Group policies already provide network admins with many powerful and granular controls for selected groups of users. For example, social networking can be restricted to use by the marketing team, peer-to-peer apps can be blocked for all, or bandwidth for guest users limited to 5 Mbps, all configured in a matter of moments. It’s a topic we’ve covered extensively in the past here on the blog.
One thing has been missing, until now. These policies have applied around the clock with no regard for changing requirements through the day, and we’ve received many requests to add a scheduling capability. So with the latest wireless release, this super-useful tool is now available in the dashboard.
A couple of examples help illustrate how time based group policies could be used to enhance network security, provide limited access to applications, and give IT admins more precise control over their networks. It may be desirable to restrict access to certain applications or IP addresses outside business hours, or perhaps a specific server, or lab environment where highly sensitive work is being undertaken. Many businesses choose to block social networking, but may like to allow access to Facebook during the lunch period, with traffic levels shaped so as not to impact more business critical applications. Bandwidth for BYOD devices could be restricted for the same reason during business hours, with software downloads – sometimes running into hundreds of Megabytes – blocked.
The design is exactly the same as you’ll find for other scheduling capabilities, like SSID availability for wireless, and port schedules for the switches. Pre-configured time schedule templates can be selected, or timings manually selected to suit the requirements of the organization. If multiple instances of a policy are required, perhaps to fit around school class times, multiple policies can be created to reflect this, each with their own fine-grained controls.
Here’s how it looks.
One more thing: Time based policies can be configured in a wireless-only environment and also for wired networks which sit behind a Cisco Meraki security appliance.
We’re certain this new functionality will be well received by our customers and look forward to seeing the creative ways in which it’s put to use in different kinds of organization.