In October we introduced the new MR Advanced License and Upgrade License to provide additional protection on the Meraki MR.
But first, let’s take a step back and recall what DNS really is. It would be helpful to think of DNS as the phonebook of the internet. Every website has a specific IP address associated with it. For example, if Wells Fargo’s IP address is 22.214.171.124. DNS turns the human-readable address (wellsfargo.com) into a machine-readable address (126.96.36.199) and ensures that you always connect to the correct website. In this instance, Cisco Umbrella guarantees a user is safely routed to WellsFargo.com so that the user is not intercepted by someone else claiming to be Wells Fargo.
Globally, there will be nearly 549 million public Wi-Fi hotspots by 2022, a fourfold increase since 2017. In 2017, Wi-Fi accounted for 43 percent of traffic and is slowly becoming the primary means of connecting to the internet. It is estimated that with DNS layer protection, businesses could prevent between $150 billion and $200 billion in losses globally. DNS layer security becomes crucial in securing critical business traffic. However, network security has often been complicated, with multiple vendors, multiple licenses, and multiple dashboards leading to more problems than solutions.
Our new licenses offer customers an opportunity to buy Cisco Umbrella and Meraki MR with just one license. IT admins can now secure their wireless network by combining the power of Cisco Umbrella’s DNS layer security solution with the simplicity of the Meraki dashboard. The new MR Advanced and Upgrade licenses automatically enable Meraki-defined policies at the DNS layer across their entire network. With the new license, IT admins also get access to the industry-leading “Security Center” under the Meraki dashboard. This helps them gain granular visibility into blocked security events.
With Meraki MR and Cisco Umbrella, IT admins can protect users against internet threats like malware, ransomware, and phishing attacks by enforcing security at the DNS layer. This secures the “last mile” of a client’s internet connection, which can often be left exposed and vulnerable. The new licenses enable IT admins to deploy DNS layer security at scale, across multiple networks to create a simple and secure digital workplace.
Security is a top priority for people in IT. Everyone knows how important security is to an organization, its devices, and most significantly, its people.
While putting a firewall in your network is the first line of defense, another primary foundation to network security is the enforcement of access security policies. Permitting or denying access to specific resources establishes security in your network. For example, guests should not be able to access business servers. Organizations can have long lists of access policies, dictating who can access what. But how many organizations have a clear and concise policy list they easily understand, manage, and configure?
Access control lists are daunting in most environments. This is due to how access policies are built. Access policies are based on an IP architecture, where sources and destinations are defined by your network topology. While this works, IP-based access policies do not easily scale with large scale environments, businesses with distributed sites, and frequently changing organizations.
Most are familiar with policy lists that look something like this:
Would you be able to tell what these IP addresses represent? Is XXX.XXX.XXX.XXX your cloud server? Or the HR team?
The point is, it’s difficult to tell. It also becomes more troublesome as your business needs change, such as a growing business dealing with company acquisitions, a university expanding their campus with new sites, or a firm that’s redesigning their entire organizational structure. In every one of these cases, access policies must be re-configured to mirror the way the network topology changes.
What if access policies no longer needed to be dependent on network topology; no longer IP-based, and instead, based on the intent of the user, device, or service?
Today’s the day – we’re introducing Adaptive Policy.
*(Beta available H1CY2020)
Adaptive Policy is a new solution where revolutionary Cisco Security Group Tag (SGT) technology meets the most powerful Cisco Meraki switch hardware yet. This software feature addresses the shortcomings of traditional policy administration using Cisco SGT and the MS390. With Cisco SGT, numerical tags are used to profile users, devices, services, and time of access. Tags can be assigned using a RADIUS server like Cisco Identity Services Engine (ISE). When Cisco ISE is used, the tag is transmitted to all devices in the network — every packet is tagged and decisions based on the tag are made by the MS390.
How does Adaptive Policy actually work?
IT team creates an access policy whereby the sales team cannot access a product roadmap application.
When a salesperson connects their laptop to the network, Cisco ISE will authenticate the user using Active Directory, then assign a tag, let’s pretend, tag 4 for the salesperson. The MS390 will receive tag 4 sent from ISE and will then add the tag 4 to every packet coming the salesperson’s device. If the salesperson tries to connect to the product roadmap server, which only allows tag 5, the MS390 will deny the request. But let’s say the salesperson moves to the product team, the user profile changes based on Active Directory, and now this user can access the roadmap application without having to re-configure all the switches in the network.
This policy enforcement process has become scalable, effective, and automatic. Adaptive Policy utilizes Cisco SGT to determine traffic intent and can help scale and reinforce security for customers of any deployment size.
With Adaptive Policy, security is agnostic to network topology, making security orchestration and mass configuration changes consistent. Furthermore, instead of using IP addresses, we can now use natural language to determine how a policy is adjusted and implemented. Instead of seeing XXX.XXX.XXX.XXX, you’ll find yourself reading “Marketing team”.
Adaptive Policy is built with flexibility.
Adaptive Policy is a new feature built with a Meraki API-first strategy that will guarantee full consumption. Together with Cisco, we are able to provide interoperability with an open implementation of tagging, which means it won’t be tied to only one vendor. Thanks to Cisco SGT’s open and extensible technology, Adaptive Policy provides maximum potential across Cisco and 3rd party vendors, giving you flexibility for your networking needs.
MR customers can take advantage of Adaptive Policy too!
Customers who have Meraki MR access points (ac Wave 2 and above) but do not have the MS390 can still deploy Adaptive Policy. Under a hybrid environment, current Cisco Catalyst switch (3K to 9K series) customers with Meraki MR can implement Adaptive Policy utilizing inline-SGTs.
How can I enable Adaptive Policy?
Adaptive Policy is available as an advanced feature on the MS390. You will need the MS390 switch along with the MS390 Advanced licensing to enable this new feature.
To learn more about Adaptive Policy and the MS390 switch, watch the launch webinar or read the MS390 blog. Starting early 2020, you can also give Adaptive Policy a whirl by starting a free trial.
These days, network security has become increasingly complex and difficult to manage. IT teams are stretched to the limit securing users, devices, and applications. With more and more users bringing their personal devices to work, the steady adoption of IoT devices and the changing nature of businesses, network security and access policy are only going to get more complicated.
Generally, enterprise-grade hardware comes with enterprise-grade complexity. Configuring multiple solutions is time-consuming, challenging and error-prone. IT teams have to wrestle with multiple vendors, technologies and implementation consultants to get even the most basic access and security policies deployed. This leaves their networks exposed to vulnerabilities and filled with rigid, sub-optimal, and expensive hardware.
But with Cisco Meraki, IT teams no longer have to compromise.
IT teams can now combine the simplicity of the Meraki dashboard with the power of Cisco technology. Introducing the MS390, the most powerful Meraki access switch to date, which enables IT teams to deploy sophisticated access and security policies with ease.
MS390 features a stacking bandwidth of 480Gbps, improved physical stacking, StackPower, modular uplinks, and comes in both non-PoE & PoE capable models. Improved physical stacking provides faster convergence in case of failover and also offers higher stacking bandwidth. StackPower helps save costs through efficient power distribution and provides additional redundancy if needed. Modular uplinks provide hardware flexibility to address the changing demands of your network.
The MS390 is the only Meraki switch that integrates innovative Cisco switching technology which allow for the development of advanced features like Adaptive Policy. Adaptive Policy enables IT admins to segment user traffic on the network and apply access or security policies seamlessly. Since these policies are based on “intent” rather than cryptic IP-address based Access Control Lists, they are dynamic, error-free and adapt as new users join the network.
The Cisco technology on the MS390 makes Adaptive Policy and other advanced features possible, which makes the switch ideal for critical deployments across any organization with a need for advanced performance and easier user traffic management through segmentation.
To learn more about the MS390, take a look at the datasheet or sign-up for our live webinar on Meraki switches.
When Cisco Meraki released V0 of our Dashboard API in 2017, we recognized that a fundamental technology shift was on the horizon. Network programmability through APIs has since rapidly matured to become an integral part of a network engineer’s toolset, and a key innovation strategy for SaaS providers around the world. Earlier this year, the Cisco Learning Network in partnership with DevNet further cemented network programmability as mainstream by announcing a comprehensive Developer Certification track, packed full of programming fundamentals and APIs from Meraki and the rest of Cisco’s extensible technology offerings.
As Product Manager of our API and Developer Platform, it has been incredible to watch this transition take shape with our customers, partners and developers over just a few short years. We’re seeing consistent double-digit growth in active API users of our REST API, which has become a deep and essential part of our platform offering. From powerful python-based network orchestration at scale, to beautiful open-source visualization clients, to complete mobile applications, we continue to be delighted by the innovative solutions being shared every day by developers across our ecosystem via our open-source and turnkey marketplace collections. One thing’s certain – our API platform strategy is resonating with users, and we are just getting started!
In fact, in addition to producing a continuous stream of new APIs for getting data into and out of our cloud platform, we’re also hard at work building out V1, the next major release of our Dashboard API, slated for General Availability (GA) in Spring 2020….but we need your help! A vital part of any API-provider’s lifecycle begins with a trusted community of developers to test, discuss and provide real-world feedback and we’re therefore incredibly excited to announce the new Meraki Early Access Developer Program.
Interested? Read on!
This new program will offer a select group of developers the opportunity to help shape the future direction of our APIs by test-driving and providing regular feedback on new versions and features before they get released to the general public, beginning with alpha access to V1 of our REST API. If you are interested in applying, please visit our Developer Hub and complete the application.
We are excited to get the conversation started, and as always you can find us in the Meraki Community. Happy coding!
For years, ubiquitous connectivity and network security have been top of mind for our customers. E-payments, digital health and school records, digital loyalty programs and app user engagement have made secure and reliable connectivity mission critical for a huge percentage of Meraki customers around the world. If your local sandwich shop can’t accept a payment without a secure internet link, all of a sudden hungry lunch-goers everywhere feel the pain of even the shortest outage.
In order to maintain constant, ubiquitous connectivity, Wireless WAN (using cellular data for backhaul) is no longer a niche part of routing… business critical networks can use Wireless WAN for day zero connectivity, for high availability and for some as their primary WAN. That’s why we’ve launched the Meraki Cellular Gateway (MG), an IP67 rated cellular gateway with the simplicity of the Meraki platform. The MG can be paired with any Meraki MX, Cisco ISR / vEdge device, or any third party router to seamlessly deliver LTE connectivity… This is exactly what our customers are asking for, and I believe this will be our fastest launching product line ever.
Moving onto security, there was a time when implementing a robust firewall was considered sufficient to protect networks, devices and users. Those days are long gone now. At Meraki we take a thoughtful approach to network security, with a wide range of tools to protect users and applications without complicating the networks we’re trying to protect. Now I’m proud to share a significant expansion of our security offering that broadens protection for IT, for users and for devices.
It’s crucial to everyone’s security posture that we segment the network, controlling access to critical resources, while limiting the scope of a potential breach. To address this, we’re introducing Adaptive Policy, supported on our new and smartest switch ever, the MS390. With this feature IT teams can create and deploy advanced policies based on groups of users or devices without complicating the network. I believe this development will allow us to increase security in the network while simultaneously simplifying networks… I can’t tell you how powerful this is going to be.
We’re also adopting Cisco Trustworthy Systems, enabling us to ensure that the firmware running on Meraki devices is authentic, unmodified, and operating as intended. A related new feature, SecureConnect, enables a Meraki switch to recognize and authorize an AP as it’s connected, automatically deploying the correct security profiles.
Finally, our Systems Manager Team is releasing Trusted Access. Imagine truly secure BYOD, a means for devices to connect to a network without the need for a shared password or an installed device management profile. With Meraki Trusted Access there’s no more need to carry two phones, or go through the hassle of installing new profiles every time you change location.
This is a huge launch for us on the Meraki team, and really too much for me to do justice to in one blog post, so stay tuned for more on these powerful new features. As always, you’ll find plenty more detail on our website, and we can’t wait to get these capabilities into the hands of our customers. With these announcements I truly believe we can make security simpler, and networks more powerful.
We’re excited to welcome new additions to Meraki Go, a networking solution created by Cisco Meraki and built specifically for small businesses with fewer than 50 employees. Meraki Go is an easy cloud-based solution that allows business owners to self-manage the internet and Wi-Fi at their businesses.
The newest products—a security gateway and network switches–are entirely app-managed and do not require any recurring fees. For additional security, users can purchase a Meraki Go Security Subscription, powered by Cisco Umbrella.
Whether you’ve just started looking at Cisco Meraki, or you’ve been a partner or customer for years, you’ve undoubtedly heard of the Meraki dashboard: our one stop, full-featured, out of the box, auto-provisioning, simple-to-use interface for managing our cloud IT products.
Whether or not it’s on your radar today, our APIs could matter to your business. While many of our customers live happy, fulfilled lives without ever getting under the hood with these services, we’re seeing a sharp increase in the number of users (at all sizes of organizations) who turn to the Meraki cloud platform and APIs to solve significant business needs, including:
– Further automating network tasks (who wouldn’t like to offload as much tedium as possible?)
– Deploying Meraki networks in tight timelines
– Integrating third party technologies
– Pulling advanced reporting out of the Meraki platform for auditing
As our customers are increasingly tasked with MORE – integrating more, automating more, reporting more, surfacing more – we’re committed to helping more. By extending the cloud platform through our API services, we’re making dashboard experiences and data easier to automate, leverage, and tailor to your business needs. Plus, to better support developers at all levels, we’re dedicated to making the use of APIs a painless experience by providing clarity in our framework, sample code, and other resources (even drag and drop programming tools!) to help. We’re hoping the APIs will have your back when a business need or operational imperative emerges that a bit of coding can solve!
If you’re new to programming with APIs, join us in this on-demand webinar to learn more about what the API services entail, how others are using them, and what resources are available to help beginners get started.
There are so many things one could use the dashboard API to do – from automating network setup and management tasks, to creating more tailored alerts, to building custom reporting flows, apps, or experiences on top of Meraki technologies. With everything that’s possible and the source code available to get started, you likely have one or two projects you’ve been meaning to get to – but it can be hard to find time to write or compile the clean, reliable script you’d trust to push to production.
Wouldn’t it be easier if you could drag and drop commands into a task flow, and hire someone (or something?) to fill in all the boilerplate code around these actions?
Introducing our latest Node-RED project: the drag and drop tool of your dreams for building solutions with the Meraki Dashboard API! This project is the latest example of our commitment to simplicity across the cloud platform – making it easier for developers at all levels to work with the Dashboard API.
Node-RED allows you to easily drag and drop commands to create flows that do almost anything with the Meraki Dashboard API, and fills in all the “blanks” or boilerplate code around those actions for you.
The Meraki “node” is built using the Dashboard OpenAPI spec and includes every operation available in the API. It allows you to instantly start working with all of the Meraki API endpoints to start those projects you’ve been considering, such as:
Building an automation flow to provision or update a network
Using Meraki Webhooks to trigger events (such as a Tweet) or saving the alert into a database
Quickly building forms to create custom tools and utilities
Designing a custom dashboard to monitor your networks, devices and clients
…and the list goes on!
Check out our complete guide on this project to get started, or join us in this on-demand webinar, Meraki APIs for Beginners to hear more about this and other open source projects with Meraki APIs!
This August we released Episode 6 of the Meraki Unboxed podcast, where Product Manager Tony Carmichael and emcee Simon Tompson talked about all things APIs – from our product strategy and involved teams at Cisco, to some real-world examples of how folks are using APIs in the wild. To date, this has been our most popular episode of the podcast!
To give listeners more of what they love, we just released Episode 11, Putting APIs to Work – another session focused on the APIs, where MC Simon and I sat down with:
Nash King – Developer, Meraki Managed Services Provider (MSP) and Meraki Community ALL-STAR
Matt Denapoli – Developer Evangelist (and Meraki guru!) at Cisco DevNet
Tune in to this episode to hear a developer’s perspective on using the API and learn more about the Cisco DevNet team and partnership around Meraki API services. Also, hear firsthand about the upcoming DevNet certifications and your resources to up-level your career with this track!
Lastly, if you’re new to APIs and looking for ways to get started, take a look at this on-demand webinarto learn why we’re focusing so heavily on the programmability of the Meraki Cloud Platform, how developers from SMB to enterprise are using the API services today, and what tools are available to get started!
All links from this episode will be available in the Meraki Community – where we will keep the discussion going.
For the 119th U.S. Open Championship at Pebble Beach, Cisco delivered the most connected U.S. Open in history. With over 200,000 expected in attendance, the USGA wanted to provide new ways for fans to consume and share content, both on-site and around the world. As 156 golfers and hundreds of thousands of fans walked the course, Meraki provided first of its kind, course-wide Wi-Fi. This included wireless for indoor, outdoor, and the first-ever test of Wi-Fi 6 access points at a major sporting event.
“For the first time ever, thanks to Cisco, we had the confidence that our fans would be able to stay connected to all the action inside the ropes and with friends and family back home no matter where they went on the course.” – Amanda Weiner, Senior Director, Digital Media, USGA
Hundreds of access points were deployed in a matter of days to blanket an ultra high density environment, and close to 39TB of internet traffic was transferred during the event. 70,000 unique clients roamed across the four-mile long Pebble Beach course, during a nationally televised event with 32 million people watching.
While Meraki Access Points are deployed in stadiums, golf courses add several unique challenges. These include the size of the course, weather conditions, and variability of Wi-Fi hot zones. Physical mounting, directional antennas, and RF settings must be configured to ensure a seamless fan experience. In addition, high-density areas like the media center and U.S. Open merchandise tent needed to be carefully planned to ensure high performance. The onsite media center at the course required connectivity for over 2,000 daily unique clients.
With Meraki Wi-Fi as the first point of network access across the course, we were able to introduce a number of innovative features within our U.S. Open App and video boards to enhance the fan experience.” – Amanda Weiner, Senior Director, Digital Media, USGA
The visibility of the Meraki dashboard and simplicity of configuring Wi-Fi was critical in delivering the connected course. The team was able to detect hot zones, deploy and tune the entire network in under a week. New Wi-Fi 6 APs were installed to allow the high density merchandise pavilion on the course to transfer close to 3TB of data. We will be hosting a live webinar with USGA on October 22nd, to understand their technology strategy, and learn how the Meraki Wi-Fi network helped deliver a connected fan experience.