New Features and Functions of Junos Pulse Mobile Security Suite 4.1

Similar documents
SECURING TODAY S MOBILE WORKFORCE

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

IF-MAP FEDERATION WITH JUNIPER NETWORKS UNIFIED ACCESS CONTROL

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

SECURE ACCESS TO THE VIRTUAL DATA CENTER

The dramatic growth in mobile device malware. continues to escalate at an ever-accelerating. pace. These threats continue to become more

VMWARE VIEW WITH JUNIPER NETWORKS SA SERIES SSL VPN APPLIANCES

Junos Pulse: Securing Today s Mobile Life

Secure, Mobile Access to Corporate , Applications, and Intranet Resources

PULSE SECURE FOR GOOGLE ANDROID

COORDINATED THREAT CONTROL

Junos Pulse Secure Access Service Enables Service Providers to Deliver Scalable and On-Demand, Cloud-Based Deployments with Simplicity and Agility

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management

Network and Security. Product Description. Product Overview. Architecture and Key Components DATASHEET

NETWORK AND SECURITY MANAGER APPLIANCES (NSMXPRESS AND NSM3000)

PRODUCT CATEGORY BROCHURE. Juniper Networks SA Series

Configuring and Implementing A10

Junos Pulse for Google Android

JUNOS PULSE APPCONNECT

Reasons Enterprises. Prefer Juniper Wireless

PRODUCT CATEGORY BROCHURE

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

PRODUCT CATEGORY BROCHURE

Junos Pulse Access Control Service 4.4R4-MDM Supported Platforms Document

SA Series SSL VPN Virtual Appliances

NETWORK AND SECURITY MANAGER

Administration Guide. BlackBerry Enterprise Service 12. Version 12.0

PERFORMANCE VALIDATION OF JUNIPER NETWORKS SRX5800 SERVICES GATEWAY

Juniper Networks Solution Portfolio for Public Sector Network Security

Building a BYOD Program Using the Casper Suite. Technical Paper Casper Suite v9.4 or Later 17 September 2014

BlackBerry Enterprise Service 10. Universal Device Service Version: Administration Guide

JUNIPER NETWORKS WIRELESS LAN SOLUTION

Identity-Based Application and Network Profiling

Junos Pulse. Windows In-Box Junos Pulse Client Quick Start Guide. Published: Copyright 2013, Juniper Networks, Inc.

Remote Access Protection

Installation Instructions

DEPLOYING IP TELEPHONY WITH EX SERIES ETHERNET SWITCHES

Configuring and Deploying the Dynamic VPN Feature Using SRX Series Services Gateways

GO!Enterprise MDM Device Application User Guide Installation and Configuration for BlackBerry

Identity-Based Traffic Logging and Reporting

ios Enterprise Deployment Overview

SoLuTIoN guide. CLoud CoMPuTINg ANd ThE CLoud-rEAdy data CENTEr NETWork

Feature List for Kaspersky Security for Mobile

MIGRATING IPS SECURITY POLICY TO JUNIPER NETWORKS SRX SERIES SERVICES GATEWAYS

Mobile Device Manager. Windows User Guide (Windows Phone 8/RT)

2016 Xerox ConnectKey Technology-enabled MFPs Comparison White Paper

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Frequently Asked Questions: Cisco Jabber 9.x for Android

Corporate-level device management for BlackBerry, ios and Android

MONITORING NETWORK TRAFFIC USING sflow TECHNOLOGY ON EX SERIES ETHERNET SWITCHES

Junos Space for Android: Manage Your Network on the Go

Junos Pulse Mobile Security Dashboard

Using Devices. Chapter 3

Kaspersky Security for Mobile Administrator's Guide

MTP. MTP AirWatch Integration Guide. Release 1.0

Security That Ensures Tenants Do Not Pose a Risk to One Another In Terms of Data Loss, Misuse, or Privacy Violation

Product Description. Product Overview

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

J-Flow on J Series Services Routers and Branch SRX Series Services Gateways

Demonstrating the high performance and feature richness of the compact MX Series

Secure, Centralized, Simple

Cortado Corporate Server

Configuration Guide BES12. Version 12.1

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

How To Manage A Mobile Device Management (Mdm) Solution

ENTERPRISE SOLUTION FOR DIGITAL AND ANALOG VOICE TRANSPORT ACROSS IP/MPLS

WHITE PAPER. Copyright 2011, Juniper Networks, Inc. 1

Sophos Mobile Control user help. Product version: 6.1

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Optimizing VoIP Applications with Juniper Networks EX3200 and EX4200 Line of Ethernet Switches

IBM Endpoint Manager for Mobile Devices

End User Devices Security Guidance: Apple ios 8

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

GO!Enterprise MDM Device Application User Guide Installation and Configuration for Android

Fromdistance MDM. Setting the standard in device management

Xperia TM. in Business. and apps. Read about how Xperia devices manage and synchronisation in a corporate IT environment.

TECHNICAL NOTE SETTING UP A STRM UPDATE SERVER. Configuring your Update Server

Premium Design Phone with Smartphone Connect

Voice Modules for the CTP Series

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Kaspersky Security 10 for Mobile Implementation Guide

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

JUNOScope IP Service Manager

Wave 4.5. Wave ViewPoint Mobile 2.0. User Guide

Meeting PCI Data Security Standards with

An Overview of Samsung KNOX Active Directory and Group Policy Features

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Introduction to Google Apps for Business Integration

Web Filtering For Branch SRX Series and J Series

PrinterOn Embedded Application For Samsung Printers and MFPs

NotifyMDM Device Application User Guide Installation and Configuration for Windows Mobile 6 Devices

McAfee Enterprise Mobility Management

ManageEngine Desktop Central. Mobile Device Management User Guide

Installing and Configuring vcloud Connector

EM L05 Managing ios and Android Mobile Devices with Symantec Mobile Management Hands-On Lab

ReadyNAS Remote. User Manual. June East Plumeria Drive San Jose, CA USA

Avira Free Android Security (version 1.2) HowTo

About. IP Centrex App for ios Tablet. User Guide

Monitoring Network Traffic Using sflow Technology on EX Series Ethernet Switches

Transcription:

PRODUCT BULLETIN Junos Pulse Mobile Security Suite 4.1 What s New Product Bulletin for Enterprises and Service Providers New Features and Functions of Junos Pulse Mobile Security Suite 4.1 Bulletin Date October 1, 2012 Bulletin Number 8000020 Applicable to All Regions Effective Change Date: October 8, 2012 Introduction This Product Bulletin describes the new features and functions available in Juniper Networks Junos Pulse Mobile Security Suite version 4.1 for enterprises and service providers. This Product Bulletin assumes familiarity with Juniper Networks Junos Pulse 4.0 and 3.x, as well as the Junos Pulse Secure Access Service (SSL VPN). Junos Pulse Mobile Security Suite 4.1 continues to extend the reach of enterprises to manage personal or corporate-issued mobile device features, services and apps. In order to best meet their Bring Your Own Device (BYOD) and trusted mobility requirements, enterprises need to simplify mobile device provisioning for users and administrators alike, as well as ensure the security of devices accessing critical network and cloud resources, and the productivity of all users. Junos Pulse Mobile Security Suite 4.1 enables service providers and enterprises to simplify management of personal or corporate-issued mobile device features, services, and apps to meet their BYOD and trusted mobility needs, while simplifying mobile device and user provisioning, on-boarding, and administration. It also ensures device security when accessing critical network and cloud resources, supporting industry standards and increasing user productivity. Junos Pulse Mobile Security Suite 4.1 addresses the mobile security and device management needs of consumers, integrating and provisioning service provider branded device antivirus/ antimalware, loss and theft protection, as well as family monitoring and parental controls. It also offers service providers a seamless experience for on-boarding and service up-sell for their consumer customers, who get a quick, easy to use self-service provisioning console for mobile security and management. 1

New Features for Junos Pulse Mobile Security Suite 4.1 Table 1. New Junos Pulse Mobile Security Suite 4.1 Features by Mobile OS Junos Pulse Mobile Security Suite 4.1 Feature Enterprise Service Provider Android ios BlackBerry New Google Android feature restrictions 3 3 3 (Camera, Bluetooth, Wi-Fi (for Samsung devices)) Device settings for Google Android 3 3 3 (VPN, Wi-Fi, Microsoft Exchange ActiveSync) Support for Google Cloud Messaging (GCM) 3 3 3 Enterprise prohibited applications 3 3 3 Antivirus scan while charging 3 3 3 Additional Apple ios restrictions 3 3 3 App icon requirements 3 3 3 3 Apple ios MDM import 3 3 3 Junos Pulse Collaboration UI enhancements for ios 3 3 3 Junos Pulse SSL VPN IPv6 support on ios 3 3 3 Root/jailbreak detection 3 3 3 3 Enhanced logging capabilities 3 3 3 3 3 Coordinated Universal Time (UTC) support 3 3 Junos Pulse Mobile Security Gateway Administrator Console UI Enhancements (Phase 1) 3 3 Restore command API 3 New Features for Google Android in Junos Pulse Mobile Security Suite 4.1 New Google Android Feature Restrictions In previous versions of Junos Pulse Mobile Security Suite, the Junos Pulse Mobile Security Gateway web-based management console enabled administrators to issue policies restricting access to specific mobile operating system features such as camera, Bluetooth, and so on for Apple ios devices only. These restrictions were accomplished by using the mobile device management (MDM) mechanism native to the ios mobile operating system. In Junos Pulse Mobile Security Suite 4.1, Juniper has added a similar concept for Google Android-based mobile devices, although the specific Android features that can be restricted by policy differ from those available for ios. Google Android Feature Restrictions in Junos Pulse Mobile Security Suite 4.1 allow a Junos Pulse Mobile Security Gateway administrator to remotely configure an Android device via the Junos Pulse mobile app to block access to the following features: Camera Bluetooth Wi-Fi Android Camera Restriction Android camera restriction blocks access to the camera API in Android, which goes deeper than simply blocking the default camera app which is included in Android. This means that should a user attempt to circumvent the camera restriction by downloading a separate camera app to the Android device from Google Play, the downloaded camera app would also be blocked. This feature is only supported on mobile devices running Google Android 4.0 (Ice Cream Sandwich) or later. It is also compatible with the Samsung MDM API 2.0 or later. Android Bluetooth Restriction Android Bluetooth Restriction disables Bluetooth on an Android device. Should the user reinitiate Bluetooth on the Android mobile device, the Junos Pulse client app will periodically check the device s Bluetooth state and if it has been re-enabled, the restriction will enforce compliance and automatically disable it. This feature is only supported on Android-based Samsung mobile devices containing Samsung MDM API 2.0 or later. Android Wi-Fi Restriction Android Wi-Fi Restriction disables Wi-Fi access from an Android device. Should the user attempt to reengage Wi-Fi on an Android mobile device, the restriction detects that Wi-Fi has been reenabled, and will once again disable it. This feature is only supported on Android-based Samsung mobile devices containing Samsung MDM API 2.0 or later. 2

Device Settings for Google Android Junos Pulse Mobile Security Suite 4.1 adds enhanced provisioning capabilities for Google Android devices, similar to those available in earlier versions of Junos Pulse Mobile Security Suite for Apple ios devices. These features make the provisioning of Android devices quicker and easier for administrators, while centralizing all of the necessary provisioning for Android devices in one location. Junos Pulse Mobile Security Suite 4.1 enhances provisioning on Android devices for: VPNs Wi-Fi Microsoft Exchange ActiveSync (EAS) Android VPN Provisioning Similar to the Apple ios MDM capabilities in the previous release of Junos Pulse Mobile Security Suite, version 4.1 adds the capability to remotely configure VPN settings such as adding, modifying, or removing an accept point configuration for Android devices from the Junos Pulse Mobile Security Gateway. The VPN configuration details allow the built-in VPN client in the Junos Pulse mobile app to be configured. Android VPN provisioning is available for Android devices running Android 4.0 and higher, as well as Samsung devices running Android 2.3.3 or higher. For a complete list of supported devices, please refer to the Supported Platforms document at: www.juniper.net/techpubs/ en_us/release-independent/junos-pulse-mobile/index.html. The Android VPN Provisioning feature continues to support VPN Proxy, and adds support for VPN On-Demand. Android Wi-Fi Provisioning Following the lead set by the Apple ios MDM capabilities of the previous release, Junos Pulse Mobile Security Suite 4.1 adds the ability to remotely configure Wi-Fi configuration settings such as adding, modifying, or removing an access point configuration on Android devices from the Junos Pulse Mobile Security Gateway. Android Wi-Fi Provisioning allows Junos Pulse Mobile Security Gateway administrators to preconfigure Android devices for access to protected wireless networks using a variety of authentication mechanisms. In version 4.1, support for both Extensible Authentication Protocol Protected Extensible Authentication Protocol (EAP-PEAP) and Extensible Authentication Protocol Tunneled TLS (EAP-TTLS) are included. Android Wi-Fi Provisioning can also fully control the changing of the active service set identifier (SSID). This makes many use cases such as the provisioning of captive portals by wireless LAN devices much more intuitive. Android Wi-Fi Provisioning, for which settings are sent from the Junos Pulse Mobile Security Gateway to the Android device running the Junos Pulse client app, uses XML as the medium to transport the settings (over Simple Object Access Protocol (SOAP) for Android). Android Wi-Fi policies are communicated in a lightweight format, which enables the Junos Pulse Mobile Security Gateway to configure the policy settings onto the Android device via native Android APIs. Android Microsoft Exchange ActiveSync Provisioning (Samsung Devices Only) Microsoft Exchange ActiveSync (EAS) profiles contain configuration data to allow for the synchronization of e-mail, contacts, calendar, tasks, and notes from a messaging server to a mobile device. Similar to the ios MDM capabilities in the previous release, Junos Pulse Mobile Security Suite 4.1 adds the ability for administrators to remotely configure Microsoft EAS account information such as adding, modifying, or removing an EAS profile from the Junos Pulse Mobile Security Gateway. Support for Google Cloud Messaging (GCM) Google Cloud Messaging is a framework from Google which allows application servers to send lightweight messages to Android applications. It is available for devices running all supported Android versions, and the devices must have the Google Play Store app installed to be eligible. For more details on supported versions of Android, please consult the latest Junos Pulse Supported Platforms Guide at www.juniper.net/techpubs/en_us/releaseindependent/junos-pulse-mobile/index.html. Currently, the Junos Pulse Mobile Security Gateway utilizes the GCM predecessors, Cloud to Device Messaging (C2DM) or Short Message Service messages to deliver commands to mobile devices. However, C2DM has been superseded by GCM, and SMS can have reliability issues, particularly in certain parts of the world. The use of GCM enhances the command delivery mechanism in Junos Pulse Mobile Security Suite, making it less costly and much more reliable worldwide. Junos Pulse Mobile Security Suite 4.1 via the Junos Pulse Mobile Security Gateway will continue to make best efforts to ensure that messages are delivered to user mobile devices by first attempting delivery with GCM, and should that fail, will use SMS as a secondary delivery method. The status of delivery is displayed on the Devices page, allowing administrators to easily determine which devices have not yet responded to sent commands. Root/Jailbreak Detection (for Android and ios) In order to secure a Google Android or Apple ios mobile device, and to determine if the mobile device should be allowed to access a secure network or cloud, enterprises, service providers, and other customers need to know whether the device has been compromised. In other words, has the Android device been rooted or the ios device been jailbroken? Jailbroken ios devices and rooted Android devices can bring with them their own security issues. For instance, a jailbroken ios or rooted Android device can sideload software through channels and app stores other than official app stores such as Google Play or the Apple App Store. Also, jailbroken and rooted devices can leave open access to protected features and file system areas, which can be infested with malware such as spyware. These capabilities represent new risk points for service providers, enterprises and their users with respect to securing their network, as well as mobile device access to their network, cloud, and resources. 3

This feature builds on top of the existing Junos Pulse client app support for determining rooted and jailbroken mobile devices, while adding a reporting feature into the Junos Pulse Mobile Security Gateway. Mobile users who have rooted or jailbroken their mobile device will have an indicator when their device attempts to access the service provider or enterprise network. A dedicated report can also be run from the Pulse Mobile Security Gateway that shows any rooted or jailbroken mobile devices. Junos Pulse Application Icon Requirements Sometimes there is an overwhelming number of notification icons on Google Android devices. In order to address this issue and make notifications more acceptable and usable for Android device users, Junos Pulse Mobile Security Suite 4.1 includes a single unified notification icon to represent the sum of all information on and about the device s state. The various notification icons have been combined into a single icon. The single icon graphic has been made dynamic in order to represent the available device states, based on a priority order. Several notification states have been identified, each with a specific icon. Regardless of how many notifications are present, the most critical notification icon is displayed first and on top. As each next most critical item is dealt with, the single icon changes to the next most critical device state, until it reaches the idle state. On Android, a distinction had to be made between Notifications and Alerts, in order to properly order them. For active alerts, Juniper defers to the higher priority notification, which typically requires a user s immediate action, such as device registration needed, password policy incompliance, device administrative status not granted, and so on. On the other hand, for active notifications, Juniper defers to events that have occurred or are occurring which do not usually require any user action, such as scanning is in progress, VPN session is established, and so forth. Options that are accomplished through specific branding and client configuration toolkit (CCTK) are provided in the Junos Pulse Mobile Security Gateway for administrators to enable/disable an always-on icon to be shown when no other alerts are present. Enterprise Prohibited Applications Junos Pulse Mobile Security Suite 4.0 introduced the Prohibited Applications feature for Android users and devices. In that release, the Prohibited Applications list was only configurable at the root level, which meant that all Android devices on the Junos Pulse Mobile Security Gateway would receive the same application blacklist data. Now, in Junos Pulse Mobile Security Suite 4.1, Juniper has extended the Prohibited Applications list mechanism for the partner and enterprise levels, while keeping the root level configuration intact. The lists of prohibited applications are additive, such that if application A is listed at root level, application B at partner level, and application C at enterprise level, then a device registering to the enterprise level will receive a list with all three apps (applications A, B, and C) prohibited. This flexibility allows partner level and enterprise level Junos Pulse Mobile Security Gateway administrators to configure prohibited application lists without conflicting with each other, which lets Juniper and our service providers host more customers on fewer Pulse Mobile Security Gateway instances, with fewer conflicts. Please note that Enterprise Prohibited Applications are only viewable and configurable from the Junos Pulse Mobile Security Gateway administrator console. Antivirus Scan While Charging The periodic full scan of a user s mobile device can be CPU intensive and also be a drain on the device s battery. Junos Pulse Mobile Security Suite 4.1 enables the periodic full device antivirus scan to start only when a device is plugged into a power source such as an A/C adapter or USB. If a full device antivirus scan is overdue, and the device is not connected to a power source, a notification will be shown indicating that a full device scan is needed, and the scan button will turn to amber with a warning message. When the user connects the device to a power source, a full antivirus device scan will commence, and a pop-up message will be displayed that will warn the user that charging the device may take longer as a full antivirus device scan has been initiated. The pop-up message text is configurable, and the number of times the pop-up message is shown on the user s device is also configurable. Should a user cancel the full device antivirus scan, that cycle will be skipped and a new pop-up message will be shown on the user s device, stating that the scan will start in the next cycle. Google Android Enhanced Logging Capabilities Junos Pulse Mobile Security Suite 4.1 includes improved logging support to enable faster and easier troubleshooting, if needed. Logging enhancements have been made for Google Android, including entries generated around registration (particularly autoregistration), enabling Logcat logs of up to 2 MB to be sent from the client, and the ability to attach more log files to e-mails. New Features for Apple ios in Junos Pulse Mobile Security Suite 4.1 Additional Apple ios Restrictions In prior versions of the Junos Pulse Mobile Security Suite, the Junos Pulse Mobile Security Gateway supported Apple ios Restrictions as defined by Apple in its iphone Configuration Utility (IPCU). Since the last release of Junos Pulse Mobile Security Suite, Apple has added new capabilities which may be restricted in its IPCU. These new restrictions include: Allow/Disallow Siri Allow/Disallow diagnostic data to be sent to Apple Allow/Disallow user to accept untrusted Transport Layer Security (TLS) certificates These new restrictions enable administrators to limit use of and address potential security issues in convenience features in ios devices, including Siri, limiting outgoing and potentially sensitive data being sent to the manufacturer, and ensuring that only trusted certificates are accepted by users. These additional ios restrictions show up as additional restriction checkboxes in the Junos Pulse Mobile Security Gateway, under the Enterprise ios Profiles. Apple ios MDM Import Apple s IPCU application is a tool that helps administrators build Apple ios profile configurations. The IPCU application supports export functionality. Therefore, the main goals Juniper is addressing with this functionality is to allow administrators to leverage an existing available tool with which they may already be familiar and with which they may have already created existing configurations, thus enabling service providers and enterprises 4

to support new Apple ios mobile device management (MDM) features as soon as they are released by Apple. Imported profiles may be used for ios devices only, but lack any Android-specific MDM configuration options. Imported profiles cannot be modified, and are presented in their original format (i.e., imported profiles are not editable via the Pulse Mobile Security Gateway user interface). Imported profiles can also be exported again later, still in their native XML format. For administrators who regularly use Apple s IPCU application to generate profile configurations that are deployed to individual ios devices, the ability to import already created configuration profiles into the Pulse Mobile Security Gateway, and to deploy them to ios devices is a huge time saver. Additionally, Apple regularly adds new features to ios and the IPCU. If support for a new ios feature is in the IPCU but has not yet been added to the Pulse Mobile Security Gateway console, administrators may create the necessary profile configuration in the Apple IPCU and export it. The newly created configuration profile may be imported to the Pulse Mobile Security Gateway console, and then deployed to ios devices by the administrator. In this manner, new ios features that may not yet be supported in the Pulse Mobile Security Gateway, but are supported and available for profile configurations in Apple s IPCU, can be exported/imported to the Pulse Mobile Security Gateway and deployed to ios devices anyway. For more information on Apple s IPCU, please refer to the following:http://www.apple.com/support/iphone/enterprise/. Junos Pulse Collaboration Enhancements for Apple ios Mobile devices have phone (audio) capability via a native carrierenabled phone application or through VoIP applications like Skype, Google Voice, etc. These applications allow users to dial in to audio conference bridges directly from their mobile device. By just providing plain text data for teleconference information, the end user experience is not optimized, and it is a convoluted process to access the audio conference. First, the user needs to find the correct phone number, select the number, copy text, launch the phone app, paste the number, and then finally get connected. However, the user is not yet finished. Once the call is connected, the bridge will ask for the participant code. The user will need to switch back to Junos Pulse, find the participant code, write down the number or memorize it since copy and paste will not work after the call has been connected, switch to the phone app, manually type in all of the digits, and finally finish the dialing process. This feature simplifies the above series of steps into a single tap to provide the optimal user experience for Junos Pulse Collaboration users on ios devices. Users will launch the Junos Pulse Collaboration ios client from the mobile link in the meeting invitation. Once they join the meeting, they will choose to call into the conference bridge from the client. Because the conference bridge profile is already configured by Juniper s SSL VPN and the meeting host, the Junos Pulse Collaboration client presents a list of dialing numbers from which users will select the appropriate number from the list, and the client will dial the selected number and associated participant code, with a pause automatically inserted. The user is then connected to the conference bridge. Usability is the primary goal end users desire while using their mobile phones and tablets. This change makes Junos Pulse Collaboration more user friendly and easier to use on ios. Root/Jailbreak Detection (for Android and ios) In order to secure a Google Android or Apple ios mobile device, and to determine if the mobile device should be allowed to access a secure network or cloud, customers (enterprises, service providers, and others) need to know whether the device has been compromised in other words, has the Android device been rooted or the ios device been jailbroken. Jailbroken ios devices and rooted Android devices can bring with them their own security issues. For instance, a jailbroken ios or rooted Android device can sideload software through channels and app stores other than official app stores such as Google Play or the Apple App Store. Also, jailbroken and rooted devices can leave open access to protected features and file system areas, which can be infested with malware such as spyware. These capabilities represent new risk points for service providers and enterprises with respect to securing the network, as well as mobile device access to their network, cloud, and resources. This feature builds on top of the existing Junos Pulse client app support for determining rooted and jailbroken mobile devices, while adding a reporting feature into the Junos Pulse Mobile Security Gateway. Mobile users who have rooted or jailbroken their mobile device would have an indicator when their device attempts to access the service provider or enterprises network. A dedicated report can also be run from the Pulse Mobile Security Gateway that lists any rooted or jailbroken mobile devices. Junos Pulse SSL VPN IPv6 Support on Apple ios Many customers, including service providers, large enterprises, and government agencies, are seeking support for IPv6. These customers with mobile endpoints accessing their network and resources are asking for IPv6 support to be available for major mobile platforms. With this feature, an Apple ios endpoint connecting from an IPv6 network is allowed to connect to the IPv6 interface of Juniper SSL VPN gateways/appliances, such as the Juniper Networks MAG Series Junos Pulse Gateways or the SA Series SSL VPN Virtual Appliances. However, if the applications in the ios endpoint require access to protected resources which are on an IPv4 network, and the ios endpoint is coming from an IPv4 network and connecting to the IPv4 interface of the Juniper SSL VPN gateway/appliance, the current behavior is preserved. Juniper SSL VPN gateways/appliances allow simultaneous connections from IPv4 and IPv6 ios endpoints. In cases where Junos Pulse is connecting to a Juniper SSL VPN gateway/ appliance using a hostname, depending on the hostname to IP resolution of the Juniper SSL VPN gateway/appliance at the endpoint, Junos Pulse will decide to connect to the Juniper SSL VPN gateway/appliance on an IPv6 or an IPv4 network. Apple ios Enhanced Logging Capabilities Junos Pulse Mobile Security Suite 4.1 includes improved logging support, enabling faster and easier troubleshooting when needed. Additional logging has been introduced for Apple ios device registration (particularly auto-registration), additional device information parameters, and additional configuration options. 5

New Features for BlackBerry in Junos Pulse Mobile Security Suite 4.1 Junos Pulse Application Icon Requirements (for Android and BlackBerry) As discussed in Junos Pulse Application Icon Requirements in the New Features for Google Android in Junos Pulse Mobile Security Suite 4.1 section, Junos Pulse Mobile Security Suite 4.1 has a single unified notification icon to represent the sum of all information on and about a BlackBerry device s state to make notifications more acceptable and usable for BlackBerry device users. The various notification icons have been combined into a single icon. The single icon graphic has been made dynamic in order to represent the available device states based on a priority order. Several notification states were identified, each with a specific icon. Regardless of how many notifications are present, the most critical notification icon is displayed first and on top. As each next most critical item is dealt with, the single icon changes to the next most critical device state, until it reaches the idle state. For BlackBerry, changes were applied to the Alerts icon on the home screen. For active alerts, Juniper defers to the higher priority notification, which typically requires a user s immediate action, such as device registration needed, password policy incompliance, device administrative status not granted, and so on. Options that are accomplished through specific branding and CCTK are provided in the Junos Pulse Mobile Security Gateway for administrators to enable/disable an always-on icon to be shown when no other alerts are present. BlackBerry Enhanced Logging Capabilities Junos Pulse Mobile Security Suite 4.1 includes improved logging support that enables faster and easier troubleshooting when needed. Enhancements for BlackBerry logs include logging of more parameters (especially regarding registration and autoregistration), making the Send Logs function available on Juniper Professional Services (ProServe) customized builds, with device information being included in the Send Logs function, as well. New Junos Pulse Mobile Security Gateway 4.1 Features/Enhancements Junos Pulse Mobile Security Gateway Administrator Console UI Enhancements (Phase 1) Junos Pulse Mobile Security Suite 4.1 has updated the workflows and user interface of the Junos Pulse Mobile Security Gateway, with the goal of making the administrator console UI simpler to use, easier to work with, and overall more user friendly. Workflows (navigating from page to page, executing actions, finding information, etc.) have also been improved and simplified. Some of the major, high-level changes to the administrator user interface of the Junos Pulse Mobile Security Gateway include: Redesigning the user interface appearance, and grouping tabs throughout the Pulse Mobile Security Gateway Improving Search capabilities and returned results Reworking the Device Information page with embedded Profile Manager Redesigning the User Account and Account Management pages Merging the Device Profile page UI Enhancing Role Management for better use by enterprises Overhauling the Password Manager page Applying more consistent branding, and design and color elements across the Pulse Mobile Security Gateway In short, the look, feel, and usability of the Pulse Mobile Security Gateway administrator console UI were improved in Junos Pulse Mobile Security Suite 4.1. Restore Command API The latest version of the Junos Pulse Mobile Security Gateway includes an API which enables a restore command to be sent to the Pulse Mobile Security Gateway. This enables data deleted from a user s device to be restored as of the last backup. This restore command is a particularly useful feature for service providers who wish to offer a backup/restore feature to their users, as well as for users who have deleted data from their device and wish to restore that data. For example, in the event a customer accidentally deletes all PIM data from a mobile device and would like to restore that data from the latest backup, the user would simply log into the portal and restore backup data. Universal Time Coordinated (UTC) Support In Junos Pulse Mobile Security Suite 4.0, the Junos Pulse Mobile Security Gateway saves and displays the date and time using the server system time, which is the local time at the location at which the Pulse Mobile Security Gateway is deployed. This can be a problem when multiple instances of Pulse Mobile Security Gateways are deployed in different time zones and when attempting to display localized times to administrators using the Pulse Mobile Security Gateway console. For example, consider the scenario where multiple Pulse Mobile Security Gateway instances are deployed in data centers located in different time zones for disaster recovery (DR) purposes. If the primary Pulse Mobile Security Gateway instance fails, the backup instance will incorrectly recover the data from the database in the local time zone of the primary instance, instead of its own local time. To address these issues, the Pulse Mobile Security Gateway saves dates and times in the UTC format in the database, but converts it to a user s local time prior to presenting it to the user. Replacing the partner/enterprise navigation tree pane with a breadcrumb style navigation design 6

About Juniper Networks Juniper Networks is in the business of network innovation. From devices to data centers, from consumers to cloud providers, Juniper Networks delivers the software, silicon and systems that transform the experience and economics of networking. The company serves customers and partners worldwide. Additional information can be found at www.juniper.net. Corporate and Sales Headquarters APAC Headquarters EMEA Headquarters To purchase Juniper Networks solutions, Juniper Networks, Inc. 1194 North Mathilda Avenue Juniper Networks (Hong Kong) 26/F, Cityplaza One Juniper Networks Ireland Airside Business Park please contact your Juniper Networks representative at 1-866-298-6428 or Sunnyvale, CA 94089 USA 1111 King s Road Swords, County Dublin, Ireland authorized reseller. Phone: 888.JUNIPER (888.586.4737) Taikoo Shing, Hong Kong Phone: 35.31.8903.600 or 408.745.2000 Phone: 852.2332.3636 EMEA Sales: 00800.4586.4737 Fax: 408.745.2100 Fax: 852.2574.7803 Fax: 35.31.8903.601 www.juniper.net Copyright 2012 Juniper Networks, Inc. All rights reserved. Juniper Networks, the Juniper Networks logo, Junos, NetScreen, and ScreenOS are registered trademarks of Juniper Networks, Inc. in the United States and other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respective owners. Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify, transfer, or otherwise revise this publication without notice. 8000020-001-EN Oct 2012 Printed on recycled paper 7

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information