurate placement of APs on the map. And orientation of those APs. Oh, and then if you like zones (and who doesn't), you have to draw those out too. While this is easy for a single office building, it becomes quite challenging when discussing a large building or even a whole campus. Mist previously announced the ability to auto-place and auto-orient APs on a single map. So, per floor, you would pick a few "anchor" APs that you knew the location and orientation of. Then, using radio measurements, Bluetooth data, and math, the system would place and orient the APs on the map for you. But you still had to do this a floor at a time. And you had to choose good anchor APs. And those anchors had to be precise. Well (and if you haven't caught it, this is a theme), now it's easier. First, Mist is adding multi-floor auto-placement. But it's not just considering multiple floors to help with the placement. It's also using the data it has not to require full anchor APs. It's determining those for you. Tell the wizard-style auto-placement tool what floors some reference APs are on, and it will take it from there. But why stop at placement? What about having the system use all that good data lying around to build zones automagically for you? So now you don't have to manually define every single office and conference room. Mist will be able to do it for you! How awesome is that?!

 

So there we go, Juniper at Mobility Field Day 11 in 6 easy sections. While it may not seem like it from this article, it was a whirlwind 4 hours of presentations. And this isn't even all of the things covered. But I'm guessing only a few folks have made it this far (I'm not even sure I've made it this far!). I left out all the awesome data from Wes Purvis on 6GHz Standard Power versus Low Power. Which I absolutely loved having in the presentation. And all of the amazing AI goodness from Bob Friday, including one of my favorite slides transparently explaining how AI is included in Mist, what it does, and the types and pieces. It's not just marketing fluff. It's the real data science deal! Lots is going on in the wireless access world these days. And there are lots of vendors out there. But I continue to believe that Mist is leading the pack in all the ways that matter. They aren't perfect, but they are working to make things better in ways that make the people who build and operate these amazing networks easier. Beyond that, they're ensuring that we engineers realize that user experience is the only metric that matters in the end.