Managing many devices across multiple locations is a common challenge facing IT professionals today. In this post, Brent Edgecomb, IT Systems Engineer, shares his experience of centrally managing the mobile devices across Ottawa University’s seven geographically distributed campuses in an easy and cost-effective way.
Ottawa University was established in 1865 in Ottawa, Kansas, and grew to become an institution that today serves more than 7,000 traditional-age and adult students, offering more than 34 undergraduate and graduate degree programs. Ottawa University has campuses across the country, with the main campus in Ottawa, Kansas, and other campuses in Kansas, Arizona, Wisconsin, and Indiana. The university’s robust online program has been recognized for its advanced technology integration.
A management challenge: geographically distributed campuses
Ottawa University’s Systems Manager map
With seven distributed campuses, Brent needed an easy and effective way to remotely manage and control the mobile devices across the country. During his search, Brent evaluated a several MDM solutions and in the end, chose Meraki’s Systems Manager. Systems Manager lets administrators manage thousands of mobile devices via the cloud, works on any network, and requires no overlay hardware or software. Other solutions Brent evaluated require servers installed at every campus and furthermore, an additional cost per managed device. Brent recalls, “Because we have many geographically dispersed sites and many devices at each site, it would have been very expensive to deploy the competitor’s solution.”
The ability to locate devices at each campus and tie it to a user in a meaningful way are extremely important aspects of University’s mobile device management. Brent explains, “Our User Services team loves the ability to search by machine name or user name, to look up serial numbers, and even pull up expiration and warranty information. With Systems Manager, device queries are painless and incredibly fast. The ability to drill down into the client device for statistics is great for troubleshooting devices and network issues.”
End-to-end visibility from the network to the device
Ottawa University is also a happy customer of Meraki’s MX Security Appliances. On the student network, Brent uses the MX’s content filtering and traffic shaping features to clamp down on peer-to-peer apps and block inappropriate content from the network. He also uses the MX’s client VPN feature to allow his staff to connect to the internal network remotely. The MX gives Brent extensive visibility and control over users, content, and applications on his entire network. In combination with Systems Manager, Brent appreciates the unparalleled visibility which only Meraki can provide.
“The dashboard of our Security Appliance is integrated with Systems Manager. This is a unique feature that no other vendor on the market can provide — complete end-to-end visibility and control, from wired down to the client devices. All in all, Systems Manager is a great product and it blows the competition out of the water.”
— Brent Edgecomb, IT Systems Engineer, Ottawa University
To get started using Systems Manager, simply fill out a short form on our signup page. You’ll then be redirected to your new Systems Manager network, and you’ll immediately be able to start adding managed devices.
Following the awesome time we had at ISTE 2012, the recent technology conference in San Diego, we’re featuring a few of our K-12 customers in snappy video interviews.
Here’s Steve Bartlett, Director of IT at Bremerton School District, sharing his story about supporting iPod Touches in the classroom with a district-wide WiFi deployment. The iPods on carts that he issued resulted in almost instantaneous improvements in literacy as well as higher student and teacher engagement. Meanwhile, he describes his Meraki deployment as being not only easy to deploy and easy to manage, but also as the facilitator that helps kids have a better educational experience.
Steve stopped by our booth at ISTE and answered questions about his deployment, but for those of you who didn’t meet him, check out his video! If you’d like to hear more from Steve, you can listen to our recorded webinar featuring his case study in more depth.
Earlier this year, we introduced our family of MS Switches, the industry’s first cloud-managed access switches. The MS is off to a tremendous start, but we’re not done yet. Today, we’re announcing an exciting software update to the MS Switches and another industry first, Layer 7 visibility.
MS Switches: now with Layer 7 visibility
We’re super excited to bring something never before seen on a switch: Layer 7 application visibility. Our teams worked hard to overcome the tremendous engineering challenges in being able to do deep packet inspection at Layer 7 on 24 and 48 non-blocking Gigabit ports, while maintaining the performance needed on the switch fabric. The new Layer 7 visibility requires no configuration or additional purchase, and hundreds of applications are automatically classified and reported in the dashboard, showing which applications consume the most resources and where your network’s bandwidth is spent.
Figure 1: Layer 7 visibility reveals heavy bandwidth-consuming apps
Layer 7 visibility also shows which users most heavily use a given application, letting administrators identify bandwidth abusers on a per-application basis. For example, identifying which users consume the most YouTube traffic is as simple as clicking on the YouTube app in the application details.
Figure 2: Top YouTube users
Security enhancements, additional troubleshooting tools, and more
In addition to Layer 7 visibility, we’ve included a number of other enhancements in this release:
Link aggregation (LACP)
Per-port email and text message alerts
Enhanced live tools, such as packet capture
General stability improvements.
This latest release is available at no cost to all MS customers, and will be rolling out over the next few weeks. Full details are available in our press release. Stay tuned to the blog for deep dives on these features!
When strapped for budget and manpower, deploying and managing mobile devices usually begins with pinched eyebrows and wrinkled foreheads. But it doesn’t have to be like that, and today we feature David Culberson, Director of Technology at Sharyland Independent School District, and find out how he manages all the mobile devices in his school district in an easy and cost-effective way.
Sharyland Independent School District
Founded in 1921, Sharyland ISD is one of the fastest-growing school districts in Texas and serves the Mission, McAllen, Edinburg, Alton, and Palmhurst communities. Sharyland district includes a high school, two middle schools, eight elementary schools, and an alternative education program (AEP) centre. David Culberson, Director of Technology, and his team serve the IT needs of the district.
A management challenge: 7,000+ devices
When faced with the task of supporting and managing the school district’s devices, David was presented with a few challenges. The IT team needs to support more than 7,000 devices, a mixture of desktops, laptops, iPads, and iPods that the district owns, all with a lean IT team. David had a few options, but all were either cumbersome, inefficient, or required an overlay system that he would need to deploy and manage. In the end, David chose Meraki’s Systems Manager. Systems Manager is a mobile device management tool that lets administrators manage thousands of mobile devices via the cloud and is 100% free for any school or organization, works on any network, and requires no overlay hardware or software.
Deep visibility into devices
Culberson chose Systems Manager to manage the 7,000+ devices the school district owns, and applauds how easy it was to deploy Systems Manager and the level of visibility it gives. For example, Systems Manager can identify a managed device’s location, even when it’s off the district’s network. This is an extremely useful feature if the device is lost or taken from the school. “You can just install the profile on the devices and it reports back. Immediately, I can check which campus has which device and see the asset inventory on each device, I can view recent updates, what apps [on iOS devices] and software [on desktops and laptops] are installed, and even a device’s available memory and battery life.” Meraki’s Systems Manager profile is installed by default on every device as part of Sharyland’s device deployment checklist.
Culberson’s advice to other schools
To any schools managing mobile devices, Culberson offers a tip, “Make sure to have a mobile device management (MDM) system. Meraki’s Systems Manager has all the functionalities, right out-of-the-box, and it is free! We evaluated other MDM products and if we were going start again from scratch and do it over again, we wouldn’t change a thing. It is phenomenal what you can see and have access to remotely with Systems Manager!”
We’ve been busy over the last few months, and we’re excited to announce the release of a major firmware update for our MR wireless access points. This latest release includes Air Marshal, a new integrated suite of real-time wireless intrusion detection and prevention tools. Although Air Marshal was developed for our most security-conscious customers such as finance, healthcare, and retailers, it is available to all Meraki customers and can help secure networks of any size. And, like all Meraki products, Air Marshal runs on Meraki’s cloud infrastructure so configuration and management is easy no matter how large of a network you’re running.
In addition to Air Marshal, this latest release includes a number of performance and mobility enhancements, including an enhanced mobility architecture for improved ultra-fast roaming; high density video streaming optimizations; and new authentication methods for guest access. This latest release is available at no cost to all MR customers, and will be rolling out over the next few weeks.
Full details are available in our press release. Stay tuned for deep dives on these features in the coming weeks!
Using Meraki’s Systems Manager, it takes just 3 steps to distribute and deploy iOS apps wirelessly to all your students, teachers, or employees. Integration with Apple’s Volume Purchase Program (VPP) allows organizations to purchase apps for iOS devices in volume in an easy, fast, and effective way. Here’s how you can deploy apps to hundreds of iOS devices at once.
Log into the Systems Manager dashboard, navigate to the Configure > iOS apps page, and click on “Add a new iOS App” to add the new app.
You’ll see a search bar that is linked to the Apple app store, and here you can simply search for the app that you purchased . After you purchase apps from Apple, you will receive a spreadsheet containing app-specific purchase codes — one code per app purchased. Here I am looking for “iA Writer” for my iPads. Click “Add” to add the app.
You will see the app that you selected at the bottom the iOS apps page. In the Redemption codes text box, paste in the purchase codes for the app from the Apple VPP spreadsheet (one code per line). You can also define the scope of the deployment by pushing the app only to devices with specific tags. In the example below, only iPads which tagged as “12thGradeEnglishClass” will receive the Writer app. Moreover, you can also specify whether to remove the app when the management profile is removed and whether or not save the app’s backup data when the device is synced. Lastly, don’t forget to save the changes in the dashboard.
That is it, just 3 easy steps – on the iOS apps page, find and add the paid app, insert VPP codes, then push the app to one or thousands of iOS devices with Meraki’s Systems Manager.
Every iOS devices included in the scope of the deployment, in the example above — the devices tagged as “12thGradeEnglishClass” will receive an invitation to install the deployed app. Click “Install” to accept the app.
Next, as required for all Apple app installation, you will be prompted to enter an iTunes Store account ID (Apple ID) and password to redeem the app. The app will start to download and within seconds, I can use Writer on my iPad.
Systems Manager is free for any organizations and to get started, just fill out a short form on our signup page. You’ll then be redirected to your new Systems Manager network, and you’ll immediately be able to start adding managed devices.
FAQ about the Apple Volume Purchase Program:
An iTunes Store account is required to purchase or redeem apps.
Once a purchase code is redeemed, the iTunes Store ID which redeemed the app is the owner of that particular instance of the app. The purchase code cannot be redeemed by a different Apple ID.
All paid iOS apps in the App Store are eligible to be purchased in the Education or Business Volume Purchase Program Store.
The Apple Volume Purchase Program available in the US and will be expanding to the following countries soon: Australia, Canada, France, Germany, Italy, Japan, New Zealand, Spain, and United Kingdom.
For more information, see Apple’s Education VPP and Business VPP website.
While the unfolding Google-Amazon-Apple war is fascinating to watch, it’s creating an explosion of devices that will give administrators fits. It seems that a lot of people thought that users would coalesce around a single portable device, just as Windows came to dominate the corporate landscape in the ’90s. For a brief shining moment in 2009 it seemed possible: the iPhone would displace RIM and departments could say “OK, we’ll support iOS devices and everyone will be happy.”
And then this happened:
Instead of the nice monoculture people were hoping for, we got near a near perfect division of market share between iPhones and Android phones. With the announcement of the Nexus 7, we might see the same thing in tablets. By 2015, Gartner sees nearly the same share between the iPad and Android tablets:
We’re also seeing a trend giving employees more of a say in their work environments. Many companies in Silicon Valley let new hires choose their preferred platform; some startups, like StackMob, just give newbies a budget to spend however they want. I took a quick look at Meraki’s internal wireless network (using the Summary Report feature of our Cloud Managed Platform), dumped it into Excel, and:
As you can see, we have four distinct OS platforms on the Meraki network. Five if you separate iPads and iPhones – and given the disparities in data use between phones and iPads, that makes sense in many network environments. Furthermore, these devices are a combination of company-managed and BYOD and we have a guest network where people can log in through a splash page.
The point is that it’s not getting any better. Not only will we have more devices, we’ll have more kinds of devices on corporate networks, only some of which administrators will control. And the impetus isn’t just coming from executives. Don’t believe me? Ask a typical new college grad about whether they think they should be able to use their personal iPad at their new job. Generally I get looks of baffled incomprehension – they used their iPad on their campus network so of course the same should be true at their first job!
The monolithic control strategy we used for the Windows/RIM days are outdated; proliferation of devices calls for an approach that is secure, flexible, and adaptive to new client technologies. This often takes the form of a multilayered security model:
Nonintrusive and easy-to-maintain device management for the devices you have control over,
Security at the AP level to ensure proper bucketing of devices (fully, partially, or not trusted) and prevent access by unauthorized users,
Intrusion and rogue AP detection at both the AP level and deeper in the network,
Different rules for different devices at all layers of the network, and
Layer 7 monitoring and traffic shaping to ensure QoS for business-critical applications
Fortunately, Meraki has been working on this and has a slew of tools making device management as painless as possible. With our unified cloud managed architecture, things like BYOD, mobile device management, and Layer 7 traffic shaping are all controlled from a single point, allowing administrators to deploy more sophisticated solutions across multiple sites. So let the big boys of Silicon Valley fight it out – no matter what happens, we’ve got you covered.
There’s been some negative news lately around cloud computing as one of Amazon Web Services’ East Coast availability zones failed late Friday night, taking down Netflix, Instagram, and a host of other web services. The story is familiar to those of us who have studied large-scale crises: cascading catastrophic failures exposing unknown bugs and hidden dependencies, in this case with the ELB and EBS control plane. Monday morning saw a host of articlesquestioning the wisdom of using such clouds for critical applications.
Here at Meraki, while we weren’t affected by the AWS outage, we take the reliability of our cloud infrastructure very seriously. We have built a secure, highly-availablearchitecture for our Cloud Controller and placed it in geographically dispersed datacenters. We also never rely on a single provider (e.g., Amazon) so we have redundancy in the face of systemic outages. Customer data is mirrored across multiple sites with automatic failover so should a catastrophic outage strike one of our datacenters, customer data will be available at other sites. And of course, Meraki APs, switches, and security appliances will continue to serve clients even if our Cloud Controller is temporarily unavailable.
If you’re interested in the specific details on the outage, Amazon has a great post-mortem here.