Retailers, like many other businesses, need to securely connect their locations with each other and with central datacenters (commonly located at headquarters). The unique challenges of mid-size and large retail companies—coupled with the inherent limitations of common technologies like VPNs, MPLS links, and appliance-based SD-WANs—can only be effectively met by cloud-based SD-WAN as a service (SDWaaS) solutions.
The challenges of retail WANs
Establishing secure, reliable, cost-effective, scalable, high-performance, enterprise-wide WANs in retail can be even trickier than in other industries for a number of reasons. Many of them stem from the fact that retail companies and franchises can differ greatly from the simple WAN topology previous WAN solutions were designed for: of one central datacenter with remote branch offices.
One difference is often the scale of retail companies. Some retailers can have hundreds or thousands of locations within a region. Backhauling all the internal and Internet-bound traffic for those locations through one or a few datacenters exacerbates the trombone effect and reduces network resiliency by creating a single point of failure. This leads to high latency and packet loss, and thus slow performance for users of internal file or Sharepoint servers, business-critical internal and SaaS apps, corporate email, VoIP, and teleconferencing. Despite their high cost, MPLS links are unable to solve this fundamental problem in the “hub and spoke” network model.
Enabling the individual stores to directly access the Internet would relieve some of that congestion on the costly and low-bandwidth MPLS links, but it would also increase the attack surface of the WAN itself. To guard the now greatly expanded network perimeter, retail companies would have to purchase, deploy, configure, maintain, update, and eventually upgrade the firewall and unified threat management (UTM) appliances for every store location. That’s a time-consuming process and adds a lot of complexity and cost for retail IT teams to bear.
Also, just as MPLS can’t fix the latency and packet loss caused by trombone routing, IPsec VPNs offer no protection to WAN users who access the Internet.
Another challenge can be the scale of the remote locations themselves. Some stores may be quite small, staffed by only a few people. Consequently, these types of stores tend to generate much less income than say the remote office of an accounting or law firm. This is especially true for retailers who operate in low-margin markets. The large capital and operational costs required by both MPLS and security appliances may not even be affordable for such locations, let alone technically feasible.
A third obstacle can be the bandwidth requirements of the store locations themselves. A small footprint doesn’t necessarily mean small data needs. Consider the following scenarios:
- Some stores provide HD streaming video for customers to watch while they wait for service
- Store computers will need ample bandwidth for application and operating system updates
- A store which extensively uses video-based employee training
- Consumer electronics and computer stores which must access cloud accounts to sync user data (including photos, music, and recorded video) and applications on newly activated devices on-site.
Note that all this is in addition to the point-of-sale (POS) traffic which stores rely on for revenue.
Finally, franchises add yet another wrinkle, since the franchisee controls the networking infrastructure, posing another hurdle to large scale deployment, configuration, updating, and maintenance of network edge appliances by the franchise’s IT organization.
Traditional SD-WAN is a hard sell
First-generation SD-WANs do a great job of utilizing the MPLS bandwidth by reserving it only for the apps that need it. These appliance-based SD-WANs route all other WAN traffic over the Internet using whatever links are available (e.g. cable, DSL, 4G, fiber, T1).
Of course, as we pointed out above, augmenting MPLS this way still doesn’t solve the major challenges retail companies face, forcing many of them to skip MPLS altogether. If MPLS isn’t used in an enterprise WAN, then there’s little reason to use the traditional SD-WANs. Everything should go over the Internet encrypted, and the corporate WAN should be a seamless, secure, and high-performance (i.e. high bandwidth, low latency and packet loss) overlay on top of the organization’s Internet connectivity.
In other words, SDWaaS.
How global SD-WAN as a Service keeps merchants open for business
SDWaaS is essentially a cloud-based SD-WAN accessed via last mile Internet, with a global backbone which has an integrated security stack as well as performance and reliability backed by an SLA. SDWaaS solutions can replace VPN appliances, firewall appliances, and MPLS, since network connectivity and security are converged into a single platform. This convergence simplifies network management and gives users a single point of contact and saves them the hassle of working with multiple service providers and equipment vendors. SDWaaS is also fast and easy to deploy, configure, and re-configure through a web-based dashboard.
Cloud-based SDWaaS delivers MPLS performance at Internet price. There are none of the traffic congestion and high bandwidth costs associated with MPLS, nor the cost and tedium of maintaining a fleet of VPN and UTM appliances. All store locations can access the Internet directly and safely, while internal traffic flows through much larger and more affordable Internet data pipes.
With SDWaaS, retailers can focus on closing sales, not security holes.