In October we introduced the new MR Advanced License and Upgrade License to provide additional protection on the Meraki MR.
But first, let’s take a step back and recall what DNS really is. It would be helpful to think of DNS as the phonebook of the internet. Every website has a specific IP address associated with it. For example, if Wells Fargo’s IP address is 220.127.116.11. DNS turns the human-readable address (wellsfargo.com) into a machine-readable address (18.104.22.168) and ensures that you always connect to the correct website. In this instance, Cisco Umbrella guarantees a user is safely routed to WellsFargo.com so that the user is not intercepted by someone else claiming to be Wells Fargo.
Globally, there will be nearly 549 million public Wi-Fi hotspots by 2022, a fourfold increase since 2017. In 2017, Wi-Fi accounted for 43 percent of traffic and is slowly becoming the primary means of connecting to the internet. It is estimated that with DNS layer protection, businesses could prevent between $150 billion and $200 billion in losses globally. DNS layer security becomes crucial in securing critical business traffic. However, network security has often been complicated, with multiple vendors, multiple licenses, and multiple dashboards leading to more problems than solutions.
Our new licenses offer customers an opportunity to buy Cisco Umbrella and Meraki MR with just one license. IT admins can now secure their wireless network by combining the power of Cisco Umbrella’s DNS layer security solution with the simplicity of the Meraki dashboard. The new MR Advanced and Upgrade licenses automatically enable Meraki-defined policies at the DNS layer across their entire network. With the new license, IT admins also get access to the industry-leading “Security Center” under the Meraki dashboard. This helps them gain granular visibility into blocked security events.
With Meraki MR and Cisco Umbrella, IT admins can protect users against internet threats like malware, ransomware, and phishing attacks by enforcing security at the DNS layer. This secures the “last mile” of a client’s internet connection, which can often be left exposed and vulnerable. The new licenses enable IT admins to deploy DNS layer security at scale, across multiple networks to create a simple and secure digital workplace.
Security is a top priority for people in IT. Everyone knows how important security is to an organization, its devices, and most significantly, its people.
While putting a firewall in your network is the first line of defense, another primary foundation to network security is the enforcement of access security policies. Permitting or denying access to specific resources establishes security in your network. For example, guests should not be able to access business servers. Organizations can have long lists of access policies, dictating who can access what. But how many organizations have a clear and concise policy list they easily understand, manage, and configure?
Access control lists are daunting in most environments. This is due to how access policies are built. Access policies are based on an IP architecture, where sources and destinations are defined by your network topology. While this works, IP-based access policies do not easily scale with large scale environments, businesses with distributed sites, and frequently changing organizations.
Most are familiar with policy lists that look something like this:
Would you be able to tell what these IP addresses represent? Is XXX.XXX.XXX.XXX your cloud server? Or the HR team?
The point is, it’s difficult to tell. It also becomes more troublesome as your business needs change, such as a growing business dealing with company acquisitions, a university expanding their campus with new sites, or a firm that’s redesigning their entire organizational structure. In every one of these cases, access policies must be re-configured to mirror the way the network topology changes.
What if access policies no longer needed to be dependent on network topology; no longer IP-based, and instead, based on the intent of the user, device, or service?
Today’s the day – we’re introducing Adaptive Policy.
*(Beta available H1CY2020)
Adaptive Policy is a new solution where revolutionary Cisco Security Group Tag (SGT) technology meets the most powerful Cisco Meraki switch hardware yet. This software feature addresses the shortcomings of traditional policy administration using Cisco SGT and the MS390. With Cisco SGT, numerical tags are used to profile users, devices, services, and time of access. Tags can be assigned using a RADIUS server like Cisco Identity Services Engine (ISE). When Cisco ISE is used, the tag is transmitted to all devices in the network — every packet is tagged and decisions based on the tag are made by the MS390.
How does Adaptive Policy actually work?
IT team creates an access policy whereby the sales team cannot access a product roadmap application.
When a salesperson connects their laptop to the network, Cisco ISE will authenticate the user using Active Directory, then assign a tag, let’s pretend, tag 4 for the salesperson. The MS390 will receive tag 4 sent from ISE and will then add the tag 4 to every packet coming the salesperson’s device. If the salesperson tries to connect to the product roadmap server, which only allows tag 5, the MS390 will deny the request. But let’s say the salesperson moves to the product team, the user profile changes based on Active Directory, and now this user can access the roadmap application without having to re-configure all the switches in the network.
This policy enforcement process has become scalable, effective, and automatic. Adaptive Policy utilizes Cisco SGT to determine traffic intent and can help scale and reinforce security for customers of any deployment size.
With Adaptive Policy, security is agnostic to network topology, making security orchestration and mass configuration changes consistent. Furthermore, instead of using IP addresses, we can now use natural language to determine how a policy is adjusted and implemented. Instead of seeing XXX.XXX.XXX.XXX, you’ll find yourself reading “Marketing team”.
Adaptive Policy is built with flexibility.
Adaptive Policy is a new feature built with a Meraki API-first strategy that will guarantee full consumption. Together with Cisco, we are able to provide interoperability with an open implementation of tagging, which means it won’t be tied to only one vendor. Thanks to Cisco SGT’s open and extensible technology, Adaptive Policy provides maximum potential across Cisco and 3rd party vendors, giving you flexibility for your networking needs.
MR customers can take advantage of Adaptive Policy too!
Customers who have Meraki MR access points (ac Wave 2 and above) but do not have the MS390 can still deploy Adaptive Policy. Under a hybrid environment, current Cisco Catalyst switch (3K to 9K series) customers with Meraki MR can implement Adaptive Policy utilizing inline-SGTs.
How can I enable Adaptive Policy?
Adaptive Policy is available as an advanced feature on the MS390. You will need the MS390 switch along with the MS390 Advanced licensing to enable this new feature.
To learn more about Adaptive Policy and the MS390 switch, watch the launch webinar or read the MS390 blog. Starting early 2020, you can also give Adaptive Policy a whirl by starting a free trial.
These days, network security has become increasingly complex and difficult to manage. IT teams are stretched to the limit securing users, devices, and applications. With more and more users bringing their personal devices to work, the steady adoption of IoT devices and the changing nature of businesses, network security and access policy are only going to get more complicated.
Generally, enterprise-grade hardware comes with enterprise-grade complexity. Configuring multiple solutions is time-consuming, challenging and error-prone. IT teams have to wrestle with multiple vendors, technologies and implementation consultants to get even the most basic access and security policies deployed. This leaves their networks exposed to vulnerabilities and filled with rigid, sub-optimal, and expensive hardware.
But with Cisco Meraki, IT teams no longer have to compromise.
IT teams can now combine the simplicity of the Meraki dashboard with the power of Cisco technology. Introducing the MS390, the most powerful Meraki access switch to date, which enables IT teams to deploy sophisticated access and security policies with ease.
MS390 features a stacking bandwidth of 480Gbps, improved physical stacking, StackPower, modular uplinks, and comes in both non-PoE & PoE capable models. Improved physical stacking provides faster convergence in case of failover and also offers higher stacking bandwidth. StackPower helps save costs through efficient power distribution and provides additional redundancy if needed. Modular uplinks provide hardware flexibility to address the changing demands of your network.
The MS390 is the only Meraki switch that integrates innovative Cisco switching technology which allow for the development of advanced features like Adaptive Policy. Adaptive Policy enables IT admins to segment user traffic on the network and apply access or security policies seamlessly. Since these policies are based on “intent” rather than cryptic IP-address based Access Control Lists, they are dynamic, error-free and adapt as new users join the network.
The Cisco technology on the MS390 makes Adaptive Policy and other advanced features possible, which makes the switch ideal for critical deployments across any organization with a need for advanced performance and easier user traffic management through segmentation.
To learn more about the MS390, take a look at the datasheet or sign-up for our live webinar on Meraki switches.
When Cisco Meraki released V0 of our Dashboard API in 2017, we recognized that a fundamental technology shift was on the horizon. Network programmability through APIs has since rapidly matured to become an integral part of a network engineer’s toolset, and a key innovation strategy for SaaS providers around the world. Earlier this year, the Cisco Learning Network in partnership with DevNet further cemented network programmability as mainstream by announcing a comprehensive Developer Certification track, packed full of programming fundamentals and APIs from Meraki and the rest of Cisco’s extensible technology offerings.
As Product Manager of our API and Developer Platform, it has been incredible to watch this transition take shape with our customers, partners and developers over just a few short years. We’re seeing consistent double-digit growth in active API users of our REST API, which has become a deep and essential part of our platform offering. From powerful python-based network orchestration at scale, to beautiful open-source visualization clients, to complete mobile applications, we continue to be delighted by the innovative solutions being shared every day by developers across our ecosystem via our open-source and turnkey marketplace collections. One thing’s certain – our API platform strategy is resonating with users, and we are just getting started!
In fact, in addition to producing a continuous stream of new APIs for getting data into and out of our cloud platform, we’re also hard at work building out V1, the next major release of our Dashboard API, slated for General Availability (GA) in Spring 2020….but we need your help! A vital part of any API-provider’s lifecycle begins with a trusted community of developers to test, discuss and provide real-world feedback and we’re therefore incredibly excited to announce the new Meraki Early Access Developer Program.
Interested? Read on!
This new program will offer a select group of developers the opportunity to help shape the future direction of our APIs by test-driving and providing regular feedback on new versions and features before they get released to the general public, beginning with alpha access to V1 of our REST API. If you are interested in applying, please visit our Developer Hub and complete the application.
We are excited to get the conversation started, and as always you can find us in the Meraki Community. Happy coding!
Libérese de los cuellos de botella con los nuevos puntos de acceso inalámbrico MR45 y MR55
El estándar inalámbrico 802.11 ha recorrido un largo camino desde que los fundadores de Meraki comenzaron un proyecto en 2003 para ofrecer tecnología de red 802.11b / g en su campus universitario de MIT. En aquellos días, 4G LTE, aplicaciones de redes sociales, iPhones, iPads, transmisión de música, YouTube y AWS no existían. Hoy en día, las tecnologías como los automóviles autónomos, la realidad virtual, la inteligencia artificial y las redes celulares 5G están a punto de convertirse en la corriente principal.
La nueva enmienda 802.11ax, también conocida como Wi-Fi 6, ayudará a introducir nuevas tecnologías inalámbricas al proporcionar un mayor rendimiento, mayor densidad y, en general, una mayor eficiencia. Si bien el estándar 802.11ac nos dio inmensas mejoras en el rendimiento, Wi-Fi 6 espera mejorar el rendimiento promedio por usuario en un factor de cuatro en entornos densos. Wi-Fi 6 logrará estas mejoras utilizando tecnologías como OFDMA (enlace descendente y enlace ascendente), MU-MIMO (enlace descendente y enlace ascendente), 1024 QAM y BSS Color.
Los puntos de acceso MR45 y MR55 son compatibles con Wi-Fi 6, también mejoran el rendimiento de las redes inalámbricas del mundo real. Eche un vistazo a algunos de los aspectos más destacados a continuación:
8 × 8 con MU-MIMO y OFDMA y Ethernet 1G / 2.5G / 5G
Velocidad de datos máxima de 5,9 Gbps
Operación de 2.4 GHz y 5 GHz
Soporte para tarifas MCS 10 y 11
Elegante diseño de “recipiente”
PoE + requiere cumplimiento 802.3at
4 × 4 con MU-MIMO y OFDMA y Ethernet 1G / 2.5G
Velocidad de datos máxima de 3.5 Gbps
Operación de 2.4 GHz y 5 GHz
Soporte para tarifas MCS 10 y 11
Elegante diseño de “recipiente”
PoE + requiere cumplimiento 802.3at
Meraki continúa estableciendo el estándar de rendimiento de punto de acceso y simplicidad de administración con el Dashboard de Meraki y Wireless Health. Sin embargo, los beneficios excepcionales para mejorar la eficiencia se presentan al agregar nuevas tecnologías Wi-Fi 6.
OFDMA es una tecnología adoptada de los estándares celulares, y quizás la característica más importante de Wi-Fi 6. Con OFDMA, un MR45 o MR55 puede empaquetar diferentes tipos de tráfico de clientes inalámbricos con diferentes requisitos de ancho de banda y enviarlos a todos al mismo tiempo. en lugar de enviar estos paquetes por separado. Imagine un juego de Tetris, con diferentes formas que representan el tráfico de VoIP, el tráfico de Twitter y el tráfico de IoT, todo perfectamente empaquetado en una sola transmisión.
BSS Coloring es una de las mejoras que ayuda a que los productos con Wi-Fi 6 funcionen de manera eficiente en entornos densos. Ayuda a reducir la contención media al agregar un bit de color simple para ayudar a diferenciar entre las radios superpuestas. La analogía aquí es que un AP puede ponerse un par de lentes filtrados que le permite ignorar los fotogramas que se envían asociados con un color o radio diferente.
MU-MIMO se introdujo con 802.11ac (o Wi-Fi 5), lo que permite que varios clientes se aborden simultáneamente. Cuando se combinan con OFDMA, los AP MU-MIMO se vuelven más potentes al obtener la capacidad de atender a múltiples usuarios y las necesidades de ancho de banda múltiple de esos clientes.
La introducción de 2,4 GHz proporciona un espectro adicional que se puede utilizar para casos de uso en exteriores o aplicaciones IoT. Wi-Fi 5 no utilizó el espectro de 2.4 GHz, pero con OFDMA y MU-MIMO, Wi-Fi 6 espera desbloquear todo el potencial del abarrotado espectro de 2.4 GHz al permitir una mayor eficiencia
1024 QAM es un nuevo esquema de modulación que aumenta las velocidades de datos en un 25% en comparación con la tecnología 256 QAM de Wi-Fi 5. Este nuevo esquema de modulación funciona para el espectro de 2.4 y 5 GHz.
Se ha demostrado que Target Wake Time mejora la duración de la batería de los dispositivos Wi-Fi 6 hasta en un 67% en las pruebas de la industria. El MR45 y el MR55 usan TWT para negociar los tiempos de activación de los dispositivos móviles y dispositivos IoT Wi-Fi 6 conscientes de la energía para que puedan dormir profundamente mientras conservan la energía.
¡Los nuevos MR45 y MR55 compatibles con Wi-Fi 6 podrán enviar muchos paquetes de manera eficiente! Al combinar los puntos de acceso Meraki Wi-Fi 6 con nuestros nuevos switches de acceso y agregación, los administradores de red pueden estar tranquilos sabiendo que han reducido cualquier posibilidad de cuellos de botella en la red.
Para obtener más información sobre las características y los beneficios de Wi-Fi 6 converse hoy con nuestro equipo de ventas.
For years, ubiquitous connectivity and network security have been top of mind for our customers. E-payments, digital health and school records, digital loyalty programs and app user engagement have made secure and reliable connectivity mission critical for a huge percentage of Meraki customers around the world. If your local sandwich shop can’t accept a payment without a secure internet link, all of a sudden hungry lunch-goers everywhere feel the pain of even the shortest outage.
In order to maintain constant, ubiquitous connectivity, Wireless WAN (using cellular data for backhaul) is no longer a niche part of routing… business critical networks can use Wireless WAN for day zero connectivity, for high availability and for some as their primary WAN. That’s why we’ve launched the Meraki Cellular Gateway (MG), an IP67 rated cellular gateway with the simplicity of the Meraki platform. The MG can be paired with any Meraki MX, Cisco ISR / vEdge device, or any third party router to seamlessly deliver LTE connectivity… This is exactly what our customers are asking for, and I believe this will be our fastest launching product line ever.
Moving onto security, there was a time when implementing a robust firewall was considered sufficient to protect networks, devices and users. Those days are long gone now. At Meraki we take a thoughtful approach to network security, with a wide range of tools to protect users and applications without complicating the networks we’re trying to protect. Now I’m proud to share a significant expansion of our security offering that broadens protection for IT, for users and for devices.
It’s crucial to everyone’s security posture that we segment the network, controlling access to critical resources, while limiting the scope of a potential breach. To address this, we’re introducing Adaptive Policy, supported on our new and smartest switch ever, the MS390. With this feature IT teams can create and deploy advanced policies based on groups of users or devices without complicating the network. I believe this development will allow us to increase security in the network while simultaneously simplifying networks… I can’t tell you how powerful this is going to be.
We’re also adopting Cisco Trustworthy Systems, enabling us to ensure that the firmware running on Meraki devices is authentic, unmodified, and operating as intended. A related new feature, SecurePort, enables a Meraki switch to recognize and authorize an AP as it’s connected, automatically deploying the correct security profiles.
Finally, our Systems Manager Team is releasing Trusted Access. Imagine truly secure BYOD, a means for devices to connect to a network without the need for a shared password or an installed device management profile. With Meraki Trusted Access there’s no more need to carry two phones, or go through the hassle of installing new profiles every time you change location.
This is a huge launch for us on the Meraki team, and really too much for me to do justice to in one blog post, so stay tuned for more on these powerful new features. As always, you’ll find plenty more detail on our website, and we can’t wait to get these capabilities into the hands of our customers. With these announcements I truly believe we can make security simpler, and networks more powerful.