Cloud-Managed Security & SD-WAN Appliances

Dang Tran Ut
dtu@cloudtechco.com

October 2018
 OUR MISSION:

Simplifying powerful technology to

free passionate people
to focus on their mission

Cloud-Managed Security & SD-WAN Appliances

Simplifying IT with Cloud Management
A complete cloud-managed IT solution
Wireless, switching, security, SD-WAN, unified
endpoint management (UEM), and security
cameras
Integrated hardware, software, and cloud
services

Leader in cloud-managed IT
Among Cisco’s fastest growing portfolios

350k+ 4.5M+ 5.5M+

Unique customers Meraki devices Active Meraki
online dashboard users

Cloud-Managed Security & SD-WAN Appliances

Benefits of a cloud-managed solution

User Traffic Management Data

SECURITY

RELIABILITY WAN / Internet

Security Appliances
SCALABILITY
Switches
Security Cameras

FUTURE-PROOFING
Access Points Systems Manager

Cloud-Managed Security & SD-WAN Appliances

Futureproof with Immediate Impact
OPTIMIZED WITH
THE FUTURE BUILT-IN
BUILT-IN ANALYTICS

90% Marketing Automation

Typical customers save in

API
the region of 90% on
operating costs with
Meraki compared to
traditional architectures

Augmented experiences Custom analytics

Explore Meraki total cost of ownership at Explore Meraki API solutions at

meraki.cisco.com/TCO create.meraki.io/solutions

Cloud-Managed Security & SD-WAN Appliances

Meraki MX

Cloud-Managed Security & SD-WAN Appliances

One unified platform
Industry Leading SD-WAN
Meets Industry Leading Security

Cloud-Managed Security & SD-WAN Appliances

Unified threat management and connectivity solution

Security Networking Application Control

● Next generation firewall
● AES encrypted VPN
● Intrusion prevention (IPS)
● Malware protection
Geo-IP firewalling
● Cellular connectivity
● Branch routing
● WAN balancing and failover
● High Availability
● Intelligent path control
● Bandwidth shaping
● URL content filtering
● Quality of Service control

Cloud-Managed Security & SD-WAN Appliances

Why customers choose the Cisco Meraki MX
Powerful security that’s easy to implement
• Robust suite of Cisco Security technologies
• Intuitive GUI-based configuration
• Seamless updates from the cloud

Exceptional scalability
• Zero-touch provisioning with cloud brokered VPN
• Easy centralized management with built-in remote
troubleshooting tools
• Multi-location configuration templates

Industry-leading visibility
• Fingerprints users, applications, devices, and threats
• Monitor one location or an entire deployment
• Unified monitoring and reporting with other Cisco Meraki
technologies

Cloud-Managed Security & SD-WAN Appliances

Zero Touch Provisioning

One-time remote, No pre-staging Unbox and plug in MX

web-based configuration No onsite configuration appliances at required
Configuration templates locations
simplify large multi-site
deployments

Cloud-Managed Security & SD-WAN Appliances

Security made simple

Cloud-Managed Security & SD-WAN Appliances

Built-in ironclad security

Next Generation Firewall Application aware firewalling

Intrusion Prevention
Based on Cisco Snort
(IPS)

With over 80 categories and over

URL Content Filtering
4 billion categorized URLs

Geo Based Security Allow or block traffic by country

Malware Protection Cisco AMP and Threat Grid

Software and security updates

Automatic Updates
delivered from the cloud.

PCI 3.2 certified cloud

PCI Compliance
management backend

Cloud-Managed Security & SD-WAN Appliances

Backed by Cisco Talos threat intelligence

1.5 million malware 600 billion email Over 250 full time
samples / day messages / day threat researchers

Millions of
Internet-wide 16 billion web telemetry agents
scanning requests / day
4 global data
centers

Telemetry Honeypots Over 100 threat

intelligence partners

Internal Open source Over 1100 threat

vulnerability discovery communities traps

Cloud-Managed Security & SD-WAN Appliances

Talos researches threats, MX networks stay safe

Cloud-Managed Security & SD-WAN Appliances

Advanced Malware Protection for Meraki MX

Enhanced Threat Defense Contextual Visibility Rapid Detection Ease of Management

Automatic protection against Security Center makes it easy Automatic alerting when a Enable best-in-class malware
an ever-growing list of known to ensure you have the latest downloaded file is found to be protection with just two clicks
malicious files, plus malware information about attacks on malicious after the fact
sandboxing with Threat Grid your network

▪ 220 million known malicious files

▪ 407 million known clean files
▪ 1.5 million new incoming malware samples per day
▪ 1.6 million devices using AMP globally
▪ 3.1 billion lookup requests per day
Cloud-Managed Security & SD-WAN Appliances
Threat Grid Cloud – Malware Analysis

Prioritize Threats
Easy to read threat report with threat
scores to help speed up incident response

Cloud-Managed Security & SD-WAN Appliances

Threat Grid Cloud - How it works

Cloud-Managed Security & SD-WAN Appliances

Stopping and detecting malicious traffic
Built-in IDS/IPS engine Automatic updates via Simple configuration
the cloud and reporting

Cloud-Managed Security & SD-WAN Appliances

Intuitive, next-generation firewall capabilities

Application aware
Content Filtering Geo-IP based firewall
firewall

Cloud-Managed Security & SD-WAN Appliances

How it all fits together

Meraki Meraki
Integrations Interoperability

Meraki MX
Cisco ISE

Cloud-Managed Security & SD-WAN Appliances

Connectivity and WAN

Cloud-Managed Security & SD-WAN Appliances

Reliable, cost effective connectivity with Meraki SD-WAN
Dual uplink 2 uplink support on all MX models for load
ports balancing and redundancy

Integrated LTE modem, as well as USB modem

LTE failover
support with automatic failover

Cloud orchestrated VPN (Meraki Auto VPN) with

Site to site VPN
load balancing and self-healing capabilities

Intelligent path Policy based routing and performance based

control dynamic path selection

Automatic route distribution via Auto VPN

Branch Routing OSPF route advertisement
BGP support coming soon

High Availability Active/passive hardware redundancy

Traffic shaping Application bandwidth limiting and prioritization

Cloud-Managed Security & SD-WAN Appliances

SD-WAN enabling the future
MPLS ONLY

Problem: High cost to expand capacity of existing

1 MPLS MPLS network to keep up with bandwidth
requirements
HQ / DC BRANCH

REDUCING COST
AUGMENTED MPLS

MPLS Supplement an existing MPLS network with broadband for

2 increased bandwidth
BROADBAND
HQ / DC BRANCH Offload critical traffic from MPLS to broadband with policy
based routing, dynamic path selection
BROADBAND-BROADBAND

BROADBAND
Dual high speed broadband connections
3
BROADBAND Load balance business critical traffic based on policy or link
HQ / DC BRANCH performance

AVERAGE PRICE
OF WAN
CONNECTIVITY
MERAKI SD-WAN
[Source: Network World, Next-Generation Enterprise WANs, 2012]

Cloud-Managed Security & SD-WAN Appliances

Automated Site-to-Site VPN (Auto VPN)

The ability to configure site-to-site, Layer 3 IPsec VPN tunnels in just two clicks in the Cisco
Simple Meraki dashboard over any WAN link

VPN configuration generated and deployed automatically from the cloud – create a mesh or
Automatic hub-and-spoke topology with only a few clicks

Automatically adjusts to changes in order to maintain secure connectivity during an ISP or

Resilient datacenter outage, hardware failure, or IP address update

Cloud-Managed Security & SD-WAN Appliances

Intelligent path control to suit your needs

Dual active VPN

Load balance your VPN traffic over two WAN links

Policy-based Routing (PbR)

Select the preferred path for traffic based on protocol,
port, source and destination IP, or even application

Dynamic path selection

Select the best VPN tunnel for traffic automatically
based on performance

Cloud-Managed Security & SD-WAN Appliances

Extension to Public Cloud Services
Extend MX deployments to IT services located in AWS or
Microsoft Azure with site-to-site auto VPN to a virtual MX
(vMX)

Leverage SD-WAN on vMX the same way as a physical MX for

optimal path selection to IT services hosted in AWS or Azure

vMX is managed just like any other physical MX in the

dashboard once deployed on an AWS EC2 instance or an
Azure VM

Up to 500Mbps VPN throughput

Only license required

Cloud-Managed Security & SD-WAN Appliances

Simplify uplink redundancy with integrated LTE

Connect Remote
Sites

Limit downtime

SIM & LTE MODEM

INTEGRATED

Cloud-Managed Security & SD-WAN Appliances

In-depth Visibility

Cloud-Managed Security & SD-WAN Appliances

Traffic monitoring and analytics

Network-wide traffic Client and application

Apply group policies
monitoring visibility

Cloud-Managed Security & SD-WAN Appliances

VPN health, bandwidth, and performance monitoring

VPN health monitoring Monitor performance Live uplink decisions

Cloud-Managed Security & SD-WAN Appliances

Monitor and Configure Uplinks

Configure and troubleshoot

uplinks
Monitor and track live uplink
traffic and historical
performance
View signal quality of LTE
connections
IP address, DNS, and gateway
settings information

Cloud-Managed Security & SD-WAN Appliances

Email alerts from the cloud

SIMPLE

INTEGRATED

CUSTOMIZED

PERSONALIZED

Cloud-Managed Security & SD-WAN Appliances

Customer Case Studies

Cloud-Managed Security & SD-WAN Appliances

Case study: Peet’s Coffee & Tea

Artisan coffee roaster and specialty tea retailer,

founded 1966 in Berkeley, CA
193 locations, ~4,000 employees
Branches using AutoVPN for site-to-site
connectivity and control
Client monitoring, traffic analytics, Live Tools
give complete visibility
Centralized control via Meraki dashboard
dramatically reduces IT support load

Cloud-Managed Security & SD-WAN Appliances

Case study: Kindred Healthcare

Largest diversified provider of post-acute care

services in the United States
2000+ locations in 46 states, 75,000+ staff
Use 3G/4G uplinks to service branch locations
when no broadband available
HIPAA compliant architecture
Layer 7 firewall, traffic shaping, and content
filtering blocks peer-to-peer traffic and controls
users and devices

Cloud-Managed Security & SD-WAN Appliances

Case study: Audi AG

The Audi IT team of six people manages 2,000

sites around the world
Utilizes Layer 3 and 7 rules to keep networks
safe
Prioritizes applications to control the network
usage and guarantee sufficient bandwidth.
Set up site-to-site VPN with Meraki with just just
a few clicks
Built a hub that channels a central monitoring
system

Cloud-Managed Security & SD-WAN Appliances

Case study: Verizon Healthcare Customer
Customer of Major American service provider in
the United States
1,100+ branch healthcare locations
Zero-touch provisioning with auto-VPN allows
Verizon to meet customer’s aggressive
deployment schedule of months instead of years
SNMP integration into Verizon backend systems
for consolidated monitoring
Meraki dashboard visibility allows Verizon to
demonstrate bottlenecks to upsell bandwidth, and
give customers full branch visibility
Verizon configures dual VPN paths across
customer branches based on traffic protocol,
source, destination, or application in a few clicks

Cloud-Managed Security & SD-WAN Appliances

Case study: McCarthy
• American-owned construction company with 2,000+ employees with
building sites nationwide

• Challenges
• Previously used expensive MPLS lines taking 6-8 weeks to deploy
• Some locations have limited ISP availability or require costly
build-outs by broadband providers
“Meraki’s embedded
cellular products can
• The Path Forward
improve the simplicity
• With LTE widely available, construction sites can now use cellular as
primary transport for connectivity of our network
• Quickly deploy new cellular networks using Meraki MX & Z, allowing deployments”
a seamless transition when broadband circuits are delivered to the - Ben Donaldson, Network Architect,
McCarthy Building Companies, Inc.
site
• Maintain cellular connection as a failover uplink
Cloud-Managed Security & SD-WAN Appliances
• Meraki’s integrated LTE appliances used to improve simplicity
MX Product Portfolio

Cloud-Managed Security & SD-WAN Appliances

Meraki Security & SD-WAN Portfolio
Teleworker Small Branch

Z3 Z3C MX64/65 MX67/68 MX67C/68CW

~5 users ~50 users ~50 users ~50 users
802.11ac Wave 2 Wireless & PoE 802.11ac Wireless* & PoE 802.11ac Wave 2* & PoE 802.11ac Wave 2* & PoE
FW throughput: 100 Mbps FW throughput: 250 Mbps FW throughput: 450 Mbps FW throughput: 450 Mbps
CAT 3 LTE (Z3C) CAT 6 LTE

Medium Branch Large Branch, Campus or Concentrator Virtual

MX84 MX100 MX250 MX450 vMX100 for AWS & Azure

~200 users ~500 users ~2,000 users ~10,000 users FW throughput: 750 Mbps
FW throughput: 500 Mbps FW throughput: 750 Mbps FW throughput: 4 Gbps FW throughput: 6 Gbps VPN & SD-WAN features

*Available with wireless models

(MX64W, MX65W, MX67W, MX68W, MX68CW)
Z3C not available in Japan
Cloud-Managed Security & SD-WAN Appliances
Licensing that fits the business’ needs

Enterprise License Advanced Security License

Next Generation Firewall All enterprise features, plus

Site-to-site and client VPN Content filtering (with Google SafeSearch enforcement)

Intelligent path control Cisco Advanced Malware Protection

Link bonding and failover Snort IDS/IPS

Bandwidth shaping and QoS Threat Grid integration*

Branch routing Geo-based firewall rules

Web caching

Active/Passive high availability

*additional Threat Grid subscription required

Cloud-Managed Security & SD-WAN Appliances

Leverage the Meraki full stack for even greater benefits

Wireless Access Points Security & SD-WAN Appliances Switches

Optimized for high-density with Feature rich security and unified threat Layer 2 and layer 3 switches for
802.11ac and Bluetooth management platform mission-critical networks

Enterprise Mobility Management MI Security Cameras

Unified managed and control of thousands Optimize User Experience, Streamline deployment and
of devices Accelerate IT monitoring of video security cameras

A complete cloud-managed IT portfolio

Single-pane-of-glass management
Cloud-Managed Security & SD-WAN Appliances
Meraki for the campus
Enterprise class features for the campus with a single point of configuration,
management, and troubleshooting
Centralized management

Virtual stacking

Network topology SM Sentry

AD Integration

Port NAC and WPA-2 Enterprise RADIUS

Syslog and Netflow exports

ISE and Prime integration

Meraki Networking
Meraki for the distributed enterprise
Efficient scalable services with tools and features for the distributed
enterprise

Configuration templates
Automatic VPN/SD-WAN
Intuitive Multi-site management
Single pane of glass visibility
Simple security policy compliance
Automatic summary reports
Robust alerting for remote sites
Network cloning
Zero touch deployment API

Meraki Networking
Meraki for the SME
Deploy inherently secure networks utilizing cloud based services and intuitive
configurations
Fast and efficient guest access

Simple splash page deployment with billing

Cloud-based user authentication

Cloud CMX analytics

Integrated MDM

Customize security feature sets

Out-of-the box WIPS and Auto RF

Meraki Networking
Meraki MX Technical Deep Dive

Meraki Networking
Meraki Case Studies

Cisco Meraki Customer Stories

https://meraki.cisco.com/customers

Introduction to Cloud-Managed
Cloud-Managed Security & SD-WANSwitching
Appliances