Automated Cloud Infrastructure Management Services - Mist Cloud AI

Juniper Mist Wired, Wireless, WAN and IoT Assurance Cloud management and AI, sets a new standard for network management. Utilising AI algortithms to assure user experience. Marvis, the industry's first virtual network assistant (VNA) allows operators to simplify troublehooting and reduce mean-time-to-innocence. Purpose-built for enterprise WLANs, LANs, and WANs.


  • Proactive root-cause identification in one click 1-click
  • Easy Zero Touch Provisioning (ZTP) of network devices
  • Unique Service Level Expectations (SLE's) - or managed network SLA's
  • Intent-Based Configuration Models
  • Dynamic packet capture from cloud improves troubleshooting
  • Proactive root-cause identification
  • Network automation and complete control with open APIs
  • AI-Driven Application Insights for SD-WAN
  • Marvis, the first virtual network assistant (VNA)
  • Proactive Gateway Anomaly Detection with Marvis VNA


  • AI-driven support reduces tickets by up to 90 percent
  • Detect anomalies, identify and resolve application and network issues
  • Centrally configure and onboard your SD-WAN using ZTP
  • Improve network response times with SLE control
  • Analyse 30 days of data, gain valuable network insights
  • Simple and accurate root-cause analysis
  • Measure network health and performance metrics over time
  • Conversational Interface uses advanced natural language processing - NLP
  • Automatically fix or recommend issues - even non-Juniper equipment
  • Onboard client devices without relying on MAC addresses


£165.00 a licence a year

  • Education pricing available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise.carter@xpertex.com. Tell them what format you need. It will help if you say what assistive technology you use.


G-Cloud 13

Service ID

2 6 0 9 5 6 9 2 4 4 9 6 3 6 8


Xpertex Louise Carter
Telephone: 08450341412
Email: louise.carter@xpertex.com

Service scope

Service constraints
Requires Juniper Networks devices
System requirements
  • Juniper Mist Wi-Fi Access points
  • Supported Juniper EX series switches and QFX series switches
  • Supported Juniper SRX firewalls
  • Supported Juniper 128T SD-WAN Session Smart Routers (SSR)

User support

Email or online ticketing support
Email or online ticketing
Support response times
We offer 4hr, 8hr or Next Business Day (NBD) SLA's according to the customer requirements and in line with ITIL processes.
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Web chat
Web chat support availability
9 to 5 (UK time), Monday to Friday
Web chat support accessibility standard
None or don’t know
How the web chat support is accessible
Web chat is available either via our ticketing portal, or direct supplier to customer Teams instant messaging.
Web chat accessibility testing
Onsite support
Yes, at extra cost
Support levels
Xpertex can provide 4hr, 8hr, or NBD on site support. Pricing varies, but please refer to the SFIA rate card for engineer rates to give indicative pricing.
Support available to third parties

Onboarding and offboarding

Getting started
A simple registration process on the web portal - https://manage.mist.com/#!account , is complimented by the mobile app Mist AI) that can use QR codes or serial numbers to onboard devices to the portal.
Xpertex helpdesk via telephone or email can also assist.
0203 021 0749 (Switchboard) or info@xpertex.com for new customer queries.
Service documentation
Documentation formats
  • HTML
  • PDF
  • Other
Other documentation formats
  • Online
  • Helpdesk
  • Online or onsite training
End-of-contract data extraction
Device configurations can be exported and some analytics via report export. The users can then delete the sites and their configuration data is deleted.
NOTE: Mist ONLY collects telemetry or metadata so no actual customer data is uploaded to the Mist cloud portal at any time.
End-of-contract process
The Mist portal will no longer be accessible, unless the service is transitioned to the customer and/or another supplier.

Using the service

Web browser interface
Using the web interface
Full configuration and management.
Web interface accessibility standard
WCAG 2.1 A
Web interface accessibility testing
What users can and can't do using the API
The entire Mist cloud portal is available through the API and user setup can be found at https://documenter.getpostman.com/view/224925/SzYgQufe
There are no limitations as the cloud platform is developed for the API first, then the CLI and finally the GUI.
API automation tools
  • Ansible
  • Chef
  • OpenStack
  • Puppet
  • Other
Other API automation tools
  • Postman
  • Python
  • Restful
API documentation
API documentation formats
  • Open API (also known as Swagger)
  • HTML
  • PDF
Command line interface
Command line interface compatibility
  • Linux or Unix
  • Windows
  • MacOS
  • Other
Using the command line interface
Full management and configuration, complete control of the platform.


Scaling available
Scaling type
Independence of resources
Not really relevant as the portal is used only to adminster networks. No real user volumes, so the underlying Mist platform manages this.
As Mist is a modern microservices platform, it sclaes inherently with no practical limit.
Usage notifications
Usage reporting
  • API
  • Email
  • Other


Infrastructure or application metrics
Metrics types
  • CPU
  • HTTP request and response status
  • Memory
  • Network
  • Number of active instances
  • Other
Other metrics
  • Time to connect/ successful connects
  • Throughput
  • Wireless coverage
  • Wireless roaming
  • Wireless capacity
  • Wireless AP health
  • Congestion
  • Interface anomalies; MTU mismatch, cabling issues, duplex autonegotiation failures
  • Network - latency, jitter
  • Storm control
Reporting types
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request


Supplier type
Reseller providing extra features and support
Organisation whose services are being resold
Juniper networks Mist 128T Apstra

Staff security

Staff security clearance
Other security clearance
Government security clearance
Up to Developed Vetting (DV)

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
  • United Kingdom
  • European Economic Area (EEA)
User control over data storage and processing locations
Datacentre security standards
Supplier-defined controls
Penetration testing frequency
At least once a year
Penetration testing approach
‘IT Health Check’ performed by a CHECK service provider
Protecting data at rest
  • Physical access control, complying with another standard
  • Encryption of all physical media
  • Other
Other data at rest protection approach
DB block-encrypted for data at rest
User Device Data encrypted with Customer’s org key
Servers are hosted in an ISO 27001 certified datacenter, which provides SOC 2 attestation reports,
• All servers run Linux OS and are hardened per best practices.
• Servers are hosted at AWS with security groups. Only the required ports are opened on front end servers or terminators that need to
communicate directly with Access Points (APs) or APIs from outside.
• Industry standard encryption (AES-128) is utilized for data in transit and AES-256 for data at rest.
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Backup and recovery

Backup and recovery

Data-in-transit protection

Data protection between buyer and supplier networks
  • TLS (version 1.2 or above)
  • Other
Other protection between networks
AP and switch to Juniper Mist cloud: Communication between the Juniper Mist cloud and Juniper APs and switches uses HTTPS/
TLS with AES-128 encryption, and mutual authentication is provided by a combination of digital certificate and per-AP shared
key created during manufacturing. 4096-bit key is used for certificate signature.
• UI or API: API communication (including UI access) uses HTTPS/TLS and is encrypted with AES-256.
• Internal to cloud: Data within the cloud is stored using AES-256 encryption.
• Management/infrastructure console: Accessed over HTTPS connection, using 2048-bit RSA key.
Data protection within supplier network
  • TLS (version 1.2 or above)
  • Other
Other protection within supplier network
Servers are hosted in an ISO 27001 certified data center,
across multiple availability zones, and different cloud
• All servers run Linux OS and are hardened per best
• Servers are hosted at Amazon Web Services (AWS) and
Google Cloud Platform (GCP) with security groups. Only
the required ports are opened on front end servers or
terminators that need to communicate directly with Access
Points (APs) or APIs from outside.
• Industry standard encryption is utilized for data in transit
and data at rest
• Web security testing from development to production
stages is performed continually.

Availability and resilience

Guaranteed availability
Servers are hosted at Amazon Web Services (AWS) and Google Cloud Platform (GCP) across multiple availability zones, and different cloud
Mist aim to provide 24x7 availability.
Approach to resilience
By leveraging the public cloud, the infrastructure components
and services of Mist AI are deployed redundantly (across cloud
providers clusters and zones) in an effort to provide 24 x 7
availability. In addition, Mist is uses microservices so
issues with one microservice does not directly affect other
microservices. The Juniper Mist Cloud Service buffers data in
the event of a component disaster, such as the loss of backend
microservice. Once the disaster has been addressed, the data is
replayed to fill in the lost analytics. System upgrades and feature
introductions also benefit from microservices to avoid impact
to Mist AI when performing either. This reduces the need for
planned downtime.
In the rare event of a cloud outage impacting the Mist
Cloud Service, Wi-Fi access points, switches, and
gateways are expected to continue to function; any existing
client device already authorized are expected to continue to
access applications through Wi-Fi without undergoing any
disruption of services.
Juniper use commercially reasonable efforts to make Mist
fully available and operable over the internet in full conformity
with Mist specifications for access and use by End User, as
measured over the course of each calendar month, an average
of 99.9% of the time.
Outage reporting
The Mist portal, API and suport email methods are used to communicate outages.

Identity and authentication

User authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Identity federation with existing provider (for example Google apps)
  • Username or password
  • Other
Other user authentication
Via the API.
Access restrictions in management interfaces and support channels
The Mist porta is used for management ONLY. There is NO USER DATA processed or stored by the Mist AI Cloud solution.
Access restriction testing frequency
At least once a year
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Dedicated link (for example VPN)
  • Username or password
  • Other
Description of management access authentication
Devices users manage the service through
  • Dedicated device on a segregated network (providers own provision)
  • Dedicated device on a government network (for example PSN)
  • Directly from any device which may also be used for normal business (for example web browsing or viewing external email)

Audit information for users

Access to user activity audit information
Users have access to real-time audit information
How long user audit data is stored for
Between 1 month and 6 months
Access to supplier activity audit information
Users have access to real-time audit information
How long supplier audit data is stored for
Between 1 month and 6 months
How long system logs are stored for

Standards and certifications

ISO/IEC 27001 certification
Who accredited the ISO/IEC 27001
QMS Internation
ISO/IEC 27001 accreditation date
What the ISO/IEC 27001 doesn’t cover
Customer technology services, such as cloud services.
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Cyber essentials
Cyber essentials plus
Other security certifications
Any other security certifications
  • ISO9001
  • FIPS 140-2
  • Common Criteria
  • CSfC
  • USGv6
  • NDAA section 889 compliance
  • TAA compliance

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance standards
ISO/IEC 27001
Information security policies and processes
As an ISO 27001 certified organisation Xpertex follow a suite of processes that support our policies that themselves have been derived from our Statement of Applicability (SoA).
Examples of our documentation suite –
1. Risk Assessment
2. Business Continuity and Disaster Recovery
3. Non-conformance and Breaches
4. Physical Security
5. Personnel Security including remote working
6. Network Security
7. Technology estate
8. Crypto Management (where required)
9. Supply Chain Assurance (via the Rizikon toolset)
8. User SyOps
10. Asset Management including safe Destruction and Disposal
11. Change Control
12. Data Classification and Handling

We have an over-arching Security Management Plan (SMP), that covers all aspects of our Information Security estate and is available upon request.
We re-certify to ISO 27001 every 3 years, but we are subject to annual maintenance audits (next audit due in June 2022).
The Security Controller has responsibility to audit compliance against the controls in the ISO standard, these audit records form part of continual improvement posture we have that is driven by our ISO 9001 Quality Management System (that has recently been recertified).
Monthly board meetings include a standing agenda from the security controller where all security matters are discussed and minuted.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
All part of our standard Impact Assessment, ITL lifecycle management and Change Management processes.
Vulnerability management type
Supplier-defined controls
Vulnerability management approach
Juniper PSIRT - https://www.juniper.net/security/report-vulnerability/
Protective monitoring type
Supplier-defined controls
Protective monitoring approach
Xpertex provide protective monitoring services to our customers. Internally, we use AlienVault software in line and accordance with our CE+ and ISO 27001 and ISO 9001 certfications.
Incident management type
Supplier-defined controls
Incident management approach
Details of impact of specific failures and associated priorities and SLA's are be discussed and agreed with customers in line with ITIL best practice. Our Service Manager will work to resolve service incidents to meet target performance level (KPI's and SLA's) and can escalate our response through the Service Director.
Incidents are reported by telephone our email through to our service desk and are reported in accordance with the support contract in place between us and the customer at that time.

Secure development

Approach to secure software development best practice
Supplier-defined process

Separation between users

Virtualisation technology used to keep applications and users sharing the same infrastructure apart

Energy efficiency

Energy-efficient datacentres

Social Value

Fighting climate change

Fighting climate change

Xpertex is committed to continually improving our environmental performance and monitoring. In 2021, Xpertex started the process to gain the following two environmental ISO accreditations:
• ISO 14001 Environmental Management System
• ISO 50001 Energy Management System
This is on top of our existing ISO9001, ISO27001 and Cyber Essentials PLUS accreditations.
Critical to our core operation is our IT infrastructure and Data Centre, which house our IT equipment, along with connectivity to our cloud Infrastructure. Xpertex recognises that energy efficient practices, and reducing our carbon footprint, are paramount in achieving our corporate sustainability goals.
Xpertex also works with its customers to help them reduce their carbon footprint where appropriate.
Covid-19 recovery

Covid-19 recovery

We were extremely fortunate in that we were able to ciontinue to operate and indeed grow during the Covid-19 pandemic.
Our recovery and growth continue.
Tackling economic inequality

Tackling economic inequality

Our services directly and indirectly support jobs across the UK economy through our expenditure on services. The company also makes annual contributions to various charities. A mental wellbeing charity called MIND is the current charity of choice. Our staff also regularly contribute towards Help the Hero’s and a local Foodbank charity.
Equal opportunity

Equal opportunity

Xpertex avoids unlawful discrimination in all aspects of employment including recruitment, promotion, training opportunities, pay and benefits, discipline and selection for redundancy. Any decisions concerning employment, promotion and training will be based on objective, job-related criteria and merit. Disability and personal/home commitments will not form the basis of employment decisions except where absolutely reasonable and permissible within anti-discrimination law.
Xpertex monitors the ethnic, gender, age composition of our existing workforce as well as the number of people with disabilities within these groups and will consider and take any appropriate action to address any problems that may be identified by the monitoring process.


Xpertex has an Employee Assistance Programme available to all staff which provides access to advice, counselling and support. Workplace mental health is especially important to the company with information and advice issued on a regular basis. We give every employee a day off on their birthday and additional holiday allowances are in place to recognise length of service milestones. We conduct an annual staff survey which provides opportunity for any issues to be raised to the senior management. Processes exist where concerns can be raised without fear of negative consequences for the individual raising the concerns. Flexible working practises developed during the pandemic are in place giving all staff the ability to work from home where possible. We are continuing to provide these flexible working practices post pandemic. Flexible working hours are encouraged and were invaluable during the pandemic and enables parents with school age children to home-school their children, and those with responsibilities to the elderly to provide the support they wish to give. During this period, staff were also encouraged to volunteer to deliver shopping to people in the community. Xpertex participated in a local initiative to offer IT equipment to under-privileged children in the local community allowing them to conduct their schooling from home. When staff started to return to the office, all sensible precautions have been maintained. A cycle to work and an electric car salary sacrifice scheme are also available to all employees.


£165.00 a licence a year
Discount for educational organisations
Free trial available

Service documents

Request an accessible format
If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at louise.carter@xpertex.com. Tell them what format you need. It will help if you say what assistive technology you use.