Thursday, October 11, 2012

Meraki Dashboard, Now With Real Customer Data #WFD3

Sanjit Biswas CEO of Meraki began the presentation at Wireless Field Day 3. Since the last Wireless Field Day in January of 2012, the company has doubled their number of employees, and has added thousands of new customers. 

The Meraki MR product line features Meraki NAC (since 2011), has a 3x3 radio. Depending on the access point model, it is possible to have device based group policies for iPad and Android devices. PCI compliance reporting, SMS login for guest access and Air marshal WIPS enforcement is all possible.

The Meraki MX Cloud Management Security Appliance product line establishes an auto VPN, supports application control, link bonding failover, high performance multi-gigabit firewalls, content filtering anti malware, as well as WAN optimization.

The Meraki MS switch line supports virtual 1g/10g stacking, VoIP prioritization, 802.1x port security and Layer 7 visibility.

The Meraki SM Systems Manager is their Mobile Device Management tool, which is available as a free download. It supports management of Macs, PCs and mobile devices via the cloud. In short, Meraki wants to have a single unified access layer to manage wired and wireless network components.

Meraki also now has a 2 day certification course covering wireless, switching, MDM and firewalls.

Ben Calderon VP of Hardware and Operations described Meraki's three phases of building and testing their products. Many technology partners are creating chipsets that Meraki uses:

  • Applied Micro
  • Skyworks
  • Qualcomm
  • Microsemi
  • Freescale
  • Broadcom
  • Bitesse
  • Integrated Device Technology
The radio design of a Meraki access points sometimes may include a filter for dual concurrent operation to negate spurious emissions. During early testing with the MR24 access point, it was discovered through testing that a firmware work-around was required to adjust settings to optimize band edge performance of the access point.

Per Ben, the MR24 PIFA antennas give you the best transmit efficiency. The form and function are determined through SLA models, machined models and hard tooling. The fit and finish includes a durable enclosure which goes through reliability testing. It is a UL2043 smoke tested, plenum rated enclosure (the plenum rated plastic is the most expensive piece in the AP construction!) The MR24 is drop and vibration tested to ensure reliability of the shipping units. The MR24 is IP67 certified (operates after 1m water submersion) and the aluminum housing is undercoated before it is painted.

Kiren Sekar VP of Marketing described how there have been 2 firmware upgrades since the last WFD (optimize for low-power clients, software controller RF enables ongoing tuning, scale capacity of new and early model 802.11n APs) One of Meraki's customers is Stanford, and they are seeing 9k clients a month, 65% YoY increase in wireless client counts. Meraki has built their own DHCP server on the AP itself (highly scalable) The Meraki MS product line has the highest growth of any new product in the company's history. Meraki is seeing customers adopting Meraki's switches as a result of wireless upgrade projects (deployed at the access layer).

Pablo Estrada and Todd Nightingale demoed a large customer deployment, showing actual customer data (with the permission of the customer) to give us a tour of the Meraki wired and wireless dashboard, the cloud DB search, client fingerprinting, L7 traffic analysis, multi-site cloud management, and real-time cloud tools

The internal operations group within Meraki are the only group of people who can access a customer's data. They have the ability to put an AP into Air Marshal mode, which would also be called 'sniffer mode'. You can set the scan schedule, and set off-channel scans. Rogues can be contained if they're detected on the LAN. There are a few concurrent algorithms running to determine on LAN rogues, not one single method in place. Policies can be set to contain an SSID that is not part of your WLAN deployment (SSID copying). Works across non Meraki switches as well.

Retail deployments are the biggest Air Marshal adopters. Nespresso stores (Nestle) wanted to provide mobile POS, give employees iPads to access inventory, ERP systems as well as guest access. The Nespresso stores deployed Meraki wireless along with switches and security appliances and WAN optimization. They were able to roll out the new hardware/infrastructure in a two month timeline.

All Meraki developers have Nexus 7 tablets to experience the wireless connectivity in the same way as the typical end users. Meraki has built in policies for whitelisted and blocked applications, there are group policies can be assigned per device type

Backpack is a Meraki app to add files to the end user devices as employees are on boarded. Employee handbooks etc are pushed to employees' (or students') devices. The data is stored in an app on the device. The Meraki app works on iOS and the Android platform.

Meraki has Applebee's (Apple American Group - the 2nd largest franchise operator of any restaurant model [20,000 employees]) 300 locations use Meraki gear for guest access. (Meraki had the customer's permission to show their data for WFD presentation). 

In the Meraki dashboard, when you hover over a group name, it shows the throughput graph for just that location without clicking anything. Most of this customer's restaurants have one access point, but you can quickly dive into AP data. It is possible to block the upgrading of iPhone software to save on bandwidth at customer sites.

Peer-to-peer, dropbox, other online backup services are blocked by a L7 firewall built into the AP at Applebee's restaurants. Wifi is used as a local advertising splash screen to provide discounts, coupons or information about special events. Configuration settings from source networks can be pushed out to selective other customer networks. The Meraki management can turn off/on Wi-Fi to match restaurant open/close times.

Next (High-end clothing retailer in the UK) is currently deploying Meraki to 500 + locations.

I saw Meraki present at Wireless Field Day 2, and then I was impressed by their dashboard interface. This time they presented, I was impressed by the level of information that could be easily obtained about the current user traffic. It was very interesting seeing them drill down into a live network - with the customer's permission - to show off what managing a diverse deployment of Meraki access points looks like from the customer's point of view. I still think that the Meraki dashboard is a very slick interface which shows a lot of useful content without requiring a lot of training to figure out which menu tab the information is hiding under.

Meraki was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a gift bag containing a t-shirt, pen, water bottle and a Meraki MR16 access point. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

No comments:

Post a Comment