Multi-site engineering company deploys secure guest WiFi to support BYOD initiatives
Cloud management across sites nationwide provides centralized control with low TCO
Built in traffic shaping and content filtering maximize bandwidth usage
Founded in 1968 and headquartered in Syracuse, New York, the C&S Companies provide client-focused engineering, architecture, planning, environment, and construction services. Besides the headquarters, C&S has 16 regional locations throughout the country, some of which are connected via MPLS. Initially only the Syracuse office was equipped with WiFi, but as BYOD hit the workplace, it became paramount to offer wireless in every office.
“Employees had their own devices and wanted to be able to connect,” explained Jim Harter, Network Administrator at C&S Companies. “And we have a lot of vendors bringing in their own equipment, and we found that they were plugging in, which went against our corporate security policy. We have a fairly open environment, so I wanted to provide access for everyone.” However, with stringent security requirements at C&S, it was critical that the wireless network be completely segregated from the corporate LAN. “I was really afraid that somebody would find a way to get onto our central network,” Harter said.
Harter considered several options, including installing a separate Internet connection at each office. “That would have been a monthly data bill on top of the hardware costs — it didn’t fit our business model,” he said. He had been using traditional access points (APs) for wireless at the Syracuse office but, he said, “in addition to being expensive, the management was complicated and I had to hire a specialist any time I needed to change configurations. It wasn’t something we could scale for other locations.”
I future proof my purchases as much as possible and in the future we’re going to grow. Meraki gives us the option to evolve down the road. Jim Harter, Network Administrator
Still, Harter evaluated traditional controller-based wireless solutions, but he found the management challenging across the 10 offices his small IT team was responsible for. “We wanted the centralized management,” he said. “At C&S, we do things right, or we don’t do them at all — we’re not going to band-aid it together.”
Then Harter heard about the Cisco Meraki cloud managed networking solution from the American Council of Engineering Companies (ACEC), and received a recommendation from a Pennsylvania firm that also used Cisco Meraki devices. “Looking at Cisco Meraki, the cost savings alone were compelling,” Harter said. For the price of a traditional solution at only the Syracuse office, C&S could deploy Cisco Meraki at all of the regional offices and could manage the network over the web, without specially trained staff.
Deployment was simple for Harter’s team; they shipped each AP to a remote office, asked an employee there to plug it in, and the AP downloaded its network settings from the cloud and appeared on C&S’s Meraki dashboard. “The actual configuration blew us away. If I say it took 5 minutes that may actually be too long,” said Harter. “We looked at each other and said, ‘Really, that’s it? That’s so easy!’”
Cisco Meraki secure guest wireless gives Harter peace of mind, while enabling BYOD for both employees and vendors. “Meraki APs feature a built-in firewall, which securely segregates guest devices, so they can’t touch our network,” Harter said. “But now everyone who needs mobile connectivity can have it.” And, by providing a reliable guest network, C&S discourages vendors from causing a security breach by plugging into the LAN.
Harter centrally manages all of the locations from Syracuse and appreciates that even if he’s away, he can make a change on the network for any of the offices via the cloud-based dashboard. “The Cisco Meraki dashboard gives me insight into what’s happening on the network in real time,” he said. “I like to know what the busiest sites are, and I like getting the automatic reports from Cisco Meraki — top applications, top clients, and so on. The reports tell us if we need to make a policy adjustment or a bandwidth adjustment.”
For example, Harter likes that Cisco Meraki offers built-in application throttling, because the regional office Internet connections are shared resources, and all of the company’s files reside at the Syracuse headquarters. Thus, if a user is streaming something, it limits the bandwidth for other users. “Now I can see who is eating up the bandwidth and talk to them about it,” Harter said. Meanwhile, he set a bandwidth limit of 1 Mbps per user and can shape traffic to ensure that particular applications are not tying up the network. Similarly, Meraki’s built-in content filtering blocks adult content. “We were thinking about purchasing Barracuda web filters for all of the locations, but now that is one less expense and one less device to implement,” Harter said. “We’re getting a lot of bang for our buck with Meraki.”
With the Cisco Meraki free mobile device management solution, Harter is also able to manage devices from the same cloud-based dashboard. He uses Systems Manager to manage company-owned laptops and remote PCs, iOS and Android tablets, as well as the Shoretel mobility router phone system at headquarters. By creating mobile profiles, he is able to allow devices to automatically join a particular network and push work applications like ArcGIS and BIM 360. He also uses Systems Manager to enable device restrictions on the tablets, such as not allowing movies or in-app purchases, and he set up web clips to enable secure login.
Best of all, Harter says, Meraki gives C&S the ability to scale and change its network. “I future proof my purchases as much as possible, and in the future we’re going to grow,” he said. “Meraki gives us the option to evolve down the road.”
Indeed, the firm is planning on phasing out their MPLS network in favor of a complete Cisco Meraki networking suite. Using a Cisco Meraki MX400 at headquarters and MX80s at regional offices, C&S recently enabled a client VPN server with Active Directory. The built-in WAN optimization in the Cisco Meraki security appliances is also allowing C&S to replace their WAN optimization appliances with Cisco Meraki devices. C&S also uses Cisco Meraki MS42P switches for the Shoretel phone system at regional offices. With 3TB of data passing through the switches weekly, Jim really appreciates the visibility he has into his Cisco Meraki switches. The intuitive virtual stacking feature allows Harter to have fine-grained control over his ports.
C&S now also equips teleworkers with access to corporate resources with the Cisco Meraki Z1 telecommuter appliance. Harter explained, “We had an employee working from home who needed access to GIS software and graphics located in a PC in the Syracuse office. So we just gave her a Z1, she plugged it in and then she could connect and get all the resources from home. It worked so well and it was so easy to set up.” The Auto VPN feature (layer 3 IPsec site-to-site) connects the teleworkers with Cisco Meraki devices at corporate locations. Auto VPN can be set up in three clicks, meaning that Harter’s team barely needed to set anything up for the device to work.
At job trailers, C&S started using Cisco Meraki MX60Ws to provide reliable and secure Internet access for employees and contractors. Mesh site-to-site VPN allows employees to connect directly with corporate resources, while contractors have access to guest wireless. With 3G/4G failover, the MX60Ws ensure a reliable network regardless of the Internet provider or the location. “The feedback from the field has been really good. Employees at the job trailers are able to connect to network resources. They love it! And they don’t feel disconnected anymore,” Harter said.
Harter is now busy transitioning the C&S regional offices to all be equipped with Cisco Meraki devices. The most important thing to him is to maintain a seamless experience for end users, while ensuring the network is secure and easy to manage: “Cisco Meraki gives us the option to do just that.”