Sergey Nivens - Fotolia

Get started Bring yourself up to speed with our introductory content.

Cloud-managed networking makes VPN a snap

Provisioning and deploying a WAN and VPN is an everyday function for engineers. But can you do that for an office 4,000 miles away without leaving your office?

Though cloud-managed networking isn't quite mainstream yet, the benefits become obvious when you bring up your first dashboard-controlled topology. Though I stay busy with my main network of more than 1,000 traditional Ethernet switches and 4,000 wireless access points (APs), I've come to appreciate the unique value afforded by cloud-managed LAN, wireless LAN and even WAN connectivity. Having rolled out more than a dozen networks that rely on cloud management, I'm happy to share some perspective.

As a longtime network professional -- and simultaneously  an industry analyst -- I have been able to follow the cloud networking evolution from early on. I covered Meraki and Aerohive when each was new and both were considered somewhat exotic with their cloud-managed, wireless-only offerings. Today both have a decent range of components for building end-to-end topologies, and many of the traditional players in switching and Wi-Fi are following with their own cloud offerings. Indeed, the industry has come a long way when it comes to cloud-managed networking. In my world, I've standardized on cloud for my branch locations, and I've rolled out more than a dozen branches in the United States and a couple overseas. It's technology worth considering if you haven't yet.

I networked six buildings at my Italian campus, with site-to-site VPN back to the main network … Here's the kicker: I never left my office.

My cloud-managed product of choice is Meraki -- for a few reasons. Yes, we are a Cisco shop at my place of employment, but we were Meraki customers long before Meraki was bought by Cisco. We got started with Meraki around four years ago after tiring of the quirkiness of Cisco adaptive security appliances (ASA) used to extend our network to branch sites with a site-to-site virtual private network (VPN). There are thousands of ASAs deployed around the world, but we just don't do enough of them to stay on top of the hundreds of little config things that can trip you up when configuring or troubleshooting. We found relief from this in the Meraki product line, along with a whole lot more to like. (There are a lot of cloud options available now. If I were just getting started, I'd recommend doing a request for proposals and taking a serious look at all of the players, though Meraki is my own personal favorite.)

Cloud-managed WAN connections in Italy without leaving home

Let me use a specific site example to make the point of the power of cloud-managed networking -- from WAN connection to client access. I just brought up a fairly large branch in Florence, Italy. I networked six buildings at my Italian campus, with site-to-site VPN back to the main network, enabling network access for hundreds of wired and wireless clients. Here's the kicker: I never left my office.

Using Meraki components (and a great helper on the far end), I started with the WAN connection. Initial config of Meraki MX security appliances takes about 30 seconds, then a few minutes later you manage them via the cloud dashboard. Extending the network to the remote site happens in just a few mouse clicks, and seeing the VPN tunnel come up so easily makes you feel like you got away with something the first time you do it. Most of the important flexibility found in devices like the ASA is available and easily configured in the MX, and getting used to doing it all on the Internet becomes second nature pretty quickly -- from setting firewall rules and dynamic host configuration protocol services to routing.

Meraki's Site-to-Site VPN monitor view
Meraki's Site-to-Site VPN monitor view, showing health, latency and participating endpoints

Components populated for virtual configuration

At this site, Meraki Gigabit Ethernet switches provide inter-building uplinks on ISP-provided dark fiber, connect a variety of workstations and printers, and provide Power over Ethernet to access points. All are managed, configured and monitored in the common dashboard, and enabling the environment was done in just a few hours. I simply entered my sales order number in the dashboard and all components were populated for virtual configuration even before they were delivered to the site. I configured the entire topology to my liking on components that weren't on-site yet, emailed good directions ("plug this into that," etc.) to a willing colleague on the far end, and finished it off with a phone call or two after the components were delivered. It's just that easy, if done properly.

Meraki dashboard for cloud-enabled VPN
Cloud-enabled VPN setup is quick and simple in Meraki dashboard

Again, the deployment I describe here is the latest in the many I have completed using the cloud-managed networking model. It differs from my very first one done in London a few years back only in that I went on-site for that one: The "new" way of doing it seemed so foreign at the time, I had to see it brought to life with my own eyes. Using cloud-managed components was a leap of faith back then; today, success is a foregone conclusion on these outings. And the power of managing all cloud-enabled sites in a single dashboard has to be experienced to be believed. Using the cloud model, I have done complete branches as well as just site-to-site VPN. Both are slick.

Needless to say, I'm a fan of cloud-managed networking. With Meraki, the command-line interface is nonexistent, and this can really throw some people for a loop. At the same time, it really isn't needed. This is a different kind of network management paradigm, and I highly recommend giving it a try.

Lee Badman is a network engineer and wireless technical lead for a large private university. He also teaches classes on networking, wireless network administration and wireless security.

This was last published in November 2014

Dig Deeper on Branch office network design

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Do you believe cloud-managed networking is robust enough to serve your purposes?
While my business is a small one, the files and data that is shared on a daily basis is enormous, so any cloud-managed networking needs to be ready for the task of my enterprise. At this point the cloud-networking service is still in its early days and has not yet shown it to be strong and robust enough for my company's needs. As the function increases in strength we will revisit our decision.