Today we are excited to announce Systems Manager Enterprise, a brand new addition to the Cisco Meraki product lineup. This cloud-based enterprise mobility management (EMM) solution packs a whirlwind of features encompassing device enrollment, provisioning, monitoring, and security. Here is a quick snapshot of some of the new features.
- Network policy integration – streamlines security policies from client devices to wireless access point, switch, and security appliance configurations
- Mobile data security – allows for a clean separation of enterprise data and personal data
- Cisco Identity Services Engine (ISE) integration – allows Systems Manager to directly communicate with ISE for device enrollment and posture assessment
- Seamless user enrollment – ties people to their devices by integrating enrollment with Active Directory
- Samsung Knox integration – allows for greater functionality across android devices
- 24/7 phone and email support
Systems Manager Enterprise has a unique advantage given that Cisco Meraki not only offers mobility management but also an end–to–end networking solution. Unlike other products that add on to an existing networking solution, Systems Manager Enterprise is built on the same platform that is used to power wireless access points, switches, and security appliances. This advantage enables Systems Manager Enterprise to communicate with the network, providing a truly seamless policy management experience for administrators from the networking infrastructure all the way to personal devices. Let’s take a look at how Systems Manager takes into account security compliance, geofencing, and user identity in order to dynamically apply policies to the device and to the network.
Security Compliance
Systems Manager Enterprise has rich visibility into managed devices from client health, to geofencing location, and most importantly, their security posture. Security compliance checks whether devices are encrypted, locked, jailbroken, and more before dynamically assigning device settings, apps, and content. Below, the ‘Guest’ policy requires that devices have antivirus software running, and antispyware installed.
Administrators can define any number of security policies based on the needs of their various user groups. In the example below, policies have been created for BYOD, Guest, and Secure devices, each with differing requirements.
Apply security policies to Systems Manager profiles
Once policies are defined, they are linked to Systems Manager profiles, which define device restrictions, network settings, content, and more. In the example below, the ‘Exchange’ profile pushes out Exchange settings, and admins can ensure that these settings are only pushed out to Secure-compliant devices.
Apply Systems Manager profiles to the network
Finally, these policies go one step further by integrating with the network group policies. Network group policies define everything from VLANs to firewall rules and content filtering policies. The example below shows a ‘Corporate’ group policy with a layer 3 firewall rule allowing access to corporate resources.
Prior to Systems Manager Enterprise, administrators needed to keep track of which users and devices met security requirements before granting access to LAN resources. Systems Manager Enterprise allows group policies to be dynamically applied to the network, the same way we can dynamically push content and settings to devices within Systems Manager.
The example below is of the ‘San Francisco – Security Appliance’ network. The group policies have been applied to Systems Manager devices and are given a priority, similar to creating access control lists on a firewall. If Systems Manager devices are ‘secure-compliant’ then the ‘Corporate’ group policy from above will be applied. Next, they will receive the BYOD policy if they are tagged with ‘BYOD’. And lastly, if devices are ‘secure-violating’ then they will receive the ‘remediation’ group policy.
In this manner, administrators can easily apply network access, content, and device restrictions to compliant devices, and remove the same settings from violating devices. With this seamless flow and communication from device to network, enterprise security can be achieved without massive expenditure and load placed on IT teams.
For complete details on network integration and other Systems Manager Enterprise features, check out the product page and the datasheet. We will also be hosting a special webinar where we will take a deep dive into the product and give a live demo of some of the new features. Systems Manager Standard continues to be free for new and existing customers, and to try out Systems Manager Enterprise, sign up for a free 30 day free trial today.