Cloud Managed Security With Meraki MX - Alcatron PDF Free Download

1y ago

33 Views

1 Downloads

3.30 MB

44 Pages

Report/dmca

Download PDF

Transcription

Cloud Managed Security with Meraki MXBRKSEC-2900John-Paul SikkingSecurity Specialist

Agenda IntroductionWhy cloud managed networking?Cloud-managed networking architectureSolution highlightsProduct FamiliesOut of the box demoQ ABRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Bringing The Cloud To Enterprise NetworksMeraki MRWireless LANBRKSEC-2900Meraki MSEthernet Switches 2014 Cisco and/or its affiliates. All rights reserved.Meraki MXSecurityAppliances Cisco PublicMeraki SMMobile DeviceManagement

Cisco Meraki: 100% Cloud-Managed Networking Cisco Meraki: a complete cloud-managed networking solution– Wireless, switching, security and MDM, centrally managed over the web– Built from the ground up for cloud management– Integrated hardware, software, and cloud services Leader in cloud-managed networking– Among Cisco’s fastest-growing portfolios: over 100% annual growth– Tens of millions of devices connected worldwide since 2006 Recognised for innovation– Gartner Magic Quadrant, InfoWorld Technology of the Year, CRN Coolest TechnologiesTrusted by thousands of customers worldwide:BRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Why Cloud Managed Networking?

The Cloud Increases IT EfficiencyCost SavingsScalabilityManageability Turnkey installation and management Integrated, always up to date features Scales from small branches to large networks Reduces operational costsBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

An Integrated Solution For New IT Challenges1 billion iOS &Android devicesHD video andrich mediaNew businessopportunitiesIntegratedmobile devicemanagementLayer 7applicationshapingAnalyticsand userengagementA complete solution out of the-box:No extra hardware, software, or complexityBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Cloud Architecture

Cloud-Managed Networking ArchitectureNetwork endpoints securelyconnected to the cloudCloud-hosted centralisedmanagement platformIntuitive browser-baseddashboardBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Out Of Band Cloud Management In Every Product Scalable– Unlimited throughput, no bottlenecks– Add devices or sites in minutesWAN Reliable– Highly available cloud with multiple Data Centres– Network functions even if connection to cloud is interrupted– 99.99% uptime SLA Secure––––No user traffic passes through cloudFully HIPAA / PCI compliant (level 1 certified)3rd party security audits, daily penetration testingAutomatic firmware and security updates (user-scheduled)Reliability and security information at meraki.cisco.com/trustBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco PublicManagementdata (1 kb/s)

Scalable Cloud InfrastructureTelmexNationwide hotspot and3G offload networkDress BarnNation-wide deployment spanninghundreds of retail storesMotel 670,000 hotel room deploymentJeffco School District80,000 student district with 100 schoolsProven in 10,000 endpoint deploymentsBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

SaaS Feature Delivery Feature updates seamlessly delivered from the cloud (user-scheduled) Adapts to new devices, applications, and business opportunitiesBYOD feature velocity, past 36 months:2010BRKSEC-290020112012 2014 Cisco and/or its affiliates. All rights reserved.2013Cisco Public

Solution Highlights

Distributed NetworksCentralised cloudmanagement scales tothousands of sitesMulti-site visibility andcontrolMap-based dashboard; configuration sync; remote diagnostics; automatic monitoring andalertsZero-touch provisioningDevices automatically provision from the cloud, no staging required; self-configuring site-tosite VPNTraffic accelerationWAN optimisation and web caching accelerates and de-duplicates network traffic; applicationaware QoS prioritises productivity appsBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

High Capacity Edge NetworksRF optimisation andapplication-aware QoS for highthroughput, high-density WLANLayer 7 application trafficshapingThrottle, block, or prioritise application traffic with DPI-based fingerprinting; set user andgroup-based shaping rulesCloud-base RFoptimisationDynamically avoid interference, optimising channel selection and power levelsDensity-optimised WLANRF platform tuned for airtime fairness and performance in dense performance-criticalenvironmentsBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Bring Your Own Device (BYOD)Out-of-the-box security,management, and capacity forBYOD-ready deploymentsDevice-aware securityDevice-aware firewall and access control; Antivirus scan; LAN isolation;Bonjour Gateway; Content and security filteringIntegrated MDMEnforce encryption, passcodes, and device restrictions; Deploy enterprise applications;Remotely lock or wipe devicesSimplified onboardingFlexible authentication with AD integration, SMS authentication, hosted splash pages, andautomatic MDM enrollmentBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

User Analytics And EngagementBuilt-in locationanalytics dashboardOptimise marketing andbusiness operationsAnalyse capture rate, dwell time, and new / repeat visitors to measure advertising, promotions,site utilisation, etc.Built-in analyticsIntegrated into WLAN, no extra sensors, appliances, or softwareExtensible APIIntegrate location data with CRM, loyalty programs, and custom applications for targeted realtime offersBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Flexible Authentication And Access ControlFlexible built-inauthenticationmechanismsFlexible authenticationSecure 802.1x and Active Directory authentication; Facebook Authentication for branding andtargeted social marketing; SMS self-service authentication, Lobby Ambassador, and hostedsign-on splash pagesDynamic access controlAssign clients layer 3-7 firewall rules, VLANs, and application-aware quality of service byidentity, group, location, or device typeBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Simplified Enterprise SecurityEnterprise-class security featuresfor security-consciousenvironmentsAir Marshal WIDS/WIPSDetect wireless attacks; contain rogue APs; cloud-based alerting and diagnosticsUser and device awaresecurityUser, device, and group-based firewall rules (layer 3-7) withActive Directory integrationComplete NG firewall andcontent securityApplication firewall; content filtering matching 1B URLs; antivirus / antimalware filtering;Google safe-searchBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Product Families

MR Wireless Access PointsFeaturehighlights 6 models including indoor / outdoor, highperformance(802.11ac) and value-priced Enterprise-class silicon including RF optimisation, PoE,voice / video support Lifetime warranty on indoor APsBYOD policiesApplication trafficshapingGuest accessEnterprise securityWIDS / WIPSLocation analyticsBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

MX Security AppliancesFeaturehighlights 6 models scaling from small branch to campus /Data CentreZero-touch site tosite VPN Complete networking and security in a singleapplianceWAN optimisationNG firewallContent filteringWAN link bondingIntrusion detectionBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

MS Access And Aggregation SwitchesFeaturehighlights Gigabit access switches in 8, 24, and 48 port configurations,PoE available on all ports 10 Gigabit SFP aggregation switches in 24 and 48 portconfigurationsVoice and videoQoS Enterprise-class performance and reliability including nonblocking performance, voice/video QoS, and a lifetimewarrantyLayer 7 appvisibilityVirtual stackingPoE / PoE on allportsRemote packetcapture, cabletestingBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Systems Manager Mobile Device ManagementFeaturehighlights Device Management controls iOS, Android, Mac,and Windows devices Cloud-based - no on-site appliances or software,works with any vendor’s networkCentralised appdeployment 100% free - available at no cost to anyorganisation, sign up at meraki.cisco.com/smDevice securityRapid provisioningBackpack filesharingAssetmanagementBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Out of the box

Demo Use Cases – Building A Network In 30 Mins Setting up MX, create organisation, create networks, add devices. Setting up MR, set-up a quick wireless network for my iPad Settings:–––––––––Addressing / NAT / DHCPFirewall rulesLoad balancing / Traffic ShapingActive DirectoryGroup PolicyVPNSecurity FilteringContent FilteringBonjourBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

FTB: Set-up Security Policies Filtering – Block Peer2Peer Traffic Shaping – Rate limit Gaming URL Filtering – Block GamblingBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public35

Here’s A Network That I Prepared Earlier Lets have a look at a working network that is in production and has lots ofinteresting traffic. ClientsApplication Usage – e.g. YouTubeControl user with PoliciesMDMBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public36

Q&A

Complete Your Online Session EvaluationGive us your feedback and receive aCisco Live 2014 Polo Shirt!Complete your Overall Event Survey and 5 SessionEvaluations. Directly from your mobile device on the Cisco LiveMobile App By visiting the Cisco Live Mobile Sitewww.ciscoliveaustralia.com/mobile Visit any Cisco Live Internet Station locatedthroughout the venuePolo Shirts can be collected in the World of Solutionson Friday 21 March 12:00pm - 2:00pmBRKSEC-2900Learn online with Cisco Live!Visit us online after the conference for full accessto session videos and presentations.www.CiscoLiveAPAC.com 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public38

Case Studies

Case Study: Applebee’s Wireless LAN spanning over 270 restaurantsnationwide Customer engagement through guest access,coupons, promotions PCI-compliant solution enables mobile POS Restaurants centrally managed over the web Deployed without pre-staging or on-site IT“The Meraki Dashboard makes it easy to manage the WiFi across all the restaurants, and we havethe visibility we wanted.”Leslie McMasters, Network Administrator, Apple American GroupBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Case Study: Milpitas Unified School District California school district with 14 schools,10,000 students Deployed cloud-managed firewall, 500 wirelessAPs (indoor outdoor), and 100 Ethernetswitches Enabled 1:1 Google Chromebook deploymentand BYOD policy Application visibility and control optimisesbandwidth across 10k clients“The Dashboard, the traffic shaping, and the MDM were real advantages. We can see the traffic anddevices on the fly.”Chin Song, Director of Technology, Milpitas Unified School DistrictBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Case Study: Mosaic Healthcare and services provider with 5,000employees, 40 facilities across 11 states Deployed 350 cloud-managed wireless APs,switches, and security appliances HIPAA-compliant WiFi for electronic medicalrecords and guest access Centrally managed by small IT staff“The Meraki solution has provided us with a secure, centrally managed distributed network.”Daniel McDonald, Systems Integration Manager, MosaicBRKSEC-2900 2014 Cisco and/or its affiliates. All rights reserved.Cisco Public

Cisco Meraki: 100% Cloud-Managed Networking Cisco Meraki: a complete cloud-managed networking solution -Wireless, switching, security and MDM, centrally managed over the web -Built from the ground up for cloud management -Integrated hardware, software, and cloud services Leader in cloud-managed networking -Among Cisco's fastest .