Readers of this blog will be excited to learn that Meraki has recently launched a new WiFi solution for small businesses in single-site locations. Today, we are introducing Meraki Go, a set of WiFi access points tailor-made for small and home businesses, with features to get a business going, all managed by a new easy-to-use app.
Meraki Go enables small business owners to manage their own WiFi needs. With a simple guided onboarding process, users can configure multiple WiFi networks in minutes. This allows shops, restaurants, and cafes to segment their guest and corporate traffic for added security. Meraki Go users can also quickly set usage limits on applications, and block clients from accessing certain websites. This way, small offices with limited bandwidth can prioritize business traffic, and make sure video streaming doesn’t get in the way of work.
As Meraki expands our product offerings, we want to make sure that we’re listening to the needs of our users. This is why we have built the Meraki Go experience from the ground up. With features made for business but an app designed for humans, Meraki Go has the best of both worlds, and we’re excited for you to try it.
All Meraki Go access points will require a subscription (1, 3, or 5 years), which provides access to in-app support, as well as security and app updates.
Check this out on meraki-go.com today, or watch our launch video below.
The pace at which new security threats are being introduced and propagated online has reached exponential levels, gaining speed with each passing year. Organizations have more locations and devices to protect, and threats are using many different ports to try to gain access or exfiltrate data. Security teams are often understaffed and struggle with complex, siloed systems that do not integrate or share intelligence in a programmatic way. These teams need solutions that are easy to deploy, simple to manage, can scale exponentially, and can integrate with other tools.
Securing your wireless users from malicious attacks — particularly these “DNS blind spots” that exist in many networks and are exploited by 97% of advanced malware — is of paramount importance. Unfortunately, recent surveys indicate that 75% of organizations do not actively monitor and apply security for DNS.
It is within this context that we are excited to announce support for integration between Meraki MR wireless access points (APs) and Cisco Umbrella (formerly OpenDNS).
Umbrella is the industry’s first secure internet gateway, a cloud-delivered first line of defense against threats like malware, ransomware, and phishing. Umbrella enforces security at the DNS layer by identifying requested web domains hosting nasty stuff — malware, phishing, etc. — and block end user access to them. Umbrella also enables more secure DNS querying through a tool called DNSCrypt, which automatically encrypts DNS queries between your network and Umbrella’s servers, effectively eliminating the chance that your queries will be the victim of eavesdropping or man-in-the-middle (MITM) attacks. This secures the “last mile” of a client’s internet connection, which is often left exposed and vulnerable.
There is no additional cost or charge for taking advantage of this integration (which is available to all Meraki wireless customers who have upgraded to our latest MR26.x firmware), but Meraki wireless customers who wish to integrate with Umbrella will need a separate Umbrella license and account with that service.
Enabling Umbrella integration
So, what does this mean for admins of Meraki wireless networks? This integration with Umbrella enables Meraki admins who obtain Umbrella licenses (WLAN, Professional, Insights, or Platform) to seamlessly assign DNS filtering via Meraki group policy or SSID to specific subsets of wireless clients, or to them all.
Enabling Umbrella integration takes only a few steps. First, the Meraki and Umbrella dashboards must be linked via the Umbrella Network Devices API key. Once this API key is generated from within the Umbrella dashboard, it needs to be copied into the Meraki dashboard by navigating to Network-wide > General.
Enabling Meraki + Umbrella integration within the Meraki dashboard.
Once the Meraki and Umbrella dashboards have been configured, linking a Meraki SSID or group policy to an Umbrella security policy is easy (note: Meraki group policies must be set to use ‘Custom SSID Firewall & Shaping Rules’ to link an Umbrella policy to them). After this initial setup, a unique identifier is generated behind the scenes for the specified Meraki SSID or group policy and is used by Umbrella to determine how to evaluate traffic from that Meraki network moving forward.
To link a Meraki SSID to an Umbrella policy, navigate to the Wireless > Configure > Firewall & Traffic Shaping section of the Meraki dashboard. There, you will find a button to link Umbrella policies.
Linking an Umbrella policy to a Meraki SSID.
By default, the last policy physically listed in the Umbrella dashboard’s ordered policy list will be inherited by a Meraki SSID unless a different policy is selected from the dropdown list.
To link a Meraki group policy to an Umbrella security policy, navigate to the Network > Configure > Group policies page in the Meraki dashboard and choose the specific Meraki group policy that you want to link. Under the ‘Layer 7 firewall rules’ section of that policy, you’ll be able to choose which Umbrella policy you’d like to apply.
Applying an Umbrella DNS policy to the Meraki ‘VIP Umbrella Clients’ group policy.
Once a Meraki SSID or group policy has been successfully linked to an Umbrella security policy, clients connecting to that SSID or who have been applied that group policy will have their DNS queries encrypted (if the AP supports 802.11ac) and verified against the corresponding Umbrella policy. Encrypting DNS queries between Meraki APs and Umbrella DNS endpoints helps secure the ‘last mile’ of client web browsing and protects against devastating MITM attacks or packet snooping that can reveal which websites client devices are browsing.
An example Umbrella policy may prohibit access to known malicious web domains or websites that host specific types of content, like gambling or peer-to-peer domains. If the client’s request for access to a given website is allowed, Umbrella will return an encrypted DNS response with the appropriate IP address. If the request is denied, then an encrypted DNS response pointing to the Umbrella block page will be returned instead.
Taken together, Meraki wireless and Umbrella integration provide a significantly more robust security framework for IT admins looking to protect clients from web threats in a more proactive way. Instead of waiting for a malicious site to infect a machine and then using tools like antivirus to detect and remediate, Meraki MR customers can rest easy knowing that they are protected from ever reaching harmful sites in the first place.
Interested customers should contact Meraki Support to have this feature enabled. This feature requires an early-release MR firmware version that can be enabled with Meraki support assistance.
When Portland-based Stumptown Coffee Roasters needed a security camera and monitoring solution for their distributed and rapidly growing operation, they quickly settled on Meraki MV. Stumptown was already using Meraki wireless, switching, SD-WAN, and networking security solutions in their retail environments, so exploring security cameras was an easy decision for Travis Luckey, Stumptown’s former Director of Technology. With their core focus on product quality, Stumptown’s team found real value in having the ability to monitor remote sites and processes while also minimizing the need for onsite visits and troubleshooting. Their cafes and roasting facilities are scattered across the U.S., making centralized management, ease-of-use, and straightforward monitoring from any geographic location key features of the solution they would need.
Stumptown’s headquarters are in Portland, along with some major operations facilities and cafes, but they also have facilities in New York City and Los Angeles, plus a distribution center in Seattle.
They needed a solution that would cut down on installation and configuration time while allowing the team to manage the entire operation from a centralized and/or remote location, if needed.
Luckey’s team loved the Meraki IT solution and wanted a camera solution with the same benefits.
The IT team wanted to be able to give different levels of camera access to various members of the executive, management, and respective operational teams.
Existing legacy systems were selected and installed ad hoc by local managers over many years, making it difficult to manage everything.
“Meraki cameras gave us the ability to deploy nationwide and centrally manage a single product platform for security footage.” – Travis Luckey, Director of Technology
An MV71 deployed at Stumptown’s Southeast Portland cafe and roastery location
The team installed over 50 indoor and outdoor Meraki cameras.
The company has standardized on Meraki cameras for their nationwide deployment.
MV cameras are used for both retail security as well as monitoring distribution centers (ten locations in total).
Anywhere from two to four cameras were installed at each site alongside a full stack of Meraki networking gear.
The IT team loved that there was no DVR infrastructure to install.
“[It’s so easy]…most junior level IT staff are able to do just about all of the configuration and management across our entire Meraki deployment.” – Travis Luckey, Director of Technology
A small number of dedicated IT staff are able to monitor locations all around the country with minimal training time.
Installation is easy enough that the IT team can stage cameras and then ship them to a non-technical Operations Manager for installation, at which point the IT staff helps walk them through the physical deployment.
Both Tier 1 technical staff (IT, technical operations, systems administrators) and Tier 2 non-technical staff (Operations, Retail Managers, and company executives) are able to have differing levels of access to video pertinent to their respective roles.
During a footage recovery exercise following a bank robbery near a Stumptown location, administrators were able to pull video footage in a matter of minutes; the police officer told Travis this was one of the easiest footage recovery cases he had ever worked on.
The IT team now has full visibility into the full deployment from coast-to-coast and can troubleshoot any potential issues with cameras or the network before they grow into bigger business problems.
Firmware and security updates roll out seamlessly, with little to no effort required by Travis’s team.
Using Meraki cameras, plus the rest of the Meraki networking portfolio, has changed the Helpdesk staff’s roles dramatically. They spend significantly less time troubleshooting, and more time on new projects. The change has been so dramatic that they have changed their titles to IT Business Partners.
“It was really remarkable how easy it was to troubleshoot a potentially business-interrupting problem. I fell in love with the platform at the moment I realized that.” – Travis Luckey, Director of Technology
It’s hard to believe, but IFSEC 2018 is just around the corner, and the Meraki team will be back for a second year. From 19 – 21 June, stop by Booth D520 at ExCeL London to chat with the team, ask for a demo, and see some of the newest MV security camera developments and feature releases in action. Get hands-on with MV12 hardware and see the tiny camera that’s shaking up the surveillance and video analytics worlds with built-in computer vision and machine learning.
The Merakians staffing the booth will be happy to answer all your burning questions about the rest of the Meraki portfolio as well!
Imagine managing your school’s security cameras from an intuitive, web-based dashboard with no NVR, no software downloads, and secure remote access to video footage from anywhere. Sound too good to be true?
Cisco Meraki MV security cameras are changing the way schools think about video surveillance. With Meraki MV, schools can keep students safer by proactively helping with threat detection and security and IT teams can make informed decisions with integrated analytics, which require no servers. MV is easy to deploy and manage, and specifically built with lean IT teams in mind. Here are five reasons why you should consider Meraki MV security cameras for your school or campus’ next deployment:
Simple Deployment: Withzero-touch deployment, using just serial numbers an administrator can add devices to the Meraki dashboard and begin configuration before the hardware even arrives on campus. Ship cameras directly to each school site and have them up and running quickly.
No NVR: All of the video footage is locally stored and encrypted on the camera, removing the need for expensive and complicated NVRs or DVRs. This not only adds additional security, but allows for simple camera deployment and management. It also means districts can easily scale from one school deployment to 50, without breaking a sweat.
Web-Based Monitoring:Manage your security cameras from thesame intuitive, web-based dashboard where you manage the rest of your Meraki products. MV removes the need for a security monitoring room or complex VPN configuration; all you need is a web-browser to watch and monitor video footage. Easily make custom video walls and find important events with Motion Search all from the dashboard. Plus, the dashboard cuts down on training time for the administrators and staff interfacing with the system.
Granular Access Controls:It’s not just the security guard who needs access anymore. From the principal or president down to the teacher or custodian, give different people customizable levels of access to all of the school’s cameras, or select cameras by tag, in just a few clicks.
Built-in Analytics:MV goes beyond just security; it utilizes a powerful onboard processor to analyze video and provide valuable insights without the need to send those video files to the cloud or a local server. Easily see where students are congregating or walking with motion heat maps. Detect how many people are in a classroom or hallway with people detection.
Schools across the world are deploying Meraki MV to simplify security camera management and keep their students safer. At Reading School District, CR Hiestand and his team use the Motion Search tool to isolate incidents and find what they are looking for in under 20 minutes, rather than searching through hours of video footage. Plus, security guards, principals and school administrators can view footage from a tablet or PC, without having to go to the video monitoring room. At Sweet Briar College, Aaron Mahler has indoor and outdoor MV security cameras deployed across the campus to keep students safe, while providing network admins with an easy to manage solution through an intuitive web-based interface they can access from anywhere.
From May 9th until October 27th, 2018, Meraki is offering exclusive pricing for MV security cameras for education in the United States. Just contact your Meraki sales rep to get started!
Since Meraki launched the MV family nearly a year and a half ago, the wishes coming in from the Make a Wish tool in the dashboard have not stopped flowing. One of the most consistently requested features? Motion alerts. Today, this handy tool is available across all MV hardware models.
Whether for keeping tabs on valuable merchandise in a retail store, increasing the efficiency of a shipping and receiving dock, or keeping school grounds clear of trespassers, motion alerts have enormous business potential across all verticals. The engineering team behind MV has created an exceptionally straightforward way to implement alerts and we can’t wait to see how our customers use them.
Once a camera’s alerting schedule, minimum event trigger length, and alerting region have been selected, alert behavior can be configured on the Alerts page (alongside offline device alerting). The default alerting email(s) can be used, or add a motion-alert-specific email address for more granularity.
Each alert generated by the dashboard will link directly to the relevant video clip, no manual video scrubbing needed. Take a peek below.
Pro-tip: most major mobile carriers allow you to send emails to an SMS phone number (see the list of phone number “conversions” by carrier below). Take advantage of this “hack” in the dashboard to get motion alerts sent directly to a mobile device as a text.
A little over a year ago, Cisco Meraki launched a brand new product category and expanded its portfolio to include security cameras. The introduction of MV brought a revolutionary architecture to the physical security world, placing video storage and processing onboard each camera. Today we are announcing MV12, representing the next leap forward in security cameras and advanced video analytics.
Unlike many other video analytics solutions that require bulky servers, expensive software, and oftentimes dedicated camera hardware to operate, MV12 stays true to Meraki’s core values by offering an all-in-one solution. By taking advantage of the same hardware that powers many of the world’s smartphones, and placing one on every single camera, the heavy lifting of analyzing video happens at the edge–not in the cloud or on a server.
What does this mean in terms of functionality? At launch, MV12 will already be implementing machine-learning-based computer vision, which are just fancy words describing the cameras’ ability to detect people (not to be confused with “facial recognition,” which ties images to unique identities) and get more accurate over time. MV12 uses this functionality as the foundation for tools like people counting. But best of all, this is just the starting point for a multitude of functionalities that can be implemented on the MV12 platform.
Plus, the same standard license introduced with MV21 and MV71 gives users access to every part of the dashboard, providing not just the analytics piece but also the ability to configure, manage, and monitor a global deployment of cameras from anywhere in the world. This makes MV12 extraordinarily scalable, efficient, and cost effective for a multitude of deployments.
The new product family also brings an exciting laundry list of additional hardware features and enhancements:
API: Application Programmable Interface. For those in the know, this term is as everyday as “the cloud,” “app store,” or “WiFi.” For those not in the know, however, it might as well be an excerpt from a language belonging to an undiscovered species of extraterrestrial life.
You might Google what an API is and you’ll probably get a result along the lines of “allows one piece of software to interact with another piece of software.” Although technically accurate, this description barely scratches the surface of the huge possibilities that lie behind this humble three-letter acronym.
One of the most straightforward analogies for APIs likens it to the classic shape-sorting toy box. The shaped pieces such as triangles and squares can be considered data and the lid, the interface. Shapes can move in and out of the box through the correct hole in the lid. Similarly, an API expects data in a certain format and its interface will reject it if it falls outside of this.
Each software vendor that provides an API will have its own custom shaped pieces (data), lid (interface), and set of rules that govern their interaction.
Great…but why all the hype?
APIs allow developers to code a new program or app incredibly quickly. Rather than having to develop an entirely new app from scratch, developers can leverage existing data and processes, and simply code in additional customization. In this way, an existing app can be used (via APIs) to create a new one to satisfy a unique variant of the use case the original app addressed.
Let’s consider an app called Citymapper. Although its functionality is now largely similar to Google Maps, thanks to some updates to the latter, it was quite novel when it first appeared on the scene a few years ago. Citymapper leverages Google Maps (and all its data and processes) via APIs to provide routes from A to B in select cities around the world but also provides all the real-time transportation options available for the given city such as train, bus, walking, taxi, etc. Citymapper’s developers would have found it almost impossible to code the app if they had to code a substitute for Google Maps too. Additionally, Citymapper doesn’t have to worry about the gargantuan task of keeping the map data up to date.
What’s the deal with Meraki APIs?
From our very beginnings, our fundamental focus has been the extreme simplicity and usability of the Meraki dashboard. In some specific use cases, however, avoiding complexity is… unavoidable! In trying to add functionality for specialized and unique use cases, we would potentially compromise the very simplicity that we’ve worked so hard to synonymize ourselves with.
The Meraki API strategy
Our strategy to address these outlying applications, without complicating the beautiful simplicity of the dashboard, is to invest heavily in open APIs while continuing to develop functionality directly in the dashboard to solve customers’ common problems. This allows our customers, partners, and developers to extend the reach of the Meraki platform to build more specialized use cases.
Change the game
A closed software platform can be thought of like a board game: it has a fixed set of rules and options leading to a fixed set of scenarios or outcomes. If you get bored of a particular board game or outgrow it, then there’s only one real option: move on to a different board game. And so the cycle starts again.
In contrast, a software platform with open APIs, like Meraki, can be thought of like a deck of cards. A deck of cards isn’t constrained by a fixed set of rules. With one deck of cards you can play dozens of variants of poker. If your audience doesn’t know how to play poker or prefers a different game, that’s not a problem. The same deck can be used to play blackjack, solitaire, rummy, go fish… you could even invent your own game! The options are endless.
The same is true for the Meraki dashboard with its open APIs. The dashboard natively collects huge amounts of data about clients, location, application usage, etc. While there are ways to manipulate this monitoring information within the dashboard itself, the possibilities open up exponentially when you can export this information in real time. And even more so when you couple this with the ability to execute configuration commands through APIs.
Meraki customers, partners, and developers are using the open APIs to expand the use cases of the dashboard: from rolling out sophisticated loyalty programs integrated with CRM systems, to developing wayfinding apps relying on the location information captured by Meraki APs, to automating Meraki network provisioning across thousands of locations in the matter of minutes.
Get involved Meraki is committed to helping developers get up to speed with Meraki APIs to create novel ways to expand the potential of the dashboard. Get started with Meraki APIs, learn about real-life applications, complete labs, and download sample code at the Meraki developers site.
Free gear We’re giving away $1M of Meraki equipment to developers who are eager to get hands-on with the APIs. Get your free kit here.
Stay up to date Our engineers are continually adding new APIs for the dashboard. Check out the latest list directly in the dashboard (Help > API docs).
Grab, a leading technology company that provides transportation and ride-hailing solutions across Southeast Asia, offers a wide portfolio of transportation solutions ranging from a network of taxis (GrabTaxi) to private cars (GrabCar) to a two-wheeled option to beat the traffic (GrabBike).
This growing organization is dedicated to solving real-world transportation problems, and to that end, Grab is consistently expanding to new cities across the region. In our upcoming webinar on October 5, 11:00 AM (Singapore time), Kevin Lam, Grab’s Regional IT Networks Manager, will share his experience setting up networks at new offices in new countries, which is key to the company’s growth. Each branch office is crucial to supporting the local operations of the drivers. Lam chose Meraki because it could be deployed quickly and easily at branch offices.
During the webinar, Lam will share why Grab chose Meraki for their regional expansions. With advantages such as rapid deployments, simple management, and an easy-to-use dashboard interface, Lam can now deploy the network at new sites and offices in minutes.
Topics that will be covered in this webinar:
How Lam and his lean IT team manage everything from wireless, desktop support, server maintenance, data security, and network management
How the Grab team deploys a Meraki network (wireless, switching, security) at a new office in less than 24 hours
How Meraki makes it easy for Lam to manage a network distributed across seven countries from Grab’s headquarters in Singapore
Some unique use cases, challenges, and needs that a growing startup faces, and how a solid network infrastructure is essential for their success
Register for our webinar today to hear from Lam himself on October 5 at 11:00 AM (Singapore time). Eligible attendees will receive a free Meraki access point for attending this webinar*
The Meraki MV camera eliminates many of the underlying costs and complexity of owning and operating video surveillance systems. The elimination of all physical components, other than the camera, is highly attractive to a wide range of organizations. This broad appeal leads to users with a diverse set of problems, often beyond the scope of the products current feature set.
Beyond the cross-product APIs available for the Meraki dashboard, there are currently no APIs or raw video feeds available for Meraki MV users. Camera configuration, video streaming, and analytics data are only available inside the Meraki dashboard.
By having a closed end-to-end system, we can ensure an exceptionally easy, enjoyable, and secure user experience. At its core, Meraki provides ease of use and simplicity. This is underpinned with a focus on solving customer problems first and building features second.
With these principles in mind, we need to work out what customers want to do with APIs. Collating these problems into categories we end up with the following:
Off camera storage, providing:
The first category covers the need for bulk storage or off-camera recording. We see two important uses for this type of functionality: The desire to retain video longer than is possible with edge storage, and instances where an off-camera or off-site backup is a mandatory requirement for compliance purposes.
MV’s architecture is designed for distributed storage and compute at the edge of the network, with centralized management and control in the cloud. Allowing customers to use an API to store video outside of this architecture eliminates the simplicity and cost reduction at the heart of the product. Once video leaves the platform, it is no longer associated with its metadata. This dissociation of context would leave customers with petabytes of unsorted raw video and a significant problem.
Meraki is already evaluating how to solve these two problems. Although the functionality is not yet available, its eventual design will ensure customers are not forced to become data scientists in order to manage their video. It will keep video within the Meraki ecosystem to ensure associated metadata is not lost.
The other category of problem that drives MV API requests is systems integration: integration with business systems such as Electronic Point of Sale (EPOS), physical security access control systems such as badge readers, and 3rd party video analytics.
By blending data sources together, further context can be provided to an event. When that can of soda from the EPOS transaction turns out to be a high value bottle of wine in the video footage, you know there is a problem. We are actively working with customers to define how we integrate with these systems and what a future API should look like.
Finally, it’s a simple reality that Meraki will not provide every variation of video analytics customers would want. Niche but high value problems are an area where third party analytics could be of great value. As with presence analytics on the Meraki MR wireless platform, in the future, we will offer out-the-box functionality beneficial to a wide range of customers, and when this is not sufficient, accesses for third party analytics such as with the location analytics API.
Meraki’s MV camera portfolio is still young, and as with our other products, we will release API access as it matures. This approach ensures we solve for simplicity first, and do not offload the hard work of feature development to our customers.