Cisco Meraki Cloud-Managed Wireless Solutiond2zmdbbm9feqrf.cloudfront.net/2014/eur/pdf/BRKEWN-2014.pdfCisco Meraki: 100% cloud-managed networking Cisco Meraki: a complete cloud-managed

Cisco Meraki Cloud-Managed Wireless Solution BRKEWN-2013

Pablo Estrada

Cisco Cloud Networking Lead, Product Marketing

© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public

Agenda Introduction

Wireless trends

Cloud-managed networking architecture

Cloud-managed wireless deep dive

802.11ac

Summary

Q&A

3


Cisco Meraki: 100% cloud-managed networking Cisco Meraki: a complete cloud-managed networking solution

- Wireless, switching, security, and MDM, centrally managed over the web

- Built from the ground up for cloud management

- Integrated hardware, software, and cloud services

Leader in cloud-managed networking

- Tens of thousands of customers across all industries, over 100% annual growth

- Operating in the cloud since 2006

Recognized for innovation

- Gartner Magic Quadrant, InfoWorld Technology of the Year, CRN Coolest Technologies

Trusted by thousands of customers worldwide:

4


High bandwidth applications hitting your network

802.11ac 1,300 Mbps

Streaming HD

video

Virtualization of

applications

Cloud storage

5


Cloud-managed networking architecture

Network endpoints securely

connected to the cloud

Cloud-hosted centralized

management platform

Intuitive browser-based

dashboard

6


Brings the benefits of the cloud to enterprise networks

Secure

- No user traffic passes through cloud

- Automatic firmware, security updates (user-scheduled)

- HIPAA / PCI compliant (level 1 certified)

Scalable

- Unlimited throughput, no bottlenecks

- Add devices or sites in minutes

Reliable

- Highly available cloud with multiple datacenters

- Network functions even if cloud connection interrupted

- 99.99% uptime SLA

Management

data (1 kb/s) WAN

7


Scalable cloud infrastructure

Telmex

Nationwide hotspot and 3G offload

network

Next Retail

550 retail stores across the UK

Motel 6

70,000 hotel room deployment

Jeffco School District

80,000 student district with 100+

schools

Proven in 10,000+ device deployments

8


SaaS feature delivery

Feature updates seamlessly delivered from the cloud (user-scheduled)

Adapts to new devices, applications, and business opportunities

2010 2012 2011

Major recent features:

2013

9


Cisco Meraki: 100% cloud managed networking

Meraki MS

Ethernet Switches

Meraki SM

Mobile Device

Management

Meraki MR

Wireless LAN

Meraki MX

Security Appliances

10


MR cloud-managed wireless access points

Feature

highlights

BYOD policies

Application traffic shaping

Guest access

Enterprise security

WIDS / WIPS

Mesh routing

6 models, including indoor/outdoor, high performance (802.11ac) and value-priced

Enterprise-class silicon including PoE, voice/video optimization

Lifetime warranty on indoor APs

11

Designing a Secure, BYOD-Ready Network


Device fingerprinting

Automatic user, device, and application fingerprinting (L7 / DPI)

Cloud database with Google-like search

Summary reports

13


Architecture

Management /

statistics (1 kb/s)

WAN

On-board CPU inspects packets at line

rate

Multiple attributes inspected: HTTP

header, Bonjour, DHCP fingerprints,

802.1X auth, etc.

Statistics stored locally if WAN

connection unavailable

Cloud database receives updates from

hundreds of thousands of APs

Optimized search retrieves fine-grained

fingerprint statistics in < 1 second

14


Demo: fingerprinting Client fingerprints

Application fingerprints

Search

Client details

Summary reports

15

Security

16


Controlling devices on the WLAN

Out-of-the-box security,

management, and capacity for

BYOD-ready deployments

• 802.1X, native Active Directory integration

• Group policy firewall

Assign by device fingerprint, Active Directory group, or manually

Assign Layer 3-7 firewall rules, application bandwidth limits, VLAN tags

Apply policies based on time of day

17


Isolating devices from the secure WLAN

LAN isolation: 1-click Internet-only SSID

Sign on / click through splash, captive portal API

Lobby Ambassador: temporary guest accounts

18


Bonjour gateway

Enables Bonjour on segmented networks

No additional appliance or software

Included in APs and MX security appliances

19


Demo: BYOD security policies

Create SSID for BYOD access

Enable splash page with antivirus scan

Firewall: block LAN access

Group policy for iPads, Androids

20

Capacity


RF Capacity

Key technologies across all APs

– Airtime fairness algorithms

– AutoRF spectrum analysis and automatic optimization

– Dual-concurrent WiFi with Band Steering

Cisco Meraki MR34 – 3-stream 802.11ac optimized for capacity & density

– Supports 100+ clients / AP

– Supports 30+ clients streaming HD video

22


Layer 7 traffic shaping at edge

Classifies encrypted, evasive apps (BitTorrent, etc.) at layer 7

Throttle recreational traffic, prioritize productivity apps

Group Policy integration (slow down YouTube for contractors, not CEO)

23


Demo: capacity

Review channel plan

Block P2P

Throttle video

Prioritize video conferencing

Whitelist a VIP client

24

Mobile Device Management


Systems Manager: mobile device management

Device Management: controls iOS, Android, Mac, and Windows devices

Cloud-based: no on-site appliances or software, works with any vendor’s network

Free: available at no cost to any organization. Sign up at meraki.cisco.com/sm

Centralized app deployment

Device security

Rapid provisioning

Backpack™ file sharing

Asset management

Feature

highlights

26


BYOD and company-owned devices

Push settings and restrictions

- WiFi / VPN configuration

- Encryption and passcode, privacy settings for user-owned devices

Push corporate apps (including VPP and Enterprise Apps)

Simple on-boarding

- User-owned: enroll via splash page, SMS, or email

- Company-owned: load profile with Apple Configurator (iOS)


Demo: Systems Manager

Set passcode / encryption

Set default SSID

Deploy WebEx to iOS devices

Remote wipe

28

802.11ac: the newest WiFi standard


How 802.11ac impacts your network Built for next-generation networks: more devices, higher throughput applications

802.11ac 1,300 Mbps

802.11n

- Over 4 years old

- Supported by nearly all devices

- Up to 450 Mbps

802.11ac

- New specification

- Supported by many new computers and mobile devices

- Fully backwards compatible with 802.11a/b/g/n devices

- Up to 1.3 Gbps, 3x faster than 802.11n

- For futureproofing your network

30


5 GHz band: more spectrum, less interference

802.11ac operates at 5 GHz band only

• More wireless spectrum space available

• Less interference than at 2.4 GHz

31


Increased channel bandwidth: 80 MHz

Doubling size of the pipe used to transmit data up to 80MHz

enabling faster transmissions and higher throughput for dense

environments

32


Enhanced modulation: 256 QAM

802.11n uses 64

QAM for lower

information density

802.11ac uses 256

QAM for higher

information density

More efficient data transmission, in the same amount of time and

through the same space

33


Legacy clients can still connect to 11ac APs

5 GHz 802.11ac

Client

802.11a/n

Client

2.4 GHz

802.11b/g/n

Client

11ac access point

34


Meraki MR34: more than just faster WiFi

CPU for layer

7 security /

QoS at Gigabit

rates

2.4 GHz radio

for serving

b/g/n traffic

5 GHz 3-

stream

802.11ac with

custom RF

front-end

Power circuitry

optimized for

802.3af PoE

Third radio

integrated with

cloud-based

WIDS/WIPS

35


Third radio dedicated to security and RF optimization

Third radio runs three processes on each channel every second

1. Spectral scans look at pure RF data

2. Rogue scans look for rogue SSIDs (detects rogues within one minute)

3. Containment sends WIPS packets to mitigate threats

2.4 GHz 5 GHz

1 second

36


Air Marshal: 24x7 Security Radio Protect network with

dedicated scanning radio

linked to powerful cloud-based

software

Identifies vulnerabilities and

attacks:

- Unmanaged / insecure APs plugged into LAN

- Malicious rogues spoofing WLAN

- Packet floods, malicious broadcasts

Contains rogue APs, blocking

clients from associating

Sends spoof

deauthorization

containment packets

Air Marshal: Containing rogue AP

Client thinks rogue AP is

forcing deauthorization

Rogue AP thinks client is

requesting deauthorization

37


Auto RF: Optimizes RF environment

Steady state - Changes channels only if no clients are being

served

Jammed state - Changes channel if utilization is above 90%

Gathers signal

strength and channel

utilization data to

compute optimal

channel and transmit

power level.

38


RF Spectrum View: real time troubleshooting

Scan all channels for

interference

Provides average channel

utilization data for each 2.4

GHz and 5 GHz channel

Visualize interference with high-

resolution spectrum analyzer

39


Key Takeaways Cisco Meraki solution is a complete cloud-managed networking solution

– Wireless, switching, security, and MDM, centrally managed over the web

– Built from the ground up for cloud management

– Integrated hardware, software, and cloud services

Cloud-managed wireless provides administrators with the tools to implement secure, scalable wireless networks enabling new business applications such as post-PC devices, mobile POS, and BYOD.

40

Q&A

41

Cisco Meraki Cloud-Managed Wireless Solution


Call to Action…

Visit the World of Solutions:-

Cisco Campus

Walk-in Labs

Technical Solutions Clinics

Meet the Engineer

Lunch Time Table Topics, held in the main Catering Hall

Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014

43

http://www.pearson-books.com/CLMilan2014




Complete Your Online Session Evaluation

44

Complete your online session evaluation

Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt

Appendix

46

© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public 47

Documents

Cisco Meraki Cloud-Managed Wireless Solutiond2zmdbbm9feqrf.cloudfront.net/2014/eur/pdf/BRKEWN-2014.pdfCisco Meraki: 100% cloud-managed networking Cisco Meraki: a complete cloud-managed