Workspot, Inc. 4/27/2014

Workspot Configuration Guide for the Juniper Networks SA

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 1 of 11

Configuring the Juniper Networks SA The Juniper Networks SA Series SSL VPN appliance combines the security of SSL with standards-based access controls, granular policy creation, and unparalleled flexibility. Once the Juniper SA is installed, implementing Workspot is quick and easy as no additional on-premise hardware or software is required. The Workspot Client connects to the Juniper SA using either the Juniper Web or the Windows Secure Application Manager Access feature.

For more information on the Juniper Neworks SA, see http://www.juniper.net/us/en/products-services/security/sa-series/

The Workspot Client runs on mobile devices; a corresponding cloud-based administration console, Workspot Control, is used to manage configuration and policies for the environment.

For more information on Workspot, see: http://www.workspot.com

Products and Versions Tested Juniper Networks SA Virtual Appliance System Version: 7.3R1 (build 21949) Workspot: Control and Workspot iPad app Control version: 2014-04-24 Workspot Client version: 2.2.2

Prerequisites and Configuration Notes The following are general prerequisites for this guide.

The Juniper Networks SA should be installed and configured for network connectivity and basic operations.

Administrator login credentials for the Juniper Networks SA. DNS names or IP addresses for internal web and file servers.

For this guide, the Juniper Networks SA appliance must be running version 6.5R1 or later.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 2 of 11

Juniper Networks SA Configuration The following steps outline the basic configuration of a Juniper Networks SA required to support Workspot. If an existing User Role is already in defined, it can be modified for compatibility with Workspot by referencing this configuration.

Sign into the Juniper Administration utility, then:

1. Create a new User Role, go to Users > User Roles > New User Role… Enter a Name, then select Web, Files, Windows, and Secure Application Manager: Windows version, then click Save.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 3 of 11

2. Enable network file browsing, on the current Roles screen, under Files, Windows, click Options. Then select User can browse network file shares, the click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 4 of 11

3. Configure the Web access ACLs, go to Users > Resource Policies > Web > Web ACL then click New Policy. Enter a Name, the Resources that are permitted to be accessed, and select Policy applies to SELECTED roles, then select the Mobile User Role and click Add ->, then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 5 of 11

4. Configure the Files access ACLs, go to Users > Resource Policies > Files > Windows ACL then click New Policy. Enter a Name, the Resources that are permitted to be accessed and select Policy applies to SELECTED roles, then select the Mobile User Role and click Add ->, then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 6 of 11

5. Configure the Secure Application Manager Policy, go to Users > Resource Policies > SAM > Access Control then click New Policy. Enter a Name, the Resources that are permitted to be accessed and select Policy applies to SELECTED roles, then select the Mobile User Role and click Add ->, then click Save Changes.

d

d

d

d

d d

d

d

d

d

d

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 7 of 11

6. (Optional) Create a new User Realm, go to Users > User Realms > New User Realm… Enter a Name, then select the Authentication Server, then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 8 of 11

Then assign a Rule to the Realm, click New Rule… Enter a Name, Rule: If username…, then select the Mobile User Role and click Add ->, then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 9 of 11

7. (Optional) Create a new Sign-in Page and Sign-in Policy. Go to Authentication > Signing In > New Page… Enter a Name, then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 10 of 11

Go to Authentication > Signing In > Sign-in Policy then click New URL… Enter a Sign-in URL, select a Sign-in page, select User picks from a list of authentication realms, select Mobile then Add -> , then click Save Changes.

This document contains Workspot proprietary information and is not to be disclosed to unauthorized persons. Version 1.0 pg. 11 of 11

Testing the Configuration To test the configuration, use a standard browser on a desktop or laptop, and go to the URL associated with the User Role and Realm, e.g. http://myvpn.mycompany.com/mobile

Enter your Username and Password, then click Sign-In. The Juniper home page is shown as follows:

1. Indicates that Web access has been configured. 2. File Browsing has been configured. 3. Windows Secure Application Manager has been configured.