@micmec wrote:   I've been a Meraki customer since before it was Cisco. - Mike Glad to see I'm not the only one here since the MIT days! ... View more

@LindseyM wrote:     Personally I don't think retention is a big issue. The camera's can average 90-120 days, how often do you need to go back farther than that?  Even with standard quality, I'm a little dubious about that amount of footage in real world scenarios. ... View more

@snafumaster wrote:     A couple of quick questions: 1. How many would you suggest to get for a viable test scenario?  I was thinking no less than 2 but as many as 4.  This should let me work with multiple locations, assigning permissions for access etc., and also the viewing 'grid'. 2. Has anyone recently made this migration, and if so, were there any pitfalls...or even great gains? 3. Concerned about the limited storage...should I be?   Thanks...and other information would definitely be welcome. -Matty We did a similar 'bake-off" of different branded cameras. We utilize some...other...."ubiquitous" type solution for some of our smaller properties.   I would get at least 4. Just depends on what your environment is like. The field of view is pretty wide, so put it in some locations where you want a wide angle. Get some up high, to see how much detail you can pick up based on height. Put some in sunny locations so you can see how well the auto exposure works. Put some in dark locations so you can see how well the IR works. Things like that. Overall we are happy with the MV cameras. They are fairly large, which is a bit of a minus, but at least they are stylish and blend in well to our environment. One major complaint is the Ethernet jack on the camera. It is terrible. You have to shove the cable in there at an awful angle to get it in, there is barely enough room between the jack and the camera housing for the RJ45 jack, let alone any sheathing. They only sync at 100mbps, so you have some wiggle room with bending the cables, but still. Lack of a central viewing station/appliance is also a bummer. We ended up rolling a NUC with a limited/kiosk mode account, and Chrome set to auto refresh every so often. Works well enough, but it is kind of janky. Our main lobby of a 160 room hotel has around an 18 day retention. That's our lowest. A side hallway with not much foot traffic has 55 days of retention, our most. Average is around 24-32 days. We also have it set to Enhanced Quality. Good luck! ... View more

We run a very layered, security focused approach on our networks. We run mostly hotels, but we also use the Meraki stack for our corporate office and other business ventures.   Network Wide:   Alerts - setup alerts for rogue AP, any device going offline, DHCP pool exhausted, rogue DHCP server detected, malware is downloaded/blocked. General - collect destination hostnames. Change default local credentials. Add a syslog server to your environment for further monitoring and post incident logs. Enable SNMP v3 with secure username/password.   MX Setup:   VLANs. Segregate traffic based on activity. Production network, guest network, CCTV network, etc. Create ACLs to prevent inter-vlan traffic where not desired. DHCP - Only offer DHCP on networks where it is required, and limit scope. Activate DHCP snooping and rogue DHCP server detection. Firewall - Prevent inter-vlan traffic when not desired. Apply appropriate Layer 7 rules, such as filtering out P2P. Only create port forwarding for absolutely required services, limit connecting IPs to only those needing to access. Active Directory - Integrate to allow better tracking of resources and for any post breach research, if necessary. Also create groups to allow specific filtering profiles (management, line staff, etc.) Threat Protection - AMP Enabled at all times. For IDS, Prevention and Security methods selected. Content filtering - Unless otherwise overruled, standard set is to block: Bot Nets, Confirmed SPAM Sources, Keyloggers & Monitoring, Open HTTP Proxies, Parked Domains, Peer to Peer, Phising and Other Frauds, Proxy Avoidance, SPAM Urls, Spyware and Adware. This is also done on our guest networks for enhanced protection. For production network, add: Adult and Pornography. Choose full site list instead of Top sites only. Security Center: Review on a weekly (or shorter, depending on your needs) interval. Setup scheduled email reports accordingly. MR Setup:   Access Control - Even for guest networks, recommended setup is for WPA2 (only). Enable Adaptive 802.11r. Access Control - For secure networks, authenticate with RADIUS and use Systems Manager Sentry to ensure only authorized devices are connected.  Access Control - Make sure appropriate VLANs are being used, and guest traffic is prohibited from reaching any other subnet/network. Firewall - Deny Wireless clients accessing LAN as appropriate. Enable L7 rules for blocking P2P.  SSID Availability - Considering disabling unneeded SSIDs during closed times. Enable SSIDs on APs only where they are needed. Air Marshal - Contain rogue APs seen on the LAN PCI Report - run at regular intervals Physical setup - ensure APs are mounted in locations not easily tampered with, or if within reach, in a secure box/environment to prevent physical tampering. MS Setup:   IPv4 ACL: Setup as appropriate for your organization Access policies - Setup SME Sentry for connected device and guest VLANs - use either Meraki authentication or ideally, your RADIUS server. Switch Ports - disable unused ports.   SME Setup:   Security Policies - Create policies for different devices (stationary vs mobile for example). Security Policies - Enable screen lock, login required, firewall enabled, disk encryption, antivirus running, passcode lock, device is not compromised, and minimum OS version check. Geofencing - Enable appropriate policies based on device. Very limited for stationary devices, more broad for mobile depending on the user. Setup alerts to notify admins when fence is breached. MDM Settings - Require password to removal profile. Set appropriate restrictions, password policies, WiFi sentry, etc. as needed based on the business.   This helps keep us safe, in addition to the non-Meraki procedures we follow. Every bit of the layer helps! ... View more