Gartner has released its 2013 Wired and Wireless LAN Infrastructure Magic Quadrant. For the second time in a row, Cisco is recognized as a leader in the MQ, and the Meraki team is excited to be recognized as part of Cisco’s leading position.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
Head over to the Cisco blog to read more about this year’s MQ. Prashanth Shenoy, from the Enterprise Networks team, shared some thoughts about why Gartner recognized Cisco for completeness of vision and ability to execute, and also shared the Magic Quadrant graphic from Gartner.
Gartner, Magic Quadrant for the Wired and Wireless LAN Access Infrastructure, Tim Zimmerman, Mark Fabbi, September 3, 2013.
Systems Manager recently rolled out support for configuring and managing OS X devices using Apple Configuration Profiles. Profiles allow administrators to deploy settings and policies to mobile devices via Systems Manager, such as passcode enforcement, wireless, and VPN settings. We will take a look at how to set it up, what it looks like on your Mac, and what new features are available.
Setting up Profiles in Systems Manager
Under Mobile > Deployment, click on the Mac Enrollment tab to get started.
Devices can be enrolled just like iOS and Android devices by visiting m.meraki.com in a browser and entering your System Manager organization ID, or by directly sending enrollment links to users.
Viewing Profiles on your Mac
Once installed on your Mac, there will be a new icon under Systems Preferences called Profiles.
Here you will find your Meraki management profile.
New features now available
By deploying Profiles, administrators can now enforce passcodes on enterprise devices to ensure company data is kept safe. The ability to deploy WiFi and VPN settings alleviates some of the burden on IT staff by allowing pre-configuration of devices for network access.
Systems Manager’s native agent and Profiles work together
If you are already managing OS X devices with Systems Manager, Profiles offers additional features that incorporate nicely into your existing setup. The native agent you are currently using will continue to provide all of the great SM features you are accustomed to (remote desktop, command line, approximate location, etc.). Profiles works together with the native agent to provide comprehensive mobile device management functionality for enterprise networks. Stay tuned for new features available via Profiles, and for a complete overview of the features available via Systems Manager, take a tour here.
A good number of customers and prospects often wonder about the Cisco Meraki Support team and who exactly the people on the other side of the phones are. Here’s the rundown.
The Cisco Meraki Support team is:
Knowledgeable | All technical support engineers (TSEs) can troubleshoot on all of the Cisco Meraki product lines, so customers receive consistent, quality help.
Loved | The team consistently ranks 93% in Customer Satisfaction every quarter.
Effective | The team’s case volume grows about 8% per month, approximately growing 100% per year.
Expanding | New members appear on a monthly basis in the Support section of the Cisco SF headquarters.
Diverse | Languages spoken by varying members of team include Spanish, French, Japanese, and Cantonese.
International | Recent expansions of the team have moved TSEs to Australia and the UK, creating a robust team to staff our 24×7 telephone support.
The Support team is a close-knit group of friends that bonds at work over NBA Jam, breakdancing, playing various musical instruments, and beer and pizza; they also socialize outside of work with LAN parties, soccer, rock climbing, and beer and pizza.
Below, LAN partying it up:
Kyle, Technical Support Manager, on what makes the Cisco Meraki Support team so effective:
“We have an open approach and a collaborative knowledge base that is constantly evolving. Our team is cohesive and communication is super effective. We’re big on reciprocity and giving information back to the group – the passing of knowledge from one technical support engineer to the next is our bread and butter.”
Peter works out a complex issue with his team:
Kyle also recognizes that the entire team is highly driven:
“Our support team is comprised of problem solvers. Each TSE is going to dig deep to find the issue and find out why something isn’t working. Our team doesn’t just escalate the problem to a different person. When you call Cisco Meraki support, you’re not just going to get an average answer, you’ll get a real answer.”
In terms of what keeps the work interesting, Technical Support Manager Peter says, “Due to the flexibility of the cloud – as technology changes, so does the function of the same piece of hardware. One day is never the same as another and that keeps things interesting.”
Jorge and his team, clearly enjoying their day:
Jenna and Brittany, the Support Recruiting team, also keep things fun for Support by planning various social activities.
Support on a boat:
Support at the zoo:
Support taking a mid-afternoon break:
In terms of what kind of career path a support engineer can expect, Peter talks about growth at Cisco Meraki:
“I joined in the beginning of 2012 and we were a group of 9 people. Not a single one of them is still a support engineer – we’ve all moved on to other roles within Cisco Meraki, such as product specialist, sales engineer, and manager roles. Advancement is part of this job and your advancement is shaped by what you do well.”
Director of Technical Support Jeff (right) ensures his team members are constantly learning and growing.
Want to become part of this tight-knit crew? We’re hiring technical support engineers; apply at meraki.cisco.com/jobs.
We take our customers’ feedback seriously. At the bottom of every page in our web-based dashboard is a box like this:
Anyone with a Meraki dashboard account can enter wishes for any features they’d like to see added to Meraki products. Once you “make a wish,” your request — along with a dashboard page capture showing us where you’d like the feature to appear — gets sent to a special email list that includes all of our Product Managers and engineers. We keep tabs on the most wished-for items, and if you’ve wished for one you may get a friendly call from a Cisco Meraki developer to chat more about it.
During our first 5 years of business, we received about 10,000 customer wishes; today, we are averaging about 70-100 wishes per day. We are thrilled by this, because we use these wishes to help shape our product roadmaps, granting as many of them as our engineers can handle. Some of the more recent wishes that we’ve granted include reporting on MX HTTP cache hits and implementing dashboard support ticketing for MSPs.
At our SF office, wishes are publicly displayed — so it’s easy for everyone to see new wishes when they arrive.
This does feel a bit like working in Santa’s shop sometimes, as we collect wishes and make lists of what to deliver. We get wishes from folks all over the world, and not all of them are — ahem — relevant to the technologies at hand. If you don’t believe me, next time you’re logged into the Meraki dashboard and tweaking your network settings, try wishing for a unicorn. No, really.
The stampede of Apple iPhone and iPad users to update their mobile devices to iOS7 upon its release in mid-September has been written about extensively (see here and here). Most estimates place the adoption rate at over 50% of total iOS users only a week after the update became available. Considering that rates of adoption for previous iOS versions have been more staid, this is news.
We performed our own anonymized sampling of Cisco Meraki networks to determine what percentage of iPhone and iPad users were converting to iOS 7, and how quickly. We polled from September 17th through October 7th, and can confirm the results are staggering.
Our anonymized sampling of 50,000 random nodes at different points during each day after the iOS release confirms that iOS 7 adoption reached nearly 50% after only 2 days, and cleared 50% within a week.
As of October 7th, around 67% of iOS users on Cisco Meraki networks had upgraded to iOS 7, while the percentage of devices with iOS 6 installed decreased from about 93% to 36%. These numbers don’t sum to 100% because we sampled different anonymized client devices each time we polled the cloud for information. We’re taking the maximum percentage seen each day for devices running their respective iOS versions, and presenting those numbers here.
What this means for IT admins everywhere
One reason this pace of adoption is news is because the bandwidth spike it caused may have resulted in saturation-induced network outages for several college campuses and possibly other organizations. Depending on the client device and which version of iOS it was upgrading from, the amount of bandwidth needed for the update could be hefty. For example, a single instance of iOS 7 for the iPhone could weigh in from 750Mb to well over a gigabyte (figures are larger for iPads). If you’ve got more than a handful of concurrent network users trying to download files this size, you could run into issues.
3 ways Cisco Meraki helps
1.) Cloud management
If you receive reports of sluggish network performance — or outright outage — you can easily login to the Meraki dashboard via any Internet-accessible device from any location and make firewall and/or traffic shaping adjustments on the fly. If you aren’t physically onsite to configure application throttling rules, but have access to, say, a mobile phone with cellular or Wi-Fi access to the Internet, you can still make the configuration changes you need immediately.
2.) Traffic shaping
You can set site-wide or group-based traffic shaping policies on either MX security appliances or MR access points with just a few clicks in the Meraki dashboard. You can set per-device or per-SSID bandwidth limits, throttle entire categories of application traffic (for example, all software updates), or apply rules to specific traffic destinations like apple.com.
Traffic shaping and Layer 3 firewall rules can be set on Meraki MX security appliances and MR APs.
You can even apply wireless group policies automatically by device type. So you can apply specific rules to all iPhones and iPads connecting to your wireless SSID — regardless of whether they are BYOD or corporate-owned devices. Meraki APs support this by leveraging their innate device fingerprinting capabilities, so no client software needs to be installed on any device for this to work.
Applying specific policies automatically to devices joining a wireless network — no manual installation needed on the client side.
3.) Block client devices
If you faced an emergency bandwidth situation induced by a handful of devices, you could easily find them by sorting clients by usage on the dashboard’s Monitor > Clients page. Then simply select the top offenders and temporarily block them from your network.
Selectively blocking one particular iPad from a specific SSID (“CORP”) but not another (“Cats-WiFi”).
These measures (and more) are available to Cisco Meraki customers to manage bandwidth and content flowing across their network infrastructure. When there are sudden spikes in usage driven by specific applications or websites, you can rest easy if you’ve deployed Layer 3-7 firewall and traffic shaping policies to your Meraki network.
This past weekend we invited engineering candidates from universities throughout the US to visit the Cisco SF office to see what a typical day is like for our engineering team. Our guests sampled colossal sandwiches from Ike’s Place while learning about various projects the team is working and Cisco SF perks from our VP of Technology, John Bicket.
From there, our guests and members of our engineering team departed the office for a Cable Car tour to some of the famous sights of San Francisco. In addition to the traditional tourists sites like the Golden Gate Bridge, we went off the beaten path to sites like the house from Mrs. Doubtfire, Golden Gate Park, and a stop at Twin Peaks. To top it all off, we ended our day at Mission Bowling Club for a friendly bowling competition.
Check out some shots from this past weekend’s fun Engineering Recruiting Weekend:
Welcome to Cisco SF!
A game of chess anyone?
Our engineering team boasts one of the best views at Cisco SF.
View from the Cable Car tour with our engineering team and candidates.
The fog cleared just in time for our Golden Gate Bridge group pic!
Bowling at Mission Bowling Club.
Interested in joining our Cisco SF team? Visit ciscosf.com for more info or to apply, email [email protected].
As many of you may have noticed, your iPhones and iPads received a fairly large update with the recent release of iOS 7. This new revision brings many improvements to the way mobile device management systems interact with mobile devices as well as a plethora of configurable enhanced security settings. We have been busy implementing these new features into Systems Manager. While there are many new features, we wanted to highlight a few of the most exciting ones now available to you in the dashboard.
Open-in allows users to determine how documents or applications open between managed apps (apps deployed via Systems Manager) and unmanaged apps (apps deployed by the end user). Previously, users could open sensitive documents in whatever app they wanted, increasing the risk of that data being compromised. Now, Systems Manager can limit the scope of where secure files can travel. Ensure sensitive data is only accessible to IT-approved apps with the click of a box. This feature allows for even finer segmentation between corporate data and user data.
Account settings control
Another feature added in iOS 7 is the ability to control whether or not a user can modify their account settings. Specifically, administrators can prevent users from changing important exchange email settings.
Lock screen controls
Finally, administrators also have the ability to control the lock screen on devices. Display or hide the today screen, notification screen, or control center via Systems Manager to protect which information is displayed before a user officially logs into the device.
These are just a few of the new iOS 7 features we had added to Systems Manager. For a full list just visit the Mobile > Settings > Restrictions tab in dashboard.
We are continuing to implement new iOS 7 features including the much anticipated revamp of VPP (volume purchase program) codes so stay tuned for those enhancements as well. And if you are new to Systems Manager, get started here.
As part of an employee appreciation initiative, we enlisted the expertise of San Francisco coffee institution – Sightglass Coffee. Cisco SF employees were lucky to experience exciting sessions with the esteemed local coffee roaster.
Below, Sightglass barista Annie draws a rapt audience for her lesson in making a perfect – or acceptable – espresso shot.
She demonstrates expert techniques in espresso art, much to our dismay and amazement.
One of our own engineers Ben tries his hand at applying the prescribed 30 lbs of pressure and makes a passable attempt at espresso art.
On a later date, the folks at Cisco SF HQ were graced with an in-house Sightglass coffee bar.
The carefully crafted coffee beverages were complemented by a tantalizing array of Sandbox Bakery pastries:
Rob is originally from Canada where he studied systems design engineering at the University of Waterloo. He studied how to design interfaces to bridge the gap between society and the technology we all love to consume. Luckily for Meraki, this is exactly what we aim to do with our products, so Rob was a perfect fit.
In Rob’s first week at Cisco Meraki, 5 years ago in a humble one room office in Mountain View, Rob recalls his first project was to program the access points to ‘run dark’. “To make sure our products could run with all of their LEDs turned off to save a bit of energy and stop annoying blinking lights in dark rooms. We always joke that the firmware programmers are the ones that make the lights blink, but I guess I did the opposite.”
Our engineers always pride themselves on being able to adapt quickly to customer needs and Rob was able to do just that at the LeWeb conference in Paris. “At LeWeb we set up WiFi for over a thousand tech writers and bloggers. It was pretty exciting and a lot of pressure to make sure our equipment didn’t have any problems.”
Rob tells me about writing the SpeedBurst feature in one evening before the conference to ensure the attendees had a great wireless experience – burst downloads for quick web page loads, while still applying bandwidth limits to longer sustained streams. “It was a late night… or an early morning.”
One of the things I was most excited to ask Rob about was the RF Spectrum view he created utilizing the 3rd radio in our new 802.11ac access point. This view gives administrators deep insight into their RF environment along with average channel utilization for 2.4GHz and 5GHz channels. “The reason this is such a cool feature is that traditionally this is something that you get from a tool that requires you to be physically present. Now you can get the same data from anywhere in your network via the dashboard.”
He takes me through how he created this feature from scratch. “The radios change channels very quickly while collecting raw RF samples from an analog to digital converter. We then convert the RF samples into the frequency domain to present these graphs to the user.” Rob is able to explain this clearly and concisely but don’t be fooled, there is some serious signal processing happening in the background. Rob even got to break out some old textbooks and use those fourier transforms he hadn’t thought about since sophomore year in engineering school.
Rob has recently moved to a new role on our MX Security appliance team to work on even more features we will eventually see in the dashboard. On life at Meraki, “All of the people here are great. Everyone is forward thinking and there is no red tape. You can work on everything from bit toggling on the hardware up to creating a pixel perfect design in the UI.”
We love to let our engineers minds run freely. Check back for more highlights about the teams here at Meraki and as always, we’re hiring!
Recently we looked at a great way to set up secure guest WiFi that works for most networks, and now want to expand on some other deployment scenarios. A common requirement for guest wireless is to allow guests to access Apple TVs. To accomplish this, Bonjour traffic must pass from the secure guest VLAN to the Apple TV VLAN. Fortunately, this doesn’t mean guest WiFi needs to be any less secure. Below we will set up a secure guest SSID with bonjour forwarding.
1. Put the guest SSID in Bridge mode
Normally NAT mode is recommended for customers setting up guest WiFi. NAT mode automatically isolates clients from each other and allows for a clean segmentation from the rest of your network (assuming firewall rules are in place). But this does not meet the needs of every deployment scenario. Due to the client isolation inherent in NAT mode, even an Apple TV on the same wireless network cannot communicate with wireless clients. In the screenshot below we put our SSID in Bridge mode, and pick a VLAN for the guest traffic.
2. Configure Bonjour forwarding
Bonjour traffic is multicast traffic, therefore it will only travel within its own VLAN/broadcast domain. Below we show how to configure Bonjour forwarding to send Bonjour multicast traffic to the VLAN where our services reside. For this discussion, I’ll assume all the Apple TV is on VLAN 10. Simply enter the service VLAN and select the service from the pre-populated list.
3. Set firewall rules allowing traffic to Bonjour services
Finally, we should lock down our guest SSID. Access control lists are enforced in order; the first item will allow traffic to the IP address range of VLAN 10, the VLAN we assigned to the Apple TV. The second rule denies access to the “Local LAN”, dropping all traffic destined for class A, B, or C private IP addresses. The third rule allows access to everything else, giving guests access to internet resources. These rules will grant access to the resources needed (internet and Apple TV) while segmenting guest traffic from the rest of the network.
We have enabled guests to access Apple TV while isolating guest traffic from the rest of the network. Keep us posted on other use cases you’d like to see explained here or during our weekly webinars.