Central Networks and Technologies Ltd

Meraki SD WAN

Meraki SDWAN provides full mesh site-to-site IP connectivity across one or more Internet connections and allows granular control over traffic flows and link selection. One touch deployment simplifes large scale deployments into a quick and managable solution. Integrated firewall and content filtering solutions ensure a secure environment.

Features

• Multi-WAN with load balancing and failover
• Stateful firewall, IPS and content filtering
• Active-Active site-to-site and remote access VPN
• VLAN and network segmentation
• High availability and warm spare support
• Policy based routing
• Full QoS support
• Layer 3/4 and 7 firewall with geo-location

Benefits

• Entire solution is fully cloud managed using a single-pane-of-glass
• Device configuration is stored in the cloud
• Support for most connectivity methods (DSL/FTTx/cellular/DIA)
• Meraki MX firewalls cater for different connectivity requirements
• Gigabit/mGig/10Gbps - copper and SFP offerings
• Integrated cellular and wireless access points in some models

£250 to £1,125 a unit a day

• Education pricing available

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@centralnetworks.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.

Framework

G-Cloud 14

Service ID

417132139251831

Contact

John Blackburn
01706747474
sales@centralnetworks.co.uk

Service scope

• Software add-on or extension: Yes, but can also be used as a standalone service
• What software services is the service an extension to: SOC, NOC
• Cloud deployment model: Hybrid cloud
• Service constraints: Each device deployed must have its own license
• System requirements:
  • Each device deployed must have it own license
  • Internet connection

User support

• Email or online ticketing support: Email or online ticketing
• Support response times: The aim is to respond to questions on the first call, through an escalation 1st-3rd line classification.
• User can manage status and priority of support tickets: Yes
• Online ticketing support accessibility: None or don’t know
• Phone support: Yes
• Phone support availability: 24 hours, 7 days a week
• Web chat support: No
• Onsite support: Yes, at extra cost
• Support levels: Our operations team is broken down into two areas, Service Desk and Engineering. The Service Desk acts as the primary source of all activity, where calls are categorised, prioritised and filtered to the relevant specialist if required. Our calls are given a priority level from 1-5; whereas P1 is Disaster, business is non-operational all the way through to P5, of which could be a cosmetic incident, for example. Our response times and levels are summarised below: P1 - Urgent - 15mins Response Time (RT), 4 hrs Target Full Fix Time(TFFT) P2 - Critical - 30 mins RT, 8 hrs TFFT P3 - Very Important - 4 hrs RT, 20 hrs TFFT P4 - Important - 10 hrs RT, 30 hrs TFFT P5 - Informational - 3 days RT, 90 days TFFT (never normally this long) The majority of activity will be remote based working, however we will send either a senior engineer to the client site, or a cloud specialist to a cloud hosting datacentre site, as and when required, depending on the incident. All priority incidents are included in our pricing, defined by customised SLA's and can be in unlimited numbers if required, depending on the client's needs.
• Support available to third parties: No

Onboarding and offboarding

• Getting started: "A full handover package will be provided following the succesful commissioning of a service. Separate documentation for each site on the network as well as an overall summary and topology map gives the customer an easy to follow overview of the entire solution. User training on how to navigate and configure the Meraki solution can be provided by the same engineer(s) who implemented the system allowing the customer access to detailed information to help them understand the solution fully.; ; Meraki also has published guides and information on their website which the customer can review in their own time."
• Service documentation: No
• End-of-contract data extraction: The Meraki solution, hardware, configuration and licensing is owned directly by the customer, with Central Networks having access for management and support purposes. At the end of the contract, the customer can revoke Central's access without leaving the solution themselves allowing the customer to continue operating the environment.
• End-of-contract process: .

Using the service

• Web browser interface: No
• Application to install: No
• Designed for use on mobile devices: No
• Service interface: No
• User support accessibility: WCAG 2.1 AA or EN 301 549
• API: No
• Customisation available: No

Scaling

• Independence of resources: N/A

Analytics

• Service usage metrics: Yes
• Metrics types: Log files, bandwidth statitics, device availability
• Reporting types:
  • API access
  • Real-time dashboards
  • Regular reports
  • Reports on request

Resellers

• Supplier type: Reseller providing extra support
• Organisation whose services are being resold: Meraki

Staff security

• Staff security clearance: Other security clearance
• Government security clearance: None

Asset protection

• Knowledge of data storage and processing locations: Yes
• Data storage and processing locations:
  • United Kingdom
  • European Economic Area (EEA)
  • Other locations
• User control over data storage and processing locations: No
• Datacentre security standards: Complies with a recognised standard (for example CSA CCM version 3.0)
• Penetration testing frequency: At least once a year
• Penetration testing approach: ‘IT Health Check’ performed by a CHECK service provider
• Protecting data at rest: Physical access control, complying with SSAE-16 / ISAE 3402
• Data sanitisation process: No
• Equipment disposal approach: A third-party destruction service

Data importing and exporting

• Data export approach: Real time analytics can be exported through the dashbaord
• Data export formats:
  • CSV
  • Other
• Other data export formats: XML
• Data import formats:
  • CSV
  • Other
• Other data import formats: XML

Data-in-transit protection

• Data protection between buyer and supplier networks:
  • Private network or public sector network
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Bonded fibre optic connections
  • Legacy SSL and TLS (under version 1.2)
• Data protection within supplier network:
  • TLS (version 1.2 or above)
  • IPsec or TLS VPN gateway
  • Legacy SSL and TLS (under version 1.2)

Availability and resilience

• Guaranteed availability: "Meraki advertises a 99.99% uptime SLA alongside 24x7 automated failover detection. The cloud dashboard can also be configured for e-mail reporting to alert administrators to potential issues before they become service affecting.; ; Customer data is replicated in real-time between neighbouring datacentres and replicated daily to other datacentres across the world."
• Approach to resilience: "Meraki offers multiple levels of resillience, from the customer's own equipment to the backend cloud platform itself. Utilising warm spare allows a customer to install a second Meraki MX firewall which replicates configuration and stateful firewall sessions between both appliances.; ; Further to this, redundant internet connections can be used to provide load balancing and failover within a customer site. The failure of one connection will not cause a service failure as the Meraki AutoVPN technology will automatically re-establish VPN sessions between remote appliances with no user interaction required.; ; Further to this, Meraki operate 10 datacentres in different regions worldwide, with data replicated in real-time to datacentres in the same region. Nightly replications ensure the configuration data is stored globally."
• Outage reporting: Meraki offers real time monitoring and reporting to provide pro-active and realtime alerting. E-mail alerts can be customised to allow for theshold triggering of packet loss, bandwidth utilisation and detection of malware or viruses. Further to this, Meraki offer a service status page for their cloud services to advise of any internal outages within their systems. It is possible to subscribe to service status updates via e-mail.

Identity and authentication

• User authentication needed: Yes
• User authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password
• Access restrictions in management interfaces and support channels: Delegated admin access, IP whitelists, MFA
• Access restriction testing frequency: At least every 6 months
• Management access authentication:
  • 2-factor authentication
  • Identity federation with existing provider (for example Google Apps)
  • Username or password

Audit information for users

• Access to user activity audit information: Users have access to real-time audit information
• How long user audit data is stored for: User-defined
• Access to supplier activity audit information: Users have access to real-time audit information
• How long supplier audit data is stored for: User-defined
• How long system logs are stored for: User-defined

Standards and certifications

• ISO/IEC 27001 certification: Yes
• Who accredited the ISO/IEC 27001: QMS International
• ISO/IEC 27001 accreditation date: 19/05/2014
• What the ISO/IEC 27001 doesn’t cover: N/A
• ISO 28000:2007 certification: No
• CSA STAR certification: No
• PCI certification: No
• Cyber essentials: Yes
• Cyber essentials plus: Yes
• Other security certifications: No

Security governance

• Named board-level person responsible for service security: Yes
• Security governance certified: Yes
• Security governance standards: ISO/IEC 27001
• Information security policies and processes: We follow ISO27001 standards. Policies are presented to each employee at start of their employment and any amendments have to be signed up to as they occur.

Operational security

• Configuration and change management standard: Supplier-defined controls
• Configuration and change management approach: Central operate an internal change advisory board and change process for both our internal systems and our partners. Central can integrate with any change management processes already followed by our customers. Change requests will be raised with the relevant party
• Vulnerability management type: Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
• Vulnerability management approach: Vulnerability management is managed through Problem Management within our Halo Management system using ITIL service definitions and approaches. We also use Nable on services and devices and Opsview monitoring. All patches have to go through a change control process, or Emergency Change process. We can deploy patches immediately. We subscribe to various agencies including Barracuda and Sophos for information on potential threats.
• Protective monitoring type: Supplier-defined controls
• Protective monitoring approach: We use a combination of Veeam one, Nable and opsview which monitor the backups and hardware and report on useage, execptions and progress. We respond immediately any variation has been discovered.
• Incident management type: Supplier-defined controls
• Incident management approach: Central uses an ITIL based system management application from Halo. users report tickets via email, phone or an online system. We provide reports monthly and also reports can be pulled off at any time.

Secure development

• Approach to secure software development best practice: Supplier-defined process

Public sector networks

• Connection to public sector networks: No

Social Value

• Social Value:

  Social Value

  Equal opportunity

  Equal opportunity

  Our Social Value Policy is Available on request more information can be found on our website

Pricing

• Price: £250 to £1,125 a unit a day
• Discount for educational organisations: Yes
• Free trial available: No

Service documents

• Pricing document

  PDF

• Skills Framework for the Information Age rate card

  PDF

• Service definition document

  PDF

• Terms and conditions

  PDF

Request an accessible format

If you use assistive technology (such as a screen reader) and need versions of these documents in a more accessible format, email the supplier at sales@centralnetworks.co.uk. Tell them what format you need. It will help if you say what assistive technology you use.