Headquartered in New York City, Derive Technologies’ client is one of the world’s largest hotel collections, comprising more than 400 distinctive hotels in the United States, Europe, Asia, Australia and Latin America, and with offices in 25 countries.

The hotel consortium faced challenges to increase wireless capabilities – and to support increased security for wireless and remote access – for users in the company’s headquarters and in their multiple office locations across the globe, as well as for guest administrative users who access services in growing BYOD working paradigms. The consortium turned to Cisco® Meraki’s “cloud first, wireless second” architecture to cost-effectively address all of these requirements—the entire wireless and access platform managed through a single dashboard in company’s global base of operations.

 

The Complete Case Study Appears Below or Download the PDF
 

 

Business Challenge

Derive’s client, an international hotel consortium, was challenged to meet growing wireless access and security needs with aging technologies that were in place in their corporate headquarters—including a six-plus year-old, Cisco Generation 2500 Wireless Router, and several Cisco Aironet 2600 Series Access Point (AP) devices.

A new Chief Information Officer joined the consortium, and conducted an evaluation of the company’s existing wireless technologies and the status of maintenance of these systems—their maintenance had not been undertaken, the CIO subsequently learned, for a considerable amount of time. While the CIO and other management continued to trust Cisco’s market leadership in wireless networking, the aging devices that they were employing would no longer meet their day-to-day business requirements. Their existing Cisco router and access point devices were state-of-the-art when originally purchased, but they had not scaled to new demands.

Additionally, for reasons of compliance, efficiency, and cost, the CIO and the IT group within the consortium’s headquarters, were tasked with developing a wireless security management protocol for all of the company’s worldwide offices. The CIO’s evaluation of the existing wireless technologies demonstrated that the then-current design could not scale to (could not be replicated into) a universal standard for the hotel consortium’s many offices across the globe.

Therefore, Cisco Meraki 100% Cloud-Managed Networking – including an all-cloud, single-pane-of-glass dashboard, and high capacity wireless access points – was identified by the hotel consortium’s teams as a powerful solution to address wireless needs in their headquarters. A revised design, incorporating Cisco Meraki networking, coupled with updated Cisco Wireless AP devices, could cost-effectively turn wireless services into a utility for the consortium’s global office locations (many of which do not have large, internal IT teams).


Derive Solution

Derive had a long, trusted relationship with the hotel consortium when the Cisco Meraki solution was proposed. Derive supported the consortium’s earlier purchase and implementation of the then-legacy Cisco wireless networking products, and has provided other services to the company surrounding complimentary providers, including Microsoft (Derive is a Microsoft Gold Certified Partner) and others. Derive is a Cisco Premier Certified Partner with Advanced Unified Computing Technology and Network Architecture Specializations, and has extensive, real-world experience in the implementation of the latest Cisco Meraki solutions. Considering these attributes, the consortium’s CIO turned to Derive to support the Meraki implementation project.

Over an agreed-upon three-month period, Derive deployed the Cisco Meraki, feature-rich, easy-to-use, cloud architecture for the client, enabling them to continually, as Cisco describes it, utilize this single-pane-of-glass to “solve new business problems and reduce operating costs.” The principal advantages of using the Cisco Meraki platform are—as listed on Cisco’s website:

  • Manage (an) entire network from a single dashboard
     
  • Control users, applications, and devices
     
  • No controller hardware or management software to install and maintain
     
  • Secure (PCI and HIPAA-compliant) cloud infrastructure
     
  • Scales from small sites to million-user deployments


During the course of the three-month rollout, Derive also implemented Cisco’s Meraki portfolio of networking devices—which, as Cisco describes them, “are centrally managed from the cloud.” These include, enterprise-class Cisco Meraki MR34 802.11ac Wireless Access Points (APs) with Dedicated Security, which, according to Cisco, “feature high power radios and enhanced receive sensitivity.” Derive also met the client’s customer experience and extended security needs by making seamless connections between the company’s Microsoft Network Policy Server (NPS) for radius server and the Cisco Meraki Cloud Management platform.

The consortium required adherence to PCI Level 2 compliance—this standard, according to a Meraki whitepaper, “applies to all organizations that process financial transactions anywhere from $1M to $6M per year.” The whitepaper goes on to state that, “Meraki’s cloud hosted WLAN controller is out of band, meaning that wireless traffic (including cardholder data) does not flow through Meraki’s cloud-hosted controller or any other Meraki infrastructure not behind your firewall.” The high level of security provided by Cisco Meraki – according to the whitepaper, “Meraki datacenters have passed the Level 1 PCI audit, the most rigorous level for PCI compliance” – meets a variety of critical business needs for the consortium.

Derive also designed and customized a branded Cisco Meraki-hosted splash page for the consortium’s guest users—the term “guest users” applying to the consortium’s administrative users who visit the company’s other offices and access their services remotely from these locations, or work virtually. The splash page centralizes the sign on process for all of the consortium’s remote users, and extends the company’s brand across every location, and on every device, anywhere. If Meraki services were not utilized to onboard these guest administrative users in different locations around the world, staff from the consortium’s operations departments in each global office would have to configure sign on protocols for every user. Manually handling all sign on activities for every user in each location would create significant productivity bottlenecks – both for operations and for the guest administrative users themselves – or would require cost-prohibitive, additional hiring of dedicated staff to facilitate the process. With Cisco Meraki, sign on is subjected to the most scrupulous possible security, and the onboarding process is fully automated. Cisco Meraki Systems Manager Sentry – part of the Meraki solution – implemented and tailored for the client by Derive, can, according to Cisco, automatically checks to see that, “devices are enrolled in Systems Manager before allowing access to an SSID and direct a user to self-enroll before accessing the network.” Cisco Meraki’s multi-level authentication securely validates the administrative guest user’s access without the need for intervention by operations personnel. All of this provides a cost-effective, highly secure, fast and seamless login for guest users across any of the company’s locations, on any device, and improves business productivity.


The Results

A brief review of the project was conducted by the hotel consortium’s CIO following the three-month rollout, which was performed by Derive with little to no business interruption. The now-previous Cisco Aironet and Cisco Generation 2500 Wireless devices were barely being used at the time of the refresh because they had become unreliable. When the new Cisco Meraki Cloud Managed Networking and Wireless AP devices were rolled out, prior wireless services were taken down while the legacy APs were replaced. All changes were performed during business hours, including the mounting of the new Cisco Meraki Wireless APs, to the primary office’s ceiling, with little or no significant downtime in wireless services. Derive’s implementation of the Cisco Meraki cloud management solution, and installation of the Cisco Meraki AP hardware can securely support all needs for wireless access to services, data, printing, and more within the New York office.

Cited by the hotel consortium as among the principal virtues of Derive’s Cisco Meraki design and deployment was the capacity to scale the complete implementation to a standard for their global office and hotel locations. Through the Derive-customized Cisco Meraki cloud management panel (along with Microsoft NPS), Derive can clone the wireless management and security configurations implemented in the client’s headquarters, then tailor them to the specific requirements for each location. The consortium can ship Cisco Meraki AP devices to any of their offices in any country, have smart hands in each location conduct the installation of the hardware, then Derive would leverage Cisco Meraki’s cloud management platform to configure the solution remotely. This will serve as a highly cost-and-business-effective model for future deployments, and can be seamlessly rolled out anywhere in the world.