This is an exciting week for the Meraki community. Just about 10 years after our first product shipped from a basement in Mountain View, the millionth active Meraki network went online on Tuesday night.
I believe the real story behind hundreds of thousands of businesses, schools and governments moving to the Meraki architecture is about the evolving nature of IT.
IT groups are being asked to do more: to support corporate devices and any other device a user prefers. To transition to a wireless office and support remote working. To enable massive device expansion and constant digital collaboration. To provide zero downtime and constant change. Most importantly, IT is being asked to focus on Mission Focused Technology: technology which drives education in schools, patient care in healthcare, and guest satisfaction in hotels.
In order for IT to deliver on these many asks, infrastructure has to be simple. Simple enough to allow IT to be nimble and adapt with the business. Simple enough to allow IT to focus on their true mission.
A decade ago we began shipping simpler IT, managed via the cloud, and we were humbled by the amazing response. Overloaded and thinly stretched IT teams worldwide were creaking under the load of legacy systems with clunky interfaces, and crying out for simplification. Cloud was just emerging as an option for enterprise (AWS launched the same year as Meraki). Today, cloud services are integral to our daily lives, whether it’s the apps on our smartphones or the online bank that pays our bills. It’s easy to forget this has been a journey of evolving acceptance as confidence grew in the dependability and security of the cloud.
It’s been an amazing journey. Our 2006 device, the Meraki Mini will always hold a special place in our hearts. Even if it doesn’t look or demo quite like our newest product (Meraki MV).
Mini, 2006 MV, 2017
Our nostalgia for the original Meraki dashboard is probably more muted (actually it was originally called Meraki Manage).
Meraki Manage 2007 Meraki Dashboard 2017
The many Meraki logos, mascots and T-shirts are still coveted “vintage gear” around the office, and as someone who spends every day of my life wearing a Meraki holiday gift jacket, I appreciate that.
Meraki logos, from 2006 to now
Meraki birds Meraki tree
Vintage Meraki shirts, including the very first MX shirt.
We’re proud to have been a pioneer of cloud-native IT, and ecstatic to have reached the 1 million networks milestone. A Meraki network contains any number of Meraki devices and since 2015 it can include multiple types of Meraki devices. There are many networks with a single AP and some networks with as many as 10,000 nodes. Here’s an important one: MIT CSAIL (75 MR34s), where Meraki began as the research project “RoofNet.”
Thanks to every user who made a wish on Dashboard, who convinced their boss to give the cloud a chance, who deployed a webinar AP in their home and refused to go back to CLI at work… This milestone belongs to you more than anyone.
Thanks to all the partners who’ve demoed the Meraki dashboard, who’ve built practices around the Meraki platform, who’ve developed on the Meraki API. Thanks to the Meraki and Cisco teams, the founders who set us on the path, every coder who checked in code on Sunday morning, every sales rep who refused to be satisfied with 99%, everyone who installed test gear or replicated an issue, every support engineer who filed a late night mule, everyone who got one more order shipped before “cutoff”, who ran a webinar, managed an event, kicked off a promotion or flew around the world to teach CMNA.
Thanks also to all the families and friends who have made sacrifices to support our teams around the world and help make this cloud managed dream a reality.
Now for the next chapter… We have yet to see the best from this team.
The WannaCry Ransomware outbreak started hitting the headlines around the world on May 12th. This is just the latest in a particularly pernicious type of exploit, which typically involves locking or encrypting data to render a computer unusable, and then demanding a ransom to have that encryption removed. Sadly, many victims have felt compelled to pay up, even when there is no guarantee their system will recover, which only encourages criminals to repeat their behavior.
Exploits of this nature are entirely indiscriminate in the way they target their victims, seeking out any unpatched machine or unwary user. Unfortunately this means that even systems crucial to protecting lives can be affected, as was the case with WannaCry. The ransomware hit, among many others, the UK’s National Health Service, causing severe disruption to vital services. This was not the first attack of this kind, and we can be sure it won’t be the last.
This attack serves as a reminder of the importance of keeping our computer systems patched, but human nature being what it is, there will always be systems vulnerable to attack. So what else can we do to protect ourselves? Fortunately, Cisco invests heavily in security technology and boasts the industry’s foremost threat intelligence organization, Talos.
Among the tools maintained by Talos is Snort, the industry leading intrusion detection and prevention technology, which is integrated into every Meraki MX. Snort performs real-time traffic analysis and packet logging in order to identify traffic patterns that match known threats. The good news for Meraki MX customers is that if they have Intrusion Prevention enabled and set to the ‘security’ ruleset on the Threat Protection page, the signatures for WannaCry are already in place, having already been added to the Snort database. For this outbreak we’ve taken the additional measure of adding them to the ‘balanced’ ruleset as well, to protect a broader set of customers against this threat.
We’re proud of our integration of critical Cisco security technologies like Snort and Advanced Malware Protection into our MX platform, ensuring that customers who choose Meraki enjoy world-class protection for their valuable network assets. A much more detailed breakdown of the outbreak and the work of the Talos team on it can be found in their blog post here.
To learn more about the many capabilities of the Meraki MX, please sign up for one of our webinars.
Security cameras can serve a multitude of different functions, from providing live footage to a security guard, to analyzing customer behavior in a retail location, to supplying evidence in a liability claim. With each of these use cases comes a different retention policy. Scheduled recording and motion-based retention, both available in public beta now, allow users to customize their camera settings to match their specific retention needs.
Hot on the heels of some otherproductimprovements in just the last couple of months, the engineering team has worked tirelessly to produce features that would help accommodate the most commonly received request from MV customers.
Scheduled recording minimizes extraneous recording for customers who only use cameras during certain hours—think process controls in a factory—with the potential to greatly extend storage duration. Plus, scheduled recording can be used to disable historical footage altogether in instances where only live footage is needed and/or permissible.
Motion-based retention works differently than other motion-based recording solutions on the market. Instead of triggering a camera to record only when it senses motion, which can often result in false negatives and lost footage, MV uses a hybrid cloud processing approach to give a more reliable result. MV will record all footage and then, using the same motion indexing engine as the Motion Search tool, will gradually and intelligently trim segments of footage which contain no motion. This gives users the flexibility to retain the most recent 72 continuous hours for extra security before trimming out the motionless video. This approach also means that motion-containing video segments can be better padded to ensure no valuable footage is lost.
Based on the motion data from all cameras that have been deployed since launch in October, 95% of MVs are expected to record 30 days or more at Standard image quality.
To enable schedules and motion-based retention, simply choose a camera and go to its settings page. Select the “Quality and Retention” tab. To create a new schedule, select “Scheduled” and “Change Schedules.” Select an already-created schedule te mplate, or “New schedule.” Then, just drag the time sliders to adjust when cameras are recording. Click on any timeline to create multiple recording segments in one day.
Motion-based retention can also be enabled on this page. The chart on this page shows how much motion that specific camera actually captured in the past week. Based on an average of the same time period, the dashboard will provide an estimate of the total retention capacity for the selected camera. Adjusting the image quality from Standard to Enhanced will also affect this value. Use scheduled recording in conjunction with motion-based retention to build the retention plan that works best for you.
Finally, video exports now feature timestamps embedded as watermarks. This small-but-mighty feature update will help provide users a more robust experience, should video need to be shared as evidence with law enforcement. Timestamps include the camera name, date, time, and timezone to ensure absolute clarity when reviewing footage.
Optimized retention is now available in beta. To take advantage of this functionality in your network, go to Network-wide, then click General. At the bottom of the page, select “Yes” in the dropdown menu next to ‘Try beta firmware.’ Please proceed with caution, however, if your cameras are housed in a combined network, as enabling this setting will apply to all device types in that network, not just cameras.
If you still haven’t gotten your hands on an MV trial, be sure to contact us to learn more.
The innovation engine never stops churning at Meraki. Today we’re delighted to announce updates to two of our product lines: MX security appliances and MV security cameras. Let’s get straight to the details.
New Virtual MX Appliance for Amazon Web Services
Every day, more companies are migrating IT services they previously hosted on servers in a physical data center to a public cloud, like Amazon Web Services. Meraki customers have long enjoyed having less hardware to power, cool, and maintain: no controller for the APs, no PBX for the phones, and no NVR for the cameras. This same benefit is attracting organizations to stop running their own servers, or simply reduce the number, by moving the services they provide to the cloud.
Meraki MX security appliances have been able to provide a VPN to these public cloud services for some time now, but these connections to a third party required manual configuration. Wouldn’t it be great if the legendary simplicity of Meraki Auto VPN could be made available for connection to these public cloud services? Allow us to introduce vMX100: Auto VPN and SD-WAN for Amazon Web Services.
Virtual MX enables Meraki customers to extend Auto VPN and SD-WAN functionality directly into the Amazon Web Services public cloud.
Appears in the dashboard, like any other MX security appliance
500 Mbps VPN throughput
Bring Your Own Meraki License (BYOL). Choose from 1, 3 or 5 year licenses to get started
Connect to dashboard organizations with Enterprise or Advanced Security licenses
Secure connections built to a virtual MX benefit from the same SD-WAN capabilities as a physical MX appliance. An optimal path can be maintained using Dynamic Path Selection, for traffic destined for regular servers in a datacenter behind a physical MX, or EC2 virtual servers behind a virtual MX.
To learn more about setting up the new vMX100, please see our documentation.
We’re also announcing two optimized video retention features for MV customers, addressing the most requested feature since the product launch in October: extended retention times.
With Motion-Based Retention turned on, cameras intelligently discard video footage more than 3 days old that does not contain any motion, significantly extending retention times.
Scheduled Recording can now be configured using templates, for either individual cameras or groups of cameras.
Video exports now also feature timestamps on the exported footage, embedded as a watermark, providing strong evidence for authorities.
We’ll have a more detailed post covering our Meraki MV announcements later this week.
In everything we do, at Meraki we’re focused on streamlining the world of IT so that organizations can focus on making a difference for their customers. Today we’ve announced another small but significant step, enabling Auto VPN simplicity for those using or migrating to Amazon Web Services, plus answered the call of many MV Security Camera customers who need longer storage times for their captured video.
There’s no better way to know whether Meraki is a good fit than to take it for a test drive. Click here to begin the journey.
Every two weeks, a group of women software engineers at Meraki meets for an hour to dive deep into an engineering skill, code base, or technology. The intent of the group is to build skill digging into unfamiliar source code and documentation and to share expertise across our technical stack.
Meraki engineering emphasizes working on the entire technical stack. We give our engineers the opportunity to work in a broad range of technical areas from writing low-level code in the firmware that runs on our devices, to writing code in React, a web development framework, and everything in between. This breadth of engineering disciplines allows Meraki engineers to learn a wide range of skills and technologies. In our study group, we share and build cross-team expertise in an all-women engineering environment, a rare opportunity!
Last week, the study group took a break from our regular routine of reading documentation for operating system commands, implementations of the `String` data type, or the web’s specifications for the structure of website code, to take a field trip to the Computer History Museum in Mountain View.
On a sunny Friday afternoon, we piled into a van outside Meraki’s Mission Bay office and made the trip down to the South Bay. We were all excited to spend time together off-site and explore the museum.
Jenny holding a vacuum tube from an early computer.
Our visit began with a tour that covered highlights from the history of women in computing. The guide took us all the way from ancient abacuses to Ada, Countess of Lovelace’s, contributions to mechanical computers to Grace Hopper’s invention of the compiler. We were inspired by the stories of our female predecessors’ contributions to our field.
An ancient computing tool, the abacus.
Hearing about the exponential growth of the number of transistors per square inch on integrated circuits.
After the tour, we explored the rest of the museum. We immediately found the Networking exhibit which featured some of Cisco’s history and even included one of Cisco’s first-ever routers!
Here we are, Cisco Meraki engineers with the first Cisco router!
All of us had a great time exploring the museum and learning some history of women in computing. After being reminded of the limited opportunities available to women in computing historically, we feel especially grateful to be part of a company that places a high value on gender equality.
Meraki is hiring! Check out our openings in San Francisco, London, and Sydney at meraki.com/jobs.
Lots of teams are making use of new collaboration tools and services in place of email to help increase productivity and transparency. Of course these tools also make it far easier to share our favorite GIFs, a feature paramount to a productive work day. In this post we’d like to share a quick and easy method for integrating Meraki network alerts with your collaboration tool to help everyone stay on top of events. In this example, we will be using Cisco Spark, although the method is also possible with other popular services such as Slack.
Select an automation engine
Popular services include Zapier and IFTTT. For this example we will be using Zapier. Create a new account, or sign in if you have an existing one.
Create a new rule
Automation rules consist of a trigger and at least one action. In Zapier, these are called Zaps. We’re going to use the Zapier “Email” trigger, which provides you with a custom email address that you can begin sending new email alerts to. Once you have selected Email as the trigger, choose New inbound email and create a new custom email address:
Enable and configure Meraki alerts
Once you have created a new email trigger, you should have a new mail-to email address provided in the step above. You will now want to go to dashboard.meraki.com and configure your Meraki network alerts (Network wide > Alerts & administration). Be sure to add the newly created trigger email address under other email addresses, and configure which alerts you would like to receive. Meraki offers a variety of alerts for each of our products. In this example, I have enabled alerts for any switch port that goes down.
Connect your collaboration app
Zapier fully supports Cisco Spark, along with several other communication platforms. When prompted to Choose your Action app, search for your app by name, and select it. You will now be prompted to connect and authorize access. Once you have granted Zapier access, you can now create an action.
Create an action
Choose the option to Post a message. You can now choose to create a new channel (room) in Spark, or just post to an existing one. In this example we are using an already-created channel named “Meraki-alerts”. Once you have selected the desired channel (room ID), you can now specify the text you would like to be sent whenever a new alert is produced. You will likely want to include the object Body plain as this will ensure the full contents of the network alert are sent. Now for the fun part – go ahead and test the action to ensure a new test message gets posted successfully:
Select finish and rejoice – your team will now immediately be notified of any network events that you have enabled!
Example alert for a switch port that went down in a network named “Meraki Network”
There are lots of possibilities with automation engines. Some in our developer community have even created a bot that lets you generate new networks or make configuration changes to an existing network via message instructions. Give it a try and let us know what you think!
The latest ‘dot 3’ release with Apple iOS 10.3 brought quite the buzz again. With Systems Manager, Cisco Meraki’s EMM, we are excited to continue to support iOS releases day one and take another opportunity to talk about what’s new. Below is a breakdown of some of the more interesting 10.3 features now available.
More WiFi control is a popular topic and request from administrators spanning many industries. Whether mobile devices are in a retail shop, an educational institution, a government facility, or somewhere else, it can be crucial to ensure they are joining the right wireless network. Not only can joining the wrong network affect security, especially when open and other compromising networks are in proximity, but this can remove critical access to network resources which devices sometimes need. Systems Manager and iOS 10.3 now bring you the ability to whitelist only the managed SSIDs a device is allowed to join. This ensures the right access for mobile devices wherever that device may be.
Next up is support for additional managed restrictions. With the previous dot 3 release, iOS 9.3, there was a huge emphasis on education and classroom support. Continued technological advancements in the classroom are helpful not just for IT management but to aid teachers in directing and guiding students. Alongside iOS 9.3 we added the ability to share iPads as well as have teachers show student devices on AirPlay enabled screens. Now with iOS 10.3, there is the ability to automatically grant observation permission to teachers using the Classroom app. Other managed restrictions include disallowing or allowing Bluetooth modification, dictation, remote screen observation, and the modification of diagnostic submissions.
On the email security front, Apple is also adding OAuth 2.0 support for the native mail app. When using Microsoft Exchange services with Office 365, this brings token based security that goes well beyond simple username and password. Paired with improvements around S/MIME, which uses certificates for signing and encrypting email, there is now a compelling native solution for secure email which creates a better and familiar experience for mobile users.
Finally we have tvOS, which requires almost no introduction. This brings some of the features found in iOS, which are already loved across millions of mobile devices managed globally, and will expand it to Apple TVs. This includes the ability to restart devices, deploy network configurations, and more. EMM controls on tvOS mean more endpoints simply and effectively managed in the Cisco Meraki cloud. New controls are available in tvOS 10.2 and later.
Systems Manager legacy customers interested in these powerful features can find out how to take advantage of them here. Start an instant 30-day trial here.
Administrators can now set custom schedules, and rest assured that callers will be directed based on when they are calling.
Let’s take Tony’s Auto Dealership as an example. During the day, Tony wants his customers to be able to call the dealership and learn about business hours, hear the deals of the month, or reach the service team. However, Tony knows that customers calling in at night are likely to need emergency assistance. To accomplish this, he sets up his Meraki Communications IVR to route to his normal message during work hours, and to route to an ‘office closed’ IVR with an emergency service line at night.
MC users can now set up any of these rules with just a couple clicks, all in the dashboard. Build schedules based on specific business needs, and empower callers to find the answers they’re looking for, as quickly as possible.
Back in November we announced that the Meraki Dashboard would be getting some international flavor in the form of French, German, Japanese, and Spanish language options. That first foray into offering our interface in languages other than English was a huge step for us and for many of our customers all over the world, and we’re excited to announce that we’ve made further progress in making our dashboard accessible to a broader range of IT administrators with two new languages: Korean and Simplified Chinese.
These new options are available via the Preferred Language selector on the user profile page in the dashboard.
These certainly aren’t the last languages we’ll be adding, so stay tuned for future updates!
Imagine walking into a room full of your closest colleagues, only to see them huddled around a desk and crouched over a laptop with multiple routers on the side. Now imagine this room is not your office, but actually a hotel room in a completely different city.
And those routers? Those are but a small fraction of the devices still stacked up against the wall waiting to be configured. Your role? Getting ready to join your colleagues, not for a LAN party, but a Router Party.
IT team member configuring devices in a hotel in San Francisco in 2011.
For Randy Haan, Director of Infrastructure – Western Region at The Salvation Army, Router Parties occurred quite often, happening as early as 2007. In a webinar on March 22nd, at 11 AM PT, Haan was joined by a Cisco Meraki Product Specialist to share more about the need for Router Parties and what they were like, as well as how Meraki helped them transition from in-person configurations to a simple, easy-to-use dashboard.
The Salvation Army, a non-profit organization with the mission to “Do The Most Good,” is dedicated to feeding, clothing, comforting, and caring for those in need throughout the world. Haan, who oversees the Western Region in the U.S., manages a widely dispersed network that extends from Montana to as far as Guam. This poses a geographical challenge for Haan, as his lean team manages over 600 locations of thrift stores, youth centers, and elderly care facilities dispersed throughout the region.
Stacked devices to be configured in a hotel in San Francisco in 2011.
Haan hosted these parties to maintain consistency and accuracy for each of the device configurations. The team would be sent to a single location in cities like Portland, Phoenix, and San Francisco, where they would post up, un-box, and start configuring.
List of devices to configure during a Router Party in 2013.
There was always a large number of devices being configured for hundreds of sites, which meant the team was usually up “configuring boxes until 2 AM,” as Haan described it. But that’s what needed to be done. At the end of each Router Party, Haan and his team would re-box and ship them to each location.
Then one day, someone brought in a Cisco Meraki wireless AP. “It was cute and nice, but we were a full shop with the previous vendor at the time, and we weren’t willing to change that,” explained Haan. However, after they experienced a “catastrophic failure” of their network infrastructure, Haan decided to give Meraki a try.
Since then, everything has changed. By introducing Meraki, Haan not only changed the network infrastructure of the Western Region, but he also changed the philosophy and mindset with his team about what IT management meant, and how simplicity does not have to mean less powerful technology.
Today, The Salvation Army is a full Meraki shop with MX security appliances, MR wireless APs, and MS switches. They’re also trialing Systems Manager for enterprise mobility management, as well as MV security cameras. Watch our webinar from March 22nd at 11 AM PT, to hear from Haan about the unique challenges The Salvation Army faced, and how they use Meraki to build a reliable infrastructure and positively impact the business.