Upload
others
View
14
Download
0
Embed Size (px)
Citation preview
Simplify your network with Cisco MerakiRadenko ČitakovićSystems Architect 22.05.2020
Cisco Meraki Guiding Principles
Simplifying IT with Cloud Management
A complete cloud managed IT solution
Wireless, switching, security, SD-WAN, intelligent network insights, endpoint management, and security cameras
Integrated hardware, software, and cloud services
Leader in cloud-managed IT
Among Cisco’s fastest growing portfolios
420k+Unique customers
5.7M+Meraki devices
online
23M+API callsper day
Inutitive Web-Based Dashboard
Client location
Usage Monitoring
Real-time analytics
Client fingerprints
Single pane of glassmanagement
The Cloud Increases IT Efficiency
Secure and reliable architecture
Zero touch installation and configurationUnbox, Do Dashboard, Plug, It simply works! Secure out-of-band management: No user
traffic flows through the cloudReliable: Network stays up if connection to
cloud is lostScalable: Supporting customers with thousands of sites, millions of clients
Future-proof: New features delivered seamlessly from the cloud
Reliability and security information at meraki.cisco.com/trust
6
The Meraki Full Stack
Systems ManagerEndpoint
Management
MSEthernet Switches
MXSD-WAN & Security
Appliances
MRAccess Points
MVSecurity Cameras
MIInsight
A COMPLETE CLOUD MANAGED IT PORTFOLIOSINGLE PANE OF GLASS MANAGEMENT
7
MGCellular Gateway
Meraki Product Families
8
MR Wireless Access Points
• 17 models including indoor/outdoor, high performance (802.11ac Wave 2 & 802.11ax), value-priced
• Enterprise-class silicon including PoE, multigigabit ethernet, voice/video optimization
• Lifetime warranty on indoor APs
Feature HighlightsApplication traffic shapingEnterprise security WIDS / WIPSBuilt-in location analyticsIntegrated BLE beacon modelsWireless HealthBuilt-in and customizable RF profiles
9
Meraki MR 802.11ac Wave2 Wireless Access Points
Indoor
Outdoor
HospitalityGeneral Purpose
High Performance
Future Proof
MR30H2 Stream, 4-Radio802.11ac Wave 2
Integrated 4-port switch1 PoE-out port
MR332 Stream, 4-Radio802.11ac Wave 2
MR423 Stream, 4-Radio802.11ac Wave 2
MR52MR53
4 Stream, 4-Radio802.11ac Wave 2
Multigigabit (MR53)
MR742 Stream, 4-Radio802.11ac Wave 2
MR844 Stream, 4-Radio802.11ac Wave 2
Multigigabit
4-Radio = 2.4GHz client serving radio, 5GHz client serving radio, Dual-band scanning radio, BLE radio
Entry Level
MR202 Stream, 2-Radio802.11ac Wave 2
MR702 Stream, 2-Radio802.11ac Wave 2
MR42E3 Stream, 4-Radio802.11ac Wave 2
MR53E4 Stream, 4-Radio802.11ac Wave 2
Multigigabit
10
Benefits of 802.11ax
Higher Throughput Up to 4.8 Gbps
High Density High performance + clients
Enhanced Reliability 8X8 Deterministic capacity
Longer Battery Life Up to 67%
11
Meraki MR 802.11ax Indoor Access Points
12
New
Meraki MR 802.11ax Outdoor access points
13
NewNew
Antennas
14
indoor
outdoor outdoor
outdoor
outdoor outdoor
outdoor
indoor
indoor indoorindoor
Recent Wireless Innovation
TCP FastACK L3 Fast Secure Roaming Wi-Fi Location Enhancements
Up to 38% increase About 40ms 26% improvement in accuracy
Native Umbrella Integration
Seamless DNS protection
15
MR dedicated radio tames hostile RF environments
Air MarshalDual-band full-time WIPS
Automatic neutralization of wireless threats
Intuitive and flexible remediation
Auto RFInterference detection
Automatic channel and power configuration
Optimized wireless throughput
16
User analytics and engagement
Built-in location analytics dashboard
Optimize marketing and business operations
Analyze capture rate, dwell time, and new/repeat visitors to measure the impact of advertising, promotions, site utilization, etc.
Built-in location analytics
Integrated in the WLAN; no extra sensors, appliances, or software
Extensible API Integrate location data with CRM, loyalty programs, and custom applications for targeted real-time offers
17
Wireless Health: Assurance for Meraki WirelessRapidly identify issues impacting end users’ experience across every stage of client
connectivity — association, authentication, IP addressing, and DNS availability
Meraki Wireless Health drastically reduces time needed to narrow troubleshooting scope.
Available out of the box on all MR Access Points
MX SD-WAN and Security Appliances
Several models scaling from small branch to large campusComplete networking and security in a single appliance
Feature HighlightsZero-touch site-to-site VPNPolicy and performance based (WAN) routingIntrusion detection/preventionContent filteringAdvanced Malware Protection (AMP)Application firewallMeraki Insight
A complete connectivity and threat management solution
Security
● Next generation firewall● AES encrypted VPN● Intrusion prevention (IPS)● Malware protection
Geo-IP firewalling
Networking
● 3G / 4G failover● Branch routing● WAN balancing and failover● High Availability● Intelligent path control
Application Control
● Bandwidth shaping● URL content filtering● Quality of Service control
Medium Branch
Small Branch
Meraki Security & SD-WAN Portfolio
*Available with wireless models(MX64W, MX65W, MX67W, MX68W, MX68CW)
Large Branch, Campus or Concentrator Virtual
Teleworker
Z3 Z3C~5 users802.11ac Wave 2 Wireless & PoEFW throughput: 100 MbpsCAT 3 LTE (Z3C)
MX64/65 MX67/68 MX67C/68CW~50 users802.11ac Wireless* & PoEFW throughput: 250 Mbps
~50 users802.11ac Wave 2* & PoEFW throughput: 450 Mbps
~50 users802.11ac Wave 2* & PoEFW throughput: 450 MbpsCAT 6 LTE
MX84 MX100~200 usersFW throughput: 500 Mbps
~500 usersFW throughput: 750 Mbps
MX250 MX450~2,000 usersFW throughput: 4 Gbps
~10,000 usersFW throughput: 6 Gbps
vMX100 for AWS & Azure
FW throughput: 750 MbpsVPN & SD-WAN features
MX Security Features & Capabilities
AMPMalware Analysis
Logging & Analytics
FirewallIDS / IPSContent Filtering
Integrations
Security Center
Events Over Time Most Prevalent Threats
Shows number of events matching configuring filters
Detection of IDS/IPS signatures and scanned of blocked files through AMP
Future WAN Options
M P L S
B R O A D B A N D
AUGMENTED MPLS
BRANCHHQ / DC
B R O A D B A N D
B R O A D B A N D
BROADBAND-BROADBAND
BRANCHHQ / DC
M P L S
BRANCHHQ / DC
MPLS ONLY
MERAKI SD-WAN
1
2
3
Increase the capacity of an existing MPLS network
Supplement an existing MPLS network with broadband for increased bandwidthOffload critical traffic from MPLS to broadband with policy based routing dynamic path selection
Dual high speed broadband connectionsLoad balance business critical traffic based on policy or link performance
RE
DU
CIN
G C
OS
T
$ 6 0 0
$ 1 5MPLS
Broadband
[ P E R M B P S P E R M O N T H ]AVERAGE
PRICE OF WAN CONNECTIVITY
[Source: Network World, Next-Generation Enterprise WANs, 2012]● business critical● non-critical
Transport independence | Application Optimization | Intelligent Path Control | Secure Connectivity
Network-wide traffic monitoring
Client and application visibility Apply group policies
Traffic monitoring and analytics
25
Meraki Insight: WAN Health
26
BRKCRS-2104
Quickly Identify downed uplinksIncluding Cellular across all sites.
Monitor Signal StrengthAcross all cellular location
Isolate underperforming uplinkMake the case for switching the ISP
Meraki Insight: Application Health
End-to-End VisibilityFor SaaS ApplicationsApplication PerformanceMonitor apps traveling over VPN or public internetNetwork Performance AnalyticsLAN, WAN, Servers, Domains, ClientsAccelerate ITReduce time-to-resolution
BRKCRS-210427
MG21 Cellular Gateway
*Available on MG21E model
Feature Highlights
• Integrated CAT6 modem with up to 300Mbps
• Multi-surface mounting bracket (wall, ceiling, pole, and tabletop)
• DC / PoE power in • Integrated high performance antenna
• ×2 Ethernet ports • External antennas*
Dipole includedPatch available as an accessory• Nano SIM card slot
IP67 Rated with Lifetime Warranty
MG21
MG21E
New
MS Access & Aggregation Switches
Gigabit access switches in 8, 24, and 48 port configurations; PoE available on all portsFiber aggregation switches in 16 and 32 port configurationsEnterprise-class performance and reliability including non-blocking performance
Feature HighlightsVoice and video QoSLayer 7 app visibilityVirtual and physical stackingMultigigabitRemote packet capture, cable testing
29Cloud managed Virtual stacking Layer 7 visibility Layer 3 scalability Voice & Video QoS Network Topology Remote Live Tools Enterprise Security
General Purpose
MS switches: models
MS120-88G Ports & 2 1G SFP uplinks124W PoE+Integrated power supplyFanless operation
MS35024, 48G Ports & 4 10G SFP+ uplinksMultigigabit & UPoE (350-24X)Physical stacking (160G)Dynamic routing
MS41016, 32 1G SFP port models10 gigabit SFP+ uplinks Physical stacking (160G)Dynamic routing
MS42516, 32 10G SFP+ port models40 gigabit QSFP+ uplinksPhysical stacking (160G)Dynamic routing
MS22524, 48G Ports & 4 10G SFP+ uplinks370/740W PoE+Physical stacking (80G)Static routing
Stackable DistributionStackable High Performance
MS21024, 48G Ports & 4 1G SFP uplinks370/740W PoE+Physical stacking (80G)Static routing
Stackable Access
MS120/MS12524, 48G Ports & 4 1G SFP uplinks24/48G Ports & 4 10G SFP+ uplinks370W/740W PoE+Cisco RPS 2300 compatible
MS25024, 48G Ports & 4 10G SFP+ uplinks370/740W PoE+Physical stacking (80G)Dynamic routing
30
MS355 - Multigigabit Meraki Switches
MS355-24X
MS355-48X
MS355-24X2
MS355-48X2
▪ MS355-24X▪ 8 x mGig▪ 16 x 1G▪ 4 x 10G, 2 x 40G
▪ MS355-48X▪ 16 x mGig▪ 32 x 1G▪ 4 x 10G, 2 x 40G
▪ MS355-24X2▪ 24 x mGig▪ 4 x 10G, 2 x 40G
▪ MS355-48X2▪ 24 x mGig▪ 24 x 1G▪ 4 x 10G, 2 x 40G
mGigGig 10G 40G
31
▪ 24 and 48 port models▪ 2 x 40G QSFP+ uplinks▪ 4 x 10G SFP+ uplinks▪ 400G of stacking bandwidth▪ Dynamic Layer 3 routing▪ PoE+/UPoE support
Fast convergence in case of a stack-member failure to ensures high network resilience
IMPROVED PHYSICAL STACKINGCreates additional power capacity by pooling power sources to power more PoE devices
STACKPOWER
Micro-segmentation of users, devices and application to simplify security and access policies
ADAPTIVE POLICY3x of the throughput of its predecessor (MS350) to cater to demands from Wi-Fi 6 & IoT
480 Gbps STACKING
Hot-swappable uplink modules for flexible hardware upgrades and easier management
MODULAR UPLINKS
48-Port PoE & mGigPoE on all 48-ports along with mGig option to address legacy infrastructure issues
Introducing the MS390 New
24/48 Port mGiGData/PoE+/UPoE
Adaptive Policy
33
IT Admins
Internet Services
Policy enforced regardless of connection type
IoT Devices
IoT Server
IoT Devices
Guests
Band Together with the MS450MS450 Capabilities:
● Connect up to 12 MS355/MS390● Higher bandwidth uplink connects
to core/data center switch● Stack up to 8 units for high-
availability deployments ● Ample switching capacity for the
entire network
34
MS450 Features:● 12 x 40G QSFP+ ports● 2 x 100G QSFP28 uplinks● 400G of physical stacking bandwidth● 1.36 Tbps of switching capacity
Integrated event logs, alerts, and anomaly detection
Deep Reporting and Analytics• Use detailed network reporting to make
informed decisions about infrastructure expansion, staffing, and site planning
• Integrate raw, real-time data with business intelligence systems
• Perform in-depth analysis using built-in API to export comprehensive event logs
35
Advanced network-wide security
Lock down wired LAN access• 802.1X access policies require
either user or device-based authentication
• Use ACLs to filter unwanted services, clients, and network access
• Enable port access only to whitelisted devices
Reduce response times
• Email alerts for faster responses to critical events
• Multi-tenant dashboard and mobile app provide on-the-go admin access
• Time-based port scheduling automates port shut-down during off-hours
Built-in troubleshooting tools
• Packet capture• Per-port monitoring• Detailed event logs• Diagnostic tools: Ping, throughput,
cable test, traceroute (MTR), and more
36
Avoiding downtime, client disruption
Physical Stacking
• Stacking supported on many models
• Immediate failover to warm spare if hardware goes offline
• Clone switch configurations
Dynamic Routing with Gateway Redundancy
• Built-in routing resilience with OSPF
• Adapts to detected link failures• Visual interface reduces
opportunities for errors
DHCP and IP Services
• Support multiple DHCP relay definitions
• DHCP snooping• Dynamic ARP Inspection
37
Meraki Systems Manager
Endpoint Management Solution from Cisco
iOS, Android, Windows, mac OS, Chrome OS
Native Network Integration
Cloud ONLY
38
Endpoint Management
MonitorGlobal visibility
Audit apps and security profilesTrack stolen/lost devicesTroubleshoot remotely
ProvisionDevice setup
Grant WiFi, VPN, email accessPush apps and software
Apply restrictions
SecureRecover or wipe missing devices
Cisco and Meraki integrationsEnforce conditional network and data
access
39
MV Security CamerasFeature HighlightsRevolutionary edge storage architecture eliminating separate NVR/VMSMotion search tool for instant isolation of motion events remotelyBuilt-in analytics – motion heatmaps and people counting without any additional HWAPIs integration Cloud storage optionCamera as a sensor
40
Less than 50kbps upstream bandwidth per camera
Configuration, thumbnails, and metadata stored in the cloud
Hybrid video processing: video is analyzed on camera, motion indexed in the cloud
Cutting Edge Architecture
41
VIDEO AT REST
MANAGEMENT DATA
VIDEO DURING TRANSPORT
Encryption by Default
42
The MV Lineup
MV12MV12N/MV12W/MV12WE
Fixed lens (73° or 114°)Compact form factorAdvanced analytics
128GB/256GB2MP
INDOOR OUTDOOR
MV22MV22/MV22X
Varifocal (zoom capable)Easy installation
MultipurposeAdvanced analytics
256GB/512GB2MP/4MP
MV72MV72/MV72X
Varifocal (zoom capable)IP66/IK10 rated
Demanding environmentsAdvanced analytics
256GB/512GB4MP/8MP
43
MV32
Ultra compact 360° degree cameraSuper high resolution sensor
Live & retrospective PTZ Virtual Reality (VR) enabled
256GB8MP
Physical Security Meets Business Intelligence
MOTION SEARCHAutomatically isolate key motion events and find out who stole that laptopEasily export important video segments
MOTION HEAT MAPSSee relative motion in an area over timeChoose hour-by-hour or day-by-day viewGenerated entirely from metadata
PERSON DETECTIONIdentify what is a person, and what is notPeople counting
Available on all MV models Available on all MV models Available on MV12 models
44
Cloud Archive
An optional add-on license for users who have specific, non-negotiable requirements for extended storage
- Camera dual records to cloud and camera storage
- 90 and 180 day 24/7 archive
- Enabled by an optional, per camera license
- Data stored in Microsoft Azure
- Three data regions in NA, EU, Asia
- Works with all cameras
45
Analytics
Introducing Meraki MV Sense
An API that uses smarter data to solve business problems
INPUTLOTS OF DATA
MV COMPUTER VISIONMACHINE LEARNING ALGORITHM
HISTORICAL AGGREGATE
How many were here at X time?
CURRENT SNAPSHOT
How many people are here now?
REALTIME FEED
Sub-second feed of people and location
THIRD PARTY APPLICATIONS
Request
Request
Subscribe
46
Thank you Meraki