Menu
|
Menu
Many large enterprises with dozens or even hundreds of geographically dispersed sites and thousands of devices rely on Cisco Meraki to implement secure, scalable, and centralized network management and monitoring. Branch networks are typically managed by teams of network administrators and engineers. So, at any given time, it’s possible for a team member to make configuration changes in their designated network. This can put the enterprise at a constant risk to potential network misconfigurations.
To avoid business-impacting consequences, enterprises are looking to mitigate this risk by adopting a Meraki configuration backup and recovery strategy. You can implement that strategy with Boundless Safeguard, a Meraki-API powered solution that enables you to automatically backup Cisco Meraki organization, network, and template configurations in near-real time, and then recover them with just a few clicks.
When you have multiple teams managing hundreds of networks and thousands of network devices, the chances of a network misconfiguration rise considerably. Some accidental changes to network settings may impact business operations. For instance, payment processing, inter-organizational data transfers, real-time settlement operations, customer-facing services, and other business processes may suffer performance degradation, interruptions, or even complete outages.
When critical processes are affected, the enterprise may suffer a range of consequences, including:
Here are some possible misconfiguration issues and their potential impact to your enterprise.
Meraki’s site-to-site VPN allows you to connect multiple sites and share their network resources through a secure channel. However, a number of misconfiguration issues can prevent your sites from connecting with one another. Some of these issues include mismatched encryption algorithms, unadvertised subnets, incorrect peer IP addresses, misaligned subnets, and over-restrictive site-to-site firewall rules.
If your sites share file servers, internal applications, and other resources with other sites through your site-to-site VPN, a connection-impacting misconfiguration at one site can disrupt certain business operations. For instance, a customer in Branch B might be unable to complete a transaction that requires verification from a server in Branch A. Or, if a primary data center loses VPN connectivity with branch networks, those branches may lose access to resources hosted in that data center and in other branches.
SD-WAN policies allow you to control and customize VPN traffic flow. For instance, you can set uplink policies to route specific types of traffic over selected links, like a primary broadband or LTE backup. You may also implement QoS prioritization policies and traffic-shaping rules to allocate bandwidth according to application and user needs. This ensures that critical services like VoIP or video calls have sufficient resources even during peak hours.
If a misconfigured SD-WAN policy prioritizes less critical traffic, affected sites may experience congestion. In some cases, critical applications may slow down or time out. In a retail setting, for example, delayed payment processing could prolong transaction times to unacceptable levels and cause reputational damage.
Firewall rules ensure efficient and secure business operations by allowing essential traffic to flow smoothly while preventing unwanted packets from entering the network. However, they must be configured correctly. Otherwise, you could end up compromising either efficiency or security.
For instance, overly restrictive rules can unintentionally block business transactions, while excessively lenient ones can expose internal networks to unauthorized access.
Problems like these can be easily addressed by a robust Meraki configuration backup and recovery solution. For instance, whenever one of your network engineers commits an unintentional configuration change and that change results in a service disruption, you can simply revert to a known good configuration to resolve the issue.
Powered by the Meraki API, Boundless Safeguard is an enterprise-grade Software-as-a-Service (SaaS) solution that enables you to streamline Cisco Meraki backup and recovery tasks through a single web-based dashboard. Because Safeguard leverages the Meraki API, you don’t have to go through complex installations or make considerable changes to your infrastructure to use it.
Boundless Safeguard can perform a complete Meraki organization backup, which automatically backs up organization, network, device, and template configuration changes in near-real time. Then, once you encounter misconfiguration-related network issues, you can revert to a known good backup in just a few clicks. You can restore entire organizational configurations or just those associated with specific networks or templates.
When you access a network, you can see all saved backups associated with that network. Each of those backups come with a change log that displays what has changed at a specific timestamp and who committed the change. At the same time, you can compare how the settings looked like before and after the change was made. So, if you encounter a network issue, you can review snapshots taken prior to that issue and see if you can find any configuration changes that might have caused the problem.
If you click the Backup tab, you can review all configuration settings at that timestamp.
And then if you click the Compare tab, you can compare the configurations of different timestamps.
Once you see a good backup you wish to revert to, you can then perform a point-in-time configuration restore. You can carry out either a partial or full restore with a single click. A full restore restores all settings, whereas a partial restore allows you to select only those specific settings that you wish to roll back.
This gives you the flexibility to execute granular recoveries, wherein you can revert to previous configurations without undoing configuration changes that you find appropriate.
Boundless Safeguard offers the following key benefits to large enterprises:
Meraki network misconfigurations can happen anytime. Without a proper backup and recovery solution, network administrators must rely on complex, time-consuming, and error-prone manual processes before they could restore the network to an optimal state. For instance, they would have to review the logs, troubleshoot issues, locate the misconfigured settings, determine the correct configurations, and apply the necessary changes.
If their initial fix fails to resolve the issue, they would have to repeat the entire manual process all over again. Depending on how quickly your admins can identify the root cause and the correct settings, this process can take hours or perhaps even days. With Boundless Safeguard, you can simply look for a snapshot representative of a known good state and revert to that. This will only take a few minutes.
Downtimes aren’t just mere inconveniences. According to Forbes, large organizations can lose up to an average of $9,000 per minute due to downtime. This means that even just an hour-long outage can already amount to a whopping $540,000.
If we assume that Boundless Safeguard can only reduce downtime by 50%, that already amounts to a cost savings of $270,000 per hour of downtime. Or, for 4 hours of downtime in a year, that translates to an annual savings of $1,080,000.
Laws and regulations such as the Payment Card Industry Data Security Standard (PCI DSS) and the General Data Protection Regulation (GDPR) require businesses to institute disaster recovery measures that safeguard the availability and security of protected data.
For instance, PCI DSS 4.0 Requirement 6.5.1 instructs businesses to implement procedures that address failures and return to a secure state whenever changes are made to network devices. Safeguard not only allows you to address these failures and revert to a secure state, but it also enables you to do so quickly and effortlessly.
Article 32 of the GDPR likewise calls for “the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident”. If the data in question is normally accessed through your network, Boundless Safeguard can provide you the ability to restore availability and accessibility should the network become inaccessible or unavailable due to a misconfiguration issue.
Cisco Meraki networks play a crucial role in modern enterprises. Hence, it’s important to make sure they perform optimally and reliably at all times. If accidental or even intentional changes are made to Meraki configurations at either the organization, network, device or template level, you must have the ability to revert back to a known good backup as quickly as possible. Boundless Safeguard can provide you that capability.
Would you like a firsthand experience with a fast, easy, and reliable Cisco Meraki disaster recovery solution? Book a quick Boundless Safeguard demo now.
1207 Delaware Ave #552, Wilmington, Delaware 19806
Americas: +1 (628) 201-9286 - EMEA: +33 (0) 181 22 12 80
We are proud to announce the launch of our new brand identity, marking a significant milestone in our evolution. This rebrand reflects our commitment to continuous innovation, agility, and automation — always moving forward.
