<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body>
<div dir="auto" style="direction: ltr; margin: 0px; padding: 0px; font-family: sans-serif; font-size: 11pt; color: black;">
It sounds like you need to boil it down to what does your network requires (or may soon require) and use that information to try and find shortcomings in the meraki offering.<br>
</div>
<div dir="auto" style="direction: ltr; margin: 0px; padding: 0px; font-family: sans-serif; font-size: 11pt; color: black;">
<br>
</div>
<div dir="auto" style="direction: ltr; margin: 0px; padding: 0px; font-family: sans-serif; font-size: 11pt; color: black;">
Also do you need to minimise management overhead (not that there's a lot of overhead for a running network).</div>
<div dir="auto" style="direction: ltr; margin: 0px; padding: 0px; font-family: sans-serif; font-size: 11pt; color: black;">
<br>
</div>
<div dir="auto" style="direction: ltr; margin: 0px; padding: 0px; font-family: sans-serif; font-size: 11pt; color: black;">
If people see issues with my information, please explain them, I'm keen to learn more on this topic from those with more experience.</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> AusNOG <ausnog-bounces@lists.ausnog.net> on behalf of dusty <dusty.au@gmail.com><br>
<b>Sent:</b> Monday, May 31, 2021 7:58:21 PM<br>
<b>To:</b> Radek Tkaczyk <radek@tkaczyk.id.au><br>
<b>Cc:</b> ausnog@ausnog.net (ausnog@lists.ausnog.net) <ausnog@lists.ausnog.net><br>
<b>Subject:</b> Re: [AusNOG] SDWAN Security</font>
<div> </div>
</div>
<div>
<div dir="auto">
<div>Heya,
<div dir="auto"><br>
</div>
<div dir="auto">How are those solutions more suited to swapping in for an MPLS network? Aren't they all just some flavour of vpn with a cloud frontend, and some neat fail over behaviours? </div>
<div dir="auto"><br>
</div>
<div dir="auto">I am in the unenviable positive of having to prove "why not meraki", rather than "what's the best option". Hopefully that comes later, but the meraki solution has some...investment...to overcome. </div>
<div dir="auto"><br>
</div>
<div dir="auto">And that can only be done with hard facts</div>
<br>
<br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Mon, 31 May 2021, 7:22 pm Radek Tkaczyk, <<a href="mailto:radek@tkaczyk.id.au">radek@tkaczyk.id.au</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0 0 0 .8ex; border-left:1px #ccc solid; padding-left:1ex">
<div dir="auto">Hi Dusty,
<div><br>
</div>
<div>I don’t think you will find that Cisco meraki is not a proper SDWAN solution. It’s just a glorified VPN with a cloud dashboard. If you call that SDWAN then SDWAN has been around for 30 years then.....</div>
<div><br>
</div>
<div>You need to be looking at proper SDWAN solutions like Velocloud(VMware), Cisco Viptella, Peplink, etc. These are proper SDWAN solutions that can replace an MPLS.</div>
<div><br>
<div dir="ltr">Sent from my iPhone</div>
<div dir="ltr"><br>
<blockquote type="cite">On 31 May 2021, at 4:09 pm, Dale Shaw <<a href="mailto:dale.shaw%2Bausnog@gmail.com" target="_blank" rel="noreferrer">dale.shaw+ausnog@gmail.com</a>> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<div dir="auto">Hi Dusty,</div>
<div dir="auto"><br>
</div>
<div dir="auto">Full disclosure: I work for VMware (we have a SD-WAN offering) but I’ll keep it agnostic—</div>
<div><br>
<div class="x_gmail_quote">
<div dir="ltr" class="x_gmail_attr">On Mon, 31 May 2021 at 12:49 pm, dusty <<a href="mailto:dusty.au@gmail.com" target="_blank" rel="noreferrer">dusty.au@gmail.com</a>> wrote:<br>
</div>
<blockquote class="x_gmail_quote" style="margin:0px 0px 0px 0.8ex; border-left-width:1px; border-left-style:solid; padding-left:1ex; border-left-color:rgb(204,204,204)">
<div dir="ltr">Hi Folks,
<div><br>
<div>After a number of years being more managerial than technical, I find myself staring at a proposal to swap a perfectly good MPLS network with some Meraki shenanigans.</div>
<div><br>
</div>
<div>This, frankly, gives me the heebie jeebies.</div>
<div><br>
</div>
<div>I've done a bunch of poking around but, alas, it is remarkably difficult to locate reliable analyses of the actual security (or lack thereof) of these solutions - plenty of glossy marketing and whizzbang, not a lot of facts.</div>
</div>
<div><br>
</div>
<div>Can anyone point me in the direction of some decent whitepapers, blogs, etc about the relative merits of these things?</div>
<div><br>
</div>
<div>Thanks!</div>
<div>--dusty (in Brisbane)</div>
</div>
</blockquote>
<div dir="auto"><br>
</div>
<div dir="auto">(tl;dr: talk to your friendly vendor SE.)</div>
<div dir="auto"><br>
</div>
<div dir="auto">What sort of collateral would you look for, to give warm fuzzies, if you were evaluating a traditional WAN routing platform?</div>
<div dir="auto"><br>
</div>
<div dir="auto">You should be able to find security whitepapers and other technical documents that describe management and data plane security, use of crypto/PKI etc.</div>
<div dir="auto"><br>
</div>
<div dir="auto">Vendors targeting enterprise customers should be putting their products through security evaluation frameworks such as Common Criteria — look for certification, in-flight or completed, against the Network Device collaborative Protection Profile
(NDcPP) plus optional modules like VPN. Crypto libraries may be FIPS 140-2 [US centric] certified. </div>
<div dir="auto"><br>
</div>
<div dir="auto">For vendors offering things as-a-service, certifications and statements of conformance against other regulatory frameworks should be applicable (SOC, FedRAMP [again US centric], IRAP etc. may exist).</div>
<div dir="auto"><br>
</div>
<div dir="auto">Cheers,</div>
<div dir="auto">Dale</div>
<div dir="auto"><br>
</div>
</div>
</div>
<span>_______________________________________________</span><br>
<span>AusNOG mailing list</span><br>
<span><a href="mailto:AusNOG@lists.ausnog.net" target="_blank" rel="noreferrer">AusNOG@lists.ausnog.net</a></span><br>
<span><a href="http://lists.ausnog.net/mailman/listinfo/ausnog" target="_blank" rel="noreferrer">http://lists.ausnog.net/mailman/listinfo/ausnog</a></span><br>
</div>
</blockquote>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
</body>
</html>