Automated Cloud Infrastructure Management Services - Mist Cloud AI
Juniper Mist Wired, Wireless, WAN and IoT Assurance Cloud management and AI, sets a new standard for network management. Utilising AI algortithms to assure user experience. Marvis, the industry's first virtual network assistant (VNA) allows operators to simplify troublehooting and reduce mean-time-to-innocence. Purpose-built for enterprise WLANs, LANs, and WANs.
Features
- Proactive root-cause identification in one click 1-click
- Easy Zero Touch Provisioning (ZTP) of network devices
- Unique Service Level Expectations (SLE's) - or managed network SLA's
- Intent-Based Configuration Models
- Dynamic packet capture from cloud improves troubleshooting
- Proactive root-cause identification
- Network automation and complete control with open APIs
- AI-Driven Application Insights for SD-WAN
- Marvis, the first virtual network assistant (VNA)
- Proactive Gateway Anomaly Detection with Marvis VNA
Benefits
- AI-driven support reduces tickets by up to 90 percent
- Detect anomalies, identify and resolve application and network issues
- Centrally configure and onboard your SD-WAN using ZTP
- Improve network response times with SLE control
- Analyse 30 days of data, gain valuable network insights
- Simple and accurate root-cause analysis
- Measure network health and performance metrics over time
- Conversational Interface uses advanced natural language processing - NLP
- Automatically fix or recommend issues - even non-Juniper equipment
- Onboard client devices without relying on MAC addresses
Pricing
£165.00 a licence a year
- Education pricing available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
2 6 0 9 5 6 9 2 4 4 9 6 3 6 8
Contact
Xpertex
Louise Carter
Telephone: 08450341412
Email: louise.carter@xpertex.com
Service scope
- Service constraints
- Requires Juniper Networks devices
- System requirements
-
- Juniper Mist Wi-Fi Access points
- Supported Juniper EX series switches and QFX series switches
- Supported Juniper SRX firewalls
- Supported Juniper 128T SD-WAN Session Smart Routers (SSR)
User support
- Email or online ticketing support
- Email or online ticketing
- Support response times
- We offer 4hr, 8hr or Next Business Day (NBD) SLA's according to the customer requirements and in line with ITIL processes.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- WCAG 2.1 A
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- Web chat
- Web chat support availability
- 9 to 5 (UK time), Monday to Friday
- Web chat support accessibility standard
- None or don’t know
- How the web chat support is accessible
- Web chat is available either via our ticketing portal, or direct supplier to customer Teams instant messaging.
- Web chat accessibility testing
- None.
- Onsite support
- Yes, at extra cost
- Support levels
- Xpertex can provide 4hr, 8hr, or NBD on site support. Pricing varies, but please refer to the SFIA rate card for engineer rates to give indicative pricing.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
A simple registration process on the web portal - https://manage.mist.com/#!account , is complimented by the mobile app Mist AI) that can use QR codes or serial numbers to onboard devices to the portal.
Xpertex helpdesk via telephone or email can also assist.
0203 021 0749 (Switchboard) or info@xpertex.com for new customer queries. - Service documentation
- Yes
- Documentation formats
-
- HTML
- Other
- Other documentation formats
-
- Online
- Helpdesk
- Online or onsite training
- End-of-contract data extraction
-
Device configurations can be exported and some analytics via report export. The users can then delete the sites and their configuration data is deleted.
NOTE: Mist ONLY collects telemetry or metadata so no actual customer data is uploaded to the Mist cloud portal at any time. - End-of-contract process
- The Mist portal will no longer be accessible, unless the service is transitioned to the customer and/or another supplier.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Full configuration and management.
- Web interface accessibility standard
- WCAG 2.1 A
- Web interface accessibility testing
- N/A
- API
- Yes
- What users can and can't do using the API
-
The entire Mist cloud portal is available through the API and user setup can be found at https://documenter.getpostman.com/view/224925/SzYgQufe
There are no limitations as the cloud platform is developed for the API first, then the CLI and finally the GUI. - API automation tools
-
- Ansible
- Chef
- OpenStack
- Puppet
- Other
- Other API automation tools
-
- Postman
- Python
- Restful
- API documentation
- Yes
- API documentation formats
-
- Open API (also known as Swagger)
- HTML
- Command line interface
- Yes
- Command line interface compatibility
-
- Linux or Unix
- Windows
- MacOS
- Other
- Using the command line interface
- Full management and configuration, complete control of the platform.
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
-
Not really relevant as the portal is used only to adminster networks. No real user volumes, so the underlying Mist platform manages this.
As Mist is a modern microservices platform, it sclaes inherently with no practical limit. - Usage notifications
- Yes
- Usage reporting
-
- API
- Other
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
-
- CPU
- HTTP request and response status
- Memory
- Network
- Number of active instances
- Other
- Other metrics
-
- Time to connect/ successful connects
- Throughput
- Wireless coverage
- Wireless roaming
- Wireless capacity
- Wireless AP health
- Congestion
- Interface anomalies; MTU mismatch, cabling issues, duplex autonegotiation failures
- Network - latency, jitter
- Storm control
- Reporting types
-
- API access
- Real-time dashboards
- Regular reports
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- Juniper networks Mist 128T Apstra
Staff security
- Staff security clearance
- Other security clearance
- Government security clearance
- Up to Developed Vetting (DV)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
-
- United Kingdom
- European Economic Area (EEA)
- User control over data storage and processing locations
- Yes
- Datacentre security standards
- Supplier-defined controls
- Penetration testing frequency
- At least once a year
- Penetration testing approach
- ‘IT Health Check’ performed by a CHECK service provider
- Protecting data at rest
-
- Physical access control, complying with another standard
- Encryption of all physical media
- Other
- Other data at rest protection approach
-
DB block-encrypted for data at rest
User Device Data encrypted with Customer’s org key
Servers are hosted in an ISO 27001 certified datacenter, which provides SOC 2 attestation reports,
• All servers run Linux OS and are hardened per best practices.
• Servers are hosted at AWS with security groups. Only the required ports are opened on front end servers or terminators that need to
communicate directly with Access Points (APs) or APIs from outside.
• Industry standard encryption (AES-128) is utilized for data in transit and AES-256 for data at rest. - Data sanitisation process
- Yes
- Data sanitisation type
- Deleted data can’t be directly accessed
- Equipment disposal approach
- In-house destruction process
Backup and recovery
- Backup and recovery
- No
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- Other
- Other protection between networks
-
AP and switch to Juniper Mist cloud: Communication between the Juniper Mist cloud and Juniper APs and switches uses HTTPS/
TLS with AES-128 encryption, and mutual authentication is provided by a combination of digital certificate and per-AP shared
key created during manufacturing. 4096-bit key is used for certificate signature.
• UI or API: API communication (including UI access) uses HTTPS/TLS and is encrypted with AES-256.
• Internal to cloud: Data within the cloud is stored using AES-256 encryption.
• Management/infrastructure console: Accessed over HTTPS connection, using 2048-bit RSA key. - Data protection within supplier network
-
- TLS (version 1.2 or above)
- Other
- Other protection within supplier network
-
Servers are hosted in an ISO 27001 certified data center,
across multiple availability zones, and different cloud
providers.
• All servers run Linux OS and are hardened per best
practices.
• Servers are hosted at Amazon Web Services (AWS) and
Google Cloud Platform (GCP) with security groups. Only
the required ports are opened on front end servers or
terminators that need to communicate directly with Access
Points (APs) or APIs from outside.
• Industry standard encryption is utilized for data in transit
and data at rest
• Web security testing from development to production
stages is performed continually.
Availability and resilience
- Guaranteed availability
-
Servers are hosted at Amazon Web Services (AWS) and Google Cloud Platform (GCP) across multiple availability zones, and different cloud
providers.
Mist aim to provide 24x7 availability. - Approach to resilience
-
By leveraging the public cloud, the infrastructure components
and services of Mist AI are deployed redundantly (across cloud
providers clusters and zones) in an effort to provide 24 x 7
availability. In addition, Mist is uses microservices so
issues with one microservice does not directly affect other
microservices. The Juniper Mist Cloud Service buffers data in
the event of a component disaster, such as the loss of backend
microservice. Once the disaster has been addressed, the data is
replayed to fill in the lost analytics. System upgrades and feature
introductions also benefit from microservices to avoid impact
to Mist AI when performing either. This reduces the need for
planned downtime.
In the rare event of a cloud outage impacting the Mist
Cloud Service, Wi-Fi access points, switches, and
gateways are expected to continue to function; any existing
client device already authorized are expected to continue to
access applications through Wi-Fi without undergoing any
disruption of services.
Juniper use commercially reasonable efforts to make Mist
fully available and operable over the internet in full conformity
with Mist specifications for access and use by End User, as
measured over the course of each calendar month, an average
of 99.9% of the time. - Outage reporting
- The Mist portal, API and suport email methods are used to communicate outages.
Identity and authentication
- User authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Identity federation with existing provider (for example Google apps)
- Username or password
- Other
- Other user authentication
- Via the API.
- Access restrictions in management interfaces and support channels
- The Mist porta is used for management ONLY. There is NO USER DATA processed or stored by the Mist AI Cloud solution.
- Access restriction testing frequency
- At least once a year
- Management access authentication
-
- 2-factor authentication
- Public key authentication (including by TLS client certificate)
- Dedicated link (for example VPN)
- Username or password
- Other
- Description of management access authentication
- API
- Devices users manage the service through
-
- Dedicated device on a segregated network (providers own provision)
- Dedicated device on a government network (for example PSN)
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users have access to real-time audit information
- How long user audit data is stored for
- Between 1 month and 6 months
- Access to supplier activity audit information
- Users have access to real-time audit information
- How long supplier audit data is stored for
- Between 1 month and 6 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- QMS Internation
- ISO/IEC 27001 accreditation date
- 30/01/2020
- What the ISO/IEC 27001 doesn’t cover
- Customer technology services, such as cloud services.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- Yes
- Other security certifications
- Yes
- Any other security certifications
-
- ISO9001
- FIPS 140-2
- Common Criteria
- DDIN APL
- CSfC
- USGv6
- NDAA section 889 compliance
- TAA compliance
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
-
As an ISO 27001 certified organisation Xpertex follow a suite of processes that support our policies that themselves have been derived from our Statement of Applicability (SoA).
Examples of our documentation suite –
1. Risk Assessment
2. Business Continuity and Disaster Recovery
3. Non-conformance and Breaches
4. Physical Security
5. Personnel Security including remote working
6. Network Security
7. Technology estate
8. Crypto Management (where required)
9. Supply Chain Assurance (via the Rizikon toolset)
8. User SyOps
10. Asset Management including safe Destruction and Disposal
11. Change Control
12. Data Classification and Handling
We have an over-arching Security Management Plan (SMP), that covers all aspects of our Information Security estate and is available upon request.
We re-certify to ISO 27001 every 3 years, but we are subject to annual maintenance audits (next audit due in June 2022).
The Security Controller has responsibility to audit compliance against the controls in the ISO standard, these audit records form part of continual improvement posture we have that is driven by our ISO 9001 Quality Management System (that has recently been recertified).
Monthly board meetings include a standing agenda from the security controller where all security matters are discussed and minuted.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All part of our standard Impact Assessment, ITL lifecycle management and Change Management processes.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- Juniper PSIRT - https://www.juniper.net/security/report-vulnerability/
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Xpertex provide protective monitoring services to our customers. Internally, we use AlienVault software in line and accordance with our CE+ and ISO 27001 and ISO 9001 certfications.
- Incident management type
- Supplier-defined controls
- Incident management approach
-
Details of impact of specific failures and associated priorities and SLA's are be discussed and agreed with customers in line with ITIL best practice. Our Service Manager will work to resolve service incidents to meet target performance level (KPI's and SLA's) and can escalate our response through the Service Director.
Incidents are reported by telephone our email through to our service desk and are reported in accordance with the support contract in place between us and the customer at that time.
Secure development
- Approach to secure software development best practice
- Supplier-defined process
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- No
Social Value
- Fighting climate change
-
Fighting climate change
Xpertex is committed to continually improving our environmental performance and monitoring. In 2021, Xpertex started the process to gain the following two environmental ISO accreditations:
• ISO 14001 Environmental Management System
• ISO 50001 Energy Management System
This is on top of our existing ISO9001, ISO27001 and Cyber Essentials PLUS accreditations.
Critical to our core operation is our IT infrastructure and Data Centre, which house our IT equipment, along with connectivity to our cloud Infrastructure. Xpertex recognises that energy efficient practices, and reducing our carbon footprint, are paramount in achieving our corporate sustainability goals.
Xpertex also works with its customers to help them reduce their carbon footprint where appropriate. - Covid-19 recovery
-
Covid-19 recovery
We were extremely fortunate in that we were able to ciontinue to operate and indeed grow during the Covid-19 pandemic.
Our recovery and growth continue. - Tackling economic inequality
-
Tackling economic inequality
Our services directly and indirectly support jobs across the UK economy through our expenditure on services. The company also makes annual contributions to various charities. A mental wellbeing charity called MIND is the current charity of choice. Our staff also regularly contribute towards Help the Hero’s and a local Foodbank charity. - Equal opportunity
-
Equal opportunity
Xpertex avoids unlawful discrimination in all aspects of employment including recruitment, promotion, training opportunities, pay and benefits, discipline and selection for redundancy. Any decisions concerning employment, promotion and training will be based on objective, job-related criteria and merit. Disability and personal/home commitments will not form the basis of employment decisions except where absolutely reasonable and permissible within anti-discrimination law.
Xpertex monitors the ethnic, gender, age composition of our existing workforce as well as the number of people with disabilities within these groups and will consider and take any appropriate action to address any problems that may be identified by the monitoring process. - Wellbeing
-
Wellbeing
Xpertex has an Employee Assistance Programme available to all staff which provides access to advice, counselling and support. Workplace mental health is especially important to the company with information and advice issued on a regular basis. We give every employee a day off on their birthday and additional holiday allowances are in place to recognise length of service milestones. We conduct an annual staff survey which provides opportunity for any issues to be raised to the senior management. Processes exist where concerns can be raised without fear of negative consequences for the individual raising the concerns. Flexible working practises developed during the pandemic are in place giving all staff the ability to work from home where possible. We are continuing to provide these flexible working practices post pandemic. Flexible working hours are encouraged and were invaluable during the pandemic and enables parents with school age children to home-school their children, and those with responsibilities to the elderly to provide the support they wish to give. During this period, staff were also encouraged to volunteer to deliver shopping to people in the community. Xpertex participated in a local initiative to offer IT equipment to under-privileged children in the local community allowing them to conduct their schooling from home. When staff started to return to the office, all sensible precautions have been maintained. A cycle to work and an electric car salary sacrifice scheme are also available to all employees.
Pricing
- Price
- £165.00 a licence a year
- Discount for educational organisations
- Yes
- Free trial available
- No