The top 10 features of BT Meraki Managed SD WAN Services

BT SD WAN with Meraki offers businesses fully outsourced managed services with connectivity provided by the BT Global IP backbone. The overall value for customers spans Meraki features with the best possible latency and jitter for applications and data transfer. In this article, we’ll discuss the top 10 features your IT team should consider when evaluating Meraki and BT Managed SD WAN.

Table of contents:
  1. Global IP Branch-office and Remote User Connectivity 
  2. BT Meraki SD WAN Network Architecture
  3. Meraki SASE Network Security
  4. BT Managed Meraki SD WAN Cloud Portal
  5. Resilient Meraki and BT Underlay Connectivity and Failover
  6. Meraki Traffic Optimisation
  7. BT Managed SD WAN with AWS and Azure Cloud Access
  8. Cost Savings with Meraki and BT Underlay
  9. Co-Managed Add, Moves and Changes
  10. BT UK & Global IP Backbone

1. Global IP Branch-office and Remote User VPN

BT Managed Services offers connectivity options which includes SOGEA, FTTP Broadband and EE’s 4G and 5G networks to support remote users regardless of location. At the core of delivering SD WAN over the BT backbone are the Meraki AutoVPN and Traffic Shaping technologies to efficiently establish and manage branch-office locations across the BT SD WAN service.

Auto VPN is one of the Meraki top features which also includes IKE and IPsec protocols (encrypted traffic) to secure tunnels between end-points. The BT Managed WAN team will configure your initial setup with the right network security options based on information gathered during the BT presales phase. Once delivered, you will also have the option to c0-managed the network should you need to make simple changes to topology.

Alongside Auto VPN, traffic shaping is simple to configure via the BT Managed SD WAN Meraki portal. Network administrators are able to allocate bandwidth across applications and services with the intent of  prioritising critical business applications while limiting bandwidth for everything else.

The BT Meraki team use Phase1 3DES and Phase2 AES128/3DES encryption with SHA1 hashing algorithms for secure data transmission. Meraki’s Client VPN supports multiple authentication methods:

  • Meraki cloud
  • RADIUS
  • Active Directory

2. BT Meraki SD WAN Network Architecture

BT Managed Meraki SD WAN offers architecture and design that brings together branch-offices, remote users and multi-cloud vendor solutions from AWS and Azure. The overall architecture is based on the Gartner SASE framework which provides secure network VPN capability with threat and intrusion protection, Cloud Access Security Broker,  Zero Trust, Secure Web Gateway and Layer 3 & Layer 7 Firewall.

BT Managed SD WAN solutions provide visibility of app performance across the WAN and LAN+WiFi reported via the BT Meraki web interface.

Diversity and resilience is delivered by both Meraki and BT connectivity across dual Ethernet, Broadband and EE SIM’s. BT presales will initially configure your solution based on your businesses requirements – if the primary uplink is down, your business traffic will failover to the secondary uplink.

BT Meraki SD WAN appliances are optimised to work with teleworker and wireless access points, switches, MDM (Mobile Device Management) and IoT (Internet of Things) which means most sectors are able to utilise Meraki technology.

3. Meraki SASE Network Security

BT Managed SD WAN with Meraki provides layer-7 firewall protection using deep packet inspection at the application layer. While packet inspection is traditionally associated with cybersecurity, the inspection of traffic allows administrators to create application performance policies based on specific applications or categories.

Cisco Advanced Malware Protection (AMP) is integrated into BT Managed SD WAN to prevent, detect and remove threats. AMP inspects HTTP file downloads via the MX Security Appliance which blocks or allows downloads based on threat intelligence from the AMP cloud. This continuous file monitoring leads to faster detection of emerging threats and is one of the key reasons why IT decision makers choose Meraki SD WAN.

Data Loss Prevention (DLP) is another security aspect of BT’s Meraki Managed SD WAN. DLP is backed by Cisco Talos which is staffed by one of the largest commercial threat intelligence teams worldwide.

SME and large Enterprise businesses can all benefit from BT’s comprehensive security solution with layer-7 firewall protection and Cisco AMP integration with DLP backed by Cisco Talos. As we discussed, AutoVPN and Traffic Shaping technologies provide efficient connectivity and network performance management.

4. BT Managed Meraki SD WAN Cloud Portal

BT’s Meraki solution offers real-time reporting across application and network performance providing performance trends and visibility of the network. The portal is accessible through a link from the BT My Account portal which brings Meraki and other BT services into a centralised cloud environment.

The BT Meraki Cloud management portal is designed to provide read-only access to all elements of the BT Managed solution. This includes the initial setup and configuration of the devices which are made visible on the portal once the site is live. All BT Managed Meraki equipment requires an internet connection to securely tunnel back to the BT  hosted Meraki Cloud Controller (MCC). This architecture ensures that your data traffic stays local and away from the MCC while your branch-office a remote user control traffic flows between the Meraki devices and the MCC via the secure tunnel.

The BT Cloud portal is integral part of their Meraki solution due to the valuable insights into network performance.

5. Resilient Meraki and BT Underlay Connectivity and Failover

Although high availability and resilience by deploying an HA pair of Meraki MX security appliances using VRRP is standard across vendors, the addition of BT’s Ethernet, Broadband and 4G/5G connectivity also builds a resilient and diverse network architecture. The combination of the BT IP backbone and Meraki eliminates single points of failure at the network which is the enabler to rapid recovery in case of device malfunction. Resilient Ethernet solutions in the service prevent network disruptions by providing redundant network paths, subject to survey. This flexibility ensures continuous connectivity even in the wake of network failure by redirecting traffic to alternative networks.

Warm spare functionality employs VRRP heartbeat packets for failure detection across configured VLANs. If a secondary MX fails to receive these packets, the device assumes the primary MX is offline and transitions to an active state.

BT utilise the connection monitors which are integrated into the MX appliances to enable uplink monitoring via the BT NOC (Network Operations). Upon recognising an uplink failure, the MX ceases heartbeat packet transmission. Meraki zero-downtime MX upgrades further contributes to network reliability.

6. Meraki Traffic Optimisation

Cisco Meraki SD WAN offers traffic optimisation features that are designed to increase application performance. IT teams are positioned to configure bandwidth settings based on packet inspection as the enabler to viewing the network trend performance. Meraki load balancing capability distributes traffic across multiple uplinks to deliver additional bandwidth for applications which further optimises network performance.

Meraki’s flow preference features enables traffic direction based on specific layer 3 application recognition. Using the BT Meraki portal, admins can change policies to control and modify flows for specific VPN traffic which offer another layer of application performance optimisation.

Meraki allows the setting of global bandwidth limits on each client device’s total network traffic, ensuring that bandwidth-intensive applications do not monopolise network resources.

Lastly, BT Meraki’s web caching feature can enhance the end-user experience by reducing page load times and file download times for frequently accessed web content.

7. BT Managed SD WAN with AWS and Azure Cloud Access

BT’s Global IP backbone is ideal to provide the best possible Cloud vendor connectivity performance through to virtual instances within Amazon Web Services (AWS) and Microsoft Azure. With the majority of AWS and Azure data centres located close to BT PoP’s, the network latency performance is generally excellent.

With Meraki Auto VPN, the setup of AWS or Azure across BT IP connectivity is simple. Once the VPN is established, the same traffic control and optimisation with application recognition is applied as the cloud end-points are no different to a branch-office. With this said, admins can of course configure Cloud end-points with different traffic treatment policies.

The vMX operates as a one-armed VPN concentrator which simplifies access to hosted IT services within AWS and Azure. In the context of Cisco Meraki’s vMX, one-armed VPN is a mode where the Meraki device is primarily focused on managing VPN connections.

BT customers can now specify either AWS or Azure when ordering vMX (VMX100) through their Managed SD WAN service. For readers interested in trying out this feature, BT are offering a trial. This is part of their ongoing commitment to enhancing the Managed SD WAN offering. The vMX extends your physical deployment to either AWS or Azure in minutes using the Meraki dashboard.

8. Cost Savings with Meraki and BT Underlay

Meraki’s ability to optimise the use of all available network paths reduces the need for costly over-provisioning. BT’s partnership with Meraki has already demonstrated substantial cost savings in various case studies with businesses reporting up to 40% savings.

The costs are reduced by leverage a range of low-cost connectivity options. BT’s SOGEA and FTTP broadband services offers a cost-effective solution for businesses that do not require Ethernet. And, where Broadband speeds are not sufficient, BT’s partnership with EE offers 4G and 5G mobile solutions which supports significant speeds depending on coverage.

By combining low-cost connectivity options with Meraki SD WAN, BT provides a comprehensive, cost-effective and efficient solution for businesses seeking to optimise their network performance and reduce costs.

9. Co-Managed Add, Moves and Changes

These features, detailed in the table below, include options for appliance and deployment settings, client tracking, routing and static routes. Outside of feature changes, BT offer the ability to request bandwidth changes across Ethernet Internet Services via the BT Managed Services ticketing system. 

Feature Description
Appliance Settings Accessible through the Security & SD WAN > Configure > Addressing & VLANs page, these settings include MX routing mode, client tracking methods, subnet and VLAN configuration, and static routes.
Deployment Settings The MX appliance can be deployed in two modes: Routed and Passthrough or VPN Concentrator. The Routed mode is the default and is used if you want to use the MX appliance as a layer 7 firewall. The Passthrough or VPN Concentrator mode is used if you want to deploy the MX device in bridge mode for traffic shaping and additional network visibility, or as a one-armed VPN concentrator.
Client Tracking This feature allows the MX appliance to identify and track client devices to apply network access policies and store information on client activity. Clients can be tracked via their Unique client identifier, MAC address or IP address.
Routing You can configure a single LAN or enable VLANs under the Routing section of the Addressing & VLANs page. VLANs allow you to partition your network into different subnets.
Static Routes Static routes are used to reach subnets that are not directly connected to or configured on the appliance. You can add a new static route or modify an existing one.
Bandwidth Changes across Ethernet Internet Services Bandwidth changes, including port changes, can be requested via the BT Managed Services ticketing system. This allows for flexible and efficient management of network bandwidth based on business needs.

10. BT UK & Global IP Backbone

BT Global Services are recognised by Gartner which recognises their performance for multi-national organisations. Using a range of tail-circuit partnerships, BT are capable of delivering the same UK connectivity services on an International basis across one IP backbone. IT teams which opt for using a single IP backbone for branch-office locations experience better application performance, specifically across voice and video calls and data sharing.

The reliability and availability of these services are backed by a market-leading 100% target availability. The SLA provides confidence that their customer SD WAN solutions remains operational at all times.

BT Internet services align perfectly with the flexible nature of SD WAN solutions as BT services can be adjusted to meet these changing demands.

One of the key benefits of using BT underlay with Meraki is the low latency provided across delay-sensitive and mission-critical applications. The low latency provided by the BT backbone ensures that these applications provide an optimal user experience. This is especially important for businesses that rely on real-time applications such as VoIP, video conferencing and cloud-based services.