Embed Size (px)
Citation preview
BEST PRACTICES FOR RETAIL
DEPLOYMENTS
RACHNA SRIVASTAVAFAN GU
VeloCloud Networks Proprietary & Confidential | © Copyright 20172
EVOLUTION OF THE RETAIL STORE
Digital Signage, & Kiosks
Virtual Desktop
Guest Wi-Fi Internet
Mobile & Web Point-of-Sale
Virtual Assistant
Physical Security Devices
Tablets & Smart Devices
Digital Catalogs
Video Training
Infinite Inventory Couponing, Loyalty, CRM
“Stores providing unique in-store experiences will thrive.”
HVAC
Self Checkout
VeloCloud Networks Proprietary & Confidential | © Copyright 20173
CHALLENGES IN RETAIL
Secure and Reliable
ConnectivityCompliance
Bandwidth Needs –
voice, video, custom apps
Cloud application
access – loyalty apps
Bringing up stores fast
Cost is an important consideration
VeloCloud Networks Proprietary & Confidential | © Copyright 20174
VELOCLOUD CLOUD-DELIVERED SD-WAN FOR RETAIL
WirelessVideoCloud UC IoT
1. Assured performance of all critical retail apps over any transport
3. Service insertion for Security services
4. Enterprise-wide visibility into application usage and performance
6. Traffic prioritization for cloud applications and infrastructure
5. Secure SaaS and IaaS access directly from the branch without the need to
backhaul to Data Center
2. Bandwidth maximization through WAN circuit
aggregation7. Reduced security exposure to threats with network traffic segmentation
VeloCloud Networks Proprietary & Confidential | © Copyright 20175
RETAIL WAN OF THE FUTURE
VideoCloud UC IoT Wireless
Application Prioritization
Secure Internet Secure Internet
Bandwidth Maximization Bandwidth Maximization
Guaranteed QoE
No Backhaul No Backhaul
Visibility Visibility
Simplified Management & Deployment
VeloCloud Networks Proprietary & Confidential | © Copyright 20176
KEY PILLARS OF CLOUD-DELIVERED SD-WAN FOR RETAIL
Assured Application Performance Security and Compliance Segmentation
VeloCloud Networks Proprietary & Confidential | © Copyright 20177
APPLICATION PERFORMANCE
Assured application performance over any transport link
Continuous link monitoring
Dynamic per packet steering
On demand remediation
Policy-based Quality of Service
VeloCloud Networks Proprietary & Confidential | © Copyright 20178
APPLICATION PERFORMANCE IN ACTION
• Enhanced application performance for critical retail applications such as Omnichannel, CRM, loyalty and gift card, Inventory and payment integration
• Prioritize UC traffic with DMPO, avoid dropped calls and poor voice quality – eg Skype calls
VeloCloud Networks Proprietary & Confidential | © Copyright 20179
SECURITY AND PCI COMPLIANCE
9
VCO
EntA-Branch PCI Network
Partner Gateway
GUESTPCI Direct IPSec
EntA-Hub
• IPsec with AES 256• PKI• Local Access Control• Segmentation
• Multi-tenant • TLS 1.2• Role-based access control / Radius• 2-Factor Authentication• Event and firewall logs / APIS• Built-in certification server
Data-Plane
Orchestration
Stateful and context-aware security
VeloCloud Networks Proprietary & Confidential | © Copyright 201710
CLOUD SECURITY INTEGRATIONCloud Security Service
Branch Site
CorporateDatacenter
VeloCloudEdge Hub
VeloCloud Edge
VeloCloudGateway
Dynamic Multi-Path Optimization
Dynamic Multi-Path Optimization
Non-O
verla
y IPS
ec
(Futu
re)
Automated tunneling eliminates site by site configurations
VeloCloud Dynamic Multipath Optimization delivers application performance and reliability to cloud
Single-click Application-Aware Policiesfor granular service insertion
VeloCloud Networks Proprietary & Confidential | © Copyright 201711
VELOCLOUD VIRTUAL SERVICES PLATFORM
3rd-Party Firewall VNF on Edge
Virtual Ready (V) Edges
2H17
VeloCloud Networks Proprietary & Confidential | © Copyright 201712
SEGMENTATIONIncrease reliability and efficiency of your retail environment
Reduce exposure to security threats
Simple management interface to segment network into PCI traffic, guest traffic, corporate traffic and more
Segment-aware topology
Isolation & overlapping IP
Cloud & on-premises
Scalable roll-out
Corp
Corp
VeloCloud Networks Proprietary & Confidential | © Copyright 201713
SEGMENTATION IN ACTION
• Admins define segments for retail• Guest traffic is separated from corporate traffic• PCI traffic is further isolated• Simplification with Global Segment ID
• Per VLAN firewall rules or IPSec tunnels not required
• Topology for each segment can be different• Dynamic branch to branch for voice• Backhaul guest traffic to central FW
• Overlapping IP in different segments supported
Step 1 Enable Segment (operator)
Step 2 Define Segments
Step 3 Configure Segment aware Profile
VeloCloud Networks Proprietary & Confidential | © Copyright 201714
MULTI-TENANT CPE
Tenant ATenant BTenant C
Per Tenant QoS and DMPO
Shared Tenant Site Use Case
• Per tenant management portal view• Per tenant QoS and Dynamic Multi-Path Optimization• Overlay Bandwidth Cap
NEW
VeloCloud Networks Proprietary & Confidential | © Copyright 201715
VELOCLOUD CLOUD-DELIVERED SD-WAN FOR RETAIL
Branch Edges( Appliance or
Virtual)
Cloud Gateways- Purpose built SD-WAN edge
for multi-tenant cloud
SaaS / IaaS / Backbone
Zero touch deployments, outcome driven networking (routing, segmentation, service insertion, security), operations & troubleshooting
Direct cloud access with performance, reliability and security- SaaS, IaaS, cloud services, provider networks
Simplified WAN Management
Managed on-ramp to the cloud
Datacenter Edges
Transport independent performance for the most demanding apps, leverages economical bandwidth
SD-WAN Overlay
Assured Application Performance
Private /MPLS 3G/4G LTE
Internet Broadband
VeloCloud Networks Proprietary & Confidential | © Copyright 201717
MULTI-TENANT AND MULTI-SEGMENT
VoiceInternetData1
InternetData2
Ent C
Ent D
Partner 2
VoiceInternetData1
InternetData2
Ent A
Ent B
Partner 1
Operator Partner Enterprise
Manage Partners Co-manage Enterprise Enterprise Dashboard View and manage Enterprise
e.g. Manage Gateways e.g. Enable services e.g.Segment aware business policies
Managed by Partner 1Managed by Operator
Managed by Enterprise A
VeloCloud Networks Proprietary & Confidential | © Copyright 201718
SECURE SD-WAN
VeloCloud Networks Proprietary & Confidential | © Copyright 201719
SAAS/IAAS ACCESS IN ACTION
Site to site SD-WAN plus benefits of cloud gateways for SaaS/IaaS
• Intelligent traffic routing based on app awareness• Accelerated access to cloud apps such as Office 365
with uncompromised performance• Corporate traffic can be routed via the Hub
Cloud Gateway
VeloCloud Networks Proprietary & Confidential | © Copyright 201720
IAAS/SAAS ACCESS
Site to site SD-WAN plus benefits of cloud gateways for IaaS/SaaS
IaaS
SaaS
Avoid backhaul of internet traffic through the regional hub
Simplified infrastructure deployment due to reduced number of tunnels
Multi-tenant gateways and orchestrator enables cost-effective solutions for retail customers
Cloud Security Integration enables reliability
IPSec
Edge Cloud Gateway Cloud Apps
VeloCloud Networks Proprietary & Confidential | © Copyright 201721
SIMPLE AND SECURE VPN
• Unified VPN over all transports
• Cloud gateway eliminates NxN manual tunnel setup
• Scalable PKI - integrated CA
• Pairwise key and central Orchestrator
• AES-256+SHA2
