Wireless Infrastructure Boosts Business Results

By Greg Dolphin  |  Posted 2010-06-28

Dolphin Fast Food, which operates 19 Burger King franchises in Minnesota, maintains a wireless LAN at each restaurant to provide both public WiFi service for its customers and corporate wireless network access for its management. To comply with corporate and regulatory security mandates to keep these public, corporate wireless, and point-of-sale networks separated, Greg Dolphin, the company’s CEO, worked with a local service provider to consolidate the firm’s disparate and outdated wireless infrastructure. The upgrade enabled Dolphin to improve customer service, staff productivity and regulatory compliance, while reducing IT overhead costs.

In the fast, quick service restaurant (QsR) industry, WiFi Internet access has become a staple over the last five years. Customers bring their wireless laptops, PDAs and smartphones to our restaurants and expect to get online. Today, if you don’t offer wireless, you are just not competitive.

To accommodate our customers’ WiFi demands, we provide free guest wireless Internet access in each of our franchise dining rooms. At any of our 19 locations throughout Minnesota, we have upward of 30 customers a day logging on.

WiFi also makes our restaurant managers and visiting district managers more productive by enabling them to work on their laptops or PDAs in the dining room,. The corporate wireless networks give our managers on-site access to backoffice PCs, printers and video surveillance systems.

Our corporate LAN infrastructure includes more than 10 primary servers, including Dell PowerEdge models, and 80 Dell PC workstations, including Dell OptiPlex 755 and 745 models. Managers have wireless access to files, e-mail and other business applications via the store’s site-to-site VPN, using virtual IP technology, without having to use a software VPN client.

The corporate wireless network and staff wireless network apply the same service set identifier (SSID) and WiFi Protected Access (WPA) key, so staff can roam between our corporate office and restaurant locations using the same wireless profile. In addition, managers can gain Web access over the wireless network to log into Web-based point-of-sale consoles to administer the restaurants’ Sicom and QuikServe POS registers.

Though WiFi provides a valuable service for customers and a productivity boost for staff, it also adds the expense of acquiring, deploying and maintaining a secure, reliable wireless infrastructure. As a franchise operator, we need to comply with the requirements of Burger King Corp., including the ability to block content that’s inappropriate for family-themed restaurants. As a retailer conducting credit card transactions, we also need to com-ply with Payment Card Industry Data Security Standard (PCI DSS) regulations, including the ability to segregate our public customer WiFi traffic from our customer credit card information.

An Ad Hoc Implementation

When we built our wireless infrastructure, we found that we had cobbled together a fragile daisy chain of separate devices. For each restaurant, we would purchase, deploy, configure, power and maintain a separate VPN firewall for the back-office network, a separate wireless access controller and a separate router to split off the customer WiFi services from the POS network.

Unfortunately, as often happens with ad hoc implementations, this initial wireless deployment proved terribly unreliable, and ultimately ended up increasing our network’s complexity, downtime and costs. When any one of the devices on the chain had issues, it could undermine the entire wireless network. Wireless systems would lock up every day, and managers and customers would complain about losing their Internet connections.

In addition, our corporate headquarters and restaurant back-office computers were being hit with malware attacks that had overwhelmed our desktop antivirus software. When conducting quarterly self-audits to confirm our PCI standing, we would often discover multiple issues needing attention. Responding to these issues decreased the ability of my IT staff to focus on other business-critical initiatives.

We needed an effective solution to deal with these issues. From a business standpoint, it made sense to find a cost-effective solution that could consolidate all our disparate appliances in order to streamline administration, reduce power consumption, and provide greater security and reliability.

We didn’t want to overspend, but we needed a consolidated, comprehensive, reliable solution that would be easy to manage and maintain. Our first step was to call Mytech Partners, a local provider for solution acquisition, installation and configuration.

Getting Our Wireless Act Together

Mytech advised us to deploy SonicWALL TZ 190W wireless firewall devices at our distributed locations and a SonicWALL NSA 3500 network security appliance at corporate headquarters. The solution enabled us to consolidate the functionality of the three separate firewalls, controllers and routers at each site into one SonicWALL device, while still providing comprehensive firewall and gateway security services, multiple-SSID wireless connectivity, and site-to-site VPN. We found the user interface easier to use than competitive offerings.

Perhaps most significantly, the solution let us securely, efficiently and cost-effectively segment our public customer WiFi network from our corporate wireless network. Mytech helped us define the standard configuration, so, aside from a few minor issues, the deployment in the restaurants went seamlessly.

The new solution improved our ability to comply with both PCI and Burger King corporate policy. Security has been much tighter, and since the SonicWALL chipsets have integrated 3DES-AES encryption, we can now perform 3DES encryption without diminishing throughput.

We made our wireless networks as secure as our wired networks by encrypting wireless traffic and decontaminating it from malware threats, while protecting the network from wireless vulnerability attacks. Our quarterly self-audits report zero vulnerabilities. What’s more, the system sends our IT team alerts when potential threats show up on the wireless network traffic.

Now, we can apply dedicated authentication and privacy settings while sharing the same physical infrastructure, giving us logical segmentation of our customer and corporate wireless access. Only authorized managers are white-listed to have access through the firewall, and the rest of the world is locked out.

We cut the cost and complexity associated with acquiring, deploying, operating and administering separate multipoint products by consolidating multiple security technologies in one easy-to-administer solution. This greatly simplified the process of supporting WiFi communications at our restaurants. When it comes to outfitting new locations, we expect the up-front acquisition savings to be significant.

Our managers in the field say the solution has increased performance and productivity systemwide. By locking down back-office PCs, we save up to 8 hours a week that we had spent fighting spyware. Our three district managers each estimate saving up to 5 hours a week, and our 19 restaurant managers each estimate saving up to 4 hours a week by using remote video surveillance, remote back-office PC access and remote access to corporate servers, and by enabling IT to remotely support minor issues. The collective time saved equates to more than two full-time employee positions.

Our staff wireless network uses the built-in site-to-site IPSec (Internet Protocol Security) VPN functionality on Sonicwall TZ190W appliances to route most restaurant resources back to the SonicWALL NSA 3500 at our corporate office.

Customers and district managers can depend on reliable service, and our staff likes the ease of using wireless at the restaurants. VPN throughput has increased more than threefold, while providing higher levels of encryption. Between reducing the need for support for the store networking equipment and increasing functionality in supporting corporate on-site servers and staff, we have reduced IT support demands by up to 24 hours a month.

Exploring Broader Business Apps

We are currently exploring broader business applications for our wireless technology to improve customer relations and increase brand loyalty. One possibility is a dynamic redirection of customer Internet users to a guest authentication site that would reassure them of the security of our systems, educate them on appropriate Web use in our restaurants, and present them with special offers or online coupon codes.

We also see a need to use targeted signage and marquees to better promote the benefits of highly secure, reliable WiFi. In 28 percent of our actively tracked implementations, we’ve found that more than half of those using WiFi were return customers. In the future, we intend to compile metrics correlating WiFi use with repeat customer sales to help us measure ROI.

Next spring, we will work with Mytech to deploy a segregated and encrypted wireless network for our POS system. By enabling multiple SSIDs, the system will help us reduce WiFi frequency interference and deliver a more reliable wireless POS network.

The SonicWALL TZ 190Ws can automatically provision SonicPoint wireless access points, which can run using power over Ethernet. We expect this to greatly ease deployment of wireless POS systems in the drive-through areas. With drive-through wireless connectivity, we estimate a 10 percent reduction in the time from when customers order food to when they receive it.

By upgrading and consolidating our wireless technology, we have lowered costs and increased customer service, staff productivity and data security. That’s one bargain I find easy to swallow.

Greg Dolphin is the CEO of Dolphin Holdings. He also serves as the chairman of the National Association Management Group.