Rethinking Group Policy Management
Back in the Autumn we introduced our new Combined Network dashboard view, which grouped together management of Access Points, Security Appliances and Switches under a single menu. This new, more efficient design has been welcomed by Meraki customers with wired and wireless networks sharing common user bases, enabling the engineer to work on more than one product type at a time, potentially across multiple sites.
In order to take advantage of grouping products together in this way, it makes sense to also combine the configuration of features common across more than one product type. To address this, our design team migrated common settings to a unified menu label named ‘Network Wide’, which looks like this:
Before we take a look at the new combined policy configuration screen, it’s worth refreshing the distinction between network-side settings and client-side policies. When the intent is to affect user behavior for all users of a network segment, network-side settings are the way to go. These will apply to all wired clients connected through a Security Appliance, or to a specific wireless network (SSID).
For example, it may be desirable to apply traffic shaping rules for video and music streaming services to all clients, network-wide, who connect to a guest SSID.
Policies, on the other hand, are designed to apply client-side to selective groups of users, typically identified either through a user authentication process, or through their devices, by fingerprinting device communications. The emphasis shifts to controlling the user experience for both wired and wireless connections for these select users or devices.
A client-side policy might choose to put all wireless financial data onto a specific VLAN with access to secure servers during normal office hours, and block Social Networking for both wired and wireless at the same time. This can now all be configured using the new combined Group Policies page, which looks like this:
The dashboard is continually evolving and improving, based in–part on the feedback we receive through the Make-a-Wish box on every dashboard page. This is just one example of a small change which helps make managing group policies on a modern unified access layer network more intuitive. There’s always room for improvement, so stay tuned as we announce further tweaks and enhancements.