#CiscoLive

Connect and Secure

with Meraki
Empower your hybrid workforce with secure
connectivity for any device, any application, anywhere

Avinash Ramesh, Technical Marketing Engineer, Cisco Meraki

Vaibhav ( VB ) Malik, Technical Marketing Engineer, Cisco Meraki
BRKMER - 1003

#CiscoLive
Avinash Ramesh MY JOURNEY TO Meraki’s SASE
WORLD

• Meraki TME for everything “SASE”

• SJSU Alumni (Go Spartans !!)
• Retired Software Developer @ Cisco
• North California Cricket League
“professional” player

https://www.linkedin.com/in/aviramesh/

BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 3
 • SASE Overview
• Meraki Umbrella SD-WAN
Connector
Agenda • Cisco+ Secure Connect Now
• Architecture
• Demo
• Conclusion and Q&A

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 4
Cisco Webex App

Questions?
Use Cisco Webex App to chat
with the speaker after the session

How
1 Find this session in the Cisco Live Mobile App
2 Click “Join the Discussion”
3 Install the Webex App or go directly to the Webex space Enter your personal notes here

4 Enter messages/questions in the Webex space

Webex spaces will be moderated https://ciscolive.ciscoevents.com/ciscolivebot/#BRKMER - 1003

by the speaker until June 17, 2022.

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 5
The future is evolving…fast.

ONLY of companies believe that their current business

11% models will be economically viable through 2023

#CiscoLive © 2022
Source: The new digital edge:Cisco and/or its
Rethinking affiliates.for
strategy Allthe
rights reserved. Cisco
postpandemic Public
era, McKinsey, May 2021
Applications are
hyper-distributed
across a diverse IT
landscape
of CIOs say it’s important to maintain security,
85% control, and governance across user devices,
networks, clouds, and applications

of CIOs believe insights will be more important

69% than ever to deliver a seamless consumer
experience

#CiscoLive BRKMER-1003 © 2022 Source: Accelerating

Cisco and/or Digital
its affiliates. AllAgility
rightsResearch
reserved.(CIO Data)
Cisco — Cisco, 2021
Public 7
 Problems
• App performance
Changes in traffic patterns are creating • User experience
bottlenecks and performance challenges • Security efficacy
• # of tools / vendors
• Integrations

IaaS
Internet
Private
cloud SaaS

Network
The traditional networking
Traffic
Internal 20% Security
model is inadequate
Internet 80%
Bottle neck

MPLS VPN

#CiscoLive © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
 Are you ready in the middle?

SASE
Framework
Network Security

Cisco has a strong vision to deliver a fully integrated SASE

solution, as well as the financial resources to execute the vision.
Gartner MQ report for WAN Edge Infrastructure, September 2021

#CiscoLive © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
MERAKI Most Trusted & Simplified Cloud
Cloud Managed Platform
3.5M+ 10M+ 190+
Customer Meraki devices Countries
networks online in network

630K+
3B+ 153M+ 250M+
External API Daily end-user Daily splash
monthly calls devices pages served
99.99%
Cloud SLA
Born in the cloud, growing daily, and
trusted everywhere
#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 10
The Meraki platform Connecting passionate people to
their mission by simplifying the digital
workplace.

SIMPLE
Increase productivity and reduce IT costs

SECURE
Reliably protect your business and people

INTELLIGENT
Leverage AI/ML-powered insights and automation

#CiscoLive © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco Umbrella Cloud Security

Cisco Umbrella
SecureX

DNS-layer Secure web Cloud-delivered Cloud access Interactive

security gateway Layer 7 firewall security broker threat intel
Incl: RBI, DLP (CASB)
Integrated security
platform

SD-WAN ON/OFF NETWORK DEVICES

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 12
 Are you ready in the middle?

Networking
Are you ready Security
to bridge these two worlds?

#CiscoLive © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Cisco SASE Solutions
Available New
Cisco+ Secure
Today Connect Now
Meraki Umbrella
SD-WAN
Connector A unified turnkey, as-a-
service, more scalable
SASE architecture.
Meraki MX + Umbrella
SIG Use Cases:
SD-WAN connectivity • Branch to Internet
• Remote User to Internet
Use Cases: • Branch to Private App
• Branch to Internet • Remote User to Private
App

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 14
Meraki Umbrella
SD-WAN
Connector
Meraki MX & AutoVPN

The ability to configure site-to-site, Layer 3 IPsec VPN tunnels in just three clicks in the
Meraki Auto VPN
Cisco Meraki dashboard over any WAN link

The Cisco Meraki dashboard uniquely acts as a broker between MXs in an organization,
Automatically configured
negotiating VPN routes, authentication and encryption protocols, and key exchange
VPN parameters
automatically to create hub-and-spoke or mesh VPN topologies

MXs with two uplinks will automatically self-heal to re-negotiate VPN tunnels if a primary
Redundancy built-in
uplink goes down

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 16
Meraki Umbrella SD-WAN Connector
Easy setup to connect Meraki branches to Umbrella Security Cloud

• Meraki SD-WAN direct connection

to Umbrella with Auto VPN for
resiliency and intelligent path Cisco Umbrella
selection

• Granular traffic control with SD-

WAN features M
• Dynamic path selection

• Local internet breakout

Meraki
• Policy-based routing Umbrella SD-
WAN
• SIG services with security policy Connector

control and management in Cisco

Umbrella Data center Branch

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 17
Meraki SD-WAN + Umbrella SIG Integration
Internet/SaaS

Easily Connect Meraki to SIG

Seamless Auto VPN connectivity

to Umbrella SIG
SIG

Cisco Umbrella
Managed from the Meraki
dashboard

Meraki Umbrella SDWAN

Connector The Meraki Umbrella SD-WAN
connector is automatically connected to
SIG, where users can manage security
policies and controls in Umbrella

Customer
Network
Meraki MX Meraki MX Meraki MX Meraki MX

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 18
 Any Meraki MX and Umbrella SIG
essentials license package
Meraki Umbrella SD-WAN Current throughput up to 250 Mbps per
Connector Overview connector
250 Auto VPN tunnels per connector
Expanded DC support globally with
Disaster Recovery

Internet

Meraki Cloud

Meraki Auto VPN

Connector
CDFW SWG

Umbrella SIG Cloud

Trusted SaaS Traffic Exclusion

Customer Organization

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 19
Pulling it all together for a highly flexible SASE
ALL ALLOWED WEB TRAFFIC

UMBRELLA

DNS DIRECT

DNS

DNS LAYER SECURITYSELECTIVE PROXY

Internet
Internet
DNS Selective proxy NAT
ALL TRAFFIC

Branch SIG
CASB IPS DLP RBI

DNS CDFW SWG

VPN Excluded Traffic (ex. O365)*

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 20
Meraki Umbrella SD-WAN Connector Deployment
1. Click on Cloud OnRamp which is available under
organization → configure

2. Connect the Umbrella organization (w/ required SIG

licensing) using the Management API keys & Secret

3. Select the best DC pairs for your branches and

deploy the connectors

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 21
Connecting Branches to Meraki Umbrella SD-WAN Connector Hubs

Assign your UMB-SIG hub connectors to the

spoke (1 takes priority while routing traffic)

Make sure you have your subnet in VPN mode

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 22
Demo
#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 24
Cisco+ Secure Connect
Now
 Vaibhav ( VB ) Malik

• Meraki TME - SASE

• Experience - Consulting, service
provider Worked for a decade as
Engineer/Architect
• M.S. U.C. Boulder, M.B.A UIUC
• Home is St. Louis. Go Cards !!

• Linkedin- http://cs.co/9004z6yg0

BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 26
“Simple can be harder than complex
you have to work hard to get your
thinking clean to make it simple”
Steve Jobs

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 27
 De-mystifying SASE

Carriers SD-WAN Security

CDN RBI NGFW DIA CASB
Bandwidth Aggregators
WAN optimization
Hybrid VPN
ZTP
Cloud
SWG
DNS NaaS FWaaS
Insights Latency
SSE
Visibility
ZTNA DNS Remote Access
SaaS
Jitter
SASEThreat Detection
Edge
#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 28
Increasing complexity and exposure to risk

Hard to detect Challenge to secure Friction in the

and block threats work from anywhere end user experience

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 29
 Cisco+ Secure Connect Now
Radically simple, unified SASE turnkey solution
People

Simple
Increase business agility through an easy to
consume and use as-a-service subscription
that is cost-effective Applications Things

Secure
Cisco+
Protect across every point of service - user, Secure Connect Now
device, application - enforcing security
closest to threats
Security Visibility

Intelligent
Deliver actionable insights end-to-end,
to predict, understand, and remediate
the application experience Networks

Built for Speed and Simplicity

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 30
Cisco+ Secure Connect Now
Use cases
Public Internet Private
SaaS
cloud cloud
Secure internet access
Provide users with safe access to the internet and cloud
applications from any location and block malicious activity
and threats
Cisco+
Secure private access Secure
Deliver secure connections to company assets in private data Secure Remote Connect Secure Edge
centers or in the private cloud. Worker Now

Interconnect
Dramatically simplify architecture and configuration by
inherently interconnecting anything you connect to the SASE
Fabric

Remote workers Campus Branch office

One experience

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 31
Architecture
 Cisco+ Secure Connect Now High-level architecture
Customer edge Service edge Platform Customer
environments
Posture Identity
Sanctioned Salesforce
Clientless Browser Dashboard SaaS Microsoft office
Access
End-User

Services General internet

Client-based Cloud Traffic
Access Cloud-control plane
End-User Acquisition

Private applications

Interconnect

Interconnect
Zero-trust proxy
In branch/
on network Cloud security
End-User

HQ/branch
Cloud data plane

Acquire traffic Gather missing information Connect to apps wherever

Acquire information
into the Cisco Secure and authorize the flow they are: SaaS, Public Cloud,
from the edge
Cloud/SASE Fabric Data Center or Sites
1 2 3 4
Internet Private
traffic traffic
#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 33
 Cisco+ Secure Connect Now
Secure Edge Connectivity

Trusted SaaS Traffic

Core elements
• Internet/SaaS
Internet/SaaS
• Cloud Public
applications DNS CD L3/4/7 Secure web Cloud-access
security (SIG) security firewall gateway security broker
Auto VPN (CASB)
Private
Secure IP Sec
• Private Private Connect applications
application Secure Edge
applications Public/ Private cloud
access
MFA Device posture
• Branch to support and health Auto VPN
Branch through
Secure Branch/HQ
Internet Tunnel
Connect fabric Private
traffic traffic
Auto VPN

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 34
 Cisco+ Secure Connect Now
Secure Remote Worker

Core elements Traffic Steering

• Internet/SaaS
• Cloud Public
applications
security (SIG) Internet/SaaS
• Meraki Cloud Secure TLS
DNS L3/4/7 Secure web Cloud-access
Authentication Private security firewall gateway security broker
Client-Based applications (CASB) Private
• `Private access Secure IP Sec applications
• Client and Connect
Public/ Private cloud
clientless access
• Device posture
HTTPS MFA Device posture
• SAML MFA session support and health Auto VPN
• Access control Clientless/
Browser- Branch/HQ
based Internet Private Tunnel
traffic traffic
Secure TLS

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 35
Demo
ABC Health Connections Medical – Demo

Connect and Secure Sites

Connect and Secure Users

Connect and Secure Apps

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 37
ABC Health Connections
Connect and Secure Sites

Cisco+ Secure
Connect Now

Private Application
Meraki
SD-WAN
fabric

ABC Medical Medical

Data Center Branch

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 38
ABC Health Connections
Connect and Secure Users
Office
Public traffic
365
steered inside or Azure
Salesforce
outside tunnel Google
AWS
SaaS/internet Cloud
Iaa
S
Public traffic
Private
applications
Cisco+ Secure
Private cloud Private traffic
Connect Now
Doctor Secure
client Tunnel

Private
data center

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 39
ABC Health Connections
Connect and Secure Apps

Platform
Customer edge
Dashboard Identity Reporting
End- Users

Client-based Cloud
Traffic Acquisition Cloud Security Private applications
Doctor
Cloud data plane
Clientless Browser
Access Interconnect
Patient

Any location Service edge Service chain Customer environments

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 40
Clientless ZTNA ( Zero Trust Network Access )

Iaa
S

Private traffic
Cisco+ Secure
Connect Now
Client Tunnel
End-User Browser
Private
data center

ZTNA Proxy

Simple Turnkey Solution:

• Frictionless end user experience Least Privileged Access to Private Apps:
• Cisco provided certificates • User identity-based authentication
• Auto-generated external FQDN • Endpoint posture-based authorization
• Application specific access policies

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 41
#CiscoLive © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public
Conclusion

Enable a hybrid workforce

Increase worker productivity
with a single solution for
with anywhere connectivity and
consistent access and user
improved application performance
experience

Outcomes

Lower overall IT spend

Reduce security risk
with a simple consumption model
and maintain your security
and pay as you grow for
compliance requirements
SASE at your pace

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 43
 The Cisco advantage
Cisco+ Secure Connect Now

Uncompromised
Fast deployment, Best security
Easy to consume user and administrator
simple management protection
experience

Only Cisco leads in bringing together security and networking through a unified approach
that empowers businesses to easily and securely connect users and things to applications.

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 44
Cisco+ Secure Connect
Now at Cisco Live

Wednesday, June 15 at 10:30 am

INTSEC-1775 - SASE Your Way: Transforming Your
Infrastructure to deliver secure connectivity

Wednesday, June 15 at 4:00 p.m.

BRKSEC-2129 – Deploy & Scale SASE for Secure Remote See Live Demos
Worker in the Cloud with Cisco+ Secure Connect • World of Solutions:
• IT Operations
• SASE wall
Visit cisco.com/go/secureconnect • Meraki
• Innovation Forum
Technical Session Surveys
• Attendees who fill out a minimum of four
session surveys and the overall event
survey will get Cisco Live branded socks!

• Attendees will also earn 100 points

in the Cisco Live Game for every
survey completed.

• These points help you get on the

leaderboard and increase your chances
of winning daily and grand prizes.

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 46
 Pay for Learning with
Cisco Learning Credits
Cisco Learning and Certifications (CLCs) are prepaid training
vouchers redeemed directly
From technology training and team development to Cisco certifications and learning with Cisco.
plans, let us help you empower your business and career. www.cisco.com/go/certs

Learn Train Certify

Cisco U. Cisco Training Bootcamps Cisco Certifications and
IT learning hub that guides teams Intensive team & individual automation Specialist Certifications
and learners toward their goals and technology training programs Award-winning certification
program empowers students
Cisco Digital Learning Cisco Learning Partner Program and IT Professionals to advance
Subscription-based product, technology, Authorized training partners supporting their technical careers
and certification training Cisco technology and career certifications
Cisco Guided Study Groups
Cisco Modeling Labs Cisco Instructor-led and 180-day certification prep program
Network simulation platform for design, Virtual Instructor-led training with learning and support
testing, and troubleshooting Accelerated curriculum of product,
technology, and certification courses Cisco Continuing
Cisco Learning Network Education Program
Resource community portal for Recertification training options
certifications and learning for Cisco certified individuals

Here at the event? Visit us at The Learning and Certifications lounge at the World of Solutions

#CiscoLive BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 47
 • Visit the Cisco Showcase
for related demos

• Book your one-on-one

Meet the Engineer meeting

• Attend the interactive education

with DevNet, Capture the Flag,
Continue and Walk-in Labs

your education • Visit the On-Demand Library

for more sessions at
www.CiscoLive.com/on-demand

BRKMER-1003 © 2022 Cisco and/or its affiliates. All rights reserved. Cisco Public 48
Thank you

#CiscoLive
#CiscoLive