Re: PULSE vs WSAM - On the desktop.

Balletiper_ · ‎11-14-2011

Hi,

I've been looking for a while and still haven't found much information explaining the differences between PULSE and WSAM on the Juniper platform.

I know Pulse can be part of a large mobility solution, but in my case I'm just looking for a VPN connection.

I know Pulse support mobile platforms as well as Windows, so let's just concentrate on the desktop.

Pulse seems to be a prettier GUI vs the simple WSAM interface.

Technically is it much of a muchness or does one have better traffic management, compression anything fancy?

I can see a lot more technical detail of what WSAM is doing but obviously can't see much in what Pulse does.

Pulse can be a stanealone client but WSAM must be triggered through the browser?

A comparison table between the two would be great and I'm surprised that I haven't seen anything published by Juniper.

Thanks

RKB_ · ‎11-20-2011

IMO the 2 cannot be compared.

Pulse is a VPN client which enables you to get network level access to your resources.

Pulse is also an integrated client that has host checker, OAC, acceleration level components built into it.

WSAM on the other hand is just a secure port forwarding mechanism. Provides you access either to an application based on port or based on destination servers.

Server initiated connections cannot be tunnled to a WSAM client.

spuluka · ‎11-21-2011

There are multiple options to establish a VPN connection with the SA/MAG series. This listing is from the least intrusive on the client to the most.

Publish Resource pure SSL
For many common items you can create web book marks that appear on the landing page for you users. These only require a web browser and nothing else to access.

Application Tunnel over SSL
WSAM and JSAM are the middle ground between a pure web ssl connection and a Network connect operation that gives you an ip address in a pool on the SA appliance. With WSAM/JSAM the ip proxy is still the SA address and the traffic is tunneled on this ssl connection to the local machine.

WSAM uses windows interfaces to bind right to the local machine ip address for these tunneled connections. JSAM is limited by the java sandbox so does the tunneling to the loopback address instead.

Network Connection tunneled over SSL
Network connect (and now the Junos Pulse client) allow full layer 3 network ip connections for those applications that require that to function. These can be either a split tunnel or full network connect. They can also limit both ip address and port that is accessible by the remote client during the session.

Summary
The basic premise in the deploy is to try to publish applications in the least intrusive way for the client. If they won't work in a pure web ssl interface, WSAM/JSAM provide client components that may not require any admin rights to deploy and allow easy on/off of the component. This is especially true with the JSAM as many machines have the java virtual machine available. For those applications that just have to have a pure ip connection then network connect or Pulse can create that connection.

This sales demo gives a good high level overview of the different technologies in the SA box.

http://www.juniper.net/us/en/dm/sslvpn-demo/thank-you/

Steve Puluka BSEET - IP Architect - DQE Communications Pittsburgh, PA (Metro-Ethernet & ISP) - http://puluka.com/home

zanyterp_ · ‎11-21-2011

WSAM is for TCP- and UDP-based client-initiated traffic only (eg VoIP won't work but Sharepoint will). You define applications (exe files), subnets, or servers users can access.
Pulse is comparable to Network Connect and provides full L3 connectivity into the network. It works with both client- and server-initiates connections. You define access based solely by IP (network range or specific host; any application can connect to the allowed servers).