Few workplaces challenge an IT professional than designing a wireless network for a church. What makes this environment so unique is how scalable and capable the infrastructure has to be to accommodate low weekly usage, but a several hundred fold increase during events and Sunday services. Add to this challenge the question of how do you quickly and securely connect satellite campuses to server resources at main campus. Finally, considering how to tackle network and internet filtering for a small school of around one hundred students.
This is the challenge I faced as a lone wolf IT administrator two years ago. I was championing a project to centralize, modernize and boost the strength of the wireless network at our campuses. We were also in desperate need of a modern, capable security appliance which would provide minimal intrusion in legitimate web browsing. My network requirements looked like this:
- Daily usage by 100 students, 8 teachers and approximately 35 staff
- Securing and limited BYOD for students and staff.
- Connecting second campus to server resources 70km away.
- Securing and monitoring traffic from both campuses. Minimal user interaction or disruption from appliance critical.
- Events and Sunday service capacity of 750 people. Typical usage of between 350-400 BYOD.
- Small capital budget.
- Ease of management, setup and administration in my absence.
My initial procurement research focused on the Aironet products that Cisco had on offer. I had recently switched to a managed Cisco device switch infrastructure, and I knew they had some of the most capable enterprise equipment out there. During my research I came to learn about a company Cisco had recently acquired called Meraki.
What first set Meraki apart was their dashboard. All of their devices are configured via a cloud based dashboard. It’s easy enough that a technical backup person can resolve basic issues, while not sacrificing any of the high level capabilities I needed. The dashboard made configuring even the most complex network requirements fairly strait forward. You can claim Meraki hardware via serial number before the device even arrives. I had SSIDs, public access EULA agreements, layer 7 filtering profiles, Active Directory integration, and beyond, all configured before the hardware shipped. Once the access points and security appliance arrived and were connected to the internet, everything had pulled its configuration and was fully operational within 10 minutes. Fastest unboxing to deployment I’ve ever had.
The dashboard allows you to quickly apply existing access point configuration to new hardware as you scale. Deploying my WAN was just as simple. Filtering and routes were brought over from the primary security appliance. I even had a fully encrypted and secured WAN set before the appliance arrived. Because the configuration is dynamic, I didn’t need to pay for a static IP address. Whenever our satellite campus’ IP changed, the Meraki system reconfigured the WAN link, maintaining an established connection to centralized resources.
I’ll be honest. I’m still using the free sample unit that Meraki sent us at home. This little access point has transformed my performance expectation from wireless access points. While considered a value model, the MR18 is still brimming with enterprise class performance and capability. Intrusion detection is done in real time by a third antenna. Keeping rogue access points and wireless networks out of my environment was an ongoing battle, before Meraki. MR24 access points seemed to handle any throughput requirements we threw at them. Classes full of tablets skyping with the mayor, several hundred members attending a Sunday service, business seminars and a conference pushing 900 people in attendance. In none of these environments did the signal strength or range suffer.
Personally, I’ve recommended the Meraki to many friends in my circles. Transformation of their wireless network’s range and throughput is consistently the biggest improvement they see. Don’t be fooled by the size, there is a ton of punch packed in.
Keeping internet traffic secure and keeping roaming students from the internet’s dark places were high requirements. Our experience with an existing security appliance had quickly gone from adequate to invasive. It was actually disabled outright to restore reliable internet connectivity. Meraki’s security appliances introduced tough hardware and software security into our environment. Using integration with Active Directory, layer 7 filtering allowed me to control who got what. Throttling allows easy limitation of streaming services to preserve small overall internet pipes. Easy to read traffic reports could help pinpoint problematic users or devices in real time. If required, the level of reporting and tracking available on the Meraki security appliance was extensive.
Our WAN connection was established using strong IPSEC encryption. Real time heartbeats report if remote sites go down, or the health of the WAN pipe. Meraki’s system automatically established lost connections securely, using new TLS/SSL keys, reducing the risk of repeatedly using the same session information.