Aerohive simplifies enterprise networking by reducing the cost and complexity of today's networks.
7-Eleven Stores, Oklahoma CityDownload PDF
- Required ease of network management — because 7-Eleven manages its convenience stores from its corporate office, it was in search of a WLAN that wouldn’t add burden to the IT staff
- The new WLAN must enable compliance with the Payment Card Industry (PCI) requirements for wireless networks as well as to prevent any network intrusion
- In search of a network with the resiliency to maintain wireless connectivity in the stores even if a WAN link or a management server failed
- 7-Eleven liked Aerohive’s Cooperative Control wireless LAN architecture because its access points ("HiveAPs") require no network controllers or overlay networks
- The HiveAPs in each of the 7-Eleven Stores are managed from a single HiveManager located in the Oklahoma City corporate office
- An integrated stateful firewall in every HiveAP provides the wireless segmentation required by the PCI DSS specification
- Aerohive's Wi-Fi architecture and the HiveAPs provide many of the security components the 7-Eleven Stores require, with features including 802.11i (WPA2), wireless IDS, 802.1X authentication, rogue detection, and guest access control
Convenience stores gain security, efficiencies with Aerohive Wi-Fi
Aerohive Cooperative Control Wireless LAN Brings Convenience Store Chain Unparalleled Network Management and Cost Savings
(read the press release)
THE 7-ELEVEN STORES CONCENTRATED IN CENTRAL OKLAHOMA ARE INDEPENDENTLY OWNED. THE COMPANY DESIGNED A WIRELESS LAN in each of its convenience stores to enable employees to use wireless handheld scanning devices to deliver data to a Retalix inventory control and Demand AnalytX (DAX) system. The DAX system enables the stores' inventories, especially the most expensive items, to be carefully monitored and adjusted, streamlining operations and saving dollars.
Key Requirements: Manageability, Security, Resiliency
The company manages its convenience stores from its corporate office in Oklahoma City. To avoid needlessly burdening the IT staff, ease of network management was one of the primary wireless LAN selection criteria. As a retail organization, security was an equally important requirement. While inventory information, and not credit card information, is the only data that transits the wireless LAN, the company wanted to comply with the Payment Card Industry (PCI) requirements for wireless networks as well as to prevent any network intrusion. Finally, the company desired a network with the resiliency to maintain wireless connectivity in the stores even if a WAN link or a management server failed.
"AEROHIVE TREATED US LIKE A PARTNER WITH A COMMON INTEREST. COMBINED WITH THE COST, NETWORK MANAGEMENT, AND SECURITY BENEFITS THE COOPERATIVE CONTROL ARCHITECTURE DELIVERS, THE OUTSTANDING SERVICE AND PROFESSIONALISM OF THE AEROHIVE TEAM SEALED THE DEAL FOR US."
Evaluating the Alternatives
The company first considered deploying an autonomous, or "fat", wireless LAN access point in each store. This alternative was found to be too cumbersome to manage, as each access point would require manual monitoring and maintenance through a command-line interface. The security of these first-generation access points was also a concern, and certain vendors even suggested that their offerings were nearing end-of-life.
Wireless LAN solutions that used centralized controllers to provide the management and security missing from fat access points were also rejected. Plainly, purchasing a network controller to sit alongside the single access point deployed in each 7-Eleven store would be far too expensive. Alternative controller-based architectures, including arrangements in which the stores would share one or more controllers, were also rejected as being too costly, complicated, and vulnerable to failure.
Cooperative Control Architecture from Aerohive
Ultimately, "cooperative control" wireless LAN equipment from Aerohive was selected for the Oklahoma 7-Eleven Stores. Aerohive cooperative control access points ("HiveAPs") require no network controllers or overlay networks. Instead, software in the HiveAPs enables them to self-organize into groups called "hives" and to share network control information. The result is enterprise-class network management and security without the cost, performance, and availability issues associated with controller deployments.
- A WIRELESS LAN WAS REQUIRED TO ENABLE THE OKLAHOMA 7-ELEVEN STORES TO DEPLOY A SOPHISTICATED INVENTORY CONTROL SYSTEM.
- THE AEROHIVE CONTROLLER-LESS WIRELESS LAN SOLUTION COST FAR LESS THAN CONTROLLER-BASED ALTERNATIVES WHILE PROVIDING NECESSARY MANAGEMENT AND PCI SECURITY.
- AEROHIVE'S HIVEMANAGER NETWORK MANAGEMENT SYSTEM ENABLES THE ORGANIZATION TO MANAGE EACH STORE'S WIRELESS ACCESS POINT REMOTELY.
- THE HIVEMANAGER ALSO ENABLES ZERO CONFIGURATION NETWORK DEPLOYMENT FOR RAPID AND TROUBLE-FREE INSTALLATION AT REMOTE LOCATIONS.
Remote Network Management
The Aerohive Networks HiveManager Network Management System (NMS) provides a single centralized management instance for the entire wireless network. A HiveManager is not a network controller and is not required to operate a hive of HiveAPs. When used, HiveManagers simplify provisioning for global policy management and provide centralized configuration and monitoring. The HiveAPs in each of the 7-Eleven Stores are managed from a single HiveManager located in the Oklahoma City corporate office, a valuable convenience to the company's IT staff.
Zero-Configuration Deployment with HiveManager
The HiveManager also made deploying HiveAPs in the 7-Eleven Stores incredibly simple. First, unconfigured HiveAPs were connected to the network in each store and allowed to discover the HiveManager. Then, configuration data was pushed from the centrally located HiveManager to the newly installed HiveAPs. This plug-and-play capability enabled the deployment of the wireless inventory control system, including the Aerohive HiveAPs, to an average of eight to 10 stores each week. With the deployment nearly completed, the company reports that the process has been trouble-free and that the Aerohive wireless LAN is performing perfectly.
Security at the Network Edge
Like other retailers, the 7-Eleven Stores are subject to Payment Card Industry Data Security Standard (PCI DSS) requirements for wireless networks. As a result, security of the wireless LAN is critical. Aerohive's cooperative control architecture and the HiveAPs provide many of the security components the 7-Eleven Stores require, with features including 802.11i (WPA2), wireless IDS, 802.1X authentication, rogue detection, and guest access control. HiveAPs also integrate easily with third-party solutions, such as Microsoft NAP- and TNC-based systems, that enforce endpoint compliance checking.
An integrated stateful firewall in every HiveAP provides the wireless segmentation required by the PCI DSS specification. The firewall has a multi-level response mechanism that can log, block, disassociate, or disassociate-and-ban wireless clients in response to particular attacks. In addition, in-line Layer 2, Layer 3, and Layer 4 denial-of-service (DoS) protection ensures that wireless clients do not consume too much wireless bandwidth or overload buffers, helping to prevent DoS.
The HiveManager also helps organizations to meet the administrative requirements of PCI by centrally managing and pushing enterprise-wide policy changes and confirming and updating passwords and HiveAP configuration settings.
What's Next for the 7-Eleven Stores and Aerohive? In the future, the Oklahoma 7-Eleven Stores may run additional applications on the Aerohive wireless LAN. For example, delivery truck drivers may be equipped with handheld devices of their own, enabling them to log deliveries, print invoices, and perform other useful tasks using the network. Their very own bakery and distribution drivers may be the next users.