Archive for the ‘Company Blog’ Category

Portraits from Pixels

Typically, when we write these MV-related blog posts, we love to highlight the challenges that a particular feature will help you overcome, or the frustration that a new solution will help ease. Other times, we want to be a little bit more flashy. This is one of those times.

With the recent launch of Cisco Meraki’s second generation of MV cameras, customers can now take advantage of three zooming features on both their indoor and outdoor cameras: optical zoom (available on MV22 and MV72 only), sensor crop, and digital zoom. While each is powerful in isolation, when combined, these three features allow you to achieve truly dramatic levels of magnification on your video feed while maintaining extremely high video quality.

Just how dramatic is the zoom? Let’s take a look below.

What you can accomplish today with MV

The following images show the progression of an image when each zoom option is applied. The first photo shows the video feed from an MV72 outdoor camera with no zoom applied. You can see something is on the table in the far corner of the patio, but not much else.

Screenshot from MV72 video feed with no zooming applied

Optical Zoom

The next image shows a maxed out optical zoom, focused on the table area. We can start to see something take shape, and that shape looks suspiciously like a gnome.

Screenshot from MV72 with optical zoom applied

Sensor Crop

In the next image, we use sensor crop to focus in on an even smaller area. Sensor crop, like optical zoom, is lossless zoom, meaning there is no loss of detail or stretching of pixels. Things are starting to look a little clearer, and we can definitely tell this is one of those mischievous Meraki gnomes.

Screenshot from MV72 with optical zoom and sensor crop

Digital Zoom

For an extra bit of fun, let’s see what happens when we use digital zoom. Maybe we’ll be able to identify which Meraki gnome it is. Can you guess?

In-dashboard digital zoom of the MV Gnome

With digital zoom, now you can see that this gnome is sitting on what looks like a security camera. It’s the MV gnome! (Did you expect any different?)

Digital zoom can be used on live and historical footage. Keep in mind, though, that that sensor crop and optical zoom only apply to footage that was recorded after you applied the settings to the camera. You cannot apply sensor crop and optical zoom on historical footage. So, the dramatic level of zoom illustrated above is only possible if optical zoom and sensor crop were already applied before using digital zoom.

If configured properly, your MV cameras can truly can give you (gnome) portraits from pixels.

For specific information on how to enable these features for your MV cameras, check out our comprehensive article on MV zooming features, or our digital zoom and sensor crop blog posts.

Are you already leveraging these features to get dramatic magnification on the MV cameras you’ve deployed? Tell us all about it over at the Meraki Community!

Air Marshal, Reimagined

Out With the Old

Early in 2012, a startup company beginning to make waves in the networking industry introduced a new feature for their line of access points. This startup was called Meraki, and the feature launched was Air Marshal. At the time, the functionality satisfied the security requirements of a typical wireless network: automatic containment of rogue APs seen on the LAN, keyword containment of SSIDs, scheduled Air Marshal scanning, and the ability to configure additional APs as Air Marshal sensors for round-the-clock protection.

With the introduction of the MR34 in 2013, Cisco Meraki introduced the dedicated scanning radio and this took the Wi-Fi industry by storm! No longer would admins have to choose between performance or security. With the dedicated scanning radio, the MR was now capable of servicing clients while simultaneously listening to the entire RF spectrum, protecting clients from malicious rogue APs.

The constant surveillance of wireless networks continues to be important, but recent trends in cybersecurity and the growth of Internet of Things (IoT) requires added flexibility when it comes to securing wireless networks.

The Blacklist

No, James Spader won’t be lending his hand to protect your wireless network. But, much like his character on the popular TV show, Air Marshal will work to eliminate (or contain) all SSIDs found on “the list.” TV shows aside, Air Marshal traditionally made it simple to automate containment of rogue SSIDs that are seen on the LAN, or contain SSIDs that matched a keyword.

However, some environments may have a network comprised of multiple vendors, or may be a part of a collaboration workspace where numerous companies may feature their own WLANs, connecting to the same wired network infrastructure. In this instance, automatic containment of rogues seen on LAN won’t work, as the non-Meraki APs would cease to function for their clients.

But administrators no longer have to forfeit their security capabilities. With Air Marshal’s new SSID Blacklist table, rogue SSIDs won’t be automatically contained, but security rules can be configured to match on a variety of conditions allowing for an accessible network to be locked down with finely tuned security controls.

Security rules may match on four different conditions: exact matches, MAC address matches, keyword matches, and wildcard matches. The rules defined in the SSID blacklist table will match against SSIDs that are seen on LAN, as well as Other SSIDs that are “heard” by the Meraki APs but are not found on the LAN. Any matches will result in the MRs within the vicinity of the rogue or other SSID to actively contain the SSID, rendering the offending SSID useless for clients who wish to connect. Exact matches will match on the SSID seen (whether the SSID is seen on the LAN or not), while keyword rules will ignore surrounding characters and match on just the keyword specified. BSSIDs (MAC addresses used to identify a Wi-Fi network) can be matched against if specific radios (2.4 GHz or 5 GHz, for example) that are broadcasting need to be contained.

The wildcard match provides the greatest amount of flexibility. Wildcards can be used to substitute a string of characters with a single *, or a single character with a single ?. For example, an SSID Blacklist wildcard rule may match the following text: ‘*12345’. If the MR detects an SSID broadcasting ‘Guest-12345’, then that SSID will be contained. If the rule is configured to match on ‘Guest-12?45’ and the MR detects an SSID broadcasting ‘Guest-12345’ or ‘Guest-12Z45’, then that SSID will also be contained.

Merely containing the SSID isn’t enough, though. Administrators often want to be cognizant of the rogue SSIDs that are being detected and secured by their MR access points. As such, if the administrator has configured email alerts or syslog in their Meraki Dashboard, they’ll stay apprised of their security rules in action.

Good News, You’re on the (White)List

Seemingly every other day, a new company is featured in the media as being the latest victim of a cybersecurity attack. Wireless networks are often considered the edge of the network infrastructure, the first line of defense in many cases. As a result, many administrators and security teams alike want to automatically contain rogue SSIDs seen on the LAN. While this grants the highest level of security enforcement, interoperability issues may arise when factoring in how often wireless display adapters and IoT devices connect to the network.

In the modern enterprise, HDMI cables are being replaced with Wi-Fi Direct adapters to make screen sharing and video streaming simple and intuitive. In the majority of instances, these Wi-Fi Direct devices (an adapter and client device, such as a PC, printer or remote) will often communicate on their own, freshly created wireless network. Sounds easy enough… except for one slight issue. This isn’t an SSID that’s broadcast by your MR access points, and in no time at all, deauthentication frames are being sent over the air in an effort to protect your devices from the suspected intruder. While the security team is rejoicing, the network administrator is still working to find a way to whitelist these devices so that security can be maintained with just enough flexibility for day-to-day employee operations. Enter the SSID Whitelist table:

The newly familiar faces are all here when it comes to the way that SSIDs can be matched to whitelist from containment. Exact matches, keyword, MAC, and wildcard can all be used. However, unlike the SSID Blacklist table, the whitelist table will not send email alerts or syslog messages when SSIDs are matched.

Alert, but Don’t Touch

There may be instances where administrators wish to be alerted when certain SSIDs are “seen” on the LAN or “heard” in the air, without taking any specific blacklist or whitelist actions. Using the same match conditions available for the SSID Blacklist and SSID Whitelist tables, alerting security rules may also be configured. These alerts will be sent via email and syslog alerts, if configured.

In With the New

Security has been at the forefront of Meraki since the introduction of Air Marshal in 2012. With the latest enhancements made to Air Marshal, new security rules can be configured to match on a variety of conditions, enabling administrators to implement granular security policies that are flexible for the modern workplace. These new Air Marshal features encompass the rapid innovation made possible by the Meraki dashboard. The new Air Marshal enhancements are available free of charge for existing MR customers as part of a seamless Dashboard update. For the SSID whitelist and SSID alerting functionality, the MR network must be set to MR25.9 firmware or higher. Visit our documentation for more information on configuring Air Marshal.

iOS 6 & Mobile Device Management

Apple announced during its recent unveiling of the iPad mini that almost every single Fortune 500 company had deployed the iPad in a business application or is testing iPads at the moment — that is nothing short of amazing for a device that was launched less than three years ago!

Apple’s much anticipated iOS 6 release packs a number of API enhancements for mobile device management to support the growing number of businesses that are deploying iPads, iPhones, and iPods for various applications.

                          

We’ve integrated many of the new MDM features in iOS 6 into Systems Manager, our free solution for mobile device management. Systems Manager users have access to these new features without having to install any new software or make any changes — it’s all right there in the Systems Manager dashboard!

Our new iOS 6 MDM features include:

  • Single App mode under Guided Access
  • Ability to disable iMessage
  • Passbook, Game Center, iBookstore, and shared Photo Stream blocking

Single App mode, also referred to as “kiosk” mode, locks the iOS device to a single app and disables the home button. A few scenarios include:

  • Retailers: Enhance the customer experience by creating a mobile point of sale (mPOS) terminal, without worrying about the iPad being used for any other purposes.
  • Hospitality: Enter the digital concierge! Hotels are setting up iPads in their lobbies and guest rooms, allowing guests to check in and out, order room service, and have various services literally at their fingertips. All that’s needed is an iPad — or iPad mini — set up in kiosk mode.
  • Education: Schools are already using iPads for various learning initiatives, and they can now be locked to a single app so students aren’t distracted.

 

 

 

 

 

 

 

 

 

With iOS 6, disabling iMessage is a welcome addition to the security and compliance groups in highly regulated industries that need to concern themselves with archiving all communication and information exchanges for e-discovery.

Note that for some of these features, Apple requires the device to be placed in supervised mode by Apple Configurator — but not to worry, Meraki Systems Manager also integrates with Apple Configurator, allowing supervised devices to be managed via the Meraki dashboard.

If you haven’t given Meraki’s Systems Manager a try yet, go ahead and give it a try – lots of awesomeness awaits you!

Free Networking Gear for Startups Launches Today

At Meraki, we love getting our gear into people’s hands. We think we make a pretty awesome product and once people get a taste of how easy to use Meraki is, they become our biggest fans.

Our latest greatest idea is to get our gear into the offices of the hottest, most promising startups through our Meraki Startup Kit – a complete standalone set of networking hardware: two of our highest performance wireless access points, a high-throughput security appliance, and a 24 port switch with Power-over-Ethernet. With a value of over $15,000 – we have a limited number of Meraki Startup Kits, but they are entirely free and include 5 year licenses for qualifying startups.

The Meraki Startup Kit is intended to give small companies a helping hand with their network infrastructure and a way for us to share our success with the next generation of disruptive startups.

As part of our beta release, two startups have already received their Meraki Startup Kits and are enjoying the ease of use with Meraki’s dashboard management.

San Francisco-based Copious – “a social marketplace to buy and sell the things you love” – was the first company to receive a Meraki Startup Kit. With 17 employees and a recent round of Series A funding, Copious was outgrowing its existing networking setup, so getting the opportunity to implement a Meraki network for free was perfectly timed.

For vline, a cloud video conferencing platform for developers, the Meraki Startup Kit will provide a solid office network foundation as the company develops its tools and platform for a wider public release. Ben Strong, vline’s CEO, commented that “Meraki access points are great for video conferencing. Much better than all the other ones we’ve tried.” As vline grows into its Palo Alto office, the Meraki network is an ideal networking solution to support the team.

Today we’re excited to open up the applications to the greater startup community. Meraki hardware is high quality, easy to set up, and low maintenance – the perfect infrastructure for startups relying on rock-solid Internet connections to develop, converse, and deploy in the cloud.

To see if your company would be a good fit for our program, take a look at the requirements and fill out the application here: www.meraki.com/startupkit.

Red Alert!! Enhanced Dashboard Alerts Now Available

We are excited to announce that network administrators now have enhanced alerting capabilities in Dashboard to help them stay up to date with their wireless network.  Under Configure->Network-wide settings in the Network Alerts section you’ll see these expanded options:


Now you can select to receive prompt email alerts when an AP goes offline or switches from gateway to repeater mode, a new rogue AP is detected or configuration changes are made to your network settings in Dashboard.  You can also customize the time delay before you are notified as well as qualify the type of rogue APs for which you are alerted to so you’re not bombarded with low priority updates.  These alerts can be sent to multiple administrators via email.  The email alerts contain detailed information to help you determine the urgency of the situation, such as the AP that went offline or what configuration setting was changed.

In addition to the unprecedented visibility that is provided about your network through the Cloud via Dashboard’s reporting capabilities, these new alerts will now allow you to stay on top of your network even when not logged into Dashboard.  These alerts are one more tool in the administrator’s toolkit to make managing Meraki networks remotely even simpler and to enable you to be more responsive to your end users’ needs.  New alerts are now available to all Meraki customers.

WiFi at your event should just work

Meraki at SF BetaIt doesn’t matter how large or small the conference is, it seems like they always have WiFi problems. The networks are consistently slow, frequently fail, and usually require some arcane security measure that involve weirdly-small scraps of paper and bizarre usernames.

There’s no reason for WiFi to be this frustrating!

At Meraki, we’ve had some experience setting up WiFi at large events so we know it can be done, it’s just a matter of having the right equipment and a little know-how. We’ll give you both, for free.

We’ve started a new project to loan our enterprise-grade WiFi gear to smaller tech conferences, meetups, BarCamps, WordCamps, Tweetups, whathaveyou … for free. You provide the Internet connection, and we’ll provide a rock-solid WiFi connection. All we ask in return is that if you like our products, tell your friends, and if not, let us know how we can make them better.

We’ve just gotten started with this project, but so far, meetups like SF BetaWordCamp Boulder, and Hacks/Hackers NYC have had great experiences.

“One of the best decisions we made for our conference. Not only was the delivery and setup effortless, our network remained stable throughout the entire day. No matter your wireless needs, this experience alone tells me Meraki’s solutions are some of the best.” —WordCamp Boulder

As part of this project, we’re excited to be partnering with WordCamp.org. We’ll offer a streamlined signup process for the many BarCamp-style events that these organizations sponsor throughout the year.

If you run an event and would like to participate in our new Free Event WiFi project, we’d love it if you signed up! We’re looking for small to medium-sized events that have enough bandwidth to support that group.

If you’re interested, head on over to the signup page to learn more or take a look at our plug-and-play setup guide, or ask any questions below!

SpeedBurst: Faster browsing for guest networks

Meraki administrators utilizing per-user bandwidth limitations now have a new tool at their disposal to ensure that their wireless users have the best possible experience while preventing any one user from hogging bandwidth.  Introducing SpeedBurst, a new feature that allows users to temporarily exceed their bandwidth limit at the beginning of a download while staying within assigned limits over time.  This makes downloads feel speedier and network performance snappier.

You can enable SpeedBurst by using the checkbox that can be found under Configure -> Access Control in the Bandwidth Limit section (see screenshot below).  The checkbox will be grayed out if bandwidth limits are not in use.

SpeedBurst is a great for guest access or event networks where end user experience is critical while at the same time equal network performance for all users is required.  We’ll be rolling out SpeedBurst to Enterprise and Pro Meraki networks starting today.