Archive for October, 2017

Todo sobre Cisco Live Cancún

Para los miles de administradores de red que asisten a la gran conferencia cada año, Cisco Live es el mejor lugar para conocer las últimas innovaciones de la compañía de redes más grande del mundo. Para el equipo de liderazgo de Cisco, es una gran oportunidad para anunciar alianzas con compañías como Apple y para compartir excelentes noticias como en el caso de Cisco Meraki.

Cisco Live! Cancún 2017, se llevará a cabo del 6 al 9 de noviembre en la Riviera Maya en el Hotel Moon Palace. Se espera la asistencia de 5.000 personas quienes tendrán acceso a capacitación y entrenamientos de primer nivel sobre productos, soluciones y tendencias así como certificaciones en tecnologías de Cisco®

Este año Cisco Meraki va con todo… Contaremos con  8 demostraciones en nuestro stand, 4 cámaras instaladas con video en vivo en el Campus de Cisco, celebración para clientes ¡Salud con Meraki!  y una gran cantidad de sesiones:

  • Meraki SD-WAN – Caso de éxito: martes 7 de noviembre | 11:20 AM – 11:35 AM  por Leonardo Sambrana 
  • Meraki para educación – Caso de éxito: miércoles 8 de noviembre | 2:00 PM – 2:15 PM por Hans Velez
  • Aplicando una cultura de desarrollo ágil (Sesión ITM) – miércoles 8 de noviembre | 11:25 AM a 12:05 PM por Todd Nightingale SVP Meraki 

Sesiones técnicas

  • 9:30 AM – 1:30 PM SD-WAN con Meraki Sala Alfa – Martes 7 de noviembre por Mauricio Martínez
  • 9:00 AM – 1:00 PM SD-WAN con Meraki | Sala Alfa – Miércoles 8 de noviembre por Juan Cervantes
  • 9:00 AM – 1:00 PM Meraki Cloud Services Automation a través de API | Sala Gama – Miércoles 8 de noviembre por José Rojas
  • 2:30 PM – 6:00 PM SD-WAN con Meraki | Sala Alfa – Miércoles 8 de noviembre por Victor Hernández
  • 4:15 PM – 6:15 PM Cámaras de seguridad Meraki MV como sensor para inteligente | Sala Tulúm 09 – Miércoles 8 de noviembre por Matthew Marston 
  • 9:30 AM – 11:30 AM Meraki SD-WAN: una solución global para la red distribuida | Sala Tulúm 14 – Jueves 9 de noviembre por Jhonnerys Ottenwalder Peña

Para estar más informados sobre #CiscoLiveCancun2017 lo invitamos a seguirnos en Twitter @MerakiLatam y a conectarse para disfrutar la transmisión en vivo en Ciscolive.com/latam del 6 al 9 de noviembre.

Cisco Live! se realiza anualmente en cuatro ciudades en el mundo: Las Vegas, Barcelona, Melbourne y Cancún. Cisco Live! Cancún 2016 reunió más de 5,100 profesionales de 48 países que tuvieron la posibilidad de asistir a 150 sesiones técnicas; 80 partners participaron en el World of Solutions y Cisco ofreció más de 100 demos en el Cisco Campus.

Para mayor información sobre Cisco Live! Cancún, el evento líder en educación y entrenamiento para profesionales de TI por favor visite www.ciscolive.com.

E-rate: Trick or Treat?

pumpkin-768x449

Applying for E-rate can be tricky at times. With its complicated processes and strict form deadlines, it can feel like you applying for funds that are sometimes difficult to get. Rest assured though, there really are funds at the end of the E-rate rainbow for you to take advantage of ($3.9B worth, to be exact). Wouldn’t you like to treat yourself to some of those dollars to improve your network infrastructure?

Think of all of the crazy network advancements you could make with $3.9B… bandwidth of 100 Mbps per student perhaps? A network so secure, not even Alan Turing could hack? So many network policies in place you never had to answer a help-desk ticket or troubleshoot a problem again? Though these ideas may be a little far-fetched, you can still use your piece of the E-rate pie for Cisco Meraki to get you closer to having your IT wishes granted.

Imagine being able to centrally manage your entire network from one simple interface. The Meraki dashboard puts the network at your fingertips, from quickly configuring hundreds of high-density access points, to traffic shaping your students’ music streaming apps, it gives you complete visibility into your network without needing specialized training. Cisco Meraki is specially designed for K-12 environments in a few key ways:

  • Meraki MR wireless access points are designed for high-density classroom environments — so all of your second-grade students can stream educational YouTube videos on their iPads, while your fifth- grade students can take standardized tests without any downtime or interruptions.
  • Meraki MS switches are built to scale to support school districts of all shapes and sizes. Whether you have one location to manage or a hundred, you can remotely configure your network without being on site.
  • Meraki MX security appliances enable you to create and maintain CIPA-compliant networks, which are mandatory for E-rate funding, so that you can sleep soundly knowing that student data remains protected and secure.
  • By deploying a full stack of networking products that are easy to deploy and manage, you get back time to focus on projects that are important to you, allowing you to keep your school(s) on the cutting edge of new technology.

Treat yourself to Meraki! Our access points, switches, and security appliances and licenses are eligible* for E-rate funding. Learn more about our eligible E-rate solutions. To get a deep dive on our solutions for K-12, and specific product offerings, attend an upcoming live webinar. And don’t forget to get started with your E-rate application today!

* MX Advanced Security Licenses are 50% eligible; SM licenses and MC/MV hardware and licenses are not E-rate eligible per Funding Year 2018 eligible services list.

Expanding the Switch Portfolio

We are pleased to announce that we have expanded our switch line to include new models designed for small office and home office customers.

For years, Cisco Meraki’s cloud-managed switches have provided network administrators with an unprecedented level of visibility and control to manage their deployments. While we already offer a wide variety of switching options for campus and enterprise networks, we wanted to introduce the benefits of cloud networking to a greater range of customers across new price points.

New Meraki customers will gain access to innovative network solutions like an entirely GUI-based management platform and firmware updates from the cloud to ensure network stability.

For organizations looking to purchase new switches, there has never been a better time to learn more about cloud-managed IT.

 

MS120-8 Compact Switch

The MS120-8 is our compact access switch designed for flexible and rapid deployment at branch and campus locations. We adopted a fanless design for the non-powered and PoE models, enabling completely silent operation as you work alongside the device on or near your desk.

Features of MS120-8:

  •       2 x 1G SFP uplinks
  •       New Low-Powered (LP) Model
  •       Layer 2 access switch
  •       Fanless
  •       External power supply (non-powered, LP models)
  •       Integrated mounting plate

 

MS120 24/48 Port Switch

The MS120 line is designed for widespread deployment in networks of any size. The large switch port capacity on the 24- and 48-port models allows network administrators to take advantage of the growing number of IoT devices found in the modern workplace, including IP-connected phones, cameras, and security systems.

Additional features of MS120-24/48:

  •       4 x 1G SFP uplinks
  •       Layer 2 access switch
  •       Internal power

Reach out to our sales team to learn how our new switches can enhance your network.

Bringing IT & OT Together to Solve Manufacturing Challenges

IT-OT convergence in manufacturing

While numerous technologies are involved in helping manufacturers embrace the possibilities of Industry 4.0 — in essence, the “smart factory” — simple network management and top-notch network security are at the core of next-gen manufacturing. That’s why CIOs and COOs alike have prioritized establishing rock-solid, easy-to-manage and simple-to-scale networks.

Here a few ways deploying Cisco Meraki technology in the factory and beyond can help manufacturers drive process improvements and become more competitive.

Minimize Production Downtime

Every manufacturer recognizes the damaging impact that production downtime can have on manufacturing operations. Just a few minutes of downtime can cost large enterprises thousands or even millions of dollars, making constant uptime a key priority for decision makers in both the IT and OT departments. Meraki helps minimize downtime by simplifying remote network management, helping admins respond quickly to potential issues, and by staving off dangerous security threats.

Traditional networking infrastructure relies heavily on on-site management. And a solid network is key to preventing downtime, especially with so much production equipment being interconnected. Since maintaining an on-site IT staff at every location can be cost-prohibitive, the ability for a central IT staff to manage networks from anywhere can make a huge difference. With Meraki, admins can use real-time tools built into the dashboard, such as remote packet capture and cable testing, to identify and diagnose issues before they cause major network problems.

Additionally, as Internet-connected manufacturing equipment is increasingly embraced by IT and OT staff, a constantly updated unified threat management (UTM) system is crucial to keeping malicious cyber threats from infecting production equipment. Other features available with the Meraki solution, such as Auto-VPN and SD-WAN, help manufacturers achieve 24/7 uptime and connectivity at all sites.

Enable Mobility — Without the Headaches

In the manufacturing world, mobile technologies present an amazing opportunity to modernize production by giving plant managers and executives immediate access to real-time production information, such as production output and inventory numbers. While manufacturers absolutely should embrace these opportunities for greater information sharing and collaboration, it’s crucial to provide the right infrastructure for mobile devices. Centralized management helps ensure that devices are used to their fullest potential, without interfering with the production process. This requires deep conversations between the IT and OT departments.

Such collaboration may, for example, reveal the opportunity to integrate certain apps with production equipment. Company executives can use the resulting data to meet customer demand. Pushing the app to the right devices, configuring it correctly, and training employees on how to use the app are shared responsibilities of both departments. Meraki Systems Manager, Cisco’s enterprise mobility management (EMM) solution, can help IT seamlessly push apps and keep them updated. Systems Manager can also help manufacturers meet certain requirements for mobile device usage, whether by disabling mobile device cameras on confidential production line environments, locking devices to a single app, or preventing access to confidential data if a mobile device is taken outside of the production facility.

In many ways, manufacturers share the same opportunities and challenges as any other company when it comes to mobility. The BYOD (bring your own device) phenomenon has allowed all kinds of enterprises to make their employees more productive, even though security concerns are always present. Similarly, manufacturers can benefit heavily from enabling mobility, but using the right management tools is crucial to maximizing the benefits while minimizing the headaches.

Minimize Waste

The bane of every manufacturer’s existence is waste, whether it’s wasted time, wasted effort, or wasted materials. Even though eliminating waste entirely is a utopian ideal, the prevalence of automated machinery and other advanced technology that provides insight into production activity serves as evidence of manufacturers’ deep interest in minimizing waste. Making further progress on minimizing waste requires IT and OT to collaborate.

Why does IT-OT integration matter for waste minimization? Because waste — like many of the challenges manufacturers face — is too large of an issue for a single department to address. While waste in manufacturing occurs mainly on the OT side, expecting OT to wave a magic wand and minimize waste on its own is unrealistic in the interconnected factory of the 21st century. In fact, OT needs IT to deploy the right technology and connect the right teams with the right information to properly address waste. From a network connectivity standpoint, IT can minimize energy consumption using Meraki switches by applying schedules to certain switch ports. For instance, IT can automatically turn PoE devices off at specific times if 24/7 operation isn’t required. The aforementioned ability to centrally manage multiple networks through a single dashboard also helps prevent waste by minimizing the need for on-site maintenance.

Perhaps the most interesting application of Meraki technology in manufacturing from a waste minimization standpoint is the use of Meraki MV cameras as a sensor to intelligently monitor processes on-site. The ease of deployment and simple monitoring capabilities of the Meraki MV cameras are just the start; the cameras also allow IT and OT personnel to use motion heat maps to see movement on the factory floor and eliminate the need for an NVR (network video recorder) to save costs. Noosa Yoghurt, a leading manufacturer of yogurt in the United States, deploys the Meraki MV to mitigate product loss and help employees keep track of activities across the factory floor. (Check out Noosa’s story here.)

Closing thoughts

IT and OT may previously have been content to occupy two mindsets (and two different parts of the building), but Industry 4.0 requires that they come together to address key challenges manufacturers face today, including downtime, mobility, and waste. With Meraki technology, manufacturers can decrease costs, reduce waste, improve efficiency, and increase visibility of operations across the manufacturing plant. Ultimately, Meraki aims to simplify powerful technology and help IT focus on more strategic goals — which in manufacturing includes close collaboration with the OT team.

To learn more about how Meraki helps manufacturers, check out the Meraki for Manufacturing page.

Critical 802.11r vulnerability disclosed for wireless networks as part of KRACK vulnerabilities

Several critical new security vulnerabilities (generally known as Key Reinstallation AttaACKs, or KRACKs) have just been announced that affect wireless networks using either a pre-shared key (password) or 802.1x (centralized authentication via a server) to authenticate users. Nine of these vulnerabilities require client operating system updates to patch user devices like laptops, mobile phones, tablets, etc. (Microsoft has released a patch at this time). However, one vulnerability in particular affects most wireless vendors — including Cisco Meraki — and targets Fast Secure Roaming (a.k.a Fast BSS Transition, or FT) capabilities inherent in the 802.11r protocol.

Meraki has already identified at-risk customer networks that actively use FT and has deployed a firmware patch* to address this vulnerability. Affected customers can receive this patch via a seamless cloud update. We strongly urge any customers opting out to disable 802.11r on their networks.

Regardless of opt-out preferences, all Meraki customers can easily schedule — or directly apply — the latest wireless firmware via the Firmware Updates page in the Meraki dashboard.

We encourage Meraki customers who are not vulnerable (i.e. do not actively use FT capabilities) to also upgrade to the latest firmware, ensuring protection in the event 802.11r is enabled in the future. Again, these customers can opt to manually deploy firmware via the Firmware Updates page.

Once patched, customer networks can safely make use of the FT capabilities of 802.11r.

What is the attack, and were you affected?

802.11r is a standard for improving the roaming experience of wireless client devices as they physically move about a given network and, by virtue of distance and signal strength, automatically associate and disassociate to various access points (AP). Associating to a new AP takes time, thanks to necessary authentication. FT speeds up the authentication and association process for roaming clients — helping to protect against packet loss and poor performance in applications like VoIP calls or streaming content.

CVE-2017-13082 details potential exploits using the newly-disclosed FT vulnerability. Essentially, an attacker can expose sensitive information exchanged between a client device and a wireless access point by taking advantage of the fact that replayed frames aren’t accounted for when establishing a connection using FT. This allows an attacker to replay data sent to an AP, including sensitive encryption key data — enabling that attacker to decrypt/forge wireless frames. In all cases, an attacker needs to be in close proximity to the AP or client under attack.

Only unpatched wireless networks that have enabled 802.11r functionality are at risk. Meraki has created a dynamic dashboard page to help customers quickly identify vulnerable networks. To view this page, navigate to Help > 802.11r Vulnerability Impact. This page will dynamically update network vulnerability status based on firmware applied and whether 802.11r is enabled.

To determine whether 802.11r is enabled for a given Meraki wireless network, navigate to Wireless > Configure > Access Control in the Meraki dashboard, and look under Network Access:

 

Disabling 802.11r

802.11r is disabled on this particular wireless SSID.

We strongly urge all customers to verify that they are either patched to the latest firmware version* or that they have disabled 802.11r. Our technical support staff is available to assist with any questions or concerns you may have.

For additional details about the attack and our updates, please refer to our public facing FAQ.

For more technical information, please see Cisco’s Product Security Incident Response Team (PSIRT) vulnerability disclosure.

* The latest, secure firmware version for most MR models is MR 24-11; customers deploying MR33s, MR30Hs, or MR74s, must update to firmware version MR 25-7.

 

Posted in Company Blog | Comments Off on Critical 802.11r vulnerability disclosed for wireless networks as part of KRACK vulnerabilities

The Evil Twin

Screen Shot 2017-10-10 at 1.31.26 PM

Introduction

This is the third in a series of blog posts that focus on wireless security and technology.

Most of the devices we use every day, like smartphones, laptops, and tablets, use wireless LAN as their default mode of connectivity. WLAN also provides connectivity for the next generation of internet of things (IoT) devices, such as security cameras, smart home hubs, and connected speakers. This means that sensitive data others might want to access is being transmitted over the air.

This post will detail how an organization might be targeted and what they can do to combat these types of threats.

What is an Evil Twin?

In its simplest terms, an “evil twin” is a rogue access point masquerading as an access point that’s part of your corporate infrastructure. This is also sometimes referred to as a “honeypot.” There are a number of ways a device can act as an evil twin:

  • Spoofing – When an access point (or, more generally, a wireless station) that is not part of your corporate infrastructure masquerades as an access point that forms part of your corporate infrastructure. This can be done by “spoofing” the MAC address (BSSID) of the advertised SSIDs in your wireless network (like we discussed here).
  • Honeypot – When a wireless station listens for beacon frames from wireless clients in its vicinity and then spoofs the SSID those clients are looking for. This takes advantage of the fact that 802.11 clients with their WLAN adapters enabled but not connected to a wireless network will periodically beacon for all the SSIDs they have previously connected to and remember. This means that even if you are on a flight cruising at 35,000 feet, if you’ve left your WLAN radio on, your smartphone or tablet will be periodically “asking” if your corporate or home network is there. A honeypot wireless device will then respond to these frames pretending to be the SSID you are asking for. Depending on the configuration of the honeypot device and your wireless client, your wireless client could then authorize this network and attempt to gain access to data services.

Screen Shot 2017-10-10 at 1.31.41 PM

Should you be worried?

Well, yes!  These modes of operation are, for the most part, malicious in nature and incredibly disruptive to business. There are multiple wireless hacking/cracking tools that operate in the modes described above. They exist typically for the sole purpose of capturing/exfiltrating data either in clear text or encrypted format (to be worked on at a later time).

Next, I’ll walk you through the operation of such a tool, specifically the “WiFi Pineapple” from the HakShop, a California-based company offering penetration testing tools and techniques.

What’s a WiFi Pineapple?

Screen Shot 2017-10-10 at 1.32.00 PM

This is my WiFi Pineapple, there are many like it, but this one is mine.

A WiFi Pineapple is a common, easy to use tool wielded by wireless penetration testers. It leverages open-source software packages and runs using a custom version of the open-source Linux operating system, just like Cisco Meraki. However, a WiFi Pineapple puts them together in an intuitive package and includes a graphic user interface so they are easy to configure, kind of like the Meraki Dashboard does for wireless networks, meaning you don’t have to be a security expert to use it.

Screen Shot 2017-10-10 at 1.32.14 PM

In order to make the WiFi Pineapple act as a Honeypot all you need to do is follow these steps:

1. Connect the pineapple to a network – presuming you want to be able to offer data services to the clients you trick into connecting to your pineapple, you first have to give them a way of accessing those data services. With the pineapple you have three options:

A) Wireless Network – as the pineapple in the image below has two wireless radios, I can actually connect it to a wireless network, like a public one at a coffee shop.  

Screen Shot 2017-10-10 at 1.32.39 PM

B) Wired Network – the pineapple has a wired Ethernet connector, meaning this could be plugged directly into your switch or another switch infrastructure.

Screen Shot 2017-10-10 at 1.32.59 PM

C) Cellular Network – the pineapple has a USB port that can be used for cellular 3G/4G USB modems, similar to a Meraki security applianceThe pineapple can then “bridge” these wireless connections from unsuspecting clients to that SSID. This is very important, as your wireless device (e.g. your smartphone) can connect to what it thinks are known wireless networks while it’s still in your pocket. The device could then access the apps you have enabled on your device, like email and social networks, all without your knowledge.

2. Configure beacon frame behavior – the pineapple can be configured to look for and respond to all beacon frames, which can be thousands and thousands, or it can just respond to specific SSID beacon frames if the attack is more targeted.

Screen Shot 2017-10-10 at 1.33.13 PM

3. Decide what you want to do with the data you receive – finally, the pineapple can be configured to bridge this data with duplication if you are passively testing a network, or it can be configured to divert the encrypted flow of data off to a file or network location, using the tcpdump architecture that is present in all Meraki network devices:

Screen Shot 2017-10-10 at 1.33.28 PM

Screen Shot 2017-10-10 at 1.33.51 PM

What should you do?

Sounds bad, doesn’t it? The above details the trusting nature of network devices and the 802.11 protocol in general. But it’s not all doom and gloom: Meraki’s Air Marshal WIPS service that we’ve discussed here tells you when you see things like this happening in or near your corporate environment.  

Why can’t Air Marshal just block them?

If Air Marshal did block the SSIDs being advertised by these types of devices, then we could also potentially block legitimate corporate access points that are under someone else’s administrative control. Air Marshal shows you which access points in your infrastructure are being spoofed:

Screen Shot 2017-10-10 at 1.34.09 PM

The best solution from here is to go mobile and use a WiFi scanning application on either a laptop or Android smartphone/tablet, to ascertain where the offending device is.

Screen Shot 2017-10-10 at 1.34.20 PM

Screen Shot 2017-10-10 at 1.34.34 PM  

This will likely take multiple passes before you can authoritatively say what the source of this threat is. Once you have identified the threat, you can then choose the appropriate course of action to take. For most organizations, that means “eliminating” the threat. So, if it’s an unattended device disconnected from its network and power, or if it’s a person in or near the building, either escort them from the premises or contact the authorities.

Conclusion

The bad news is that there’s no silver bullet that fixes this problem. So, the tried and trusted advice is to be vigilant and leverage the techniques and tools we have highlighted in this post. The Meraki dashboard also allows you to configure alerts, so if your email starts to look like this…

Screen Shot 2017-10-10 at 1.52.36 PM

…then either you are undergoing a wireless penetration test or you need to do some investigating!

References

https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal
https://meraki.cisco.com/lib/pdf/meraki_whitepaper_air_marshal.pdf
https://meraki.cisco.com/lib/pdf/meraki_datasheet_airmarshal.pdf
https://documentation.meraki.com/MR/Monitoring_and_Reporting/Air_Marshal_Containment
https://documentation.meraki.com/MR/Monitoring_and_Reporting/Mitigating_a_Spoof

 

Office Spotlight: Meraki Sydney

Written by Tanya Marcinkus

IMG_2177

Different city, same Meraki!

There’s a long list of reasons why many of us affectionately call Meraki our second home, but I’ll give you a quick rundown of what makes the Sydney office a unique experience, and awesome place to work.

I’ll start with the real wow factor when you walk into our lobby: the view. We’re 21 levels up, with panoramic views in all directions, from the harbour to the Blue Mountains. Located in the heart of the city, our office has become a vibrant hub where we showcase our technology and culture to customers, partners, and friends locally and from abroad.

32_1_2

The office exterior in all its glory

As the sole office for the region, we support all of Asia Pacific; everywhere from Japan, to China, India and New Zealand. In 3 years we’ve grown from a handful of employees to 80, with about a third of the team having migrated from other countries – many specifically to work for Meraki. You commonly hear ‘ohayou gozaimasu’ in the mornings (Japanese for ‘good morning’) you’ll find treats brought in from all over the world, and our daily lunch caterers aim for authenticity when it comes to the many cuisines we enjoy together.

JamesAmbrose-8592

Taking a moment to pose for the camera at our sunny holiday party

In embracing our diversity, we always have something to look forward to on the calendar – whether it be Chinese New Year or Halloween – in addition to our end of quarter and milestone celebrations. We value how close-knit we’ve become from our communal lunches, events, and activities, and we care about creating a welcoming workplace for all who join the Meraki family.

IMG_2471

Haircuts at the office!

While we’re closely connected to our US headquarters, many of our roles operate autonomously to grow out our region. This requires each of us to be finely in tune with the various parts of our business, collaborative in our approach, and at times, willing to jump in the deep end to see if our ideas sink or swim. It’s an exciting time, and pretty special to be a part of a team with such a wealth of experience, dynamism, and drive.

There’s a saying: “teamwork makes the dream work”, and I believe we’re a testament to this. The office may be growing rapidly, but our culture is strong and stands apart from anywhere I’ve worked before.

Posted in Company Blog | Comments Off on Office Spotlight: Meraki Sydney

3 Challenges MSPs Face in Expanding their Service Offerings

Consultative

When managed service providers (MSPs) first burst onto the scene in the 1990s, they typically only provided break-fix support for a limited number of services, like printers, anti-virus, and networking, to small- and medium-sized businesses. Since then, as the number of cybersecurity threats has grown and the “bring your own device” phenomenon has increased in popularity, SMBs’ needs have also diversified. No longer are SMBs content to have their MSPs fix things when they break; SMBs now expect you to provide more proactive, consistently managed services.

One constant challenge MSPs have faced is evolving and expanding their service offerings. Clients want their MSPs to serve as a one-stop-shop for all things IT, but with clients unaware of which services they actually need and MSPs flummoxed at the difficulty of managing tons of vendor relationships, this kind of service expansion is easier said than done.

Below are a few reasons MSPs find it difficult to expand their service offerings, along with actionable approaches you can take to address these challenges and serve your clients in the best way possible.

1. Lack of client interest

Small business owners with fewer than 10 employees typically enlist the help of MSPs because they’re laser-focused on growing their business rather than on managing the technology they use everyday. MSPs, happy to oblige, often deploy and administer new solutions, from networking to backup and disaster recovery services, without educating their clients on why these technologies are actually important.

Though MSPs often mean well — “why should I bother educating my clients when they want me to be their tech expert?” — leaving clients in the dark has a critical downside. Lack of client input on which solutions are deployed and how they’re managed can make clients feel like they aren’t being listened to and that their particular needs aren’t being considered.

More importantly, taking the time to educate clients can actually spark conversations about problems and solutions that otherwise wouldn’t have come up.

Say, for example, you tell your clients about the importance of network security to defend against ransomware. That conversation may cause a concerned SMB business owner to ask, “What if ransomware infiltrates one of my employee’s devices when it’s not connected to the secure corporate network?” This would be the right opportunity to explore a potential solution to such a situation — perhaps an enterprise-grade managed backup solution with the ability to roll back the entire file system to a time before the ransomware hit.

Congratulations: by enlisting a consultative approach, you’ve gotten a client interested in additional managed services, without even having to bring it up yourself. Helping clients understand why new types of managed services makes sense makes it much easier for MSPs to justify expanding their service offerings and generate demand for them.

2. Fear of overextension and appearing unfocused

When first establishing themselves, most managed service providers focus on a single niche (for example, providing stellar data protection services). Over time, this focus helps successful MSPs slowly establish a steady roster of loyal clients, but it can also lead MSP business owners to believe that expanding into new types of services is a risky and unwise move. After all, what kind of business owner would want to risk diluting their brand and causing their clients to worry about less-than-stellar customer support?

In order to prevent customers from thinking that adding more managed services to your portfolio is akin to overextension, group these additional services under single “umbrella” solutions. To keep the earlier example going, say you already provide clients with data protection services, like backup and disaster recovery, and want to add networking to your managed services portfolio. Normally, these solutions may not seem similar, but if as a part of the networking stack you implement a network security solution like a managed firewall, you can group both the solutions under the umbrella of “security.”

In this way, you still appear focused, even as the addition of more managed services increases the depth of your expertise and helps differentiate you among other MSPs.

3. Difficulty in multi-service and multi-tenant management

It’s not easy being an MSP business owner. Between dealing with technical emergencies and trying to build a business from the ground-up, there are a lot of tasks to juggle and often too few hours in the day to get it all done. Some MSPs find expanding their service offerings to be more trouble than it’s worth because of the difficulty involved in working with multiple vendors and multiple clients with varying needs.

Dealing with multiple vendor relationships often proves challenging for both administrative and technical reasons. For every new vendor, there’s a new account rep to keep track of, a new support system to navigate, and new contract/licensing terms to abide by. That makes new vendor relationships difficult to manage from a purely logistical perspective. From a technical standpoint, every new system has a different dashboard or commands used for setup and configuration. Managing disparate solutions adds needless complexity and can quickly suck up time, especially if a solution requires on-site management.

Since most clients require different IT managed services, dealing with multiple vendor relationships is usually a necessary evil. That is, of course, unless you partner with a vendor that offers multiple IT services managed under a single pane of glass.

Cisco Meraki helps managed service providers deploy a complete suite of IT solutions to their small business clients without having to deal with multiple vendors or proprietary command line-based interfaces. Meraki offers cloud-managed access points, switching, security appliances, telephones, video cameras, and even enterprise mobility management, all managed through a cloud-based dashboard. With Meraki, MSPs have the choice of managing everything for their clients or giving more technically-inclined clients limited control through a custom-branded dashboard.

Download the MSP Dashboard white paper to learn how Meraki makes it simple for MSPs to offer cloud-managed IT services to their small business clients.

Tags:
Posted in Company Blog | Comments Off on 3 Challenges MSPs Face in Expanding their Service Offerings

One partnership, 46 stores, and the Meraki Full Stack

For more than 20 years, Samuel Robinson has been managing the network for Goodwill Industries of South Florida. He and one other technician oversee voice, networking, and communication for a network that spans 46 stores, over 500 network devices and over 3,200 guests and employees on the network.

Goodwill Industries of South Florida Dashboard

Goodwill Industries of South Florida Dashboard

During the majority of his time at Goodwill, they didn’t have any wireless solutions. “I just haven’t trusted wireless systems enough to set them up,” explained Robinson. That is, until Cisco Meraki came into the picture. Soutec, their partner, brought Meraki solutions and provided a full demo of the Meraki product suite, including the centralized dashboard.

From left to right: Zuo Wang, Engineer at Soutec, Pedro Colmenares, Account Executive at Soutec, Julian Pinzon, Managing Director at Soutec, Sam Robinson, IT Manager at Goodwill of South Florida.

From left to right: Zuo Wang, Engineer at Soutec, Pedro Colmenares, Account Executive at Soutec, Julian Pinzon, Managing Director at Soutec, Sam Robinson, IT Manager at Goodwill of South Florida.

Robinson was about to begin a major project to upgrade the network infrastructure at all 46 stores. The ease-of-use and quick deployment helped Robinson make an easy decision to go with Meraki.

Access_Point

Robinson started with MR access points to improve overall monitoring and management of in-store bandwidth usage. Goodwill has set up bandwidth limitations at download restraints to protect their network from employee misuse. By using MR traffic shaping rules, they are still able to provide internet access to guests that visit the stores. With those policies in place, Robinson can start to leverage other MR features like Location Analytics, which leverages built-in Bluetooth capabilities, to better understand guest and visitor behavior. This data can inform business decisions and help improve in-store processes.

After getting his feet wet with the APs, Soutec introduced Goodwill to the MX firewalls and MS switches. Now, almost every store is equipped with a full stack of Meraki gear.

Pictured on the left: Goodwill store equipment. Pictured on the right: Goodwill HQ equipment.

Having in-store internet is very important to Goodwill. The MX security appliances provide redundancy for their internet connection with the 4G cellular failover feature built into each device. This allows traffic to automatically redirect through a 3G/4G USB modem should the connectivity ever go down. With this, Goodwill is able to guarantee an internet source that keeps stores running.

Today, Goodwill Industries of South Florida has fully embraced Meraki MR, MS, and MX cloud-managed networking solutions at all stores and corporate offices. So what’s in store for the next deployment? Robinson is exploring the enterprise mobility management solution, Systems Manager, for in-store tablets and devices. Meraki solutions enable any retail organization to maintain a PCI compliant network and as a retail organization, that is essential for mobility and wireless management. With Systems Manager, Robinson can continue to be proactive and enforce security policies, application management, and more, to accelerate technology and innovation across Goodwill stores. And when questions arise, he reaches out to Soutec, who “seem as though they’re with Meraki. They’re like an extension of Meraki and help with any issues that come up.”

Read the full Goodwill of South Florida case study here.