Yes, you read that right.  I am actually going to share the deep-dark-hidden details on how to save a great deal of money on Juniper SSL VPN licenses.  And, as the “Part I” in the subject implies, I’m not just going to stop with one post.  There are actually several really clever ways to save, and I intend to share each of them in as many separate blog posts as it takes. 

Part I:  Cluster Licenses Not Required

Continue Reading »

I am writing this one from the opening general session of VMworld 2010, where, as many of you know, VMware has now launched their new View 4.5 software.  So, now the question that many will want to know is: when will the Juniper SSL VPN support View 4.5, especially PCoIP?   Answer: Today! 

PCoIP uses both TCP and UDP, requires the View client, and offers the best possible user experience over a UDP-based tunnel.  That is where Network Connect (NC) when the ESP/UDP transport really shines.   All you need to do is configure a single Network Connect profile, make sure that UDP port 4500 is open to the external interface of the SSLVPN and then test to make sure that clients are connecting with ESP instead of SSL  transport.  It’s that easy.  But if you get stuck, just hit me up and I will do all I can to clarify any configuration, performance or scalability questions.

I would also like to have a call with first Juniper SSL VPN customer to come forward that uses the new Local Mode feature of View 4.5 to see how you plan to use it in production settings.

Well it took a bit of extra time after we shipped 7.0 to get this to where it could be downloaded, but waiting is now rewarded. You can head over to the download site and pick it up.  But please remember that you must already be covered under an existing support contract for the SSL VPN product before accessing these files.  If you do, then you will have a valid logon that will entitle you to download this package.  Otherwise, you will just need to contact your friendly Juniper reseller.

Important:  The virtual appliance will expand out to somewhere around 3GB once  you have it in a .vmdk format.  To get it there, you will have to first use the VMware Converter to turn the .ovf into the .vmdk. 

As for support, there is no support (because there is no support contract that is sold for demo and training versions).  So for and questions or suggestions, just post them here and I will do what I can to help you out.  Sorry, no SLA commitments on that one. 

Here are the screenshots for the new Junos Pulse client running on iPhone.

Continue Reading »

For those who are running the SPE virtual appliances, the license server is a requirement.  By simply installing the license server enabling license on any hardware capable of running the 7.0 software (SA2000, SA4000, SA6000, SA2500, SA4500, SA6500 — sorry, SA700 is not supported for this use case), a virtually unlimited number of licenses can be applied right on the license server.  Once the license are installed on the server, they can be easily moved around the various virtual appliances as needed.

Continue Reading »

Right along with the DTE version of the virtual appliances lies the Service Provider Edition (SPE).  The major differences between the two include…

Continue Reading »

The Juniper SSL VPN Virtual Appliance-Demo and Training Edition (VA-DTE) is a live and ready.  Just download it from the Juniper web site and enjoy.  And yet, it is the full Juniper SSL VPN.

A few caveats worth mentioning:

Continue Reading »

Every now and then some admin somewhere gets asked to blast out a message to all of the remote access users informing them of something really, really important.  While we have the ability for user home pages to have such customized messages displayed, there are just so many users out there today that aren’t set up for traditional Core Access and instead go straight to Network Connect.  Soooo… in order to allow the admins to now get the message out in a timely fashion, this feature allows a message to be displayed in a separate dialog box, nearly ensuring that the e-mail that 50% of the users have ignored for the past week informing them of your planned downtime can now get through to them.  Every little bit counts and I’m pleased that we can do our part to help.

Note that this covers pre and post authentication events, not providing dynamic messaging after the user has signed in, i.e. 4 hours into an 8 hour session.

First of all, there is absolutely no change in the functionality of Cache Cleaner (CC).  All that has really changed here is that Cache Cleaner has been integrated directly into Host Checker (HC).  Now whenever you create any HC policy, you will simply see that  CC options are available under that settings.  This makes things easier to administer, reduces the number of executables that are pushed to the client machine, provides better support for NC and WSAM launchers, and offers integrated logging through NC.

One of the features that we will ship in 7.0 is the 2 phase upgrade.  The basic idea with this is to allow an administrator to pre-position software upgrade packages on remote SSL VPNs ahead of time, so all that is needed during the downtime is to trigger the upgrade.  This will obviously save many a great deal of time.

As you can see in the screenshot below, we wanted to also call out that anyone pushing upgrades to remote clusters over slow links should pre-position the files on each node prior to starting the upgrade. This will allow all nodes in the cluster to upgrade in minimal time. Not taking this advice and allowing the first node to essentially push to all remaining cluster nodes (again, over slow links) could mean that the upgrade takes so long that you will start to see errors in the logs and wonder when the upgrade will ever finish.