One of the most popular capabilities of our MX security appliances and MR wireless access points is their ability to control what is going on in the network. This can be accomplished via a whole range of built in features such as Layer 7 traffic shaping, Layer 7 firewalling, intrusion prevention, malware scanning, and content filtering. Importantly these features can be easily applied in varying ways to different devices or users with the creation of custom network policies.
Known as Group Policies, these customized network rules prevent network administrators having to enforce a ‘one size fits all’ policy. They can make the network fit their users’ requirements, rather than the other way round. As is typical of Meraki feature design, the simplicity of configuration makes deploying it achievable and not an unattainable dream.
However, what if we could make this even simpler to implement? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry Policies enable dynamic updates to a client device’s assigned Group Policy based on contextual information gathered by the Systems Manager MDM. Now your firewall, traffic shaping, or content filtering rules can be automatically updated based on changes to a device’s security posture, logged-in user, or even location.
Sentry Policies are automatically made available when Systems Manager is deployed with Meraki network equipment. Due to the unified Meraki cloud management architecture, no complex integration or further configuration is required. If you can’t see Sentry Policies in your dashboard, then you are running an older version of Systems Manager. Click here to find out how to upgrade.
For one example of how Sentry Policies can be implemented,consider a content filtering deployment in an education environment. The multi-user authentication capability of the Systems Manager app allows devices such as iPads to have unique apps, settings, and restrictions per student. When a student logs into the device, Sentry Policies can trigger a content filtering policy change on the MX suitable for that class’s age group or subject. This is done without any teacher or administrator intervention.
For security conscious customers, Sentry Policies can also be used to control network access. When a device is detected that is jailbroken or has an undesirable app installed, Sentry can implement firewall rules in the access points to block that device’s connectivity to sensitive corporate resources. Again, this requires no administrator intervention.
Systems Manager Sentry is unique in the way it enables automated security and simplified IT operations by unifying network and endpoint management. To find out more, sign up for one of our advanced webinars covering the Sentry feature set, or contact us to get a live demonstration.
Not long ago the configuration of a computer’s settings were the responsibility of the end user. This spawned numerous guides, created by beleaguered IT administrators, that tried to ease the number of repetitive helpdesk support calls on common topics.
What if you could do away with the multi page WiFi configuration guide, yet still allow users to connect securely? Systems Manager Sentry provides simple, automatic security that is context aware. Sentry WiFi settings automate the configuration of mobile device wireless connectivity. This simplifies the task of joining the network for both the user and IT administrator, eliminating one of those clunky step-by-step guides from your help portal. Watch the video below to see this feature in action.
Systems Manager can create WiFi configuration payloads which contain configuration settings for a wireless network. It can then deliver this to the client device so they know how to get connected without the user having to follow a guide. Sentry WiFi settings take advantage of the native cloud integration of Meraki’s networking stack with Systems Manager MDM.
With Sentry, Systems Manager queries the Meraki WLAN network to understand what the security requirements are for a chosen SSID. Now instead of the IT administrator manually configuring the settings, the configuration fields are automatically populated with the correct information, eliminating possible errors and saving time.
The convenience of Sentry WiFi settings becomes exceptionally powerful when combined with the tagging engine available in Systems Manager. Tags are Systems Manager’s way of choosing what managed devices should get what settings. As tags can be automatically applied, this means client devices can receive WiFi settings based on dynamic events such as the time of day, device user, device type, location, or security posture.
If you would like to find out more about Systems Manager Sentry, then you can attend one of our specialist Sentry webinars, or alternatively contact your Meraki representative for more information. If you are an existing Meraki WLAN customer, Systems Manager offers an industry leading MDM capability with a unique level of network integration, that due to its simplicity can secure and automate your IT operation in minutes.
This week marks the start of Wireless Field Day 8 (#WFD8), part of the Tech Field Day series of events. For those less familiar with Tech Field Day, it brings together IT vendors and industry bloggers, speakers, podcasters and writers for engaging technology discussions.
A fantastic feature of this coming together of industry experts is the comprehensive live streaming and video replays of the sessions that allow anyone to participate. Cisco will be participating in #WFD8 with presentations starting on October 1, 2015 at 9:30 am PT, with the live stream available from the Wireless Field Day 8 website.
As part of the Cisco sessions at #WFD8 there will be a segment on Meraki Systems Manager and the Sentry features that offer simple automatic security that is context aware. Meraki has featured at past Wireless Field Days and you can catch up by searching Meraki and Wireless Field Day on YouTube. In the video below from WFD7, Raj Krishna, Wireless Product Manager, discusses and demonstrates the Cisco Meraki traffic analytics capabilities.
With Systems Manager Sentry, a number of complex security features can be very easily deployed because of the native integration offered by the Meraki cloud. Meraki network components and Systems Manager Enterprise Mobility Management are connected to the cloud and share data. This means the network can make highly informed decisions on how it should treat end devices.
One of the Sentry features that highlights the benefit of this integration is Sentry policies. Sentry policies allow any network group policy available on Meraki networking equipment to be dynamically applied based on device posture. This posture is determined by Systems Manager and is highly granular. For example, we can detect whether the antivirus software has been uninstalled and who the device belongs to. The network can then implement appropriate firewall or security rules.
To learn more, please attend one of our specialist webinars that cover Sentry in more detail, or better yet, watch the Cisco #WFD8 session live from 9:30AM PT onwards on October the 1st.
With so many feature additions to Systems Manager, we have decided to create a recurring series of specialist webinars focusing on how to make the most of them. These specialist webinars will be scheduled regularly and cover two important feature sets available in Systems Manager, Sentry and Teacher’s Assistant. Listen to the podcast below to learn about all the features, functionality, and use cases that will be covered in these sessions.
Sentry
Systems Manager Sentry provides simple automatic security that is context aware. Sentry dramatically simplifies previously complex security configurations due to the native integration of Meraki networking products with Systems Manager MDM. In the Sentry-specific webinar, we will cover how Sentry works, highlight where it can be used, and go through live demonstrations of the individual features including:
With Systems Manager Teacher’s Assistant, integrating technology such as iPads into your lesson plan becomes a cinch. Teachers remain in control, ensuring that students’ learning benefits from the inclusion of mobiles devices, rather than them proving a classroom distraction. The Teacher’s Assistant specialist webinar covers examples of how mobile devices can be successfully used in education by looking at use cases, and providing a live demonstration of how to use features such as:
With so many ways to use Systems Manager, the amount of choice can sometimes seem overwhelming. Shortcut the learning process and attend one of these specialist webinars for further guidance on how to make the most of Systems Manager. These webinars assume attendees have a basic understanding of Meraki Systems Manager by having attended an introductory webinar such as Introduction to Cloud-Based Mobile Device Management, or having used the product with a trial. Sign up today for a Sentry session or a Teacher’s Assistant session.
Systems Manager Sentry offers a range of features that make the life of IT administrators easier. By providing simple, automatic security that is context aware, Sentry dramatically simplifies previously complex configurations. To be able to take advantage of Sentry functionality, devices need to be enrolled in Systems Manager. There are a variety of ways this can be done, but one of the simplest is by using Sentry enrollment.
Sentry enrollment is available with Meraki MR Access Points (AP) and not only automates deployment of Systems Manager, but ensures policy compliance by requiring Systems Managers installation. Sentry enrollment is an option within the wireless access control page of the Meraki dashboard. By choosing the radio button that enables Systems Manager Sentry enrollment, all devices connecting to this SSID will be checked for Systems Manager.
With Sentry enrollment enabled and a Systems Manager network selected, the administrator then has a couple of options to choose from. The strength option allows the level of compliance to be tailored to suit your environment. With the strength set to ‘Focused’, only the system types you have chosen will be forced to enrol in Systems Manager. A good example of why this may be desirable, is if you only want mobile Apple devices such as iPhones and iPads under management, not Windows laptops. This can be achieved by choosing ‘Focused’ and selecting iOS as the only system type you wish to force to enroll.
When a user connects to an SSID with Sentry enrollment, they must have Systems Manager to be able to access the network. If a user removes Systems Manager from their device, they will be forced to install it again if they want to access the network. Watch the video below for a full dashboard and end user demonstration of this feature in action.
Users are guided through the enrollment process with the necessary settings pre-configured for them. This eliminates the need to pre-stage devices before they are delivered to users and allows enrollment as and when devices connect. Think of it as your fast lane to pervasive mobile device management.
Sentry features highlight the power and simplicity of the Meraki cloud architecture that provides native integration between different product families. Typically such enrollment or onboarding processes require additional servers, appliances, or licences. Even if this is not needed, integration between the MDM and the network (often from different vendors) can be complex to configure. With Meraki, enrollment becomes a couple of clicks and a matter of moments to enable. Find out more by attending one of our focused webinars covering the Sentry features of Systems Manager in further detail.
In June we announced Systems Manager Sentry, a set of features which provide simple, automatic security that is context aware. It can do this due to the integration between the Meraki networking products and Systems Manager.
Sentry Wi-Fi security is a feature enabled on Meraki MR wireless networks with Systems Manager. It takes the typically complex Wi-Fi access control method, EAP-TLS, and simplifies it to a couple of clicks.
To understand the power of this feature let’s quickly review Extensible Authentication Protocol (EAP) – Transport Layer Security (TLS). EAP is an authentication framework that is used for providing access to a network. As the extensible part of the EAP acronym implies, the framework can support multiple authentication protocols, from basic passwords to more secure certificate based authentication. Think of it as a cook book for a cake. Depending on the ingredients in the recipe you end up with a different cake, but still a cake.
EAP with Transport Layer Security (TLS) is considered one of the most secure network authentication mechanisms (the tastiest cake recipe). This is because it uses certificates to authenticate and secure the network connection using asymmetric cryptography. The problem with certificates, as an ingredient of this authentication mechanism, is that they are complex to setup and deploy.
There are two main reasons certificates can be complex to setup and deploy. The first is the infrastructure that is needed, something called a certificate authority. This issues the certificates and allows devices to check if a service is genuine. The second reason is that every client needs its own unique certificate. With a handful of clients this isn’t too much work, but with hundreds of thousands of clients this could be a daunting prospect. The tastiest cake results from a bake time of weeks or months, and looks less attractive as a result.
Sentry Wi-Fi security provides EAP-TLS for a Meraki MR wireless network while eliminating all the complexity. It can do this because of the certificate infrastructure that already exists for every Systems Manager customer. This eliminates the need for the configuration of a certificate authority and distribution of certificates to clients. A gourmet cake from an
instant-bake ready-mix pack.
Make deploying EAP-TLS a piece of cake with Systems Manager Sentry. To find out more listen to Paul Wolfe (Product Specialist for Systems Manager) and George Bentinck (Solutions Architect) discuss Sentry Wi-Fi security in the following podcast. Alternatively attend one of our upcoming Systems Manager webinars, or if you already have Meraki MR access points, try Sentry out today by signing up for Systems Manager.
To allow IT to be capable of meeting the varied and often conflicting demands of users and security, we have developed Systems Manager Sentry. Sentry brings together the mass of data available in a Cisco Meraki IT infrastructure, to provide context aware automatic security. Hear more about the headline features in Sentry in the following podcast with June Odongo (Product Manager for Systems Manager) and George Bentinck (Solutions Architect).
Let’s for a minute stop to think about the importance of context. Imagine an iPhone that belongs to the VP of operations for a high street retailer. This VP of operations needs to check inventory levels on a company server to make sure they get their manufacturing orders placed on time.
One evening an iPhone accesses the server over a VPN and looks at the stock levels.
Should anyone be concerned by this? The answer is you don’t know without context. Let’s look at the same situation again.
One evening the VP’s iPhone accesses the server over a VPN and looks at the stock levels. The iPhone is no longer in Paris where the VP lives, it is in Bulgaria and the time there is 3:39AM.
With context can come automation, and with automation comes an agile, simple, and secure IT world. The IT team no longer needs to be alerted by a user that their device needs sensitive information removed due to it being lost or stolen. Dynamic policies can look at device specifics and using the context available, such as the current owner of the device and the location, it can act automatically.
In the past it was difficult to collect, store, and then find information, but today it is trivial to access data on almost anything; from the latest weather to the morning news, or your friend’s location to what restaurant to go to. The challenge now is taking this overwhelming wealth of data, and making sense of it all.
Sentry is unique in the EMM market for being a complete solution for enabling the secure dynamic network of the future. This gives the IT team time to work with the organisation on defining policies, not being tied up with configuration. Device on-boarding, settings assignment, application management, and network access, are just some IT responsibilities that can be simplified, automated, and dynamically updated with Sentry.
Cisco Meraki Systems Manager is a best in class Enterprise Mobility Management (EMM) solution founded on Meraki’s pioneering cloud architecture. We understand the IT challenges faced by technology users in enterprises, education, or government based on our extensive experience of next generation cloud deployments.
Contact your Cisco Meraki representative today to find out how Systems Manager Sentry can provide automation to your IT world, and simplify your security. Alternatively sign up to a specialist Sentry webinar here or watch a recorded version of the webinar below.
