If we asked you to name a Meraki product, which one would come to mind first? For most of you, odds are the answer isn’t the Z1 Teleworker Gateway (unless you’re cheating because you read the title of this blog post). While the Z1 is sometimes lost in the shuffle among its more physically imposing MX cousins, it stands on its own as a powerful enterprise-grade teleworker solution.
The Z1 offers a unique value in that it brings the Meraki dashboard to teleworker deployments, which by their very nature benefit enormously from the dashboard’s centralized management and monitoring capabilities.
Any teleworker solution has to meet three major criteria: it has to be easy to deploy, it has to scale, and it has to be secure. In this post we’ll explore how the Z1 addresses these challenges.
When deploying a teleworker solution, most administrators don’t have the kind of resources on-site that they would in a corporate location – after all, this is generally being installed in a user’s home. With the Z1, the only thing that the user needs to do is power the unit on and plug it into their ISP modem. Everything else can be done from headquarters by the IT team via the dashboard. This quote from a Z1 customer sums it up nicely:
“The fact that I was able to pre-configure [the Z1s] using Meraki’s cloud management and drop-ship them to users anywhere was awesome. Many of these users are not the most tech savvy people, so the fact that all I had to do was instruct them to plug in the power and plug in one ethernet cable and it just started working auto-magically was incredibly convenient.”
-Reddit user on /r/networking
Even VPN connectivity to headquarters is automatic – using Meraki’s AutoVPN technology, the Z1 can discover its configured VPN concentrator and build a VPN tunnel to it from anywhere. This is especially useful for traveling employees, since it means that they are never more than an ethernet cable (or USB cellular modem) away from their corporate resources.
Want to know how Cisco Meraki customers deploy the Z1? Here are a few examples:
One thing that administrators generally don’t want in their teleworker deployment is variety. The key to scalable management, especially for devices that are outside of the administrator’s physical control, is standardization. With an optional feature called configuration templates, multiple Z1s can use the same shared configuration. This drastically reduces the overhead involved in managing these remote devices. When a change is made to the template, that change is propagated to all of the networks bound to the template.
Wired and wireless access control
Security is critical any time remote devices are providing access to corporate resources. There are a variety of methods for managing wired and wireless access via the Z1, but the principal way is to use RADIUS authentication.
On the wireless side, this is accomplished with WPA2-Enterprise. Administrators can easily create a template with one corporate SSID on a VPN-enabled VLAN and secure that with WPA2-Enterprise.
Another SSID for personal use might be secured only with a passphrase. Different layer-3 and layer-7 firewall rules can be applied to these SSIDs to further augment security.
On the wired side, RADIUS authentication can be configured using built-in splash page functionality. The splash page is hosted in the Meraki cloud, so there is no need for the administrator to set up any servers or splash infrastructure.
Splash can be configured on a per-VLAN basis, such that users will only have to enter their credentials into the splash page in order to access the VLAN that is connected to the corporate VPN.
Tell me more, tell me more!