UTM security appliance, access and/or aggregation switches, and 802.11ac access points were deployed
With security appliances at each of the locations, the IT team enabled site-to-site VPN in just a few mouse clicks
Number of end-user requests has greatly diminished
With blue-chip clients like Ford, Shell, and Land Rover in their portfolio, digital media agency Imagination Group is a global giant in the industry. Based in London, the agency has over 15 locations around the world, and employs more than 1,000 talented staff.
At Imagination, the belief that technology plays a crucial role in how media is distributed and consumed is at the core of the business. The team is always looking at ways to innovate and utilise technology to make the experiences they create bigger, more tangible, more lasting, more inspiring, and overall, more valuable. Working to facilitate this core business strategy while also keeping employees connected, fostering collaboration, and maintaining forward momentum on projects is quite a task for Paul Saunders. As Head of IT in EMEA and Head of Global Network Operations, Saunders oversees many projects, including the network infrastructure.
Original network challenges
When Saunders joined the company a few of years ago, the network was composed of a mish mash of network solutions in various stages of age of disrepair. While there was IT staff at each site, it was challenging to resolve issues when they arose due to the aging technology and nearly impossible to provide uniform support between sites that had different deployments.
Why Cisco Meraki?
After attending a Meraki webinar to learn more, Saunders received a free access point and decided to run a trial at the London office. The Cisco Meraki solution provided Saunders with a way to easily standardise across all of the different locations and also made it easier for the teams to manage the network without additional training. “Ease of installation, functionality, and performance were key factors that went into the considerations of choosing Meraki,” Saunders explained.
Numerous Meraki features appealed to Imagination, but foremost was the ability to bind networks or devices to templates. This feature facilitated expedited deployments and allowed the team to make updates to all sites by simply updating the template. Imagination was now able to roll out quickly and make sweeping changes in a matter of minutes, rather than days, weeks, or months. The intuitive dashboard aggregated their entire network deployment into one platform which could be managed anywhere in the world by anyone with permissions, using role-based administration.
It’s fantastic how quickly you can change things and great how fast we can get a new location up and running without network admin involvement.Paul Saunders, Head of IT in EMEA and Head of Global Network Operations
Saunders gradually rolled out the Cisco Meraki solution, leveraging the configuration templates to create a uniform setup for small, medium, or large locations. Based on these sizes, a UTM security appliance, access and/or aggregation switches, and 802.11ac access points were deployed. “The particular device models were chosen to support our mobile fleet of users, everything from mobile devices to Macs,” said Saunders.
Historically, if Imagination Group wanted to trial a new site, it was a costly endeavor to install an enterprise-grade kit at small sites and then expand if needed. With Meraki, they were able to drop a small pre-configured wireless-enabled security appliance into these locations and provide the same benefits as they would at a large office, but at minimal cost.
With the Cisco Meraki licensing model, Imagination gets a future-proof network, receiving new features and quarterly firmware updates at no additional cost. “No matter the size of the site, to have the same configuration and security behind each site is a positive. Typically, getting that type of security into a small location is hard, but here it’s the same,” explained Saunders.
The Meraki APs have up to 15 customisable SSIDs per network. At Imagination, they are taking advantage of this by providing various access levels based on device or user type: guest, company-owned, mobile, lab, and more. Depending on the level of access, they can set different authentication methods, bandwidth limits, splash pages, walled gardens, captive portals, and even VLAN tagging, all by selecting options from drop-down menus. The built-in Active Directory integration allows the Imagination Group IT team to provide a single sign-on method, while adding an extra layer of security.
On the wired side, the UTM security appliances provide a wealth of options, combining six different devices into one powerful box. The team has the options to set Layer 7 application firewall rules, port forwarding options, and 1:1 or 1:many NAT rules for even more customisation. The dual connection from the security appliance connects into Layer 3 switches and down the Layer 2 switches. These switches can be configured for added security using ACLs and added redundancy by enabling warm spare failover between two Internet connections at each site. Unlike before, every site now has a fully redundant, multi-path configuration which utilises Virtual Router Redundancy Protocol (VRRP), ensuring that if a VRRP-enabled Meraki switch goes offline, a backup MS will immediately take over its gateway responsibilities.
Advanced Malware Protection (AMP) and intrusion detection/prevention provide industry-leading network security without the hassle of complex configuration. “It’s very straightforward, to implement features without being specialized in that subject. Updates come out quite quickly and are put in free of charge. Things like enabling AMP to edge devices is great!”
With security appliances at each of the locations, the IT team enabled site-to-site VPN in just a few mouse clicks and now benefits from a fully meshed VPN network. According to Saunders, “before I joined Imagination, we used to have to pay external contractors to connect the sites together at a cost of at least £2,000 each! Now it’s just a check box, we’ve saved significantly in terms of cost and resources to do this.” Now employees have access to all of the resources they need, no matter where they’re located.
Utilising Cisco’s Enterprise Mobility Management (Systems Manager), the IT team can create different profiles depending on user or device type. Each of these profiles can require varying levels of security, like enabling passcodes or requiring anti-virus to be installed. They can also provide automatic access to resources, like email servers or secure wireless SSIDs, if the devices are deemed to be secure based on posturing. To make sure that devices remain compliant with these pre-defined policies, the IT team can enable weekly reporting on those violating or ill-configured devices. Systems Manager provides the IT team with the ability to virtually be in more places at once and oversee network usage and access from the device level.
One of the immediate benefits of implementing a new, centrally managed solution was the operation of the company’s time-card system. Imagination bills clients based on time spent on projects, so having up-to-date and accurate information on amounts billed to clients’ accounts is crucial. If an employee fails to input their billed time into the system, they would receive a notification and be blocked from the network until the time was submitted. Using the previous solution, there were countless issues with managing the system, causing headaches for IT and creating problems with printing, access, and more. Now, with Meraki, network admins can simply click into a particular client and set a policy which blocks them on an individual basis and avoids causing additional network issues.
As a whole, the number of end-user requests has greatly diminished, with users now being provided everything they need on a high performance network. On the IT side, time-consuming tasks, like granting guest access to the network, has been eliminated with the creation of a secure and simple to join SSID. In the event that a client needs to have their own SSID, or if Imagination needs to create an ad-hoc SSID at a show, one can be created in just a few clicks in the Meraki dashboard. “It’s fantastic how quickly you can change things and great how fast we can get a new location up and running without network admin involvement,” said Saunders.
Central management of the full stack of Meraki access points, switches, security appliances, and MDM in one dashboard is providing intuitive management of Imagination’s large, multi-national deployment. By enabling automatic alerts, the IT team utilises built-in diagnostic and troubleshooting tools to be proactive in managing the network from anywhere in the world. And in the event that they need to contact the Meraki team for assistance, Saunders explained that, “the support is great. We can provide them with access to our kit and they can pinpoint where the problems are and then troubleshoot remotely.”
With new products coming out regularly, Saunders and his team is able to stay at the leading edge of innovation, “we are now looking into the Cisco Meraki Voice solution, and have recently begun a trial in our New York office.” From unified and standardised management to new features to the in-house Meraki support team, Saunders is excited that “everything is positive and working seamlessly!”