The Meraki MV camera eliminates many of the underlying costs and complexity of owning and operating video surveillance systems. The elimination of all physical components, other than the camera, is highly attractive to a wide range of organizations. This broad appeal leads to users with a diverse set of problems, often beyond the scope of the products current feature set.
Beyond the cross-product APIs available for the Meraki dashboard, there are currently no APIs or raw video feeds available for Meraki MV users. Camera configuration, video streaming, and analytics data are only available inside the Meraki dashboard.
By having a closed end-to-end system, we can ensure an exceptionally easy, enjoyable, and secure user experience. At its core, Meraki provides ease of use and simplicity. This is underpinned with a focus on solving customer problems first and building features second.
With these principles in mind, we need to work out what customers want to do with APIs. Collating these problems into categories we end up with the following:
Off camera storage, providing:
The first category covers the need for bulk storage or off-camera recording. We see two important uses for this type of functionality: The desire to retain video longer than is possible with edge storage, and instances where an off-camera or off-site backup is a mandatory requirement for compliance purposes.
MV’s architecture is designed for distributed storage and compute at the edge of the network, with centralized management and control in the cloud. Allowing customers to use an API to store video outside of this architecture eliminates the simplicity and cost reduction at the heart of the product. Once video leaves the platform, it is no longer associated with its metadata. This dissociation of context would leave customers with petabytes of unsorted raw video and a significant problem.
Meraki is already evaluating how to solve these two problems. Although the functionality is not yet available, its eventual design will ensure customers are not forced to become data scientists in order to manage their video. It will keep video within the Meraki ecosystem to ensure associated metadata is not lost.
The other category of problem that drives MV API requests is systems integration: integration with business systems such as Electronic Point of Sale (EPOS), physical security access control systems such as badge readers, and 3rd party video analytics.
By blending data sources together, further context can be provided to an event. When that can of soda from the EPOS transaction turns out to be a high value bottle of wine in the video footage, you know there is a problem. We are actively working with customers to define how we integrate with these systems and what a future API should look like.
Finally, it’s a simple reality that Meraki will not provide every variation of video analytics customers would want. Niche but high value problems are an area where third party analytics could be of great value. As with presence analytics on the Meraki MR wireless platform, in the future, we will offer out-the-box functionality beneficial to a wide range of customers, and when this is not sufficient, accesses for third party analytics such as with the location analytics API.
Meraki’s MV camera portfolio is still young, and as with our other products, we will release API access as it matures. This approach ensures we solve for simplicity first, and do not offload the hard work of feature development to our customers.
In the enterprise technology industry it is often common practice for important customers, partners, and industry analysts to be presented a roadmap. This long established tradition communicates the vendor’s goals and aspirations for their product, while setting the expectations for the recipient.
In a rapidly changing world this traditional approach can hamper the productivity of small, highly agile teams like those at Meraki. It can artificially force a focus on feature delivery, not on solving customer problems. To ensure the MV team can respond quickly to market changes and customer needs, the team follows a set of goals that help communicate the intent and vision for the future of the product.
The goals underpinning the development plans are split into three areas. These drive our internal discussions and allow parties external to the organisation to determine our priorities, taking the place of a feature by feature roadmap.
Cost reduction through architectural simplification
Firstly we must deliver immediate value. This must be simple to understand and easy to achieve. In the context of MV this is our architecture: centralized cloud control with video stored at the edge. Eliminating the Network Video Recorder (NVR) and Video Management Server (VMS) has immediate up front savings and continued operational savings.
Operational simplification through automation
Next we must ensure that customers benefit during day-to-day operations. An example of this goal is Motion Search’s elimination of the dull and highly time consuming process of reviewing video. MV processes all video on the camera and lets users quickly find the footage of interest.
Business value through intelligence
Finally, we look at how security cameras can offer value beyond their primary purpose. 90+% of recorded video is never viewed, but what if the camera can analyze what it sees without human intervention? Can a camera be seen as a sensor in the context of marketing or occupational safety? MV has not yet delivered in this area, but it is an area of intense interest that will shape the future capability of the product.
The recent launch of Meraki MV security cameras is just the first step on the road. As has been the case with the development of other Meraki products, early adopters of cloud managed technology continue to benefit from ongoing feature development. As Meraki continues to deliver solutions to challenging problems, so existing customers investment in Meraki continues to improve.
Providing up-to-date information to the right people at the right time has always been a fundamental driver of telecommunications technology. With Meraki MV security cameras it is exceptionally easy to provide situational awareness to first responders in emergency situations.
Due to its cloud architecture and browser-based interface, the MV system allows any number of police officers or firefighters access to video from any device with a modern web browser. This ability to gain situational awareness in just a few minutes can have a big impact on public safety when a crisis occurs.
Four major attributes of MV’s functionality enable this capability. The first is the automatic delivery of video to remote viewers through the cloud. This automatic cloud stream is dynamically created when the Meraki dashboard detects the user’s device can’t connect directly to the camera for instance, from outside of the building. This secure encrypted video delivery eliminates the need for a VPN and the associated complex configuration.
The Meraki cloud will automatically detect whether the viewing computer is in the same network as the cameras, sending video directly or proxying through the cloud.
The second is that because the cloud acts as a proxy for the video coming from the MV cameras, video is only streamed once from the camera to the cloud but many times from the cloud to the clients. This allows the system to scale in an emergency to allow for many first responders to have access to video simultaneously. This happens automatically and dynamically with no pre-planning or configuration required.
Video streams once from the cameras to the cloud, but can stream to multiple remote computers simultaneously.
Thirdly, the implementation of HLS for video transport means video can stream to any device with a modern web browser. In an emergency situation all you need is access to an Internet-connected device and a web browser: no special computer, no software to install, and no wasted time.
Finally, comprehensive access controls allow for login and video viewing privileges to only be assigned to those who should have them. These privileges can be integrated with existing user databases with Meraki’s support for SAML, or new access can be provisioned directly within a couple of minutes with just a user’s email address.
Combined, Meraki MV’s features offer a new level of capability and customizability when it comes to public safety. When making the right decision is paramount, the value of having rapid access to the right information cannot be overestimated. Contact us today to find out more about MV and to arrange a trial to test the technology for yourself.
The last couple of weeks have shown how vulnerable our connected world can be. Reports of a new wave of Distributed Denial of Service (DDoS) attacks at a scale beyond what has been seen before are attracting worldwide headlines. With traffic floods now reaching the terabyte scale, only those with global resources and deep pockets can withstand such an onslaught.
“The attack began around 8 p.m. ET on Sept. 20, and initial reports put it at approximately 665 Gigabits of traffic per second.”
KrebsOnSecurity Hit with Record DDoS – KrebsOnSecurity – September 21st 2016
Powering this new wave of cyber weaponry is the Internet of Things (IoT). A nascent breed of devices taking their steps into the world at a time where the value of something is dramatically amplified by its integration into the network. Unfortunately this rapid push to connect everything has not always been balanced with the rapid push to secure the underlying technology architecture.
“That cyberattack was powered by something the internet had never seen before: an army made of more than one million hacked Internet of Things devices.”
How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet Motherboard – September 29th 2016
One of the unwilling device types in these recent attacks are IP enabled security cameras. These cameras and recording systems are typically well connected and remotely accessed. When this is combined with poorly implemented web interfaces, default passwords, and a lack of cyber security oversight, systems are effectively waiting to be exploited.
“Attackers used an army of hijacked security cameras and video recorders to launch several massive internet attacks last week, prompting fresh concern about the vulnerability of millions of “smart” devices”
The Meraki MV Security Camera delivers on the promise of simple connected devices without security compromise. At the heart of MV is the same core software powering other Meraki devices like wireless access points and security appliances. This code has been honed over the last 10 years, battle tested in the most demanding of locations, and it provides the most secure control infrastructure of any security camera available.
All MV management traffic and video transport is encrypted by default: it’s not even possible to configure MV to operate without encrypted communications. Administrative access to the cameras is only available through the Meraki dashboard, an interface that can be secured with advanced technologies such as two factor authentication.
Beyond the individual devices, the Meraki infrastructure is housed in SSAE16 / SAS70 Type II certified data centres, undergoes daily penetration testing, and is covered by our security rewards program. These policies and processes allow us to meet the most rigorous of customer requirements, including the need to be PCI compliant.
The initial savings of a low cost or consumer grade security camera system may prove expensive later on. If it is trivial for cameras to be used to attack legitimate businesses and other organisations, how much extra effort would it take for someone to start snooping through those same cameras?
With the advent of National Cyber Security Awareness Month, the MV team will be posting more information on MV’s security architecture to highlight our commitment to a safe world of connected devices. Until then, for further information please contact us to find out more.
On February 9th we announced the launch of the latest access point (AP) to join the Meraki wireless portfolio, the flagship MR42. The MR42 is a 3×3:3 802.11ac Wave 2 AP that ushers in a new era of high performance, more efficient WiFi thanks to the inclusion of Multi User – Multiple Input Multiple Output (MU-MIMO).
In addition to this, the MR42 continues our strategy of completely integrated beacon and Bluetooth Low Energy (BLE) functionality. This sees the MR42 becoming our most technology advanced wireless platform, with four integrated radios and the latest 802.11 wireless standard, yet all in a sleek low profile design.
MU-MIMO allows wireless networks to more efficiently service the increasing numbers of phones, tablets, and other personal mobile devices. MU-MIMO does this by allowing the AP to communicate with multiple devices concurrently, rather than consecutively.
With Single User MIMO (SU-MIMO) the AP can use the multiple spatial streams to send a large amount of data to clients that can receive all these streams. Devices such as laptops could support two or sometimes three streams, allowing for high speed connections. Unfortunately smaller mobile devices like phones can typically support only one stream, and thus can’t take advantage of this capability.
MU-MIMO solves the problem of devices being unable to use all these spatial streams. The AP can use the individual spatial streams to send separate transmissions to distinct clients simultaneously. This increases the total network performance and improves the end user experience, especially when large numbers of devices are connected.
The addition of MU-MIMO complements Single User MIMO (SU-MIMO) rather than replacing it. An AP can choose the best way to transmit: simultaneously to multiple devices as efficiently as possible, or consecutively to individual devices as fast as possible. It is now time to wave goodbye to slow WiFI.
Are you looking for a next generation wireless solution that can future proof your network against the growing demands of your users? Then there is now one clear choice, the cloud managed Meraki MR42 AP. To find out more details you can visit the product page or listen to one of our launch webinar recordings.
Meraki Systems Manager continues to offer extensive functionality for Apple platforms. Only recently we announced same day support for iOS 9 in conjunction with a new strategic joint development partnership between Cisco and Apple. We continued that story with the launch of extensive new features for Systems Manager on February 9th. In this particular post we are going to explore the Apple specific elements of that launch.
With MDM it has always been important to make sure you keep the users informed. This ensures they attribute changes to their device to administrative control and not to a fault. The iOS Wallpaper functionality of iOS 9 offers a great way of keeping users informed, while also offering branding and user experience options.
The Lock and Home page Wallpapers can be configured independently or together with a simple drag and drop. The reason that changing the Wallpaper with Systems Manager offers a great way of interacting with the user is because it can be tied to tags. This means that the Wallpaper can change dynamically based on various events, for example based on the person using the device or its posture.
FileVault disk encryption
Information is the lifeblood of any organization, with the securing and management of this data under increasing scrutiny. Encryption of information on portable devices such as laptops is frequently being mandated in regulated industries such as health care. The loss of confidential or private information can lead to stiff penalties, brand damage, and dented consumer confidence.
FileVault in OS X provides strong data security with full disc encryption using AES. With full disk encryption, data on a mislaid or stolen device is useless to the unauthorised recipient. Systems Manager now supports FileVault disk encryption management, and in typical Meraki fashion, has been made as simple as possible.
The difficulty associated with disk encryption is not typically with encrypting data but in decrypting it when required. For example, when an employee leaves the organization it may be necessary to access the customer data on their device. If the password or recovery key has not been provided by the departed employee, then the data is lost forever.
Systems manager supports all three methods of FileVault data recovery: an institutional recovery key, a personal recovery key, or both simultaneously. Institutional recovery keys are transparently managed by the Meraki cloud ensuring they are never lost. More information on FileVault 2 can be found on our documentation portal.
OS X system preferences
To top off the list of Apple functionality added in this Systems Manager launch there are now 35 new OS X system preferences to play with. This includes things such as control of Security & Privacy settings, Software Updates, and Parental Controls. Further information on these OS X systems preferences is again located on our documentation portal.
The new features for Apple platforms included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you can upgrade to the full version by simply contacting our sales team. The full version includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
Excited by the new content in this systems manager launch? We are! The team will be highlighting these features and more in upcoming Systems Manager webinars. Alternatively if you can’t wait to get started, contact us to begin a no risk trial and we will help get you up and running.
The Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) arena is an exciting technology field with rapid innovation across a wide breadth of platforms. On February 9th we announced the launch of a host of new Systems Manager (SM) features and functionality for these platforms, and as part of this release SM now supports Android for Work.
This provides a major boost to the manageability of Android devices as it makes it much simpler for employees to use their own device for work. It does this without ceding the user’s control of their personal device, while allowing the organization to ensure appropriate security.
An example of one of the areas where functionality has been significantly extended over existing Android controls, is in the area of restrictions. There are now three new categories of Android restrictions available in SM, in addition to the previously available ones. Keyguard restrictions help secure an Android device when it is locked. Although you may be confident your data’s security when the device is locked, information could still leak out without the correct keyguard settings, for example a notification that displays the content of an SMS even when the device is locked. With keyguard restrictions you can now disable any or all of the following items:
All keyguard features
In addition to keyguard controls, an administrator can now also apply restrictions to other system areas. One brilliant addition is the ability to prevent users from installing applications from unknown sources. With the prevalence of malware and other dangerous apps in the Android ecosystems, allowing users to turn off this safety net is often not desirable. This control lets the administrator decide. The complete list of system restrictions we are announcing in this launch is:
Prevent Android Debug Bridge (ADB) access
Prevent installation of apps from unknown sources
Prevent uninstalling of apps
Prevent app control
Enforce application verification
Disable screen capture
Disable volume adjustment
Disable factory reset
Along with the new restrictions, there is now containerization with separate Google Play stores for personal and work apps. This allows separate instances of identical applications to be isolated within the appropriate personal or work container. For example you can have two instances of Gmail with one configured for personal use and the other configured for IMAP access to a corporate mail server.
Administrators can now be confident in the knowledge that corporate data can be erased with the removal of the work app from a device, and users will be reassured that their personal data won’t be affected. A complete wipe of the work profile removes all the contained applications and data meaning off boarding employee devices is straightforward and secure.
Android for Work and the other new features included as part of this launch are available today. If you are a Systems Manager Legacy customer interested in these new capabilities, then you will need to upgrade to the full version. This includes a wealth of features on top of those mentioned in this post, with further information available on the Systems Manager licensing page.
More information can be found on our documentation portal, with upcoming Systems Manager webinars highlighting these features. Alternatively contact us to begin a no risk trial and we will help get you up and running.
One of the trends of 2015 was the enthusiasm we saw for Meraki t-shirts, especially from participants at the many events we attended. More than just free ‘schwag’, the Meraki t-shirt seems to have a greater appeal, with more than one person telling us it was their favorite tech shirt. The combination of bold green color, modern design, and Meraki brand stands out in a way which has caused complete strangers to stop us in the street to talk about Meraki.
However this is not the whole story, and we will admit to an oversight in last year’s t-shirt inventory planning. We had only a small number of bright green Meraki t-shirts manufactured, with the rest in a patterned grey.
For those not familiar with the technicalities of the Meraki brand, the green shirts were dyed to match the exact Meraki green, known as Pantone 368 U. This bold and vivid colour was thought to be too intense for day–to–day wear, and we only made enough for event staff. The grey variant was picked as our choice of shirt giveaway for the 2015 event season.
As it turns out, we could not have been more wrong in our assumptions about people’s desire for bright Meraki green shirts. The number of people asking to switch their shirt from grey to green became so numerous we lost count, but we did listen and have heard you loud and clear. With that, we are excited to launch the brand new 2016 season Meraki t-shirt, custom dyed Meraki Pantone 368 U green!
Would you like to get your hands on a pure Meraki green t-shirt? If so, then you should put a date in your diary to come visit us at one of the many events we are attending this year. The next opportunity to bag your ‘schwag’ is Cisco Live! Berlin. An extensive team of Merakians will be in attendance for presentations, demonstrations, and meetings. Find out more by reading this blog post.
As 2015 comes to a close and the winter weather sets in, the Meraki team have been planning the many exciting events we will be attending next year. One of the big events kicking off the year is Cisco Live! in Berlin.
Along with an extensive presence in the world of solutions, a number of members of the Meraki team will be running sessions throughout the week. This is a fantastic opportunity to hear the latest product updates, get detailed information on feature functionality, and expand your cloud managed networking knowledge. All speaking sessions will be presented by experts from the product marketing team, and in typical Meraki fashion will be in an engaging and interactive style that includes live demonstrations.
If you’re planning on coming to Cisco Live! and would like to attend one of the Meraki sessions, we suggest you sign up as soon as possible to secure a place. Meraki sessions at last years Cisco Live! in Milan were exceptionally popular, with a queue for last minute places. To easily book your spot, visit the Cisco Live! Berlin content catalog page for Meraki here.
Intermediate – Cloud-Managed Mobility with Meraki Wireless and MDM [BRKEWN-2002]
George Bentinck, Solutions Architect
Tuesday, Feb 16, 11:15 a.m.
Session Length: 1 hr 30 min
This session will provide a recap of the Meraki cloud architecture and an in depth look at the latest Meraki WLAN offerings. Accompanying this will be an extensive look at managing mobility in the enterprise, with detailed discussion of mobility security and integration of MDM and EMM into WLAN. The session will be a mixture of slides, demonstrations, and audience interaction.
WiFi meet Beacons meet MDM with Cisco Meraki [BRKEWN-2066]
Simon Tompson,Technical Evangelist
Thursday, Feb 18, 2:30 p.m.
Session Length: 1 hr 30 min
A lot has been happening in the world of Cloud Managed Wireless. Join the Cisco Meraki team to learn about the very latest portfolio developments in the world of 802.11ac WiFi, Location Analytics, BLE Beacons, and integrated MDM policies.
Cloud-Managed Security for Distributed Networks with Cisco Meraki MX [BRKSEC-2055]
Joe Aronow, Product Marketing Manager
Wednesday, Feb 17, 11:30 a.m.
Session Length: 1 hr 30 min
Meraki’s cloud managed networking portfolio includes out-of-the-box centralized management capabilities to help administrators secure distributed networks. This session will provide a product update on the Cisco Meraki MX security appliance with an emphasis on new and existing security features. The session will feature a live demo of key security capabilities such as the new IWAN features, SourceFire IPS/IDS, Malware Protection, and more.
Building Scalable, Flexible Enterprise Architectures with Cisco Meraki [BRKCRS-2101]
Simon Tompson,Technical Evangelist
Friday, Feb 19, 9:00 a.m.
Session Length: 2 hr
The simplicity and flexibility associated with cloud managed networking isn’t limited to small and medium sized organizations. The Cisco Meraki product family helps customers to easily build and maintain scalable, resilient networks containing thousands of devices with enterprise-class performance. During this session we’ll walk through the management tools, features and architectures available across Cisco’s popular cloud managed portfolio of wireless, switching, security and MDM products, demonstrating how customers can scale with confidence.
Cisco Enterprise WLANs: understanding all the solution options and required technology details [TECEWN-2016]
George Bentinck, Solutions Architect, Meraki
Aadil Hassim, SE, Cisco
Gerhard Jaeggle, SE, Cisco
Maren Kostede, Systems Engineer, Cisco
Monday, Feb 15, 9:00 a.m.
Session Length: 8 hr
This technical seminar is a deep dive into the different options that you get for a full Wireless Network design at Cisco. It includes all necessary baseline knowledge to understand 802.11 and WiFi important differences with wired deployments, details and comparisons between Cisco Unified Wireless Network (CUWN), Converged Access, Mobility Express, private-cloud deployments (FlexConnect) and public-cloud based networks (Meraki). We will look at the key building blocks of all solutions, including licensing and management, as well as where it fits best in your network (campus, branch offices, managed services for small enterprises), and compare them with other Wireless LAN vendors’ offerings on the market. We will also be highlighting some key advanced features of the Cisco Wireless solutions, and showcase use cases where each architecture has its own place.
One of the most popular capabilities of our MX security appliances and MR wireless access points is their ability to control what is going on in the network. This can be accomplished via a whole range of built in features such as Layer 7 traffic shaping, Layer 7 firewalling, intrusion prevention, malware scanning, and content filtering. Importantly these features can be easily applied in varying ways to different devices or users with the creation of custom network policies.
Known as Group Policies, these customized network rules prevent network administrators having to enforce a ‘one size fits all’ policy. They can make the network fit their users’ requirements, rather than the other way round. As is typical of Meraki feature design, the simplicity of configuration makes deploying it achievable and not an unattainable dream.
However, what if we could make this even simpler to implement? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry Policies enable dynamic updates to a client device’s assigned Group Policy based on contextual information gathered by the Systems Manager MDM. Now your firewall, traffic shaping, or content filtering rules can be automatically updated based on changes to a device’s security posture, logged-in user, or even location.
Sentry Policies are automatically made available when Systems Manager is deployed with Meraki network equipment. Due to the unified Meraki cloud management architecture, no complex integration or further configuration is required. If you can’t see Sentry Policies in your dashboard, then you are running an older version of Systems Manager. Click here to find out how to upgrade.
For one example of how Sentry Policies can be implemented,consider a content filtering deployment in an education environment. The multi-user authentication capability of the Systems Manager app allows devices such as iPads to have unique apps, settings, and restrictions per student. When a student logs into the device, Sentry Policies can trigger a content filtering policy change on the MX suitable for that class’s age group or subject. This is done without any teacher or administrator intervention.
For security conscious customers, Sentry Policies can also be used to control network access. When a device is detected that is jailbroken or has an undesirable app installed, Sentry can implement firewall rules in the access points to block that device’s connectivity to sensitive corporate resources. Again, this requires no administrator intervention.
Systems Manager Sentry is unique in the way it enables automated security and simplified IT operations by unifying network and endpoint management. To find out more, sign up for one of our advanced webinars covering the Sentry feature set, or contact us to get a live demonstration.