Skip to main content

Chain Stores

Last Updated: November 10, 2024

F
Written by Franny
Updated over 11 months ago

Coverage: Retail Stores / Food / Coffee Chain Stores

Chain stores can expand rapidly and must frequently adjust their locations to stay competitive. When planning the networking infrastructure, it’s important to consider not only the key operations for each store but also central management, easy volume deployment, and remote debugging.

Each store consideration:

  • Enterprise-grade Internet Connectivity to ensure connectivity with headquarters

  • POS system

  • Inventory Management System

  • Kitchen Management System

  • IoT Connectivity

  • Digital Signage

  • Surveillance System

  • Guest WiFi

Central Management

  • Scalability of the whole networking system

  • Easy deployment for high flexibility and volume configuration

  • Secure connections for volume stores

VLAN Segmentation Design

There are many services in each store that some business-sensitive services like POS, Inventory Management System, Kitchen Management System need to have separated VLANs and connect back to headquarter securely. Digital Signage could be a separate VLAN to connect back to central media management system.

Enterprise-Grade Internet Connectivity

As each store needs to send business-sensitive data back to HQ, VPN connections can leverage the Internet to save costs and provide a security tunnel between each store and HQ, so Internet connectivity becomes important:

  • EnGenius ESG VPN routers provide dual-wan connectivity to allow each store to connect through 2 different ISPs for ISP service redundancy consideration so that the administrator can redirect business-critical VPN traffic to WAN1 as the primary link and can fail over to WAN2 if ISP1 link is down, while other Internet access traffic can redirect to smaller bandwidth WAN2 link to prevent from causing congestion with WAN1

  • EnGenius ESG also provides a cellular connection and allows the administrator to define a fail-over priority so that when the primary link is down, traffic can be redirected to either the secondary WAN or cellular.

    IOT Connectivity

IoT devices like POS, bar-code scanners, printers, kiosks need to connect to the network wired or wirelessly. Consider using one SSID for IoT connection in the stores.

  1. If the IoT network shares with “Staff SSID” with authentication

    1. Use the “VIP” feature to allow “authorized IoT MAC” devices to bypass captive portal authentication

    2. Or use “MAC-base Authentication” to list those IoT devices in the radius server, so that the IoT devices are authorized without credential entry required.

  2. If dedicated “IoT SSID” for the IoT devices

    1. Use “Allowlist” to let “authorized IoT MAC” devices be able to access the SSID ONLY

Digital Signage

Digital signage in the store not only provides instant menus digitally for global price change but also provides instant promotion and advertisements. Usually, there is a media player in each store to stream the video to digital signage TV screens, and the content is pushed from the central media management system, so all stores can synchronize the content. The availability and Video Traffic prioritization for Media Player or surveillance cameras becomes critical.

  1. Media player can be down and hard to debug remotely. Consider using EnGenius PDU (Power Distributed Unit)to be able to power on/off media players or POS remotely to save on-site support cost, and the PDUs are all managed through EnGenius single pane of glass

  2. Since Central Media Management system can push content to each Media Player, the "source" protection is required to prevent third-party hackers to push unauthorized content. ESG Firewall and Port Forward protection is required to protect inbound traffic from authorized sources only.

  3. Use AVXpress to prioritize Video traffic to a higher priority than other internet access traffic.

Staff Authentication

Staff can come and go or transfer from one store to another store that the authentication privilege needs to be well-managed.

  1. Control staff network access rights with the centralized authentication server like Radius server, AD server, Entra ID..etc.
    Create “Staff SSID” for staff network access.

    1. High Security: Use customers’ authentication server for Access control

      1. Captive portal > Customer Radius or AD servers

    2. Basic security: Use WPA-personal with a unique staff “Passphrase”

      1. Wireless > WPA-Personal

Multi-location Management and Planning

When the store number keeps growing, configuration and management become a big challenge. The administrator needs to make sure the devices shipped to each store work properly and when there is a configuration change, make sure that all stores can have the same configuration. There are some key things to consider:

Scalability

All chain store businesses would like to expand their stores and adjust the location from time to time. The network design has to be scalable without fine-tuning and the networks should be able to easily add or remove stores.

  • EnGenius Cloud has proven to be able to adopt over 7000 stores and over 21,000 devices in one chain-store company

  • EnGenius provides "Backup & restore" to different Networks so administrator can easily clone full configuration of one store to the other.

Secure and Redundant Networks

  • EnGenius Cloud manages each device remotely through multi-factor authentication process and provides 99.99% SLA of Cloud service.

  • Multi-factor authentication can also apply to administrators for secure access

  • Since there is only management plane data goes to EnGenius Cloud, user data flows through local network without redirecting to EnGenius Cloud nor storing on the Cloud. So even if there is Internet link issue or Cloud connectivity issue, the local network of each store can still work properly.

Design Plan from Best Practice

  1. Create a Network for each store

    1. Since most of the stores have same or similar design and configuration, use "Clone Network when creating a new Network.

    2. If each device has the same configuration, you can use the Device Template feature to apply it across all devices of the same model.

  2. Add the HV (hierarchical view) to group the Store Networks for high visibility, just like creating layers of folders, say, US > LA > Irvine > Woodbury.

  3. In the case of volume deployment if there are more than 500 Networks in an Organization, then Multiple organization is highly recommended and use MSP Portal to manage these Organizations.

    1. Consolidation: Inventory and licenses are all managed within one Organization. To manage multiple Organizations, MSP Portal allows admin to see all inventory and licenses under one place

    2. Team management: To manage the support teams to have different privileges of different Organizations, MSP portal offers a way to manage Org Administrators with a “Team” concept that when support engineers come and go, the MSP administrator simply needs to manage the “Team member” without hassling the privilege of each individual.

    3. Single Sign-On integration with MSP authentication server

    4. Since most Organizations share the same configuration, MSP portal also allows cloning Organizations.

Vertical Application Wizard

(Chain Stores - Retails, Coffee shop…)

Leads to Key Features (PRO)

Control staff access rights with the Authentication Server

Captive Portal > Custom Radius / AD

IoT (POS, Scanner… etc.) Connection

VIP, MAC authentication and Whitelist

Remote reboot of POS and Media Players

PDU

Firewall protection for the Media Players

ESG Firewall and Port forwarding for In-bound protection

Media Player and surveillance traffic prioritization

AVXpress

Network plan for each store

Clone Networks, HV, Device Template

Big deployment >500 stores (Networks)

MSP Portal

Related Articles
MSP Portal
Business Offices
Hospitality
Service Apartment or Dormitory
Client Access Control
Did this answer your question?