cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Highlighted
Regular Contributor

Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Hi,

 

Is there a central SSL VPN Management Server currently available (maybe Junos Space in the future)?

10 REPLIES 10
Highlighted
Respected Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Can you let me know where you found information stating the CM060 can manage the MAG units?

The CM060 cannot push configuration between MAG units; it cannot upgrade the MAG systems; and the management feature is to monitor the heat/CPU/fan of the blades in the 46xx/66xx chassis.
Highlighted
Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

I have to apologize, for my error. I conflated two seperate things. I was thinking of Central Manager which allows management of the Cluster. But then since the JPSA can push configuration to multiple units, my thought was if you have a single longin to the CMC, then you can push the configuration out to multiple uints. Here is the confusion which is now clear, thank youSmiley Happy:

"Junos Pulse Secure Access Service appliances enable you to copy all configuration settings or
selected configuration settings from one Junos Pulse Secure Access Service to another using the
Push Configurationfeature. This feature provides simple configuration management across
an enterprise without requiring you to cluster Junos Pulse Secure Access Service appliances. With
the Push Configurationfeature, you can decide exactly which settings you do and do not want
to copy across the enterprise. The interface for selecting the settings is similar to the XML Import/
Exportfeature. You can push to a single Junos Pulse Secure Access Service or to multiple Junos
Pulse Secure Access Service devices. For example,if you install several new Junos Pulse Secure
Access Service devices, you can push to set their initial configuration. You can also push to a Junos
Pulse Secure Access Service device that is a memberof a cluster, as long as the target Junos Pulse
Secure Access Service is not a member of the same cluster as the source. Target Junos Pulse Secure
Access Service devices have the option of not accepting pushed configuration settings"




However, when the multiple nodes are clustered, Central Manager provides significant benefits. The first benefit is that of minimal downtime upgrades, which ensures that at least one member of the cluster is running at all times during a software upgrade. This benefit is independent of the type or size of the cluster.
The second benefit of Central Manager when used with clusters is that of package synchronization.
If a Junos Pulse Secure Access Service with oldercode tries to join a cluster, it upgrades
automatically. If a Junos Pulse SecureAccess Service with newer code tries to join a cluster, it is
rejected. In addition, all cluster members store a local copy of the software.
A third Central Manager benefit is the ability to see to which node of the cluster a user is signed in.
We show this node information on the next page. Information on the Active Userspage is
updated every 60 seconds."

But is clear what the purpose of the CM060 is now.

Thanks for the correction.






[KUDOS PLEASE! If you think I earned it!
If this solution worked for you please flag my post as an "Accepted Solution" so others can benefit..]
Highlighted
Occasional Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

NSm. Not a great solution, though. I usually set config sync from a central device to multiple other devices, and user bookmark sync if desired. The config sync will need some operational procedures, because it can create, but not delete.
Highlighted
Valued Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Config sync is your best solution. Or you can use XML export / import and manipulate the code. 

 

NSM sucks beynond belief for central management. I have not heard of any roadmap on this. 

Highlighted
Regular Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Is there a recommended Juniper solution to manage MAG devices?

 

Here's a link to share:

http://www.juniper.net/techpubs/en_US/nsm2012.2/topics/concept/network-management-secure-access-conf...

Highlighted
Valued Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Michael - there is nothing other than what I suggested in my prior post. There is a lot you can do with scripting, etc., but that is it.

 

I have recently been told that the plans to integrated the SSL/UAC solutions into Junos Space have been dropped. So the (not good) bottom line is there is no central management solution out there for the MAG products. 

Highlighted
Respected Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

If you mean a 3rd-party-off-device platform, yes, this is not (usably) possible, as muttbarker stated.
If you are fine using on-device, you can do all your configuration items on a single device and push the configuration to the others, making device-specific adjustments as-needed
Highlighted
Regular Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

Coz in terms of Management, we would think about the reporting, config, config backup, upgrading, troubleshooting...

Hope there's a solution in the very near future...
Highlighted
Contributor

Re: Is there a central SSL VPN Management Server currently available (maybe Junos Space)?

I see the topic has been a long while now, but I was wondering if the MAG-CM060 would not fulfil what you are asking about? Unless there are some features that I am not understanding from the question. But you can use it manage multiple MAG devices, push configuration out to them, upgrade them all from one console login.