BT Managed SD WAN Services with Cisco Meraki offers UK and Global capability to secure applications, remote users and branch-office locations across intelligent path selection, enhanced visibility and control with granular application-level policies. The solution also integrates with cloud vendors, including AWS & Azure, and is available with BT UK & Global IP backbone services which ensures the capability is a good fit for both the SME market and large multinational Enterprise businesses.
As we move through 2023, BT anticipates significant growth as customers continue their digital transformation journey. This journey necessitates advanced security features which includes next-generation firewalls and intrusion prevention systems to enterprise-level capabilities such as application-aware routing and WAN optimisation.
Meraki offers features beyond SD WAN and security via their WiFi and CCTV capabilities which have been developed from the ground up to deliver a unique experience. This combination of SD WAN and SASE security features with Internet, MPLS and VPLS underlay, positions BT as a strong contender for any business with network outsourcing requirements.
Summary of BT SD WAN features with Meraki
BT with Meraki SD WAN Features | Feature Description |
---|---|
Cloud-hosted control | The BT solution surrounds their cloud-hosted Meraki controller that centralises configuration policies for your entire estate and coordinates installation of the service as well as in-life management. |
Cloud-hosted report infrastructure | Dashboards for the health, threshold alerts and traffic flows across your Meraki SD WAN service. You’ll be able to get both standard and customisable reports. |
SD-WAN service VPN(s) | Secure site-to-site connectivity over the Internet or MPLS that provides a choice of routing topology options: Hub and Spoke or Full Mesh. |
WAN transport network Meraki devices | Support for a variety of WAN transport network options, including our own and third party networks to provide connectivity to the SD WAN service VPN(s). |
Licence | WAN/security (MX), LAN (MS) and wireless LAN (MR) devices. |
Features | Next generation firewall security, L3 stateful firewall, L7 application control, malware detection and intrusion prevention and detection. |
Bandwidth throughput Monitoring | BT support throughputs from 10Mbps to 1Gbps. |
Reports | Use the BT My Account portal to see an easy-to-read dashboard (with drill down options) and scheduled reports. |
Managed delivery | BT manage the end-to-end delivery of your service including design, delivery, installation, and commissioning. |
In-life management | In-life management of the SD WAN service including software upgrades and proactive management. |
Change catalogue | A catalogue that lets you make time – and cost-effective changes to your SD WAN service. |
Professional services | A variety of specialist services to support you during every stage of the SD WAN from design to in-life. |
Combination of Cisco Technology and BT Expertise
BT and Cisco have combined their expertise to bring the best of both worlds which includes a Gartner rated SD WAN and Cybersecurity solution with one of the worlds most advanced IP backbones. In addition to the product features and benefits, BT offer pre-sales and post-sales support with engineering expertise to help design your unique SD WAN architecture based on your users, their applications, devices and branch-office locations.
All service options are delivered as fully managed services which includes the setup and all maintenance of the ongoing contract. However, your IT team will also have access to BT’s Meraki personalised and customisable dashboard to help understand application usage together with performance and security threats which can be displayed on an individual user basis.
What are the BT SD WAN Meraki license options?
BT Managed SD WAN offers three distinct Meraki licensing options:
- Enterprise License – for businesses that require essential SD WAN features and basic security functionalities which includes Auto VPN and the Meraki Firewall.
- Advanced Security License – in addition to all the features offered by the Enterprise license, Advanced includes a fully-featured Unified Threat Management (UTM) tool.
- Secure SD-WAN Plus License – suitable for businesses that heavily rely on SaaS/IaaS/DC served applications. The Plus-license includes all the features of the Advanced Security license with advanced analytics powered by Meraki Insight and Smart SaaS Quality of Experience (QoE).
The licensing structure for BT Managed SD WAN is straightforward – each Meraki device requires a corresponding license with a 1:1 ratio of devices to licenses. This means that each license is specific to a model and cannot be transferred between different models.
BT ensures uniform licensing across your entire Meraki dashboard organisation – if your organisation has 25 MX networks, you can choose to have 25 Enterprise, Advanced Security or Secure SD WAN Plus licenses. However, mixing different types of licenses within the same organization is not allowed.
Each license comes with comprehensive support which includes device RMA, 24×7 enterprise support and software upgrades. As new features are added to each license type, they become available to all existing customers at no extra cost.
Understanding Meraki BT Managed SD WAN Services
Combining BT and Meraki – Fully Managed Services
The Meraki Cloud portal is accessed via the BT My Account portal. Once logged in, you’ll view a comprehensive view of your WAN, LAN and wireless network together with application and network performance reports – the portal offers real-time insights into your network’s performance. BT provides read-only access to all portal elements and handles the initial setup and configuration of devices.
The Meraki WAN edge hardware requires an internet connection to establish a secure tunnel to the Meraki Cloud Controller (MCC) hosted within BT’s network. This setup ensures that data traffic remains local while control traffic moves between the Meraki devices and the MCC via a secure encrypted tunnel.
BT categorise simple service requests into four main groups:
- Wireless settings
- Network settings
- Application routing/prioritisation
- Security parameters
These are basic modifications that can be implemented across your SD WAN infrastructure using the change process through your Meraki portal.
Underlay Access Methods for Diversity and Resilience
BT’s Meraki SD WAN service is the ability to use multiple different underlay products which includes:
- BT Global Internet
- BTnet UK Internet
- BT Global MPLS
- BT Business Broadband (Including FTTC, SOGEA and FTTC)
- EE 4G and 5G Cellular services
- Over the top 3rd party ISP services
One of the key benefits of SD WAN is the ability to leverage different types of connectivity which places BT in a unique position to deliver SLA backed Ethernet through to low cost Broadband or 4G wireless connections.
Intelligent Traffic Management
Leading on from access methods, Meraki supports the ability to prioritise critical applications based on the best path for any given application. If packet loss issues occur on the primary circuit, BT will direct the application traffic via a secondary route. If bandwidth issues occur on one route, the software can intelligently redirect traffic through another to maintain consistent performance without any intervention from your IT team.
BT’s portal delivers the analysis you need to make informed decisions across network performance. Meraki deep packet inspection feeds the data back into the portal to help identify applications including those which your IT team may not even know are being access via your users. An example could be Netflix or Youtube which may be deemed as unnecessary application access – the portal allows you to either ensure this traffic is not prioritised or denied depending on policies.
Simplicity and Elegance
Cisco Meraki’s Zero-Touch Dashboard Provisioning is designed to streamline network management by automating the process of setting up access point (AP) locations. This is particularly beneficial for large-scale BT managed network deployments where manual provisioning can be time-consuming and susceptible to errors.
With Zero-Touch Dashboard Provisioning, the process of identifying and mapping AP locations in the Meraki BT managed services dashboard is automated. This means that accurate location data can be captured and exported with a single click which results in a fully provisioned network based on reliable and verified data.
Once the network is provisioned, the Meraki dashboard becomes a powerful tool for ongoing network health checks and troubleshooting. The BT management portal provides Real-time alerts can identify problem areas allowing for more in-depth, on-the-spot troubleshooting.
Auto VPN Technology
Meraki’s Auto VPN technology is a unique feature which streamlines the establishment and maintenance of site-to-site VPNs, leverages cloud power to automate VPN parameter configuration, monitor VPN status and uphold VPN sessions. Auto VPN eliminates the complexity of manual VPN configuration – the technology uses IPsec over any wide area network, creating a virtual Ethernet cable connection between your branches and headquarters.
High Availability and Failover Times
BT Managed Meraki SD WAN uses the VRRP protocol to establish a high-availability pair between two MX security appliances to avoid any single point of failure. This is further enhanced by the warm spare feature which means a Meraki device is always available and ready to be deployed in the event of hardware issues. BT Managed WAN incorporates a connection monitor and an uplink monitoring engine that initiates a warm spare failover when all uplinks of the primary MX are marked as failed.
For networks with more than two physical WAN uplinks, BT Managed SD WAN allows for additional uplinks on the secondary MX for tertiary failover.
Transform Your Costs
BT Meraki SD WAN leverages lower-cost technologies which includes EE 4G/5G rapid deployment and SD WAN devices with integrated SIMs and access to FTTC, SOGEA and FTTP Broadband. This not only reduces overall costs, but also enables faster service deployment which takes days rather than weeks or months.
BT SD WAN & SASE Cybersecurity – the technical detail
In this section, we’ll provide an overview of the technical and security features of SD WAN with a focus on the Cisco Meraki MX device.
Layer 3 Firewall and Layer 7 Firewall
BT offer Meraki Layer 3 firewall which controls inbound and outbound traffic with default settings that deny all inbound connections except for ICMP (ping) traffic. Custom firewall configurations can be created to meet specific organisational requirements although you can deploy a standardised config as developed by BT managed installation engineers. Using Layer 7 traffic analysis, you can create rules to block specific web-based services, websites or types of websites without having to specify IP addresses or port ranges – you can also block traffic based on source or destination country.
Content Filtering and Intrusion Detection
BT Meraki SD WAN utilises the Webroot BrightCloud URL categorisation database for content filtering, allowing organisations to block certain categories of websites based on their policies. Customisation options include blacklisting or whitelisting individual websites. As standard, BT Meraki customers will receive help from the integrated Cisco SNORT engine which provides intrusion detection and prevention capabilities to automatically block traffic identified as malicious using known threat signatures and a specified ruleset.
Anti-malware Protection (AMP)
AMP is a file reputation-based protection engine powered by Cisco AMP and Sourcefire technology, offering global threat intelligence and real-time malware blocking to prevent breaches. BT and Cisco Meraki’s Advanced Malware Protection (AMP) which includes a known database of over 500 million known files and 1.5 million new incoming file samples daily. Meraki AMP automatically blocks malicious files and is easily managed through BT’s Cisco Meraki cloud dashboard.
Summary – Meraki BT SD WAN technical data
Feature | Description |
---|---|
AutoVPN | Enables secure site-to-site connectivity using IPsec over any wide area network. |
Traffic Shaping | Allows prioritisation of network traffic based on predefined rules. |
Layer 3 Firewall | Controls inbound and outbound traffic with customisable configurations. |
Layer 7 Firewall and Application Control | Blocks specific web-based services, websites, or types of websites using Layer 7 traffic analysis. |
Content Filtering | Enables blocking of certain categories of websites based on organisational policies. |
Intrusion Detection and Prevention | Automatically blocks malicious traffic using the Cisco SNORT® engine. |
Anti-malware Protection (AMP) | Provides file reputation-based protection through global threat intelligence and real-time malware blocking. |
Additional Resources: