Archive for June, 2013

You choose: cached or cloud-based content filtering

If you’re a K-12 educational organization, we debuted several useful features to help protect your network back in April. One of these is the ability to choose the overall reach of content filtering on your MX security appliance. In essence, you can choose to filter top sites in a given blockable category, or you can choose to filter the entire category list.

Cisco Meraki collaborates with Webroot BrightCloud for best-in-class content filtering on our security appliances (we subscribe to all of their blockable categories). Enabling “Top Sites only” in the Content Filtering dashboard page will cause your MX to download and cache a database of top URLs from BrightCloud. The MX will check each website request against this local database, filtering if required. This gives you rapid, in-box filtering with a reasonable trade-off in URL coverage.

Screen Shot 2013-06-21 at 10.51.40 AM

Easily choose the scope of content filtering on your Cisco Meraki MX.

 

If you choose to filter the full category list, the MX will initially check each website request against its cached database as before, but unmatched URLs will prompt the MX to make a dynamic lookup to the Cloud. This effectively allows your MX to filter billions of URLs. Although there will be some initial latency with cloud-based lookups, the MX caches the results, speeding future queries. This speed boost comes because web browsing is often habitual (people tend to view a subset of commonly-accessed sites), so after some initial latency common sites will be rapidly served to end users via the cache.

As always, you can also manually specify specific URLs and URL patterns to whitelist or block, regardless of which category list size you prefer.

 

 

Posted in Company Blog | Comments Off on You choose: cached or cloud-based content filtering

Tommy Bahama: Innovating Retail with First-Class Wireless

Stewart Hubbard, Vice President of IT at resort lifestyle retailer Tommy Bahama, was recently asked to deploy wireless networks at stores nationwide in order to support an in-store sweepstakes promotion. During a recent webinar, we invited Stewart to share with us how he was able to get Cisco Meraki wireless up and running at all of his stores in just a few weeks.

Before Cisco Meraki, Tommy Bahama only had guest WiFi at their restaurant locations. Now, the retailer uses Cisco Meraki access points across over 115 restaurants and stores across the United States and the world. They also have security appliances and switches at their largest retail and restaurant locations, as well as their headquarters in Seattle.

Tommy Bahama's store front

Why did you first upgrade your network with Cisco Meraki?

Stewart Hubbard: My first deployment of Meraki was in conjunction with the opening of a flagship restaurant in Manhattan. That went off successfully, and it’s been very reliable. It’s a very good solution. We quickly expanded to the remainder of the restaurant locations. At that point we had a single pane of glass for monitoring and management of all the guest-facing wireless at all of our restaurant locations.

Prior to using Cisco Meraki, network manageability was a bit of an issue when there was the need to change a password, or the SSIDs needed to be changed or weren’t consistent. It was different per site: if there was a hardware failure, we would find out about it from the restaurant manager rather than having any sort of proactive knowledge.

You now have Cisco Meraki in all of your restaurants for guest wireless. What about your stores?

SH: As a retailer, there’s a lot of interest these days in enabling mobile capabilities in stores, whether that is mobile point of sale, or other things that you could do on devices like iPads. I got a call from one of the executives from the retail division saying, “One of our initiatives to acquire customers relies on a sweepstakes that we’re going to run in the first quarter of next year. One of the ideas we have for the sweepstakes is to do it with mobile devices in store, and it’s going to launch in two months. Do you think you can pull this off?” I said, “Absolutely not. I don’t think so, but I’ll give it a shot. If we can prioritize some locations, I will make sure that we get as many done by then as we can.”

What was the deployment to all your stores like?

SH: We started the nation-wide deployment doing 10-12 stores a day for two weeks! We shipped iPads right around the same time, turned on the promotion, and it went off seamlessly. In terms of the wireless deployment and having these things done in time to support the sweepstakes, it was a rousing success. My retail partners were extremely happy. I was actually shocked that we pulled it off!

Then I was told that we were acquiring the Canadian business from a franchisee. We had nine stores that I needed to bring over to our network. We purchased the MX60 security appliances and MS22 switches for the store locations, and went out on a weekend to replace the consumer grade routers they had out there. We have a Cisco Meraki MX80 head-end in Seattle, and we connected those stores over VPN back to headquarters.

What was one of the best things about the Cisco Meraki products?

SH: While the APs were being installed by a third party, we could immediately tell if they were plugging things into the right port. If they plugged something in the wrong place, we could say, “You need to plug that into port 16 instead of 17.” It’s really nice to have that kind of interface—we have full visibility down to the port-level on both the switch and the security appliance. I can see at a glance if I have a network issue at a store.

You’re also using Systems Manager to manage your store iPads. What do you value most about the MDM solution?

SH: If you’re looking at deploying a large number of mobile devices out there, you want the ability to manage them. If they’re lost or stolen, you want to be able to wipe that data. Over time, programs and promotions change. You want to be able to modify the applications on that device without having to ship them around or doing anything manual.

With Systems Manager, you’re applying an iOS profile using the same interface that you’re using to manage the APs. We got to the point where we could restrict the iPads, lock them down to do only the sweepstakes and some other functionality without worrying about employees installing other applications, consuming bandwidth, or doing things they weren’t supposed to be doing. 

Check out the recording of the live webinar to hear more on how Stewart uses Cisco Meraki for retail innovation at Tommy Bahama.

Posted in Company Blog | Comments Off on Tommy Bahama: Innovating Retail with First-Class Wireless

We’re headed to HITEC 2013!

HITECMainCisco Meraki products have always offered a range of valuable features for customers in the hospitality industry: centralized management across multiple locations, easily-configured guest WiFi, and the flexibility to prioritize bandwidth by users, applications, or devices. We’ll be travelling to Minneapolis next week for HITEC, the world’s largest hospitality conference, to present our solutions for the industry. Stop by to find out what’s been successful for customers like the Viceroy Miami Hotel, the Zürs Ski Resort in Austria, and Motel 6. From June 24th to 27th, we’ll be at Booth #1635 ready to answer any questions and give 1:1 demos of our cloud-based management dashboard.

Posted in Company Blog | Comments Off on We’re headed to HITEC 2013!

Lock down Layer 2 access with new switch features

If you’re trying to secure your organization’s switch infrastructure, we’ve got great news for you: Cisco Meraki switches now support

  • MAC-based RADIUS authentication

  • DHCP server containment

  • MAC whitelisting

MAC-based RADIUS authentication

All Meraki MS switches support 802.1X wired authentication, which allows the configuration of port-based access policies by using user credentials for authentication, but until now our switches didn’t allow for device-based policies. Furthermore, not all devices support 802.1X authentication, limiting the security scope of the port-based approach.

Enter MAC-based RADIUS authentication. When enabled, this feature requires authentication for each MAC address accessing a switch port. Now, you can dictate port access at the device level, enabling more granular control.

Screen Shot 2013-06-17 at 5.18.12 PM

Enabling MAC-based RADIUS authentication in a policy to be applied to specific ports.

DHCP server containment

MS switches now perform DHCP snooping to identify which devices are responding to DHCP requests on your network, so you can automatically detect and block unauthorized, rogue devices. Configuring a DHCP server policy is easy. Simply set a policy to allow or block identified DHCP servers, then specify any exceptions to the rule. In the image below, for example, we’ve blocked all DHCP servers by default, except for our authorized server with MAC address aa:bb:cc:dd:ee:ff—this helps secure us from rogue DHCP servers which may be added to the network at any time.

Screen Shot 2013-06-17 at 5.20.31 PM

Configuring rogue DHCP server containment for a Cisco Meraki network only takes one click.

MAC whitelisting

MAC whitelisting is valuable for networks that aren’t hosting an on-site RADIUS server. Enabling the feature in this case will block all access to a switch port except for the specified MAC addresses. Branch retailers, for example, might find MAC whitelisting useful if they wish to allow only certain devices on their network but don’t want to manage the added complexity of a RADIUS server.

Additionally, you may want to allow specific devices to be whitelisted through a switch port even though MAC-based authentication is required. If you normally enforce device-level authentication on a particular port but wish to make an exception for the CEO’s personal laptop, you can now easily do so.

Enabling MAC whitelisting for selected ports.

This new set of features can help you lock down Layer 2 access to your network, and refine policies on a per-device level.

These enhancements will be generally available during the first week of July as we roll out our next switch firmware update. If you would like earlier access to these features you can call Support to enable them in your switch network.

For more information on our MS line of switches, including some recently announced new models, check out our MS family datasheet or our website.

 

Posted in Company Blog | Comments Off on Lock down Layer 2 access with new switch features

Fancy a chat? Get Enterprise Support for Systems Manager!

Since the introduction of Meraki’s 100% cloud-based mobile device management solution, Systems Manager, customers have been asking for additional levels of support to maintain their business critical environments. Well we listened! Today we’re announcing Enterprise Support for Systems Manager. We are now offering phone and emergency 24×7 support with the purchase of an Enterprise Support license.

_DSF2308_2

The Enterprise Support license grants you the ability to call in directly to our top-of-the-line Support Engineers in San Francisco, London, and Sydney. Pricing works on an annual, per device basis just like Meraki’s other products: licenses start at $20 per device/year and you’ll get discounts when purchasing in multi-year increments. To get setup with Enterprise Support just contact sales.

In addition to Enterprise Support, we’ve recently rolled out some awesome new Systems Manager features that offer added security and deeper integration for mobile devices. Check out these recent blog posts that go into detail on our new Selective Wipe, Systems Manager Sentry, and ActiveSync functionality.

Posted in Company Blog | Comments Off on Fancy a chat? Get Enterprise Support for Systems Manager!

One Week until ISTE 2013

ISTE

ISTE2013logo

It’s just about that time of year again. The 2013 ISTE Conference  starts June 23rd in San Antonio, showing off the latest advances in educational technology from some of the industry’s biggest names. We had a great time at last year’s show in San Diego, and this year is shaping up to be bigger and better. We’ll have our engineers on hand to answer questions, we’ll be giving live walkthroughs of the Cisco Meraki product line and we’ll offer 1:1 demos of the cloud-based dashboard. Stop by Booth 11270 to get a firsthand look at why over 1,000 schools have chosen Cisco Meraki, and earn a chance to receive a free 802.11n access point! You’ll also be able to learn about Cisco Unified Access at the same booth.

See you in San Antonio!

Posted in Company Blog | Comments Off on One Week until ISTE 2013

One Week until ISTE 2013

ISTE

ISTE2013logo

It’s just about that time of year again. The 2013 ISTE Conference  starts June 23rd in San Antonio, showing off the latest advances in educational technology from some of the industry’s biggest names. We had a great time at last year’s show in San Diego, and this year is shaping up to be bigger and better. We’ll have our engineers on hand to answer questions, we’ll be giving live walkthroughs of the Cisco Meraki product line and we’ll offer 1:1 demos of the cloud-based dashboard. Stop by Booth 11270 to get a firsthand look at why over 1,000 schools have chosen Cisco Meraki, and earn a chance to receive a free 802.11n access point! You’ll also be able to learn about Cisco Unified Access at the same booth.

See you in San Antonio!

Posted in Company Blog | Comments Off on One Week until ISTE 2013

Hi BYOD, meet Mobile Security!

The notion of most employees using their personal devices for work is practically a foregone conclusion. Instead of resisting this trend, responsible IT organizations see BYOD as a means to boost employee productivity and take advantage of today’s always connected lifestyle. But what happens when a company’s sensitive information gets into the wrong hands? What happens if a device goes missing or an employee leaves the company? While BYOD can be liberating, there are important security implications for every organization to address.

When employees bring their mobile devices into the workplace, they tend to use resources like email, the corporate network via WiFi or over VPN, shared documents on servers, and enterprise apps.

byod-icons

These uses set the stage for a key question about how corporate IT thinks about mobile security: How can you remove access to those resources without completely wiping the device or affecting personal data on the device?

Selective Wipe

With the new Systems Manager selective wipe feature, we provide the “easy button” to address this challenge. Selective Wipe removes everything previously pushed to the device through the Cisco Meraki Systems Manager dashboard, including configuration profiles, apps, and documents.

selective-wipe

Selective wipe provides a new way to remove secure data from lost or stolen devices

A device that has been selectively wiped is still enrolled in the Systems Manager network, so location tracking and over live tools will remain functional but the corporate provisioned data and settings are removed. This is a convenient way to handle employee devices that are missing or stolen, since IT will be able to track the device if and when it reconnects to the internet.

Auto-Quarantine on Enrollment

We’ve also introduced a second capability to increase security when devices are enrolled into a Systems Manager network. With the new auto-quarantine feature, IT has the option to explicitly approve enrolled devices before they receive any configuration profiles and mobile apps.

auto-quarantine

Auto-quarantine is easily configured to enhance security in the enrollment process for all new devices.

With auto-quarantine, organizations can allow users to self-enroll into a Systems Manager Network, while maintaining strict control over network access credentials, or sensitive apps and data that would otherwise be automatically pushed to newly enrolled devices.

Quarantine Screenshot

Administrators have one-click access to authorize newly enrolled devices or to selectively wipe data

Bring on BYOD

With these new additions Cisco Meraki Systems Manager continues to make it easy to support BYOD while providing flexibility fo varying security needs. And as always—we’re excited to bring all these feature to you 100% free! If you haven’t already tried Cisco Meraki Systems Manager, try it here and get started today.

 

Switching it up: Introducing two additions to the MS lineup

We’re thrilled to announce our latest cloud-managed products shipping this summer: the Cisco Meraki MS220 8-port and the MS420 24/48-port aggregation switches. With these newest additions to our switch portfolio, we’re making it easier to bring the power of Meraki switching to two very different segments:

  • Edge switching in small branch offices, retail locations, and hospitality deployments
  • Aggregation switching for large campus deployments

The same mission-critical features found in all other Meraki switches — like deep, Layer 7 application visibility, virtual stacking, QoS for business critical applications, 802.1X access control, and more — are present in both the MS220-8/P and MS420 line.

 

MS220-8/P

Like its larger siblings, the MS220-8/P is 100% cloud-managed, allowing for seamless cloud updates that future-proof your investment, zero-touch deployments that make scaling your network simple, and the ability to manage your switch from anywhere in the world — giving you the utmost flexibility and control. Meraki’s industry-first virtual stacking technology also leverages the cloud, allowing you to view thousands of switch ports across hundreds of physical switches and centrally manage all of them, regardless of location or switch model.

ms220-8P_left

The MS220-8/P access switch.

Additional features of the new MS220-8/P include:

  • Fanless chassis for noiseless operation

  • 8 x 1 Gbps RJ45 Ethernet ports, 2 x 1 Gbps SFP ports

  • PoE/PoE+ available on all ports (on PoE models)

  • Total power budget of 124W, enough to power devices on all ports

  • Intelligent energy efficiency via port scheduling and smart PoE/PoE+ budgeting

  • CDP support for Cisco VoIP phones

 

We are also introducing a new, lower priced license for the MS220-8. The list price for the switch hardware plus a 3-year cloud license will total $1,095 (please see our cost calculator for all list pricing).

The MS220-8/P will begin shipping at the end of June, 2013.

 

MS420-24 and MS420-48

The MS420 line, which includes 24- and 48-port models, are aggregation switches with speedy 10Gbps SFP+ across all ports. The same centralized visibility and control found in all other Meraki switches exists for the MS420 line, also 100% cloud-managed.

The MS420-48 aggregation switch.

 Additional features of the new MS420-24 and MS420-48 include:

  • Layer 3 functionality

  • Field replaceable, hot-swappable fans

  • 24 x 10 Gbps SFP+ or 48 x 10 Gbps SFP+ ports

  • 1U height, for easy rack mounting in space-constrained environments

  • Hot-swappable, redundant power supply units

 

The MS420-24 and MS420-48 will begin shipping in late summer, 2013.

 

For more details…

With the MS220-8/P and MS420 line, you now have a fully cloud-managed stack, from access switches to aggregation switches for large campus deployments.  For more details about these new models or our MS line in general, check out our MS family datasheet and our preliminary MS420 datasheet, or sign up for our MS webinar introducing these new models to be hosted live on Wednesday, June 19th, 2013 at 10:00am PDT.

As you can see, we’re expanding our switch portfolio to address different market segments — so stay tuned for more announcements soon!

 

Posted in Company Blog | Comments Off on Switching it up: Introducing two additions to the MS lineup

New features help MSPs manage end customer networks

We’ve got some great tools for managed services providers (MSPs) who offer Cisco Meraki’s wireless, switching, security appliance, and MDM as a service to their end customers. These tools address common MSP challenges around managing end customer networks, optimizing costs, transitioning customer networks to a hosted service quickly, and scaling those networks as needed.

Today, we’re excited to announce additional, new features for MSPs:

  • MSP Portal: A central location for staff to monitor all of their Cisco Meraki end customer networks over the web
  • Support ticketing: Create, monitor, and respond to support cases with Cisco Meraki staff
  • Custom branding: MSPs can brand the Cisco Meraki dashboard and summary reports to reinforce their brand message to end customers

These new features, combined with the built-in end-­to-­end visibility and control provided by Cisco Meraki’s cloud management platform, provide powerful ways for MSPs to keep their customer networks up-­to-­date and centrally managed.

 

MSP Portal

The new MSP portal, built into the Cisco Meraki dashboard, gives MSPs a single location to evaluate end customers’ licensing compliance and networked devices.

msp_portal_blurred

Easily manage licensing compliance and end customer network devices using the MSP Portal.

From the MSP portal page, click into any of your managed customer networks and use Cisco Meraki’s Live Tools to remotely troubleshoot appliances; or use the dashboard to monitor users, devices, and application traffic, set group­based policies, update licensing, and manage customers’ device inventory. You get end-­to-­end visibility of your customers’ networks from any Internet-accessible location—whether that’s at a NOC/SOC or your field offices.

 

Support ticketing

Keeping track of support cases across multiple end customer networks can be daunting, but we simplify things with a central location to create, monitor, and respond to troubleshooting tickets alongside Cisco Meraki staff. Cases are organized so that sorting cases by end customer—even down to individual customer networks—is easy.

Screen-Shot-2013-05-30-at-12.38.44-PM

Sort troubleshooting tickets by priority, status, case number, date created, or support engineer.

With Cisco Meraki support ticketing, you can keep track of relevant emails, files, and case descriptions for a particular problem within a single ticket and prioritize cases based on severity.

Custom branding

As the networking provider and primary support for end customers, MSPs need the ability to reinforce their brand message when administrators access the network. As part of the MSP Dashboard, Cisco Meraki will work with our partners to put a custom logo on both the main dashboard and summary emails that are sent to end customers.

Cost optimization

Reducing operational costs is a key challenge for MSPs, who must typically build out end customer network infrastructure, adjust for vendor licensing costs, and provide tech support for issues that arise. With Cisco Meraki, our cloud­-hosted management infrastructure eliminates the need for MSPs to build out data centers or host wireless LAN controllers and similar infrastructure. Our simple licensing scheme, which includes all product tech support, maintenance, and feature updates, streamlines cost models. Finally, our intuitive, cloud­-based dashboard allows engineers to remotely troubleshoot devices and reduces staff training hours.

On-­demand scalability

It’s easy to quickly transition end customer networks to Cisco Meraki. All of our gear allows for zero­touch configuration, with no onsite IT staff needed for deployment. Adding network devices is as simple as entering an order number into the Cisco Meraki dashboard—there is no device limit, throughput limit, or backend configuration necessary. Our datacenters are designed from the ground up to scale your customers’ networks to millions of attached devices—and we have built­-in redundancy across multiple geographies, all with a 99.99% uptime SLA.

If you’d like more details on these new MSP features—and additional benefits Cisco Meraki provides vis­-à-­vis managing end customer networks—please read our new MSP white paper.