Thanks to everyone who stopped by the Meraki booth to meet us, learn more about Meraki, and see our products in action.
iPads and BYOD were hot topics at the show, so we’re hosting a special webinar to talk about BYOD solutions for K-12. During this free webinar, you’ll learn more about how devices on your network present security and bandwidth challenges, and how to manage devices in your school without additional cost or complexity. We’ll include a live demo showing how you can see devices on the network, apply policies by device type, and measure the impact of these devices.
Join us for this special K-12 webinar. We’ve scheduled two sessions for your convenience:
July 12, 10AM Pacific Time
July 18, 11AM Pacific Time
We hope you’ll join us for this special K-12 BYOD webinar. Don’t forget, qualified IT professionals attending the webinar will receive a free Meraki wireless access point! Thanks again for stopping by the Meraki booth, and we hope you had as much fun at ISTE as we did. Here’s a snapshot of one of our demos:
Standing room only at the Meraki booth!
We’ve been thrilled with the success our K-12 customers have been having with Meraki. June has already been a big month — one of the largest school districts in the southwest selected us for their 5,200 AP deployment!
Next week San Diego will be hosting the largest K-12 technology conference in the nation, ISTE 2012. If you’re also heading to sunny California, we hope to see you there.
Meraki will be at booth #2421, in the right-side block of the expo hall. Our product managers, engineers, and marketing team will all be there to talk about what’s new, demo new products, and hear from you about what’s new in your schools. We’ll also be handing out Meraki’s ever-popular American Apparel t-shirts.
We’re excited to let you know of some upcoming enhancements to the Meraki dashboard. Our teams have been working hard to give the dashboard a fresh new look and feel. With this update, you’ll find a cleaner, more modern interface with enhanced navigation, menus, and more. You can get a sneak peek of the changes through the screenshot below.
All of the features, functionality, and organization of the dashboard will remain exactly the same, so you’ll be able to easily find your favorite dashboard tools.
Those of you who manage distributed networks often support locations that have slow or high-latency connectivity. Have you ever wondered how to get more out of those slow, often expensive links? There is a way to squeeze more out of them: WAN optimization.
WAN optimization reduces bandwidth consumption between sites and significantly accelerates application performance for users at remote locations. This is the first part of a two-part series on Meraki’s WAN optimization. In this part, we’ll take a closer look at some of the techniques that together provide up to 209X improvement compared to un-optimized links. In part 2, we’ll see how one of our customers has reaped the benefits of the MX and its WAN optimization. In case you missed it, check out the introduction to WAN optimization.
WAN optimization is most beneficial for sites that have narrow bandwidth and/or high latency WAN links, and it can help get the best performance out of those sub-optimal links. It’s built in to the Meraki MX and accelerates FTP, HTTP, Windows file sharing (CIFS/SMB), and other TCP-based traffic between sites. This significantly reduces the time to transfer data between different locations and also reduces the bandwidth consumption at those sites.
The amount of performance improvement depends on the traffic type, the data transferred, and the existing WAN link performance between locations. The chart below shows the results of The Tolly Group’s benchmark performance evaluation of Meraki’s MX Cloud Managed Security Appliance when using WAN optimization, in this case for FTP file transfers in three WAN link scenarios.
Tolly Group - WAN optimization performance for FTP file transfers
In the chart, the term baseline denotes a file transfer without WAN optimization, cold run denotes the first time data is transferred with WAN optimization, and warm run denotes subsequent data transfers with WAN optimization enabled. The complete Tolly report, including performance results of other protocols, is available for download here.
The MX uses three independent techniques to achieve these performance gains:
byte level caching
Link compression is pretty straightforward: it acts like zip for your network connection. If traffic can benefit from compression, the MX compresses the data before sending it across the WAN. At the other end, the receiving MX decompresses the traffic. If a file is already heavily compressed, for example if the user is sending a .zip file, then further compression provides no benefit, and may actually be worse. In that case, the MX won’t try to compress it any further. All of this is completely transparent to the end user.
Byte level caching
Byte level caching and de-duplication ensure that data isn’t transferred across the WAN unnecessarily when it is already in the local cache. In the case that data has previously been transferred across the WAN, a user requesting such data will simply receive it from the MX Security Appliance at the local site. Caching and data redundancy elimination allow the MX to identify cached data even if a file’s name or contents are changed, or even if the contents are transferred over a different protocol, e.g., a file downloaded over HTTP but uploaded via Windows file sharing.
Many protocols were designed for local area networks and don’t perform as well on today’s wide area networks, due to excessive error-checking or “chatty” algorithms. WAN optimization optimizes these protocols, for example by minimizing round-trip acknowledgement delays, and significantly reduces the overall latency of the transactions. Optimized protocols include HTTP, FTP, and CIFS.
Enabling WAN optimization
To enable WAN optimization, you’ll need a site-to-site VPN network with two or more MXs, one at each of the sites that transfer data between them. WAN optimization is included in the MX’s Enterprise and Advanced Security licenses, and is included in all the MX models. All of them, except for the MX60, include an internal hard drive for byte level caching. The hard drive capacity is 1 TB, except for the MX600 (4 TB). If you’re curious about VPN, check out the blog post on the MX’s integrated site-to-site VPN tools.
Stay tuned for part two
In the second part of this series, we’ll look at how Vector Media, an advertising and media services company, deployed the Meraki MX in their distributed organization. With many sites spread across the US, some locations only have access to low performance, expensive WAN links. Stay tuned to learn how they’ve been able to cut their connectivity costs and improve their network operations.
We recently introduced syslog integration to our MX Security Appliances, giving IT departments access to a firehose of network activity information. Splunk, a San Francisco-based company just down the road from Meraki, provides a great tool to tame the firehose and extract the most relevant information among the data. If you already have a syslog server in your environment, you can integrate it with your MX, too.
The first step is to point to the syslog server in the Meraki dashboard. Naturally, this step is simple: just enter the IP and port of the syslog server, and then add the roles to send to the server. You’ll find the syslog section on the Configure > Alerts and administration page. A note of caution: it’s easy to send large volumes of data to the syslog server, so it’s best to be selective about the roles you add. This where Splunk thrives. It takes massive amounts of data and makes it easy for you to search and find the information you need.
Figure 1: Syslog configuration in the Meraki dashboard
The next step is to view the data in the syslog environment. If you haven’t installed Splunk, you can download a free version that can index up to 500 Megabytes of data per day. You can then search in Splunk and see network event information from the MX. For example, you can see URLs that have been blocked by the MX’s content filtering or traffic flows blocked by the MX’s firewall.
Figure 3: Content filtering blocking access to sports sites
Syslog is also a great tool to troubleshoot network issues. Sometimes devices aren’t operating as expected, and if you’re using the MX’s integrated stateful firewall, syslog can identify individual traffic flows, show firewall events, and help pinpoint why devices are experiencing issues.
The power of syslog integration lies in its depth and flexibility. The MX’s syslog integration lets you harness the information about your network and troubleshoot problems, investigate network and security events, and monitor your infrastructure. Splunk offers a great tool to understand all that information, and numerous other products can take advantage of it, too.