7-Eleven Stores, Oklahoma City

Challenges

  • Required ease of network management — because 7-Eleven manages its convenience stores from its corporate office, it was in search of a WLAN that wouldn’t add burden to the IT staff
  • The new WLAN must enable compliance with the Payment Card Industry (PCI) requirements for wireless networks as well as to prevent any network intrusion
  • In search of a network with the resiliency to maintain wireless connectivity in the stores even if a WAN link or a management server failed

Results

  • 7-Eleven liked Aerohive’s Cooperative Control wireless LAN architecture because its access points require no network controllers or overlay networks
  • The APs in each of the 7-Eleven Stores are managed from a single HiveManager located in the Oklahoma City corporate office
  • An integrated stateful firewall in every AP provides the wireless segmentation required by the PCI DSS specification
  • Aerohive's Wi-Fi architecture and the APs provide many of the security components the 7-Eleven Stores require, with features including 802.11i (WPA2), wireless IDS, 802.1X authentication, rogue detection, and guest access control

Aerohive Cooperative Control Wireless LAN Brings Convenience Store Chain Unparalleled Network Management and Cost Savings

The 7-Eleven Convenience Stores concentrated in Central Oklahoma are independently owned. The company desired a wireless LAN in each of its convenience stores to enable employees to use wireless handheld scanning devices to deliver data to a Retalix inventory control and Demand AnalytX (DAX) system. The DAX system enables the stores’ inventories, especially the most expensive items, to be carefully monitored and adjusted, streamlining operations and saving dollars.

The Challegne

The company manages its convenience stores from its corporate office in Oklahoma City. To avoid needlessly burdening the IT staff, ease of network management was one of the primary wireless LAN selection criteria. As a retail organization, security was an equally important requirement. While inventory information, and not credit card information, is the only data that transits the wireless LAN, the company wanted to comply with the Payment Card Industry (PCI) requirements for wireless networks as well as to prevent any network intrusion. Finally, the company desired a network with the resiliency to maintain wireless connectivity in the stores even if a WAN link or a management server failed.

Evaluating the Alternatives

The company first considered deploying an autonomous, or “fat”, wireless LAN access point in each store. This alternative was found to be too cumbersome to manage, as each access point would require manual monitoring and maintenance through a command- line interface. The security of these first-generation access points was also a concern, and certain vendors even suggested that their offerings were nearing end-of-life.

Wireless LAN solutions that used centralized controllers to provide the management and security missing from fat access points were also rejected. Plainly, purchasing a network controller to sit alongside the single access point deployed in each 7-Eleven store would be far too expensive. Alternative controller-based architectures, including arrangements in which the stores would share one or more controllers, were also rejected as being too costly, complicated, and vulnerable to failure.

Solution

Ultimately, “cooperative control” wireless LAN equipment from Aerohive was selected for the Oklahoma 7-Eleven Stores. Aerohive cooperative control access points require no network controllers or overlay networks. Instead, software in the APs enables them to self-organize into groups called “hives” and to share network control information. The result is enterprise-class network management and security without the cost, performance, and availability issues associated with controller deployments.

Remote Network Management

The Aerohive Networks HiveManager Network Management System (NMS) provides a single centralized management instance for the entire wireless network. A HiveManager is not a network controller and is not required to operate a hive of APs. When used, HiveManagers simplify provisioning for global policy management and provide centralized configuration and monitoring. The APs in each of the 7-Eleven Stores are managed from a single HiveManager located in the Oklahoma City corporate office, a valuable convenience to the company’s IT staff.

Zero-Configuration Deployment with HiveManager

The HiveManager also made deploying APs in the 7-Eleven Stores incredibly simple. First, unconfigured APs were connected to the network in each store and allowed to discover the HiveManager. Then, configuration data was pushed from the centrally located HiveManager to the newly installed APs. This plug-and- play capability enabled the deployment of the wireless inventory control system, including the Aerohive APs, to an average of eight to ten stores each week. With the deployment nearly completed, the company reports that the process has been trouble-free and that the Aerohive wireless LAN is performing perfectly.

Results

Like other retailers, the 7-Eleven Stores are subject to Payment Card Industry Data Security Standard (PCI DSS) requirements for wireless networks. As a result, security of the wireless LAN is critical. Aerohive’s cooperative control architecture and the APs provide many of the security components the 7-Eleven Stores require, with features including 802.11i (WPA2), wireless IDS, 802.1X authentication, rogue detection, and guest access control. Aerohive APs also integrate easily with third-party solutions, such as Microsoft NAP- and TNC-based systems, that enforce endpoint compliance checking.

An integrated stateful firewall in every AP provides the wireless segmentation required by the PCI DSS specification. The firewall has a multi-level response mechanism that can log, block, disassociate, or disassociate-and-ban wireless clients in response to particular attacks. In addition, in-line Layer 2, Layer 3, and Layer 4 denial- of-service (DoS) protection ensures that wireless clients do not consume too much wireless bandwidth or overload buffers, helping to prevent DoS.

The HiveManager also helps organizations to meet the administrative requirements of PCI by centrally managing and pushing enterprise- wide policy changes and confirming and updating passwords and AP configuration settings.

What’s Next for the 7-Eleven Stores and Aerohive? In the future, the Oklahoma 7-Eleven Stores may run additional applications on the Aerohive wireless LAN. For example, delivery truck drivers may be equipped with handheld devices of their own, enabling them to log deliveries, print invoices, and perform other useful tasks using the network. Their very own bakery and distribution drivers may be the next users.

Resources

Industries

Articles

Video