BRKCRS 1731

#CLMEL
Meraki Powered
SD-WAN
David van Schravendijk

Product Marketing Manager, MX
BRKCRS-1731
#CLMEL
Cisco Webex Teams
Questions?
Use Cisco Webex Teams (formerly Cisco Spark)
to chat with the speaker after the session
How
1 Open the Cisco Events Mobile App
2 Find your desired session in the “Session Scheduler”
3 Click “Join the Discussion”
4 Install Webex Teams or go directly to the team space
5 Enter messages/questions in the team space
cs.co/ciscolivebot#BRKCRS-1731
© 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
Agenda
• Meraki Cloud Management
• Meraki MX
• Security
• SD-WAN
• Demo
• What’s new
• Q&A
#CLMEL BRKCRS-1731 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Meraki Cloud
Management
Simplifying IT with cloud management
A complete cloud managed IT solution
Wireless, switching, security, SD-WAN,
intelligent network insights, endpoint
management, and security cameras
Integrated hardware, software, and cloud
services
Leader in cloud-managed IT
Among Cisco’s fastest growing portfolios
350k+ 4.5M+ 5.5M+

Unique customers Meraki devices Active Meraki
online dashboard users
Out of Band Cloud Management
Scalable
Unlimited throughput, no bottlenecks
Add devices or sites in minutes
Reliable
Highly available cloud with multiple datacentres
Network functions even if connection to cloud is interrupted
99.99% uptime SLA
Secure
No user traffic passes through cloud
Create and maintain HIPAA & PCI compliant networks
3rd party security audits, daily penetration testing
Automatic firmware and security updates (user-scheduled)
Reliability and security information at meraki.cisco.com/trust
Increasingly valuable IT investment
Meraki MX
One unified platform
Industry Leading SD-WAN
Meets Industry Leading Security
The new element, LTE
LTE
MERAKI MX
APPLIANCE
SD- UTM
WAN
SIM & LTE MODEM

INTEGRATED
A complete connectivity and security solution
Security Networking Application

Next generation firewall 3G / 4G / LTE failover Control
AES encrypted VPN Branch routing
Bandwidth shaping
Intrusion prevention WAN balancing and
URL content filtering
(IPS) failover
Quality of Service
Malware protection High Availability
control
Geo-IP firewalling Intelligent path control
Why customers choose Meraki MX
Powerful security with easy implementation
• Robust suite of Cisco Security
technologies
• Intuitive GUI-based configuration
• Seamless updates from the cloud
Exceptional scalability
• Zero-touch provisioning and cloud brokered VPN
• Easy centralised management with built in remote
troubleshooting tools
• Multi-location configuration templates
Industry-leading visibility
• Fingerprint users, applications, devices, and threats
• Monitor one location or an entire deployment
• Unified monitoring and reporting with other Cisco
Meraki technologies
Meraki Security & SD-WAN Portfolio
Teleworker Small Branch
Z3 Z3C MX64/65 MX67/68 MX67C/68CW

~5 users ~50 users ~50 users ~50 users
802.11ac Wave 2 Wireless & PoE 802.11ac Wireless* & PoE 802.11ac Wave 2* & PoE 802.11ac Wave 2* & PoE
FW throughput: 100 Mbps FW throughput: 250 Mbps FW throughput: 450 Mbps FW throughput: 450 Mbps
CAT 3 LTE (Z3C) CAT 6 LTE
Medium Branch Large Branch, Campus or Concentrator Virtual
MX84 MX100 MX250 MX450 vMX100 for AWS & Azure

~200 users ~500 users ~2,000 users ~10,000 users FW throughput: 750 Mbps
FW throughput: 500 Mbps FW throughput: 750 Mbps FW throughput: 4 Gbps FW throughput: 6 Gbps VPN & SD-WAN features
*Available with wireless models

(MX64W, MX65W, MX67W, MX68W, MX68CW)
Z3C not available in Japan
Security
Malware volume has grown 10X
Source: Cisco 2018 Security Capabilities Benchmark Study
Security professionals have little time
44% of alerts are not

investigated
• Lack of headcount
• Lack of trained personnel
• Budget constraints
Source: Cisco 2018 Security Capabilities Benchmark Study
Ironclad Cisco security, Meraki simplicity
Meraki MX
Backed by Cisco Talos threat intelligence
1.5 million malware 600 billion email
samples / day messages / day Over 250 full time
threat researchers
Millions of
Internet-wide 16 billion web telemetry
scanning requests / day agents
4 global data
centres
Telemetry Honeypots Over 100 threat

intelligence
partners
Internal Open source Over 1100 threat
vulnerability communities traps
discovery
Cloud backed, intelligent IDS/IPS
Built-in IDS/IPS Automatic updates Simple
engine via the cloud configuration and
reporting
An anti-fragile cloud security architecture
SD-WAN
Business SaaS trends
AVG. NUMBER OF SaaS APPS PER ORGANIZATION SaaS SPENDING FORECAST, 2016 – 2020
95%
Global SaaS
spending is forecast
INCREASE to increase by over
95% to $75.7B
[Source: BetterCloud 2017 State of the SaaS-Powered [Source: Gartner, 2017]
Workplace]
PERCENTAGE OF ENTERPRISES ESTIMATING WHEN

80% OF THEIR BUSINESS APPS WILL BE SaaS
Percentage of enterprises
(1,000+ employees) estimating
the majority of their apps will be
[Source: BetterCloud 2017 State of the SaaS-Powered SaaS by 2021
Workplace]
“What is the cost of network
downtime?”
Strained premium WAN links
CURRENT MPLS
AVERAGE COST OF MPLS
HQ / DC BRANCH
FUTURE MPLS
$600
PER MBPS PER MONTH
HQ / DC BRANCH
[Source: Network World, Next-
Generation Enterprise WANs, 2012]
● business critical
● non-critical
Legacy premium WAN links are coming under increasing strain as a result of growing
business SaaS and site-to-site traffic
Increasing the capacity of private WAN links is a cost prohibitive option for most
organisations
Future WAN options
MPLS ONLY
1 MPLS
Increase the capacity of an existing MPLS n
HQ / DC BRANCH
REDUCING COST
AUGMENTED MPLS
MPLS
2 Offload critical traffic from MPLS
BROADBAND
HQ / DC BRANCH
to broadband with policy based
BROADBAND-BROADBAND
routing dynamic path selection
BROADBAND
3 Load balance business critical
BROADBAND
HQ / DC BRANCH
traffic based on policy or link
performance
[PER MBPS PER MONTH]
AVERAGE
● business critical PRICE OF Broadb… $15
● non-critical WAN
CONNECTIVIT MPLS $600
Y
MERAKI SD-WAN [Source: Network World, Next-Generation Enterprise WANs, 2012]
Delivered by powerful hardware
Hardware highlights across all MX

models
×2 WAN ports
3G / 4G / LTE USB as single-

WAN or failover
Additional Ethernet ports with
PoE/PoE+ options MERAKI MX SECURITY & SD -WAN APPLIANCES
High availability mode
Securely built on site-to-site Auto VPN
The ability to configure site-to-site, Layer 3 IPsec VPN tunnels in just two clicks in the
Meraki Auto VPN
Cisco Meraki dashboard over any WAN link
The Cisco Meraki dashboard uniquely acts as a broker between MXs in an organisation,
Automatically configured
negotiating VPN routes, authentication and encryption protocols, and key exchange
VPN parameters
automatically to create hub-and-spoke or mesh VPN topologies
MXs with two uplinks will automatically self-heal to re-negotiate VPN tunnels if a primary
Redundancy built-in
uplink goes down
Auto VPN behind the scenes
Subnet Uplink IP Public IP
10.0.1.0/24 10.1.1.1 184.23.135.

1
New MX registers its 10.0.2.0/24 10.1.1.2 184.23.135.

Uplink IP, Public IP 2
1 and local subnets 10.0.3.0/24 10.1.1.3 184.23.135.
3
• Routing, topologies, WAN

3 New MX establishes path logic determined
New route is
propagated to all MX 2 site-to-site VPN
connection
automatically
peers automatically
• Secure architecture via
periodic keying data
updates
VPN Tunnelling Topologies
Split Full tunnel

tunnel
Geo-based hub & spoke topology
Driven by real-time performance monitoring
• Performance metrics of all site-
to-site VPN routes are probed
and logged approx. every
second
- Latency
- Jitter
- Loss
- MOS
• Probe consists of small UDP

payload passed over every
tunnel
• This data is used to make

intelligent decisions about WAN
connectivity #CLMEL BRKCRS-1731 © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 32
Application-aware Intelligent Path Control
Dual active VPN
Load balance your VPN traffic over two WAN
links
Policy-based Routing (PbR)

Select the preferred path for traffic based on
protocol, port, source and destination IP, or
even application
Dynamic path selection

Select the best VPN tunnel for traffic
automatically based on performance
Simply Express Intent
1. Define acceptable performance thresholds
3. Choose preferred uplink and
when fail over should occur
2. Select from built-in Layer-7

categories and applications
Tell the network what you want to

accomplish, not what to do and how to do
it
Monitor SD-WAN Uplink Decisions
• Track live flow decisions for uplinks and VPN peers

• Understand context & reason for decision
• Search decision table
SD-WAN Algorithm
Extension to Public Cloud Services
• Extend MX deployments to IT services located in
AWS or Microsoft Azure with site-to-site auto VPN
to a virtual MX (vMX)
• Leverage SD-WAN on vMX the same way as a

physical MX for optimal path selection to IT services
hosted in AWS or Azure
• vMX is managed just like any other physical MX in

the dashboard once deployed on an AWS EC2
instance or an Azure VM
• Up to 500Mbps VPN throughput
• Only license required
Summary
Meraki SD-WAN
Auto VPN Central Zero Touch Visibility &

Capability Management Deployment Reporting
Rock Solid Public Cloud

Security Services
One more thing…
Auto VPN Central Zero Touch Visibility &

Capability Management Deployment Reporting
Rock Solid Application and WAN Public Cloud

Security Intelligence Services
Meraki Insight
Meraki SD-WAN Troubleshooting
Delivered by Meraki Insight on MX
Web application troubleshooting
Monitor performance for apps travelling
via VPN or public Internet
End-to-end visibility for SaaS application

experience
Network performance analytics and

troubleshooting, including the LAN, WAN,
servers and domains
Accelerate IT and reduce time-to-

resolution
End-to-end network intelligence at work
WAN Health
At-a-glance health of all MX uplinks across all sites
• Quickly identify downed uplinks,

including cellular across all sites
• Easily monitor signal strength for

cellular uplinks across all locations
• Quickly isolate sites with

underperforming uplinks to make the
case for switching ISP or adding
cellular as failover
• Discover which sites are most reliant

on cellular as failover
Monitor the health of all MX uplinks including cellular across all sites
Meraki Insight licensing
M X M O D E L S L I C E N S E S I Z E
FW Throughput
XSMALL
Z3x
Up to 150 Mbps
SMALL
MX6x
Up to 450 Mbps
MEDIUM
MX84 | MX100
Up to 750 Mbps
LARGE
MX250
Up to 5 Gbps
EXTRA LARGE
MX450
Up to 10 Gbps
Demo
Cisco SD-WAN
The Meraki cloud managed ecosystem
MR MX MI
Access Points Security & SD-WAN Insight
Appliances
Systems
MS MV
Ethernet Manager Security Cameras
Switches Endpoint
Management
A COMPLETE CLOUD MANAGED IT PORTFOLIO

SINGLE PANE OF GLASS MANAGEMENT
Q&A
#CLMEL
Continue
your Cisco
Demos in
Labs Meet The
Expert
Related
sessions
education the World
of
Solutions
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public 50
Complete Your Online Session Evaluation
• Give us your feedback and receive a
complimentary Cisco Live 2019 Power
Bank after completing the overall event
evaluation and 5 session evaluations.
• All evaluations can be completed via
the Cisco Live Melbourne Mobile App.
• Don’t forget: Cisco Live sessions will be
available for viewing on demand after
the event at:
https://ciscolive.cisco.com/on-demand-library/
#CLMEL © 2019 Cisco and/or its affiliates. All rights reserved. Cisco Public
Thank you
#CLMEL
#CLMEL

BRKCRS 1731

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

BRKCRS 1731

Uploaded by

Copyright:

Available Formats

#CLMEL

David van Schravendijk

350k+ 4.5M+ 5.5M+

SIM & LTE MODEM

Security Networking Application

Z3 Z3C MX64/65 MX67/68 MX67C/68CW

Medium Branch Large Branch, Campus or Concentrator Virtual

MX84 MX100 MX250 MX450 vMX100 for AWS & Azure

*Available with wireless models

Source: Cisco 2018 Security Capabilities Benchmark Study

44% of alerts are not

• Lack of trained personnel

Source: Cisco 2018 Security Capabilities Benchmark Study

Telemetry Honeypots Over 100 threat

PERCENTAGE OF ENTERPRISES ESTIMATING WHEN

Hardware highlights across all MX

3G / 4G / LTE USB as single-

High availability mode

10.0.1.0/24 10.1.1.1 184.23.135.

New MX registers its 10.0.2.0/24 10.1.1.2 184.23.135.

• Routing, topologies, WAN

Split Full tunnel

• Probe consists of small UDP

• This data is used to make

Policy-based Routing (PbR)

Dynamic path selection

2. Select from built-in Layer-7

Tell the network what you want to

• Track live flow decisions for uplinks and VPN peers

• Leverage SD-WAN on vMX the same way as a

• vMX is managed just like any other physical MX in

• Up to 500Mbps VPN throughput

• Only license required

Auto VPN Central Zero Touch Visibility &

Rock Solid Public Cloud

Auto VPN Central Zero Touch Visibility &

Rock Solid Application and WAN Public Cloud

Delivered by Meraki Insight on MX

End-to-end visibility for SaaS application

Network performance analytics and

Accelerate IT and reduce time-to-

End-to-end network intelligence at work

• Quickly identify downed uplinks,

• Easily monitor signal strength for

• Quickly isolate sites with

• Discover which sites are most reliant

A COMPLETE CLOUD MANAGED IT PORTFOLIO

You might also like