Although Rovio Entertainment, an entertainment media company, is based in Espoo, Finland, their 700 employees are scattered around the world. “The company is producing mobile entertainment products and all devices, including employees’ devices, are heavily dependent on wireless network performance in their daily work,” explained Kalle Alppi, IT Director for Rovio Entertainment. With such a heavy reliance on WiFi, having a reliable and robust network is crucial to their business; however, the IT team consists of just five people to manage the network and provide on-going support for this growing team.
However, the previous network was pieced together using systems from various wireless providers, each with their own management style and each lacking visibility. A cloud-based solution would provide the IT team with added flexibility in handling a distributed, world-wide deployment without having to be on-site to diagnose issues or perform basic maintenance.
Alppi deployed both 802.11n and 802.11ac models in a test environment to assess their coverage and user experience. With 3x faster wireless speeds using enhanced modulation, double the channel bandwidth, and radios dedicated to 2.4 GHz clients, 5 GHz, and dual-band security radio, the Meraki MR34 802.11ac access points were an easy choice.
“With Meraki we got a unified view of all our wireless networks, improved security, performance, and analysis tools to support our business.” – Kalle Alppi, IT Director
Alppi and his team deployed the Meraki wireless solution in 4 countries and the equivalent of 17 office floors. For the main office, it took the team two days to configure and install the devices and just a single day at each of the other office locations. “The physical installation was quick and straightforward,” Alppi explained. “The devices are deployed to the main floor switches with several VLANs configured through single 1GB connections.”
The benefit of this being a cloud-based solution is that at any point during the physical on-site deployment of the devices, the team could configure the network settings in their Meraki dashboard. To optimize network performance and create a secure environment, guest traffic flows through an isolated VLAN on a segmented SSID, while corporate traffic has been divided between SSIDs based on user and device type.
Each of the SSIDs can additionally be customized with per-client bandwidth limits, Layer 3 firewall rules, Layer 7 application firewall and traffic shaping settings, as well as a variety of other optimization settings. The granular settings enable the Rovio team to throttle down non-critical applications and prioritize those applications which are crucial to business operation. By monitoring network statistics and device usage, the team was able to fine-tune configurations in the weeks following the deployment, ensuring optimal performance and happy users.
Rovio has grown significantly over the years through acquisitions and new projects like Angry Birds Playground, which is focused on bringing fun to education.
Rovio is also taking advantage of Meraki’s mobile device management platform, Systems Manager, on the company’s Windows and Mac OS X laptops. Systems Manager permits the IT team to keep an inventory of issued devices, remotely push applications, set device-based restrictions, and enforce security policies – all from the same dashboard used for managing the wireless network.
Because each location is visible in the unified dashboard, Alppi and his team are able to remotely ensure that each site has the proper settings, while also gaining deep visibility into how bandwidth is being used by application, user, or device type and making adjustments as needed with just a few mouse clicks.
You can read the full post and find other customer stories here!
Next week, members of the Cisco Meraki team will be heading to fabulous Las Vegas, Nevada to participate in Interop 2015. Designed to connect the IT community, Interop is an annual technology conference held in Las Vegas, London, and Tokyo. With a variety of speakers, workshops, and networking events, Meraki is very excited to participate.
If you happen to be at the event, come say hello! We will be at booth #1327 next Tuesday, Wednesday, and Thursday, April 28th-30th.
Hope to meet you soon! We’d be happy to give you a demo of our cloud managed network portfolio.
The Cisco Meraki dashboard has a little magic happening: on every dashboard page, there’s a small box where customers can make a wish for additional features or functionality on that page. We’ve covered wishes before in other blog posts, but want to highlight here how these wishes are turned into real dashboard tools.
What actually happens
When customers make wishes, those wishes are sent directly to our entire development team. Sometimes, an engineer sees a wish that intrigues her but she needs more context to understand what the submitter wants; other times, she may decide she loves the wish idea and want to develop it. In the former case, the engineer will reach out to the wish submitter for some additional insight or a conversation about the wish; in the latter case, the engineer may conceivably start working on the wish immediately—or schedule time to develop it.
Building a wish feature will often take at least a day or two. Then, the feature will have to undergo a code review by a team of engineers—and this can take as little as 3 days, depending on complexity. But several wishes are granted within a week or two of an engineer seeing the request.
Additionally, wishes get sent to our product team, who notice when specific wishes are requested several times. The product team will often use wishes to guide roadmap development, and so may reach out to engineers if there’s a critical mass of interest in a given feature.
Wishes do come true
As an example, here are three wishes that became real features of the Meraki dashboard.
1. Color-blind mode for the dashboard. Enabling a color-blind assist mode for viewing dashboard reports is a great example of the power of wishes. This feature, while important, is one that would likely not have been built based on sales traction alone. But after a wish, it became a reality. In fact, a few Meraki employees who are color-blind themselves make heavy use of this feature—so we’ve benefitted directly from the wish system ourselves!
What typical Meraki dashboard alerting looks like to those with normal vision.
What Meraki dashboard alerting looks like to those who are color-blind and who use the assist mode.
2. DHCP lease usage by VLAN. This is a slick feature in the MX Security Appliance’s local health and status page (Monitor > Appliance status). If you’re using the MX as a DHCP server, you can now gain visibility into IP address pool exhaustion on a per-VLAN basis.
3. Device configuration status. All Meraki gear receives seamless updates throughout the year for firmware and feature enhancements. Network administrators have always been able to schedule dates and times for these updates, and one wish that’s now in production is the ability to manually deploy updates directly from the local status page of any Meraki device.
So Meraki wishes really do come true, and they are an important part of our product development cycle! Wishes help us ensure we’re spending time building out features that matter to you, our customers, and they are a way for us to get critical feedback. So if you have a wish, make a wish—we’re listening!
Whew! 2015 is speeding by, and we know it’s easy to miss technical releases that could enhance your network. Not to fear, the Quarterly Update webinar is here! In this recurring webinar, we take the product managers for our wireless, switching, security, and MDM product lines, sit them down in a room, and give each of them about ten minutes to discuss what’s new and what’s to come.
You can view a recording of this past week’s quarterly update on our webinars page, and check out a brief overview of each product manager’s report below.
First: Wireless Update
To begin the Quarterly update, Matt, our wireless product manager, discussed the new MR32 and MR72 802.11ac APs with integrated Beacon technology. He shared details on how Bluetooth Low Energy (BLE) and Beacons are quickly becoming the opt-in alternative to WiFi for location services, and gave examples of how Beacon technology can be used for dynamic customer engagement. He also demonstrated some new radio tools in the Meraki dashboard, such as “auto” visibility and 5GHz channel width.
Matt, Wireless Wizard
Next up: MDM Update
Our Systems Manager specialist, Paul, explained the recent evolution of Systems Manager from two products (Standard and Enterprise) to one (Systems Manager). Existing Systems Manager customers can still take advantage of promotional pricing if they choose to update their platform. Reasons to make the switch to the full Systems Manager feature set include complete security and automation, network policies applied based on device status, and dynamic group assignment.
Paul, MDM Overlord
And then there was a: Switching Update
Lawrence kicked off his switching update with a discussion on the current state of the switching market. He stressed the unified wireless and wired management available with Meraki. With true unified network access, not only do you gain ease of use, but you can also reveal the previously hidden details of your network. He gave an overview of a year of new MS switching features, and dove into some particularly useful enhancements including network topology and ethernet power reporting.
Lawrence, Switching Maven
Last but not least: Security Update
Joe wrapped up this webinar with an MX security update. He gave an overview of the MX security appliance strong industry growth, and highlighted the benefits of Unified Threat Management providing one-stop security. He recapped this past quarter’s launch of the MX64 and MX64W, the industry’s first 802.11ac UTM. He also elaborated on some new IWAN features for the MX, including dual-active path, performance-based routing, and policy-based routing.
Joe, Security Pundit
There you have it! The second Quarterly Update. For more details, check out our webinars page for a PDF and recording of the live session.
With six sites spread throughout Ohio, Wisconsin, and Florida, you’d think it would be a challenge for a small IT team to monitor, configure, and troubleshoot an entire network from headquarters. In the case of Cohen & Company, a CPA firm, you thought wrong! With the remote management capabilities of the Meraki dashboard, centrally monitoring a healthy, intelligent network is easy.
Cohen & Company, a successful CPA firm, makes it their mission to help customers make the most of available financial opportunities.
Prior to Meraki, the Cohen & Company network was outdated and suffered from an unstable wireless connection. Their IT team was searching for a comprehensive solution with content filtering capabilities, as well as intrusion detection and prevention, when they heard about Meraki and decided to give it a shot.
Michael Tylicki, IT Infrastructure Manager at Cohen & Company, and his team were primarily responsible for testing the Meraki solution, and then rolling out a variety of MX security appliances and MR access points to all locations. The team preconfigured all hardware before sending it to the sites, where workers with no technical knowledge were able to easily install the new gear.
In line with their networking needs, the MX security appliance supplies built-in intrusion detection and prevention powered by Sourcefire. It offers secure site-to-site VPN between all sites, making it easy to safely share internal resources. Traffic shaping and bandwidth management are simple to configure, allowing their IT team to prioritize work traffic and limit, or even block, non-mission critical web applications. The automatic MPLS to VPN failover built into every security appliance has also proven beneficial, keeping the network uptime high and preventing voice calls from dropping.
The MR APs offer a reliable wireless connection for all Cohen & Company locations. The team has configured separate employee and guest SSIDs, with the employee network requiring 802.1x authentication and the guest network simply requiring a shared passkey. The team created a custom splash page for the guest SSID, and uses time-based policies and heat mapping in the Meraki dashboard to monitor how and when this network is accessed.
An overview of the Cohen & Co. organization in the Meraki dashboard.
In addition to the security appliances and access points installed at all branches, remote users and auditors also benefit from the Z1 teleworker appliance. With this portable device, employees working away from the office can still securely access the corporate network and any necessary internal resources. Cohen & Company also enrolls all company-owned devices in Systems Manager, the Meraki mobile device management offering, for monitoring and management purposes. Systems Manager offers IT the ability to manage software inventory, send alerts to users who are nearing capacity on their local drive, and remotely wipe devices in the event they go missing.
All the features and equipment mentioned above are managed together through a single pane of glass, within the Cohen & Company dashboard. It’s easy to get an instant and comprehensive overview of the entire network, and then drill into granular details if desired. Remote troubleshooting tools, such as packet captures and remote reboots, and instant email notifications help keep the network healthy, without the need for onsite IT.
To hear the full story, check out a recording of the webinar Michael hosted last week here. Keep an eye on our webinars page for more live customer presentations in the future!
Security administrators have a lot on their plates these days. Are my devices secure? Are devices running the appropriate apps? Are devices running apps they shouldn’t be? Could those apps or processes cause system wide vulnerabilities? The list goes on. Systems Manager has recently implemented a feature to help answer these burning questions, and also provide tools to remediate potentially threatening events.
Now Systems Manager has the ability to whitelist and blacklist applications on all device types, and if necessary quarantine those devices until the problem is resolved. This is accomplished via an addition to the Security Policies in Systems Manager. Security Policies allow admins to define a set of rules for client devices, and then determine whether clients are compliant or not with a given policy.
In the Systems Manager network below there are two different policies, ‘Secure’ and ‘MerakiSecure’, each with varying requirements.
These policies can check if a device has anti–spyware running, disk encryption enabled, a passcode configured, and much more. New to this list is the ability to take a look into the applications on the devices. We have added 3 features to security policies: mandatory running apps, application blacklist or whitelist, and mandatory applications. These new features allow a tremendous amount of visibility and control over what is happening on client devices.
With the mandatory running apps feature, admins can define processes that are required to be running on Windows and OS X devices. For example, admins can ensure a specific VPN client is installed and running. Admins can also filter for potential vulnerabilities such as devices that are running known malicious processes. These devices can be immediately identified across an entire fleet of clients and with the help of Systems Manager they can be quarantined by limiting their network access with group policy integration.
The client overview page below is listing all devices that are compliant with the MerakiSecure policy, and if they are not compliant we can see the reason/s they are failing. From here the administrator can decide how to deal with non compliant devices, by manually or dynamically applying Systems Manager profiles to set usage restrictions, or by quarantining devices on the network with group policy integration.
In addition to looking into applications on Windows and OS X devices, we can also do the same for applications on Android and iOS devices. The application whitelist and blacklist settings, along with mandatory applications, can be applied to all devices so we can simply enter ‘facebook’ to blacklist all apps named facebook.
Systems Manager allows various methods of defining apps in this field, such as using the complete app identifier, or use wildcards to specify all apps by a specific vendor. To get more detail on syntax options you can simply hover over the info bubble to the right of the setting.
This feature is available now in your Systems Manager network. We are excited to hear what you think of the feature, and how we can keep enhancing compliance policies to provide the best tools to secure devices in your environments. Keep us posted in the make a wish box.
In March we ran the March to 1000 promotion for new and existing subscribers to the Meraki blog. We saw an unprecedented number of people sign-up to receive news from the blog, and we easily surged past our target of 1000 subscribers. Thank you to everyone who participated and encouraged others to subscribe. We will shortly be announcing the winner of the competition and contacting them directly to arrange delivery of their shiny new MX64W and Advanced Security license. Keep an eye on your inbox to see if you have been selected!
Due to the number of new subscribers we achieved in March, we would like to run a smaller promotion for all subscribers to give more people a chance of receiving some Meraki love. At the end of April we will select ten of our blog subscribers to receive a limited edition Meraki t-shirt.
Modelled for us by Technical Evangelist and blog writer @merakisimon, this is the latest t-shirt design, currently only available to Meraki staff. If you are chosen at the end of April, we will ship you a shirt of your prefered size. Oh, we should add, terms and conditions apply.
If you have yet to subscribe to the blog, then this is a great reason to do so today. To subscribe, navigate to the blog homepage, click the ‘Subscribe’ button, and enter your email address. Existing subscribers can sit back and relax, as you will be automatically entered. Thanks again to all our readers, and if you have any comments or suggestions for the blog, please drop us a note on twitter @meraki.