NARRATOR: Architecture. So what we’ve done is actually we’ve separated the authentication service from the Mist cloud that you all know. We now have authentication service as its own separate cloud, actually spread out around the globe in different pods or points of presence, so we’ll talk about that a little bit later on.
But what we have here is an authentication service cloud that has its own set of microservices, where each and every feature, each and every component has its own pool of microservices, whether it’s responsible for enforcing policies, for actually doing the user device authentication, keeping state of sessions, keeping the databases of all the endpoints, records, or having identity providers’ connectors or cloud connectors back to the Mist cloud.
All the authentication requests, if they’re coming from the Mist managed infrastructure, whether it’s a Mist AP or a Juniper EX switch, they’re automatically wrapped into a secure TLS-encrypted RadSec tunnel going to back to our authentication service.
And from there, once the authentication has happened, the Mist authentication service will would have connections to third-party identity sources like an Okta or Azure ID or Ping Identity. Or it could be an MDM provider, such as Microsoft Intune or Jamf, just to get more context, more visibility in terms of who is trying to connect and what type of device we’re dealing with.
And what the Mist authentication service cloud will do is it will actually do all the heavy lifting, all the authentication. But it will send all the visibility metadata, all the session information, all the events, all the statistics back to the Mist cloud. So this is how you get all the visibility, all the end-to-end connection experience in one place, and you can manage everything from there.
In addition to that, when we’re dealing with third-party network infrastructure– say you have a Cisco wired switch. You have an Aruba controller or a third-party vendor AP or a switch. The way we would integrate there is we would leverage our Mist Edge application platform that would function as the authentication proxy component.
What you could do is you could take your third-party infrastructure point, point it via RADIUS to Mist Edge. And from there, Mist Edge will convert it automatically to secure RadSec and then perform the authentication. This way, if you look at this architecture, we’re really bringing the microservices architecture down to the authentication service.
All of that gives you the performance that is generally associated with microservices clouds. It also gives you the capability of getting feature updates on a biweekly basis and security patches as and when they’re needed, without any downtime to your network or to the functionality that this brings.
Architecture. So what we’ve done is actually we’ve separated the authentication service from the Mist cloud that you all know. We now have authentication service as its own separate cloud, actually spread out around the globe in different pods or points of presence, so we’ll talk about that a little bit later on.