CINXE.COM

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Meraki Cloud Architecture - Cisco Meraki Documentation</title> <link media="screen" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/legacy.css?_=814adc7572602bc7c2a39e3e9899638a_ZG9jdW1lbnRhdGlvbi5tZXJha2kuY29t:site_13505" id="mt-screen-css" /> <link media="print" type="text/css" rel="stylesheet" href="https://a.mtstatic.com/@cache/layout/print.css?_=a87985e947b3b92ebec6cfe4689bceb3:site_13505" id="mt-print-css" /> <script type="text/javascript" nonce="f655cd553750391526649209bf05a9d21a9f04f211463c7fa3c56e7ec0b01a3c" src="https://a.mtstatic.com/deki/javascript/out/grape.min.js?_=76f77a33377b2f0da26a22ff3a2c3345f92f980b:site_13505"></script><script type="application/json" id="mt-global-settings" nonce="f655cd553750391526649209bf05a9d21a9f04f211463c7fa3c56e7ec0b01a3c">{"apiToken":"xhr_2_1733253875_fb8a69ffb71ef79ec03b43c93d42e7909a5398f8c5224ad9ca8c6d13e4dac92e","pageId":251,"pageViewId":"277f52da-2906-4447-a921-ade479f48089"}</script> <script type="text/javascript" nonce="f655cd553750391526649209bf05a9d21a9f04f211463c7fa3c56e7ec0b01a3c">(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)})(window,document,'script','//www.google-analytics.com/analytics.js','ga');ga('create','UA-51174192-2','documentation.meraki.com',{allowLinker:true});ga('send','pageview');ga('create','UA-65721316-2','documentation.meraki.com',{name:'mtTracker',allowLinker:true});ga('mtTracker.require','linker');ga('mtTracker.set', 'anonymizeIp', true);ga('mtTracker.send','pageview');document.addEventListener('mindtouch-web-widget:f1:loaded',function(e){var t=e.data||{},d=t.widget;d&&''!==t.embedId&&document.addEventListener('mindtouch-web-widget:f1:clicked',function(e){var t=(e.data||{}).href;if(t){var n=document.createElement('a');n.setAttribute('href',t),'expert-help.nice.com'===n.hostname&&(e.preventDefault(),ga('linker:decorate',n),d.open(n.href))}})});</script> </head> <body class="columbia-page-main columbia-article-topic columbia-breadcrumb-home-architecturesandbestpractices-ciscomerakibestpracticedesign-merakicloudarchitecture columbia-live no-touch columbia-lang-en-us columbia-skin-grape"> <div class="grape-messaging"> </div> <div class="grape-header-custom"><div class="style-wrap"><script src="https://global.localizecdn.com/localize.js"></script> <script type="text/javascript">/*<![CDATA[*/ !function(a){if(!a.Localize){a.Localize={};for(var e=["translate","untranslate","phrase","initialize","translatePage","setLanguage","getLanguage","getSourceLanguage","detectLanguage","getAvailableLanguages","untranslatePage","bootstrap","prefetch","on","off","hideWidget","showWidget"],t=0;t<e.length;t++)a.Localize[e[t]]=function(){}}}(window); Localize.initialize({ key: 'dBUYdJ9hPiivc', rememberLanguage: true, autoApprove: true, saveNewPhrases: true });/*]]>*/</script> </div> <script async="async" src="https://www.googletagmanager.com/gtag/js?id=G-NHZZG7QL8R"></script><script>/*<![CDATA[*/ window.dataLayer = window.dataLayer || []; function gtag(){dataLayer.push(arguments);} gtag('js', new Date()); gtag('config', 'G-NHZZG7QL8R'); /*]]>*/</script><script src="//use.typekit.net/hum1oye.js"></script><script>/*<![CDATA[*/try{Typekit.load();}catch(e){}/*]]>*/</script> <div class="mt-header-help"><div class="mt-header-help-container"><div class="mt-logo-container"><div class="mt-logo"><a class="internal" href="https://documentation.meraki.com/" rel="internal"><img class="mt-cdn" src="https://documentation.meraki.com/@api/deki/site/logo?default=https%3A%2F%2Fdocumentation.meraki.com%2F%40cdn%2F%40style%2Fcommon-legacy%2Fimages%2Flogo.png" alt="" /></a></div></div><div id="navcontainer"><ul id="navlist"><li><a href="https://account.meraki.com/secure/login/dashboard_login" target="_blank" rel="external noopener nofollow" class="link-https">Dashboard</a></li><li><a href="https://community.meraki.com/" target="_blank" rel="external noopener nofollow" class="link-https">Community</a></li><li><a href="https://meraki.cisco.com/support" target="_blank" rel="external noopener nofollow" class="link-https">Support</a></li><li><a id="current" href="https://meraki.cisco.com/form/contact" target="_blank" rel="external noopener nofollow" class="link-https">Contact Sales</a></li></ul></div></div><div class="mt-header-search"><div class="mt-help-search mt-lsf-search" id="mt-portfolio-search"><script type="application/json" id="mt-localizations-help-widget">/*<![CDATA[*/{"Help.Widget.button.text":"Search","Help.Widget.label.text":"Query","Help.Widget.placeholder.text":"Search Meraki Cloud Architecture"}/*]]>*/</script><div class="mt-inputredirect" data-query-key="q" data-path="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture"></div></div></div></div> </div> <div class="grape-header grape-wrapper"> <div class="grape-header-container grape-wrapper-container"> <div class="grape-site-logo"> <a class="logo-anonymous" href="/" title="Cisco Meraki Documentation"> <img class="mt-cdn" src="https://a.mtstatic.com/@public/production/site_13505/1603418436-logo.png" alt="Cisco Meraki Documentation" title="Cisco Meraki Documentation"> </a> </div> <div class="grape-site-navigation"> <ul class="mt-site-nav"> <li class="mt-login-sign-in"> <a class="mt-icon-quick-sign-in" href="https://documentation.meraki.com/@app/auth/4/login?returnto=https%3A%2F%2Fdocumentation.meraki.com%2FArchitectures_and_Best_Practices%2FCisco_Meraki_Best_Practice_Design%2FMeraki_Cloud_Architecture" title="Sign in"> Sign in </a> </li> <li class="mt-login-forgot-password"> <a class="mt-icon-login-forgot-password" href="https://documentation.meraki.com/Special:UserPassword" title="Retrieve lost password"> Forgot password </a> </li> </ul> </div> <div class="grape-site-search"> <div class="mt-quick-search-container"> <form action="/Special:Search"> <input name="path" id="mt-search-path" type="hidden" value="" /> <label class="mt-label" for="mt-site-search-input"> Search </label> <input class="mt-text mt-search search-field" name="q" id="mt-site-search-input" placeholder="How can we help you?" type="search" /> <button class="mt-button ui-button-icon mt-icon-site-search-button search-button" type="submit"> Search </button> </form> </div> </div> </div> <div class="grape-site-nav grape-wrapper-container"> <ul class="mt-breadcrumbs"> <li> <a href="https://documentation.meraki.com/"> <span class="mt-icon-article-category mt-icon-article-home"></span> Home </a> </li> <li> <a href="https://documentation.meraki.com/Architectures_and_Best_Practices"> <span class="mt-icon-article-category"></span> Architectures and Best Practices </a> </li> <li> <a href="https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design"> <span class="mt-icon-article-guide"></span> Cisco Meraki Best Practice Design </a> </li> </ul> </div> </div> <div class="grape-content grape-wrapper"> <div class="grape-content-container grape-wrapper-container"> <div id="flash-messages"><div class="dekiFlash"></div></div> <h1 id="title" class="no-edit" style="visibility: visible;"> Meraki Cloud Architecture </h1> <div class="mt-last-updated"> <strong>Last updated:</strong> <span class="modified mt-last-updated-timestamp" data-timestamp="2024-10-05T03:11:43Z"></span> </div> <div class="mt-content-header"></div> <div class="mt-content-side"></div> <div id="mt-toc-container" data-title="Table of contents" data-collapsed="true"> <button class="mt-toggle mt-summary-toggle ui-button-icon mt-toggle-expand">Table of contents</button> <div class="mt-toc-content mt-collapsible-section mt-toc-hide"> <ol><li><a href="#Definition_of_Terms" rel="internal">Definition of Terms</a></li><li><a href="#Meraki_Cloud_Architecture" rel="internal">Meraki Cloud Architecture</a><ol><li><a href="#Data_Centers" rel="internal">Data Centers</a></li><li><a href="#Data_Center_Locations" rel="internal">Data Center Locations</a></li><li><a href="#Data_Center_Storage" rel="internal">Data Center Storage</a></li></ol></li><li><a href="#Meraki_Device-to-Cloud_Communications" rel="internal">Meraki Device-to-Cloud Communications</a><ol><li><a href="#Communication_Process" rel="internal">Communication Process</a></li><li><a href="#Configuration_Containers" rel="internal">Configuration Containers</a></li><li><a href="#Secure_Device_Connectivity" rel="internal">Secure Device Connectivity</a></li><li><a href="#Configuration_Interfaces" rel="internal">Configuration Interfaces</a><ol><li><a href="#The_Meraki_dashboard" rel="internal">The Meraki dashboard</a></li><li><a href="#Meraki_APIs" rel="internal">Meraki APIs</a></li></ol></li></ol></li><li><a href="#Reliability_and_Availability" rel="internal">Reliability and Availability         </a><ol><li><a href="#Data_Center_Uplink_Connection_High_Availability" rel="internal">Data Center Uplink Connection High Availability</a></li><li><a href="#Meraki_Server_High_Availability" rel="internal">Meraki Server High Availability</a></li><li><a href="#Data_Center_Backup_High_Availability" rel="internal">Data Center Backup High Availability</a></li><li><a href="#Disaster_Recovery_Plan" rel="internal">Disaster Recovery Plan</a></li></ol></li><li><a href="#Management_Data" rel="internal">Management Data</a><ol><li><a href="#Server_Data_Segregation" rel="internal">Server Data Segregation</a></li><li><a href="#Network_and_Management_Data_Segregation" rel="internal">Network and Management Data Segregation</a></li><li><a href="#Network_Usage_Data_Retention" rel="internal">Network Usage Data Retention</a></li><li><a href="#Segregated_User_Assets" rel="internal">Segregated User Assets</a></li><li><a href="#Data_Security" rel="internal">Data Security</a></li><li><a href="#Data_Privacy" rel="internal">Data Privacy</a><ol><li><a href="#PCI" rel="internal">PCI</a></li></ol></li></ol></li><li><a href="#Security" rel="internal">Security</a><ol><li><a href="#Hardware_and_Software_Security" rel="internal">Hardware and Software Security</a></li><li><a href="#Physical_and_Operational_Internal_Security" rel="internal">Physical and Operational Internal Security</a></li></ol></li></ol> </div> </div> <div id="page-top"> <div id="topic"> <div id="pageText"> <p dir="ltr">The Meraki cloud solution is a centralized management service that allows users to manage all of their Meraki network devices via a single, simple and secure platform.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image99.png" style="width: 600px; height: 112px;" class="internal" width="600px" height="112px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/11199/image99.png?revision=1&size=bestfit&width=600&height=112" /></p> <p dir="ltr"> </p> <p dir="ltr">Users are able to deploy, monitor, and configure their Meraki devices via the Meraki dashboard web interface or via APIs. Once a user makes a configuration change, the change request is sent to the Meraki cloud and is then pushed to the relevant device(s).</p> <div id="meraki-learning"> <p>Learn more with these free online training courses on the Meraki Learning Hub:</p> <ul> <li><a target="_blank" title="Introducing Meraki and Cloud-Managed Networking:" href="https://learning.meraki.net/#/online-courses/1ceb43b8-e35f-4c24-920e-3de9820243be" rel="external noopener nofollow" class="link-https">Introducing Meraki and Cloud-Managed Networking:</a></li> </ul> <div><span class="mt-font-size-11"><span class="mt-color-7f8c8d"><em>Sign in with your Cisco SSO or create a free account to start training.</em></span></span></div> </div> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_1"><span id="Definition_of_Terms"></span><h4 dir="ltr" class="editable">Definition of Terms</h4> <p dir="ltr"><strong>The Meraki dashboard: </strong>A modern web browser-based tool used to configure Meraki devices and services.</p> <p dir="ltr"><strong>Account: </strong>A Meraki user’s account, used for accessing and managing their Meraki organizations.</p> <p dir="ltr"><strong>Organization: </strong>A logical container for Meraki networks managed by one or more accounts.</p> <p dir="ltr"><strong>Network: </strong>A logical container for a set of centrally managed Meraki devices and services.</p> <p> </p> <p dir="ltr"><img alt="image59.png" style="width: 600px; height: 228px;" class="internal" width="600px" height="228px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/9868/image59.png?revision=1&size=bestfit&width=600&height=228" /></p> <p dir="ltr"> </p> <p dir="ltr"><strong>Management data: </strong>The data (configuration, statistics, monitoring, etc.) that flows from Meraki devices (wireless access points, switches, security appliances) to the Meraki cloud over a secure internet connection.</p> <p dir="ltr"><strong>User data: </strong>Data related to user traffic (web browsing, internal applications, etc.). User data does not flow through the Meraki cloud, instead flowing directly to their destination on the LAN or across the WAN.</p> <p> </p> <p dir="ltr"><img alt="image163.png" style="width: 600px; height: 356px;" class="internal" width="600px" height="356px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/8045/image163.png?revision=1&size=bestfit&width=600&height=356" /></p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_2"><span id="Meraki_Cloud_Architecture"></span><h3 dir="ltr" class="editable">Meraki Cloud Architecture</h3> <p dir="ltr">The Meraki cloud is the backbone of the Meraki management solution. This "cloud" is a collection of highly reliable multi-tenant servers strategically distributed around the world at Meraki data centers and select public cloud service providers. For the remainder of this document we will refer to both the Meraki data centers and the public cloud service providers' locations we use as "data centers". The servers at these data centers are powerful hosting computers comprised of many separate user accounts. They are called multi-tenant servers because the accounts share (equal) computing resources on their host (the server). However, even though these accounts share resources, Meraki ensures that customer information is kept secure by restricting organization access based on account authentication, as well as hashing authentication information such as user passwords or API keys.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image72.png" style="width: 600px; height: 200px;" class="internal" width="600px" height="200px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/10392/image72.png?revision=1&size=bestfit&width=600&height=200" /></p> <p> </p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_3"><span id="Data_Centers"></span><h4 dir="ltr" class="editable">Data Centers</h4> <p dir="ltr">Customer management data is replicated across independent same-region data centers in real time. The same data is also replicated in automatic nightly archival backups hosted by in-region third-party cloud storage services. The Meraki cloud does not store customer user data. More information about the types of data that are stored in the Meraki cloud can be found in the “Management Data” section below.</p> <p dir="ltr">All Meraki services (the dashboard and APIs) are also replicated across multiple independent data centers, so they can failover rapidly in the event of a catastrophic data center failure.</p> <p dir="ltr">Meraki data centers are located around the world, enabling high-availability local data containment for data sovereignty in sensitive countries and regions, and high-speed connections to facilitate reliable cloud management communication. These data centers hold certifications such as PCI, SOC 2 and ISO27001. More information about cyber security can be found under Hardware and Software Security section below. </p> <p dir="ltr"><br /> More key data center features include:</p> <ul> <li dir="ltr"> <p dir="ltr">99.99% uptime service level agreement</p> </li> <li dir="ltr"> <p dir="ltr">24x7 automated failure detection</p> </li> <li dir="ltr"> <p dir="ltr">Real-time replication of data between data centers</p> </li> <li dir="ltr"> <p dir="ltr">All sensitive data (e.g., passwords) is hashed on servers</p> </li> </ul> <p>To learn more about monitoring, redundancy, disaster recovery, security, etc., reference our <a href="https://meraki.cisco.com/trust#data-centers" target="_blank" rel="external noopener nofollow" class="link-https"><u>data center design</u></a> page. More details about data center redundancy and reliability is covered in the “Reliability and Availability” section below.</p> <p dir="ltr"><strong>Note:</strong> some account and configuration settings are subject to regional export for management. A full list of these settings can be found in our article, <a href="https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Data_Stored_on_the_Meraki_Primary_Controller" rel="internal"><u>Data Stored on the Meraki Primary Controller</u></a>.</p> <p> </p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_4"><span id="Data_Center_Locations"></span><h4 dir="ltr" class="editable">Data Center Locations</h4> <p dir="ltr"><img alt="clipboard_ee8d64a5a59bf947d97482e2f3193b32e.png" class="internal" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/28816/clipboard_ee8d64a5a59bf947d97482e2f3193b32e.png?revision=1" /></p> <p dir="ltr">Each region (North and South America, Europe, Asia, China, Canada, India) has, at minimum, a geographically matched pair (for failover) of data centers where any endpoint’s primary Meraki server will be located. The table below details which data centers cover each dashboard region.</p> <p> </p> <table border="1" style="table-layout: fixed;"> <colgroup> <col width="*" /> <col width="*" /> <col width="*" /> </colgroup> <tbody> <tr> <td> <p dir="ltr"><strong>Region</strong></p> </td> <td> <p dir="ltr"><strong>Data center 1</strong></p> </td> <td> <p dir="ltr"><strong>Data center 2</strong></p> </td> </tr> <tr> <td> <p dir="ltr"><strong>North and South America</strong></p> </td> <td> <p dir="ltr">USA</p> </td> <td> <p>USA</p> </td> </tr> <tr> <td> <p dir="ltr"><strong>Europe</strong></p> </td> <td>Germany, France</td> <td>Germany, France</td> </tr> <tr> <td> <p dir="ltr"><strong>Asia</strong></p> </td> <td>Australia</td> <td>Singapore</td> </tr> <tr> <td> <p dir="ltr"><strong>China</strong></p> </td> <td>China</td> <td>China</td> </tr> <tr> <td><strong>Canada</strong></td> <td>Canada</td> <td>Canada</td> </tr> <tr> <td><strong>India</strong></td> <td>India</td> <td>India</td> </tr> </tbody> </table> <p> </p> <p dir="ltr">Upon account creation, customers can select which region their data is hosted in. For customers with globally dispersed networks, separate organizations should be created for each data storage, or hosting region (North America, South America, Europe, Asia, China, Canada and India). The hosting region for an organization can be found at the bottom of Meraki dashboard pages when a user is signed in.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_5"><span id="Data_Center_Storage"></span><h4 dir="ltr" class="editable">Data Center Storage</h4> <p dir="ltr">Meraki data centers contain active Meraki device configuration data and historical network usage data. These data centers house multiple compute servers, which are where customers’ management data is contained. These data centers do not store customers’ user data. These data types are covered in more detail in the “Data” section below.</p> <p> </p> <p dir="ltr"><img alt="image75.png" class="internal" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/10563/image75.png?revision=1" /></p> <p> </p> </div></div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_6"><span id="Meraki_Device-to-Cloud_Communications"></span><h3 dir="ltr" class="editable">Meraki Device-to-Cloud Communications</h3> <p dir="ltr">Meraki uses an event-driven remote procedure call (RPC) engine for Meraki devices to communicate to the dashboard and for Meraki servers to send and receive data. Meraki hardware devices act as the server/receiver as the Meraki cloud initiates calls to the devices for data collection and configuration deployment. The cloud infrastructure is the initiator, so configurations can be executed in the cloud before the devices are actually online or even physically deployed.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image31.png" style="width: 600px; height: 356px;" class="internal" width="600px" height="356px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/8361/image31.png?revision=1&size=bestfit&width=600&height=356" /></p> <p dir="ltr"> </p> <p dir="ltr">In the event of cloud connectivity loss (which is most commonly caused by a local ISP or connection failure), the Meraki hardware device will continue to run with its last known configuration until cloud connectivity is restored.</p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_7"><span id="Communication_Process"></span><h4 dir="ltr" class="editable">Communication Process</h4> <p dir="ltr">If a device is offline, it will continue to attempt to connect to the Meraki cloud until it gains connectivity. Once the device comes online, it automatically receives the most recent configuration settings from the Meraki cloud. If changes are made to the device configuration while the device is online, the device receives and updates these changes automatically. These changes are generally available on the device in a matter of seconds. However, large quantities of changes may take noticeably longer to reach their devices. If no configuration changes are made by the user, the device continues to periodically check for updates to its configuration on its own.</p> <p dir="ltr">As the device runs on the network, it will communicate device and network usage analytics back to the Meraki cloud. Dashboard analytics based on this information, in the form of graphs and charts, are updated regularly in the Meraki cloud and are displayed in the dashboard of users when they are viewing this information.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_8"><span id="Configuration_Containers"></span><h4 dir="ltr" class="editable">Configuration Containers</h4> <p dir="ltr">Device configurations are stored as a container in the Meraki backend. When a device configuration is changed by an account administrator via the dashboard or API, the container is updated and then pushed to the device the container is associated to via a secure connection. The container also updates the Meraki cloud with its configuration change for failover and redundancy.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image54.png" style="width: 600px; height: 211px;" class="internal" width="600px" height="211px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/9648/image54.png?revision=1&size=bestfit&width=600&height=211" /></p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_9"><span id="Secure_Device_Connectivity"></span><h4 dir="ltr" class="editable">Secure Device Connectivity</h4> <p dir="ltr">For devices to communicate with the cloud, Meraki leverages a proprietary lightweight encrypted tunnel using AES-256 encryption while management data is in transit. Within the tunnel itself, Meraki leverages HTTPS and protocol buffers for a secure and efficient solution, limited to 1 kbps per device when the device is not being actively managed.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="Mtunnel.png" style="width: 600px; height: 213px;" class="internal" width="600px" height="213px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/11306/Mtunnel.png?revision=1&size=bestfit&width=600&height=213" /></p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_10"><span id="Configuration_Interfaces"></span><h4 dir="ltr" class="editable">Configuration Interfaces</h4> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_11"><span id="The_Meraki_dashboard"></span><h5 dir="ltr" class="editable">The Meraki dashboard</h5> <p dir="ltr">The Meraki dashboard is a modern web browser-based tool used to configure Meraki devices and services.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image144.png" style="width: 600px; height: 338px;" class="internal" width="600px" height="338px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/7289/image144.png?revision=1&size=bestfit&width=600&height=338" /></p> <p> </p> <p dir="ltr">The Meraki dashboard is the visual alternative to the traditional command line, which is used to manage many routers, switches, security devices, and more. Instead, Meraki puts all devices within networks in one place and allows users to apply changes in a simple, easy-to-use format.</p> <p>In addition to simplifying device management, the dashboard is also a platform for viewing network analytics, applying network permissions, and keeping track of users. The dashboard allows users to view camera streams, manage users’ mobile devices and computers, set content rules, and monitor upstream connections from a single place.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_12"><span id="Meraki_APIs"></span><h5 dir="ltr" class="editable">Meraki APIs</h5> <p dir="ltr">Meraki APIs provide control of the Meraki solution in a programmable way, enabling actions that may not be possible with the dashboard, or proving more granular control. Meraki APIs are RESTful APIs using HTTPS for transport and JSON for object serialization.</p> <p>By providing open API accessibility, Meraki leverages the power of the cloud platform on a deeper level to create more efficient and powerful solutions. Through Meraki APIs, users can automate deployments, monitor their networks, and build additional solutions on top of the Meraki dashboard.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image50.png" style="width: 600px; height: 232px;" class="internal" width="600px" height="232px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/9421/image50.png?revision=1&size=bestfit&width=600&height=232" /></p> <p> </p> <p dir="ltr">API keys are tied to a specific user account through the Meraki platform. If an individual has administrative access to multiple Meraki organizations, a single key can configure and control those multiple organizations.</p> </div></div></div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_13"><span id="Reliability_and_Availability"></span><h3 dir="ltr" class="editable">Reliability and Availability         </h3> <p dir="ltr">Meraki enables a high-availability (HA) architecture in multiple ways to ensure high serviceability to our customers. Network connections through our data centers are high in bandwidth and highly resilient. Shared HA structures ensure data is available in case of a localized failure, and our data center backup architecture ensures customer management data is always available in the case of catastrophic failure. These backups are stored on third-party cloud-based storage services. These third-party services also store Meraki data based on region to ensure compliance with regional data storage regulations.</p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_14"><span id="Data_Center_Uplink_Connection_High_Availability"></span><h4 dir="ltr" class="editable">Data Center Uplink Connection High Availability</h4> <p dir="ltr">Meraki constantly monitors the connections for integrity using multiple high-speed connections out of its data centers. Meraki network connectivity performs tests for DNS reachability to determine that integrity and data centers will failover to secondary links in the case of a degraded link.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_15"><span id="Meraki_Server_High_Availability"></span><h4 dir="ltr" class="editable">Meraki Server High Availability</h4> <p dir="ltr">A single device connects to multiple Meraki servers at the same time, making sure all data is kept up-to-date in case there is need for a failover. This secondary Meraki server connection verifies device configuration integrity and historical network usage data in the case of a Meraki server failure.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image162.png" class="internal" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/7696/image162.png?revision=1" /></p> <p> </p> <p dir="ltr">In the event of server failure or connection loss, node connectivity can failover to the secondary server. Upon recovery of the primary server, the connection will be reestablished without noticeable impact to the connecting nodes.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_16"><span id="Data_Center_Backup_High_Availability"></span><h4 dir="ltr" class="editable">Data Center Backup High Availability</h4> <p dir="ltr">Meraki keeps active customer management data in a primary and secondary data center in the same region. These data centers are geographically separated to avoid physical disasters or outages that could potentially impact the same region. Data stored in these data centers are synced in real time. In the case of a data center failure, the primary data center will fail over to the secondary data center with the most recent configuration stored.</p> <p> </p> <p dir="ltr"><img alt="image40.png" class="internal" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/8652/image40.png?revision=1" /></p> <p> </p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_17"><span id="Disaster_Recovery_Plan"></span><h4 dir="ltr" class="editable">Disaster Recovery Plan</h4> <p dir="ltr">The storage of customer management data and the reliability of its dashboard and API services are primary priorities for Meraki. To help prevent data loss in the event of a disaster, Meraki has multiple major points of redundancy. Each Meraki data center is paired with another data center in the same region. If a data center is completely wiped out, backups can be brought up within minutes at the other in-region data center. Next, if both data centers are impacted, nightly backups hosted in two different third-party cloud storage services, each with their own physical storage redundancies, can be used to recover data.  </p> </div></div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_18"><span id="Management_Data"></span><h3 dir="ltr" class="editable">Management Data</h3> <p dir="ltr">The Meraki cloud gathers and stores certain types of “management” data to enable its solutions. All forms of data are encrypted in transit to and from Meraki servers. There are four major types of data stored in the Meraki cloud:</p> <p dir="ltr"><strong>User records: </strong>Includes account email and company name or other optional information such as user name and address.</p> <p dir="ltr"><strong>Configuration data: </strong>Includes network settings and configurations made by customers in the Meraki dashboard.</p> <p dir="ltr"><strong>Analytics data: </strong>Includes client, traffic, and location analytics data, providing visualizations and network insights into traffic patterns across customer sites.</p> <p dir="ltr"><strong>Customer-uploaded assets: </strong>Includes custom floor plans and splash logos.</p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_19"><span id="Server_Data_Segregation"></span><h4 dir="ltr" class="editable">Server Data Segregation</h4> <p dir="ltr">User data on Meraki servers is segregated based on user permissions. Each user account is authenticated based on organization membership, meaning that each user only has access to information tied to the organizations they have been added to as users. Organization administrators add users to their own organizations, and those users set their own username and secure password. That user is then tied to that organization’s unique ID, and is then only able to make requests to Meraki servers for data scoped to their authorized organization IDs.</p> <p>Additionally, the Meraki development teams have separate servers for development and production, so Meraki never uses live customer data for testing or development. Meraki user data is never accessible to other users or subject to development changes.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_20"><span id="Network_and_Management_Data_Segregation"></span><h4 dir="ltr" class="editable">Network and Management Data Segregation</h4> <p dir="ltr">The Meraki “out of band” control plane separates management data from user data. Management data flows from Meraki devices (e.g. wireless access points, switches, and security appliances) to the Meraki cloud over a secure internet connection. User data (network traffic, web browsing, internal applications, etc.) does not flow through the Meraki cloud, and instead flows directly to the destination on the LAN or across the WAN.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_21"><span id="Network_Usage_Data_Retention"></span><h4 dir="ltr" class="editable">Network Usage Data Retention</h4> <p dir="ltr">Meraki stores management data such as application usage, configuration changes, and event logs within the backend system. Customer data is stored for 14 months in the EU region and for 26 months in the rest of the world. Meraki data storage time periods are based on year-over-year reporting features in the dashboard (12-month periods), plus additional time to ensure data is removed from Meraki backups upon deletion (two months). Meraki uses a proprietary database system to build up easily searchable and referenceable data.</p> <p dir="ltr"> </p> <p dir="ltr"><img alt="image84.png" style="width: 600px; height: 191px;" class="internal" width="600px" height="191px" loading="lazy" src="https://documentation.meraki.com/@api/deki/files/10844/image84.png?revision=1&size=bestfit&width=600&height=191" /></p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_22"><span id="Segregated_User_Assets"></span><h4 dir="ltr" class="editable">Segregated User Assets</h4> <p dir="ltr">Meraki stores customer-uploaded assets such as custom floor plans and splash logos. These items are leveraged within the Meraki dashboard for only that specific customer network and therefore are segmented securely based on standard user permissions tied to organization or network ID access. Only users authenticated to access the host network are able to access uploaded assets.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_23"><span id="Data_Security"></span><h4 dir="ltr" class="editable">Data Security</h4> <p dir="ltr">All data transported to and from Meraki devices and servers is transported via a secure, proprietary communications tunnel (see the “Secure Connectivity” section above). Communications data is encrypted in transit via this tunnel. All client-management connections (dashboard/API) to the Meraki cloud have secure TLS encryption for all application traffic.</p> <p dir="ltr">Additionally, Meraki data backups are fully encrypted using AES-256 and have restricted access (see the “Physical and Operational Internal Security” section).</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_24"><span id="Data_Privacy"></span><h4 dir="ltr" class="editable">Data Privacy</h4> <p dir="ltr">Connecting to a cloud solution entails storing specific data in the cloud for easy use and access. To maintain integrity and security, a cloud infrastructure must take into account the sensitivity and compliance rules of that data. Specific industries and geographies have laws to protect the user data that Meraki addresses through our flexible cloud infrastructure.</p> <p dir="ltr">Meraki embeds privacy by design in its product and feature development as well as business practices. Privacy is an integral piece of the Meraki design process and is a consideration from initial product design all the way through to product implementation. Meraki offers a full suite of privacy-driven features to all customers globally. These features allow our customers to manage privacy requirements and help support their privacy initiatives. Customers can read more about some of the Meraki privacy features in our <a href="https://documentation.meraki.com/General_Administration/Privacy_and_Security/Meraki_Data_Privacy_and_Protection_Features" rel="internal"><u>Data Privacy and Protection Features</u></a> article.</p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_25"><span id="PCI"></span><h5 dir="ltr" class="editable">PCI</h5> <p dir="ltr">Meraki provides a comprehensive solution to ensure a PCI-compliant environment held to the strict standards of a Level 1 PCI audit (the most rigorous audit level). The rich security feature set addresses all PCI data security standards, helping customers build and maintain a secure network, maintain a vulnerability management program, implement strong access control measures, and monitor network security.</p> </div></div></div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_26"><span id="Security"></span><h3 dir="ltr" class="editable">Security</h3> <p dir="ltr">Customer security is a top priority for Meraki. Heavy investments in tools, processes, and technologies keep our users and their networks safe, including features like two-factor authentication for dashboard access and out-of-band cloud management architecture.</p> <p>In addition to Meraki and Cisco’s internal security teams, Meraki leverages third parties to provide additional security. Precautions such as daily third-party vulnerability scans, application testing, and server testing are embedded in the Meraki security program. Meraki additionally started a vulnerability rewards program for both hardware and software, which encourages external researchers to collaborate with our security team to keep our infrastructure and customers safe. More information about this program can be found on our <a href="https://bugcrowd.com/ciscomeraki" target="_blank" rel="external noopener nofollow" class="link-https"><u>Bugcrowd program page</u></a>.</p> <p dir="ltr">Meraki intelligent security infrastructure eliminates the management complexities, manual testing, and ongoing maintenance challenges that lead to vulnerabilities. The intuitive and cost-effective security features are ideal for network administrators, while powerful and fine-grained administration tools, account protections, audits, and change management appeal to chief information security officers.</p> <div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_27"><span id="Hardware_and_Software_Security"></span><h4 dir="ltr" class="editable">Hardware and Software Security</h4> <p dir="ltr">Meraki leverages technology such as secure boot, firmware image signing, and hardware trust anchors as part of the <a title="https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-development-lifecycle.pdf" href="https://www.cisco.com/c/dam/en_us/about/doing_business/trust-center/docs/cisco-secure-development-lifecycle.pdf" target="_blank" rel="external noopener nofollow" class="link-https"><u>Cisco Secure Development</u></a> lifecycle to maintain hardware and software integrity.</p> </div><div mt-section-origin="Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture" class="mt-section" id="section_28"><span id="Physical_and_Operational_Internal_Security"></span><h4 dir="ltr" class="editable">Physical and Operational Internal Security</h4> <p dir="ltr">Meraki is committed to maintaining user security by providing mandatory operational security training for all employees. Formal information security awareness programs have been put in place for all employees. In addition, all employees and contractors are required to comply with Cisco’s background check policy and are bound by the Meraki information security policy and industry standard confidentiality agreements.</p> <p dir="ltr">Remote access to Meraki servers is done via IPSec VPN and SSH. Access is scoped and restricted by our internal security and infrastructure teams based on strict rules for business need.</p> <p dir="ltr">For access to Meraki cloud servers, databases, and code, there are role-based access models for user access and specific permissions in place. Two-factor authentication is enforced for all users who have access to these systems, both internally and remotely.</p> <p dir="ltr">Physical access to the Meraki cloud infrastructure is secured at all hours, by guard service patrols, and contains external and internal video surveillance with real-time monitoring. For physical access, all data centers have a high-security key card system and biometric readers. Access to these data centers is only given to users with a business need to access, leveraging PKI and two-factor authentication for identity verification. This access is limited to a very small number of employees and user access is audited monthly.<br />  </p> <p dir="ltr"><em>Please note that this reference guide is provided for informational purposes only. The Meraki cloud architecture is subject to change.</em></p> </div></div></div> </div> </div> <div class="mt-content-footer"></div> <ol class="grape-meta-data grape-meta-article-navigation"> <li class="grape-back-to-top"><a class="mt-icon-back-to-top" href="#title" id="mt-back-to-top" title="Jump back to top of this article">Back to top</a></li> <li class="grape-article-pagination"><ul class="mt-article-pagination"> <li class="mt-pagination-previous"> <a class="mt-icon-previous-article" href="https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Building_a_Scalable_Meraki_Solution" title="Building a Scalable Meraki Solution"><span>Building a Scalable Meraki Solution</span></a> </li> <li class="mt-pagination-next"> <a class="mt-icon-next-article" href="https://documentation.meraki.com/Architectures_and_Best_Practices/Cisco_Meraki_Best_Practice_Design/Meraki_Cloud_Architecture/jp" title="Merakiクラウドアーキテクチャ"><span>Merakiクラウドアーキテクチャ</span></a> </li> </ul> </li> </ol> </div> </div> <div class="grape-footer grape-wrapper"> <div class="grape-wrapper-container"> <ol> <li class="grape-footer-copyright">© Copyright 2024 Cisco Meraki Documentation</li> <li class="grape-footer-powered-by"><a href="https://mindtouch.com/demo" class="mt-poweredby product " title="MindTouch" target="_blank"> Powered by CXone Expert <span class="mt-registered">®</span> </a></li> </ol> </div> </div> <div class="grape-footer-custom"> <div class="mt-custom-footer-container"><div class="mt-top-footer"><div class="mt-top-logo"><a href="http://meraki.cisco.com/" target="_blank" rel="external noopener nofollow" class="external"><img class="mt-cdn" src="https://documentation.meraki.com/@api/deki/site/logo?default=https%3A%2F%2Fdocumentation.meraki.com%2F%40cdn%2F%40style%2Fcommon-legacy%2Fimages%2Flogo.png" alt="Cisco-Meraki" /></a></div><div class="mt-top-external-links"><div class="mt-top-ul-container" id="top-Company"><h6 class="mt-top-ul-title">Company</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/about/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">About Meraki</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/jobs" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Careers</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/support/#policies:privacy" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Privacy</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/trust" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Trust</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/gdpr" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">GDPR</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/support/#policies:tou" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Terms of Use</a></li></ul></div><div class="mt-top-ul-container" id="top-Partners"><h6 class="mt-top-ul-title">Partners</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://www.merakipartners.com/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Partner Portal Login</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/partner/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Become a Partner</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/managedserviceproviders" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Manage Service Providers</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/solutions/serviceprovider" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Service Providers</a></li></ul></div><div class="mt-top-ul-container" id="top-getStarted"><h6 class="mt-top-ul-title">Get Started</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/form/contact/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Contact Us</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/form/demo/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Get a Demo</a></li><li class="mt-top-li"><a href="https://meraki.cisco.com/form/trial/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Start Your Trial</a></li></ul></div><div class="mt-top-ul-container" id="top-Resources"><h6 class="mt-top-ul-title">Resources</h6><ul class="mt-top-ul"><li class="mt-top-li"><a href="https://meraki.cisco.com/webinars/" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Webinars</a></li><li class="mt-top-li"><a class="mt-top-a internal" href="https://documentation.meraki.com/" rel="internal">Documentation</a></li><li class="mt-top-li"><a href="https://community.meraki.com/t5/Meraki-Community/ct-p/meraki" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Community</a></li><li class="mt-top-li"><a href="https://community.meraki.com/learninghub?utm_source=documentation&utm_medium=footer-learninghub" target="_blank" rel="external noopener nofollow" class="mt-top-a link-https">Learning Hub</a></li></ul></div></div></div><div class="mt-bottom-footer"><div class="mt-social-container"><ul class="mt-social-ul"><li class="mt-social-li"><a href="https://twitter.com/meraki" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-twitter link-https"></a></li><li class="mt-social-li"><a href="https://www.instagram.com/ciscomeraki/?hl=en" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-instagram link-https"></a></li><li class="mt-social-li"><a href="https://www.facebook.com/CiscoMeraki/" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-facebook link-https"></a></li><li class="mt-social-li"><a href="https://www.youtube.com/channel/UCimwNLMzVRMp7SUPVRNaqew" target="_blank" rel="external noopener nofollow" class="mt-social-a mt-icon-youtube link-https"></a></li></ul></div><div class="mt-copyright-container"><p>© 2024 Cisco Systems, Inc.</p></div></div></div> <script type="text/javascript">/*<![CDATA[*/ var feedback_btn = document.querySelector(".mt-feedback-button"); feedback_btn.innerText = "Request Update"/*]]>*/</script> </div> <script type="text/javascript" data-mindtouch-module="true" src="https://a.mtstatic.com/deki/javascript/out/standalone/ui.widget.helpWidget.js?_=76f77a33377b2f0da26a22ff3a2c3345f92f980b:site_13505"></script> </body> </html>