Microsegmentation With Meraki Adaptive Policies

When it comes to networking and user based security policies in a Cisco environment, a lot of people will immediately point to Cisco ISE and its process of creating policies based on a wide range of factors. Now when you think of Meraki, a lot of people still have the mindset that Meraki is built around simple network management and easy of deployment, which it is. They look to other Cisco products for the larger scale, more in depth, and customizable security features. That is a view that a lot of “old-school” engineers still keep. Meraki is now once again pushing boundaries and bridging the gap, bringing their product forward as a true enterprise option. This post by Kevin Blackburn breaks down the details of Meraki Adaptive Policies, which the company is using to make sure they are a viable enterprise option for the more security minded environments. Kevin recently heard from Meraki at the Tech Field Day Cisco Live Virtual Experience, so he has details on all their latest.

Meraki Health – Your Wireless User Watchguard

Troubleshooting is an inevitable part of IT, especially when it comes to wireless networking. As Kevin Blackburn points out in this piece, unfortunately, many organizations lack the staff to have 24/7 help or even large daytime staffs. At Tech Field Day Virtual Cisco Live Experience, he saw Meraki Health as a potential solution for this problem. This provides a health snapshot of all connected devices and shows where users might be experiencing performance issues. This information is stored in the cloud for 30 days, giving an additional way to get historical context to these issues, and help track down root causes to larger issues. Kevin was impressed to see this monitoring didn’t just stop at the wireless component, showing the experience from APs to switches and to backing application servers.

Cisco SecureX – A Single Security Pane of Glass

Cisco is not unfamiliar to the world of network security solutions, but Kevin Blackburn thinks SecureX is a recognition that the company could do more from the standpoint of a consolidated security interface. Rather than being a tool that only works within the Cisco ecosystem, SecureX allows admins to take advantage of data from devices across your infrastructure. Cisco has a number of direct integrations with other vendors, as well as a general API that you can plug into. This really helps SecureX standout, not just from Cisco’s other security minded solutions, but within the industry at large. For Kevin, this allows you breakdown silos and get more visibility into possible security issues.

Connecting Networks Without the IPSec Overlay

128 Technology has an interesting pitch in the crowded world of networking, particularly in the emerging SD-WAN market. They use secure vector routing rather than typical IPSec overlays. In this post Kevin Blackburn looks at how the company does this, based on what the company showed at their Tech Field Day Exclusive event earlier this year.

DNS: More Than Just Name Resolution

Kevin Blackburn was a delegate at Networking Field Day last month, and clearly was intrigued by what he heard from BlueCat Networks. During their presentation, the company showed how DNS can be more than simple name resolution. This involves using it for threat protection and utilizing as a store of a single source of networking truth. For Kevin, this was some next-level DNS.

Exciting SD-WAN Updates From Riverbed

Kevin Blackburn was along as a delegate at Networking Field Day last week. At the event, he got to hear the latest updates on SD-WAN from Riverbed. SD-WAN is a great tool for routing connections between disparate locations in the enterprise. Riverbed demonstrated how their solution allows this to scale to large networks by seamlessly managing the overlay and underlay with a unified approach. Kevin was also impressed by Riverbed’s new subscription model pricing, as well as their overall ease of use.

Cisco Catalyst 9800 WLC – The Most Flexible WLC Yet

Kevin Blackburn breaks down the release of Cisco’s new Catalyst 9800 series wireless LAN controller. Kevin is impressed that this isn’t a single appliance, but a true platform that can run in the cloud, on a switch, or on an on-premises appliance. The Catalyst 9800 series WLC are all based on IOS-XE code, providing modularity and flexibility. Cisco presented on this at Networking Field Day earlier this month, so be sure to check out their full video for a deep dive.

Aviatrix – When SD-WAN Becomes SD-Cloud – The Routing Table

Kevin Blackburn discusses the transition from SD-WAN to SD-Cloud made and presented by Aviatrix Systems at Tech Field Day Extra at Cisco Live US 2018. No longer requiring the hardware necessitated by SD-WAN, Aviatrix has created what they call virtual gateways that make the move to the cloud easy. With a simple dashboard, Kevin claims Aviatrix’s SD-Cloud is just as intuitive to use as SD-WAN.

VMWare NSX Distributed Firewall

At Networking Field Day earlier this month, Kevin Blackburn was introduced to the idea of a VMware distributed firewall. He thinks it’s a perfect example of how their NSX platform can bring additional value to your network by eliminating a lot of the need to physically segment it. Kevin sees NSX as making the network easier to manage, without ceding any control over its operation.

SD-WAN: Redundancy and Optimization

Kevin Blackburn saw a presentation from TELoIP at Networking Field Day earlier this month, and used the presentation as a jumping off point for talking about SD-WAN. TELoIP presented their VINO SD-WAN and SD-Internet solutions during the event. In a lot of ways, the end result of a lot of SD-WAN solutions remains the same, but each company goes about doing it in substantively different ways, which may have different appeal among organizations. For TELoIP, they emphasized using all available internet circuits into a logical bundle of network connections.

SSL Decryption for Increased Network Visibility

Kevin Blackburn wrote up his thoughts on Gigamon’s presentation at Networking Field Day this month. They focused their presentation on GigaSECURE, their security visibility platform that allows for inline SSL decryption. They do this with by operating a sanctioned man in the middle capture. This is vital for giving administrators the visibility into traffic needed to ensure secure practice. Kevin’s only concern was in how Gigamon’s trusted certificate were handled, which may lead to a manual process of adding these to devices they can’t be automatically pushed to. But with a predicated 80% of traffic being encrypted in the near future, the tradeoff may well be worth it to gain visibility.

VMWare NSX: A New Method of Datacenter Networking

Kevin Blackburn wrote up some of his thoughts on VMware NSX from Networking Field Day last week. The company presented on it for four hours, so he was really able to get into a technical deep dive on this interesting network control solution. Kevin seemed really impressed by how NSX lets you integrate a variety of vendors into the solution, via a layer 3 connection using BGP or OSPF. NSX also allows you to directly firewall devices, create unique policies, and extend all of this into cloud environments thanks to AWS support.

IP Infusion: The Enterprise Whitebox Solution

Kevin Blackburn heard from IP Infusion last week at Networking Field Day, and got a good look at their white box networking OS and their virtualized platform. Their OS covers enough of the white box world to cover the entire range of interfaces and speeds. One interesting feature Kevin noted was that you can program your own application directly into the OS for added customization. Overall, Kevin enjoyed the configurability and documentation available from IP Infusion. He may have not heard of IP Infusion before the event, but he found them to offer a stable platform for network engineers to move into the white box networking world.

NFD15 – TELoIP VINO – Part 1

Kevin Blackburn wrote up an excellent preview of TELoIP, an SD-WAN provider. He looks at their Virtual Intelligent Network Overlay and how it appears to operate based on existing information. He’s excited to learn specifics directly from TELoIP, and plans to learn how they differentiate themselves in the increasingly crowded market.

#NFD15 – Delegate Selection

Kevin Blackburn is heading to Networking Field Day next week, it’s his first event and we’re excited to have him there. He’s looking forward to hearing from the presenting companies with technical deep dives, and asking pertinent questions. Make sure to follow along on the live stream, and join the conversation on Twitter using #NFD15.

Kevin Blackburn

Senior Network Engineer (Cisco CCNP) and currently working towards my Routing and Switching CCIE.