Embed Size (px)
Cisco Meraki Cloud-Managed Wireless Solution BRKEWN-2013
Pablo Estrada
Cisco Cloud Networking Lead, Product Marketing
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Agenda Introduction
Wireless trends
Cloud-managed networking architecture
Cloud-managed wireless deep dive
802.11ac
Summary
Q&A
3
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Cisco Meraki: 100% cloud-managed networking Cisco Meraki: a complete cloud-managed networking solution
- Wireless, switching, security, and MDM, centrally managed over the web
- Built from the ground up for cloud management
- Integrated hardware, software, and cloud services
Leader in cloud-managed networking
- Tens of thousands of customers across all industries, over 100% annual growth
- Operating in the cloud since 2006
Recognized for innovation
- Gartner Magic Quadrant, InfoWorld Technology of the Year, CRN Coolest Technologies
Trusted by thousands of customers worldwide:
4
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
High bandwidth applications hitting your network
802.11ac 1,300 Mbps
Streaming HD
video
Virtualization of
applications
Cloud storage
5
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Cloud-managed networking architecture
Network endpoints securely
connected to the cloud
Cloud-hosted centralized
management platform
Intuitive browser-based
dashboard
6
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Brings the benefits of the cloud to enterprise networks
Secure
- No user traffic passes through cloud
- Automatic firmware, security updates (user-scheduled)
- HIPAA / PCI compliant (level 1 certified)
Scalable
- Unlimited throughput, no bottlenecks
- Add devices or sites in minutes
Reliable
- Highly available cloud with multiple datacenters
- Network functions even if cloud connection interrupted
- 99.99% uptime SLA
Management
data (1 kb/s) WAN
7
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Scalable cloud infrastructure
Telmex
Nationwide hotspot and 3G offload
network
Next Retail
550 retail stores across the UK
Motel 6
70,000 hotel room deployment
Jeffco School District
80,000 student district with 100+
schools
Proven in 10,000+ device deployments
8
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
SaaS feature delivery
Feature updates seamlessly delivered from the cloud (user-scheduled)
Adapts to new devices, applications, and business opportunities
2010 2012 2011
Major recent features:
2013
9
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Cisco Meraki: 100% cloud managed networking
Meraki MS
Ethernet Switches
Meraki SM
Mobile Device
Management
Meraki MR
Wireless LAN
Meraki MX
Security Appliances
10
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
MR cloud-managed wireless access points
Feature
highlights
BYOD policies
Application traffic shaping
Guest access
Enterprise security
WIDS / WIPS
Mesh routing
6 models, including indoor/outdoor, high performance (802.11ac) and value-priced
Enterprise-class silicon including PoE, voice/video optimization
Lifetime warranty on indoor APs
11
Designing a Secure, BYOD-Ready Network
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Device fingerprinting
Automatic user, device, and application fingerprinting (L7 / DPI)
Cloud database with Google-like search
Summary reports
13
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Architecture
Management /
statistics (1 kb/s)
WAN
On-board CPU inspects packets at line
rate
Multiple attributes inspected: HTTP
header, Bonjour, DHCP fingerprints,
802.1X auth, etc.
Statistics stored locally if WAN
connection unavailable
Cloud database receives updates from
hundreds of thousands of APs
Optimized search retrieves fine-grained
fingerprint statistics in < 1 second
14
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Demo: fingerprinting Client fingerprints
Application fingerprints
Search
Client details
Summary reports
15
Security
16
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Controlling devices on the WLAN
Out-of-the-box security,
management, and capacity for
BYOD-ready deployments
• 802.1X, native Active Directory integration
• Group policy firewall
Assign by device fingerprint, Active Directory group, or manually
Assign Layer 3-7 firewall rules, application bandwidth limits, VLAN tags
Apply policies based on time of day
17
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Isolating devices from the secure WLAN
LAN isolation: 1-click Internet-only SSID
Sign on / click through splash, captive portal API
Lobby Ambassador: temporary guest accounts
18
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Bonjour gateway
Enables Bonjour on segmented networks
No additional appliance or software
Included in APs and MX security appliances
19
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Demo: BYOD security policies
Create SSID for BYOD access
Enable splash page with antivirus scan
Firewall: block LAN access
Group policy for iPads, Androids
20
Capacity
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
RF Capacity
Key technologies across all APs
– Airtime fairness algorithms
– AutoRF spectrum analysis and automatic optimization
– Dual-concurrent WiFi with Band Steering
Cisco Meraki MR34 – 3-stream 802.11ac optimized for capacity & density
– Supports 100+ clients / AP
– Supports 30+ clients streaming HD video
22
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Layer 7 traffic shaping at edge
Classifies encrypted, evasive apps (BitTorrent, etc.) at layer 7
Throttle recreational traffic, prioritize productivity apps
Group Policy integration (slow down YouTube for contractors, not CEO)
23
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Demo: capacity
Review channel plan
Block P2P
Throttle video
Prioritize video conferencing
Whitelist a VIP client
24
Mobile Device Management
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Systems Manager: mobile device management
Device Management: controls iOS, Android, Mac, and Windows devices
Cloud-based: no on-site appliances or software, works with any vendor’s network
Free: available at no cost to any organization. Sign up at meraki.cisco.com/sm
Centralized app deployment
Device security
Rapid provisioning
Backpack™ file sharing
Asset management
Feature
highlights
26
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
BYOD and company-owned devices
Push settings and restrictions
- WiFi / VPN configuration
- Encryption and passcode, privacy settings for user-owned devices
Push corporate apps (including VPP and Enterprise Apps)
Simple on-boarding
- User-owned: enroll via splash page, SMS, or email
- Company-owned: load profile with Apple Configurator (iOS)
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Demo: Systems Manager
Set passcode / encryption
Set default SSID
Deploy WebEx to iOS devices
Remote wipe
28
802.11ac: the newest WiFi standard
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
How 802.11ac impacts your network Built for next-generation networks: more devices, higher throughput applications
802.11ac 1,300 Mbps
802.11n
- Over 4 years old
- Supported by nearly all devices
- Up to 450 Mbps
802.11ac
- New specification
- Supported by many new computers and mobile devices
- Fully backwards compatible with 802.11a/b/g/n devices
- Up to 1.3 Gbps, 3x faster than 802.11n
- For futureproofing your network
30
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
5 GHz band: more spectrum, less interference
802.11ac operates at 5 GHz band only
• More wireless spectrum space available
• Less interference than at 2.4 GHz
31
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Increased channel bandwidth: 80 MHz
Doubling size of the pipe used to transmit data up to 80MHz
enabling faster transmissions and higher throughput for dense
environments
32
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Enhanced modulation: 256 QAM
802.11n uses 64
QAM for lower
information density
802.11ac uses 256
QAM for higher
information density
More efficient data transmission, in the same amount of time and
through the same space
33
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Legacy clients can still connect to 11ac APs
5 GHz 802.11ac
Client
802.11a/n
Client
2.4 GHz
802.11b/g/n
Client
11ac access point
34
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Meraki MR34: more than just faster WiFi
CPU for layer
7 security /
QoS at Gigabit
rates
2.4 GHz radio
for serving
b/g/n traffic
5 GHz 3-
stream
802.11ac with
custom RF
front-end
Power circuitry
optimized for
802.3af PoE
Third radio
integrated with
cloud-based
WIDS/WIPS
35
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Third radio dedicated to security and RF optimization
Third radio runs three processes on each channel every second
1. Spectral scans look at pure RF data
2. Rogue scans look for rogue SSIDs (detects rogues within one minute)
3. Containment sends WIPS packets to mitigate threats
2.4 GHz 5 GHz
1 second
36
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Air Marshal: 24x7 Security Radio Protect network with
dedicated scanning radio
linked to powerful cloud-based
software
Identifies vulnerabilities and
attacks:
- Unmanaged / insecure APs plugged into LAN
- Malicious rogues spoofing WLAN
- Packet floods, malicious broadcasts
Contains rogue APs, blocking
clients from associating
Sends spoof
deauthorization
containment packets
Air Marshal: Containing rogue AP
Client thinks rogue AP is
forcing deauthorization
Rogue AP thinks client is
requesting deauthorization
37
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Auto RF: Optimizes RF environment
Steady state - Changes channels only if no clients are being
served
Jammed state - Changes channel if utilization is above 90%
Gathers signal
strength and channel
utilization data to
compute optimal
channel and transmit
power level.
38
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
RF Spectrum View: real time troubleshooting
Scan all channels for
interference
Provides average channel
utilization data for each 2.4
GHz and 5 GHz channel
Visualize interference with high-
resolution spectrum analyzer
39
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Key Takeaways Cisco Meraki solution is a complete cloud-managed networking solution
– Wireless, switching, security, and MDM, centrally managed over the web
– Built from the ground up for cloud management
– Integrated hardware, software, and cloud services
Cloud-managed wireless provides administrators with the tools to implement secure, scalable wireless networks enabling new business applications such as post-PC devices, mobile POS, and BYOD.
40
Q&A
41
Cisco Meraki Cloud-Managed Wireless Solution
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Call to Action…
Visit the World of Solutions:-
Cisco Campus
Walk-in Labs
Technical Solutions Clinics
Meet the Engineer
Lunch Time Table Topics, held in the main Catering Hall
Recommended Reading: For reading material and further resources for this session, please visit www.pearson-books.com/CLMilan2014
43
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public
Complete Your Online Session Evaluation
44
Complete your online session evaluation
Complete four session evaluations and the overall conference evaluation to receive your Cisco Live T-shirt
Appendix
46
© 2014 Cisco and/or its affiliates. All rights reserved. BRKEWN-2014 Cisco Public 47
