Cisco Meraki MX, SD-WAN and Security at the Branch, a Cisco Champion Radio Podcast (S5|Ep.24)
Meet the Podcasters
We’re glad you’ve decided to check out Cisco Champion Radio. In this podcast, episode 24, season 5, we’re talking about Meraki and their latest gear with David van Schravendijk and Rahul Ramakrishnan from the Meraki product team. Our Cisco Champion hosts are Ben Story, a systems admin for a major hospital system and Lee Badman, a wireless network architect at a large university.
Meraki was acquired by Cisco a little over a year ago and since the acquisition, they have introduced a number of new innovations. This includes Meraki integration with other technologies from the Cisco parts bin to provide an even more feature rich solution with advanced security, SD-WAN, and even LTE connectivity.
This brings us to the topic of the Meraki MX. Meraki just announced a whole new line of MX AP’s focused specifically on the branch office. “We’re seeing a lot of organizations that are needing to prime their branch offices for the future, says Rahul Ramakrishnan, product manager at Meraki. “There’s quite a lot folks using Microsoft 365, DropBox and other file-sharing applications as well as CRM, and other apps.” Rahul notes that all these applications are hosted in the cloud and they are driving broadband requirements away up; in order to support these applications, organizations are going to need higher throughputs.
With that in mind, Meraki refreshed its whole MX line up. These new appliances add built-in LTE modems that enable a new link option for organizations that need fast and secure failover or for situations where there is limited or no access to broadband lines. The refresh also includes new security features as well as SD-WAN functionality that enable organizations to make better use of bandwidth, control applications, and streamline branch office deployments.
Security is at the forefront
As mentioned above, Meraki is in a very unique position where it has access to Cisco’s large portfolio of technologies. For example, the MX currently integrates with several Cisco security features including Snort for IDS / IPS, Threat Grid for advanced malware protection, and Umbrella for DNS. It also includes a stateful firewall, content filtering, web filtering, and more. Additionally, threat definitions and filter lists are seamlessly updated, ensuring every site has the latest protection from the newest vulnerabilities.
And because everything is cloud-based, updates are easy and mostly painless. Which brings me to Meraki’s reliability, four nines up-time, that right 99.99%! If you’re worried about cloud-based appliances, rest assured, Meraki devices will continue to operate even if the Meraki cloud (for whatever reason) goes down, it won’t affect your network.
SD-WAN on Meraki
The Meraki MX also offers SD-WAN, which delivers simplified deployment from a central location with cloud-based management and dashboards allowing a Meraki appliance to be deployed in just a matter of minutes. Additionally, with SD-WAN, organizations will use bandwidth more efficiently and provide better performance for critical applications without sacrificing security or data privacy.
MX licensing has not changed; organizations can chose between the Enterprise license and the Advanced Security License, both come with LTE failover, site to site VPN, and SD-WAN to name a few but Advanced Security adds IDS/IPS, AV, content filtering, and web filtering. For LTE, organizations need to work with a qualified carrier to sort out a data plan.
Those outside of the U.S. need to look at the documentation to see which bands are supported in their region. In North America, Meraki supports every major carrier except for Sprint. Globally the MX LTE function supports the top 22 world-wide carriers, which cover 80 to 90% of all customers.
For those that are concerned about failover LTE limits. Rahul assures that, “We want to make sure our customers aren’t blowing through any day limits, and we’ve made sure that the bandwidth requirements are minimal.”
The new dashboard
When Meraki launched the new MX line, they added a “little bit” more in the way of monitoring capabilities, both on the dashboard and with the API. The new product on dashboard enables admins to see more information about signal strength as well as the band they’re on and more. Additionally, admins are now able to set and configure a VPN using the dashboard which is a new feature.
The new dashboard also delivers built-in device utilization, which allows admins to monitor the utilization of the MX over a period of time to see trends such as application growth. This visualization provides admins with details on how application usage is affecting network through-put and utilization. For example, if it looks like the MX is getting close to 80% utilization and the network is forecasts with continued growth, admins will now be aware that an upgrade is on the horizon. This is especially useful for people who are using small MX series appliances.
<DevOps> and API’s
In today’s world with DevOps and programmability, everybody’s looking at APIs. Rahul explains that Meraki’s mission is to make things simple. Meraki does this by addressing two different user personas in the market. On one side is the user that just wants it to work, he wants to plug it in and know that it’s doing what it’s designed to do. On the other side is those want to dig in a little bit more, make it customizable make sure that all the levers are there for more granular reporting and configuration.
The API is definitely a major part of Meraki’s strategy. Meraki’s engineering teams have had a huge focus on the API in recent months. For example, Meraki now has a dedicated API team, both on the engineering side and product side, so they’re really putting in an effort. The primary purpose of these teams is to collect and see exactly where Meraki appliances can be enhanced by allowing admins to use and leverage some of the APIs they have, as well as identify which new ones should be exposed to make things easier. Rahul explains, “One thing is for sure, we have had a tremendous shift in our focus for APIs, and we’re going to see that continue to grow.”
What happens why I “Make a Wish”
Rahul, explained that those requests go straight to the Meraki engineering team. The feature was set up several years ago to provide engineers with direct customer feedback with the ultimate goal of improving the user experience. And that’s still true today. Every single “Make a Wish” feature that comes from the dashboard, goes straight to the Meraki engineering team’s large display in the middle of their working place. “Rest assured,” Rahul emphasizes. “Our engineers are looking at and thinking about every single Make-A-Wish feature request that comes in.
Get the Podcast
- Listen to this episode in SoundCloud
- SUBSCRIBE on iTunes and listen to all episodes of Season 5
- Listen to Seasons 1-4 in iTunes
Cisco Champion Hosts
- Ben Story (@ntwrk80), Cisco Champion member, Network Engineer.
- Lee Badman (@wirednot), Cisco Champion member, Wireless Architect.
- David van Schravendijk, Product Marketing Manager MX SDWAN Security Appliance Line.
- Rahul Ramakrishnan, Product Manager MX SDWAN Security Appliance Line
Podcast Discussion Topics
- Recent Meraki product announcements (MX line)
- New LTE modems branch security and SDWAN appliances
- Teleworker device for remote workers
- MX Licensing model
- Global carrier portfolio for the MX devices with LTE
- LTE Data plan threshold alerts
- Client and throughput features on the MX (Meraki MX sizing guide)
- Make A Wish function (including Easter eggs!)
- Synergies and Integrations between Cisco and Meraki portfolios
- Implications of being a cloud managed architecture
Listen in and provide us feedback, we would love to hear from you!
Cisco Champions are an elite group of technical experts who are passionate about IT and enjoy sharing their knowledge, expertise, and thoughts across the social web and with Cisco. The program has been running for over five years and has earned two industry awards as an industry best practice. Learn more about the program at http://cs.co/ciscochampionprogram.