So the company that I work for is a retailer with a couple hundred locations.\u00a0 Our IT backend has slowly been improving, but as a department we are perpetually understaffed and underfunded.\u00a0 This kind of explains the state of the network equipment in our stores.\u00a0 It’s a little embarrassing, really, but we are finally working to make it better.<\/p>\n
Our current setup in our stores is a Cisco 1841 router and a 2950 24-port switch.\u00a0 That’s it.\u00a0 WAN connectivity is a T1.\u00a0 The switch has a couple VLANs on it for regular network equipment and for the POS system.\u00a0 The router has some ACLs controlling access to\/from the network segments. \u00a0 Honestly this was some pretty cool stuff in 2005.\u00a0 It was even acceptable when these pieces of equipment went end-of-sale in 2007.\u00a0 But here we are 8 years later.<\/p>\n
This setup has allowed us to pass PCI for a couple years now, but with the new PCI 3.0 rules, a stateful firewall is required, and we won’t be able to coast another year. \u00a0 Combine this new requirement with some high-profile breaches from Target and Home Depot, and our management is finally scared enough to give us the money to modernize our store IT infrastructure.\u00a0 And since we finally get a chance to redesign the store network with a clean sheet, we are doing our best to make sure that the new design is as secure as we can make it, is scalable, has room for expansion and extension to things we haven’t thought of yet, and is thoroughly kick-ass.\u00a0 And most importantly, this whole project will require a store visit to every store to rip and replace, so we can actually change things, and not be beholden to decisions that were hastily made 10 years ago and have been a millstone around our necks ever since.<\/p>\n
Can you tell I’m excited about this?<\/p>\n
We started this project by planning out what we want the network to look like.\u00a0 It came down to several whiteboarding sessions, with careful consideration of what our stores look like now, what they SHOULD look like now, and what decisions we can make now to ensure that we (or our successors) won’t be cursing us 5 or 10 years down the line.<\/p>\n
Once we got our design 95% finalized, we started to think about what equipment and systems we would need to make it all happen.\u00a0 Some of it was obvious or pre-ordained (like the wireless solution, which I will discuss in a future post), but there were three places where we knew that we need a piece of equipment, and need to decide what would fill that role.\u00a0 First, and most obviously, we need a firewall.\u00a0 Second, we need a new switch.\u00a0 A bit of luck happened on this front, which allowed us to bypass the beancounter (yes, singular) a bit and get something much better than we otherwise would have been allowed to get.\u00a0 Third, we need a router.\u00a0 In our new design the router is no longer the single point of security enforcement like it was before, but the fact is, every one of our stores has a T1 on MPLS, so we need a router to connect to it.\u00a0 Honestly, if there was such thing as an Ethernet-to-T1 media converter, we would have used it, but there isn’t, so a-router-shopping we will go.<\/p>\n
As I’m writing this, most of the decisions on this project have been made already.\u00a0 I’m writing it all up, because maybe somebody else will be able to get something out of the work that we put into our evaluations of different equipment.\u00a0\u00a0 I will write some future posts detailing the evaluation process for the equipment that we chose, the decisions we made, and how things have shaked out, but I think this will do for now.<\/p>\n
To read more about this project, follow the tag New Store Architecture<\/p>\n
<\/p>\n
<\/p>\n
Currently drinking: Cruzan rum and IBC root beer<\/em><\/p>\n","protected":false},"excerpt":{"rendered":" So the company that I work for is a retailer with a couple hundred locations.\u00a0 Our IT backend has slowly been improving, but as a department we are perpetually understaffed and underfunded.\u00a0 This kind of explains the state of the … Continue reading