MX security appliances provide VPN network for access to health records and HR data
Non-profit organization Mosaic provides services such as job coaching, case management, life skills building, special education, and supported living to more than 3,500 people with intellectual disabilities. Headquartered in Omaha, Nebraska, Mosaic employs 5,000+ people across 38 agencies in 11 states. Most employees work in regional offices and visit clients in their own homes, group homes, and apartments.
Mosaic wanted to create a secure, HIPAA-compliant wide area network (WAN) between the many branches and the headquarters, enabling executive staff and nurses to easily access the electronic health records, medication dosage information, time keeping portals, and human resources solutions that are stored in Omaha.
At the same time, the need for wireless access to support the extremely mobile staff had become painfully clear: despite the policy against wireless prescribed from headquarters, numerous agencies deployed their own off the shelf products and called the Omaha-based IT helpline when things went wrong.
“The whole network was a nightmare to manage,” said Daniel McDonald, Mosaic’s Systems Integration Manager. “We don’t have IT in the field, but meanwhile we house all our data here at headquarters, so that was a challenge.” McDonald longed to connect Mosaic’s nearly 40 sites through a secure site-to-site VPN, deploy centrally-managed wireless everywhere, and provide mobile tablets to all employees. everyone.
MPLS seemed like a possible solution, but it was well outside the budget for the non-profit organization. Then McDonald learned about Cisco Meraki gateway devices and wireless access points (APs). “I was floored by how easy it was to take care of everything through the cloud-based dashboard,” he said. “You don’t have to be a certified engineer to operate it. We saw right away that it would be much easier to deploy Meraki hardware everywhere and manage it all from here.”
With a small IT team, Mosaic deployed over 300 Cisco Meraki 802.11n APs and 40 Meraki MX gateways – all connected through site-to-site VPN – in Mosaic’s remote locations nationwide. “The Meraki solution has provided us with a secure, centrally managed distributed network without the cost of MPLS,” McDonald said. “Our users love having reliable wireless, and the network is easy for us to manage. The upgrade has been really exciting for us.”
To add a branch into Mosaic’s new network architecture, all McDonald has to do is log in to the web-based Meraki dashboard, add an MX gateway into the organization, and enable the VPN with a single mouse click. MX gateways automatically discover each other through the Cisco Meraki cloud, so there is no need to manually create routes between each. The network automatically monitors VPN connectivity and adjusts to any real-time changes. The complexity of traditional site-to-site VPN settings – such as configuring IPsec authentication, security association parameters, and key exchanges – are completely automated by the Meraki cloud.
The Cisco Meraki solution has provided us with a secure, centrally managed distributed network without the cost of MPLS. The upgrade has been really exciting for us.
Systems Integration Manager
McDonald said Mosaic’s new VPN connectivity has had a significant impact on helpdesk support, as the team can now proactively monitor and troubleshoot all the remote sites, as well as easily SSH into computers in the field. Further, the site-to-site VPN enabled print servers which dramatically improved the speed and quality when printing documents hosted on Mosaic’s private cloud at headquarters.
“75% of our troubleshooting issues were with printing,” McDonald said. “Meraki takes the confusion out of everything.”
With the nationwide deployment of Cisco Meraki 802.11n wireless APs, Mosaic’s employees now enjoy always-on mobile connectivity. They authenticate to the network through 802.1X/RADIUS and then can securely access electronic medical records from headquarters, maintaining HIPAA compliance. Meanwhile, Mosaic’s IT staff can see the status of every access point through the Meraki dashboard. Client fingerprinting provides them with insight into the types of mobile devices on the Mosaic network, and Layer 7 Application Traffic Shaping enables them to limit P2P traffic and prioritize bandwidth by application.
To support the growing demand of devices on Mosaic’s network, McDonald deployed over 70 new Cisco Meraki MR18 access points. “With the new MR18 access points, Meraki continued to provide us with an unprecedented ease-of-use, matched with a new level of RF visibility,” said McDonald. These newly released APs provide reliable and robust connectivity in high density environments where employees are connecting more and more devices, while also providing enhanced security via a built-in third radio on each AP. The dedicated security radio plays a huge role in providing visibility in the RF environment, optimizing RF configuration, and mitigating wireless threats.
“The Cisco Meraki team is incredibly responsive and is always adding useful new features to the dashboard,” McDonald said. He is also pleased with how firmware updates push to his Meraki devices automatically. “I cross firmware updates off my to-do list without even thinking about it.”
When Mosaic tackled a VoIP solution for several key buildings, McDonald again turned to Cisco Meraki. “The project required a switch refresh, and I already trusted Meraki after my experience with the other products,” he explained. “Meraki’s switches were more affordable, easier to deploy, and offer better metrics and network visibility. Now I can support more people and devices.”