Tuesday, 20 November 2012

Cisco acquires Meraki



Cisco's acquisition of Meraki is an interesting prospect for customers, partners and competitors.  Meraki are an unknown quantity to many, so I thought I would share my opinion on what this means to the WLAN industry.

As a WLAN engineer that has been working with Cisco for 10 years I'm pretty happy about it.  I have been looking at Meraki for a while and picked up one of their AP's a few weeks ago.  If you read my blog about BYOD you'll see I have a lot of love for the Meraki product.

Meraki have taken the controller to the cloud, they look after it.  You choose upgrade windows and never have to pay for resiliency, new hardware, software upgrades or power bills.  You can also buy switches and security gateways for the full feature set.  All are cloud managed through a clean and simple web GUI.  The main selling points of the solution are as follows:
  • Plug and play access points (DHCP to Internet is all you need)
  • Switch and security gateway appliances for additional features
  • Feature-rich WLAN services - URL filtering, firewall, VPN
  • Slick cloud-based management GUI
  • BYOD out of the box - including the illusive trusted CA (see Building BYOD blog part 2)
  • Free MDM for iPhone, Android, Windows, OS X
  • Layer 2-7 stats and reporting


Cisco's ageing WLC-centric infrastructure has been struggling to compete in the SMB channel for a while now.   For the last few years companies like Aruba, Aerohive and Ruckus have been turning heads.  However, they will now lose many of their (compelling) arguments against Cisco's previously appliance-heavy infrastructure.

The $1.2bn price tag will be questioned, but I feel that this acquisition is vital to Cisco's strong position in the WLAN industry - and worth the investment.  By acquiring Meraki, Cisco will be able to wade back into the SMB market.  I can only see them expanding their customer base.

Cisco partners will be saying "Awesome, now we can offer BYOD and MDM at low cost".
Cisco competitors will be saying "Damn... We had them on the ropes...".
Meraki partners may be saying "Meh… Now we're going to lose out to Cisco Gold partners"




What does it mean for Meraki products and customers?

Anyone who has recently bought into the Meraki revolution might be worrying about what this acquisition means to them.  If it is anything like the Airespace acquisition it will go like this:
  • Cisco will rebadge the Meraki products and maintain current pricing.
  • Cisco will honour all current support contracts.  Support will be migrated to Cisco TAC.
  • Cisco will phase out the Meraki hardware for Cisco hardware, then offer migration deals.

We're all trying to envisage what Cisco will attempt to do with Meraki.  They may leave them to operate in isolation.  As is stated by Meraki here http://www.meraki.com/company/cisco-acquisition-faq

I don't think cloud networking will extend into the Cisco product set quickly.  However, there is nothing to stop network appliances being offered with 'local' or 'cloud' firmware.  Much the same as autonomous or lightweight AP's today.  However, Cisco will need carefully manage how they offer these products  to customers.

The shift from where Cisco are now with their 'tin' approach to where Cisco could be with an 'IaaS' approach is huge.  This conversation goes way beyond my WLAN blog....

Final word... I'm fortunate enough to be a member of the Cisco Mobility PVT.  So I hope to be able to report back about the good things are going to emerge from Cisco in the near future.  Watch this space...

Mental note! Get CCIE before Meraki technology is added to the exam...

Thursday, 15 November 2012

Building BYOD part 4 - Choosing the right vendor



A Little History… 

2005 - Aruba and Cisco hit the market with "captive portal" technology that is prevalent in hotspots today.  Aruba's product was better.

2009 - iPhone arrives… Amigopod (soon to be acquired by Aruba) are the first company to market with a BYOD gateway with PKI integration, but it only supports iOS devices and requires SSID switching for client on-boarding.

2010 - Mobile Device Management solutions arrive offering alternative to WLAN vendor solutions for mobile devices.  Smooth profile delivery mechanisms. MobileIron, Airwatch, Good, Zenprise.

2011 - Cisco release Identity Services Engine, but are still behind Amigopod on development.  Other vendors introduce MDM through partnerships.  PPSK was been introduced as a better alternative to web login by Aerohive and Ruckus.

In 2009 vendors succumbed to the fact that there is a world beyond Windows.  The behaviour of mobile devices also made WLAN vendors realise they needed to find an alternative to web login… A raft of new MDM vendors also emerged.  The recent challenge has been to develop web-login portals that integrate with MDM agents to support multiple device types, operating systems and user databases.  The goal for all vendors it to be able to push EAP-TLS profiles and certificates to a wide range of OS - Windows, OS X, iOS, Android, Windows phone, etc.  But also to be able to support traditional web-login or PPSK solution for non-compliant devices and users.

BYOD portal technology is a logical progression from the basic web-login solutions of 2005.  The ideal BYOD portal product offers the following:
  • Single point of entry for all users
  • Highly customisable walled garden website
  • Traditional web-login for visitors
  • BYOD on-boarding options for employees
  • Client agents for profile delivery
  • Support for multiple OS
One thing I feel that is lacking in most vendor offerings is the ability to customise the portal for corporate branding and content delivery.  This is an important part of corporate identity that vendors haven't made enough effort to accommodate.  This may be explained by the aggressive recent development of BYOD.  In reality, vendors have struggled to develop their own BYOD solutions.  Several have partnered with BYOD solution vendors, or simply referred customers who want BYOD to MDM solutions.  

BYOD Vendor Options

Product maturity is the big question.  Not just in terms of the breadth of device OS support, but also through software development.  As you can see from the timeline, Aruba have a mature product with PKI integration.  Cisco have invested heavily in the ISE product and only in recent releases has the feature set and functionality become comparable to Amigopod.  

Both Aruba and Cisco offer BYOD focused security appliances with a multi-purpose captive portal with BYOD integration for IOS and Android.  Aerohive have also recently developed their own portal that offers MDM integration via the JAMF solution for Apple devices.  Meraki have stormed into the BYOD market with a multi-OS BYOD solution that offers an MDM/client app covering all major platforms (Win, OS X, iOS, Android).  This cloud-based "free MDM" approach is so easy to setup in comparison to all other vendors that the cost-savings are huge, not just in MDM costs.  My concern here is that traditionally WLAN vendors aren't focused on MDM.  Will they stay on top of development around bugs, security alerts, OS updates, etc?  Will their support teams be on-par with an MDM vendor?

A note on PPSK - Both Aerohive and Ruckus offer PPSK which is a big improvement over web-login.  This is going to be a great solution for most companies.  Though if tight security is a concern, I would be interested to know if they are able to tie a user to the client session for litigation against Internet misuse.



In Summary


For the last few years Aruba Amigopod and MDM have been the leading BYOD options.  There has also been an IOS exclusivity in the WLAN vendor space until recently.  Cisco have caught up somewhat with Aruba and other vendors are offering well-rounded solutions with less painful deployments. 




Finding the right solution for an organisation will be about taking all the info on board from this and previous blogs, putting it all together and cross referencing agains the vendor solutions.  Not an easy task... 

I do think that SME customers will quickly move away from vendors with appliance-heavy architecture.  Cisco and Aruba should be worried about innovative and agile vendors like Aerohive, Meraki and Ruckus coming in cheaper and winning customers.