- Swedish company has warehouses & stores in 17 countries in Europe, Asia & Africa
- Branches equipped with MX Security Appliances for site-to-site VPN connections
- IT team configured & planned deployments using dashboard, without going on-site
Hydroscand AB is the market leader in hydraulic hose and fluid component sales in Scandinavia with a mission to continuously meet the increasing needs of customers, while remaining efficient and profitable. The company has grown significantly since its establishment in 1969 as a small family business in Stockholm. Just a few decades later, it has expanded to include warehouses, distribution stores, and offices throughout Europe, supporting thousands of customers in 17 countries in Europe, Asia, and Africa.
With such a distributed organization, having a simple to manage, unified network was critical to the company’s on-going growth. However, in addition to the high density usage in their offices, Hydroscand had numerous other concerns to take into consideration, including highly dispersed locations and warehouses with challenging wireless environments. “Warehouses around EMEA and APAC have steel shelves packed with steel reinforced hoses, valves, and hose fittings,” explained Ronnie Wallman, Systems Engineer at Hydroscand AB. “And last, but not least, the fluorescent lights, jitter, radio signals, and cross-talk from forklift loading stations cause even more problems in our high density environment.”
Wireless connectivity supports a variety of employees using mobile devices and handheld scanners, shared devices like wireless printers, and equipment used in emergency situations. The answer provided by the previous wireless solution was to add more access points to increase coverage, merely masking the problem. Armed with a list of infrastructure requirements, Wallman began looking at other vendors, gradually eliminating solutions due to added costs, missing feature sets, or lack of transparency. “We had all of our demands written down,” said Wallman of the process. “Price, firewall, encryption, scalability, high availability, hardware for anything from small branches to warehouses, manageable for a small IT staff...” the list goes on.
Initially, Hydroscand purchased a mix of Meraki datacenter security appliances, Layer 2 and Layer 3 switches, and high performance 802.11ac wireless access points to outfit their headquarters, Stockholm warehouse, and brand new Estonia warehouse. Installing the devices in the headquarters location and the Stockholm warehouse were important, but the top priority was the new warehouse in Estonia, which was in the process of being built.
The Meraki solution works out great. We easily deploy new sites and get reports on what’s going on in our network every day. Also, you get simplicity - one thing that could take hours to do is now done over a cup of coffee.Ronnie Wallman, Systems Engineer
Prior to their first visit to the warehouse, Wallman and his colleague Fredrik Fehler had plotted approximate access point placement using a blueprint. The evening before they went onsite, Wallman logged into the Meraki dashboard from his phone and configured each part of the soon-to-be installed network. After raising an MR34 AP into the air using a forklift and verifying radio signals, the devices were outfitted in the warehouse and operational in just two days. “We mounted up all the MR34s in the ceiling and installed the MX80s and MS switches,” explained Wallman. “The MX80 successfully synced up to the cloud and some routing was done to our datacenter; the VPN was in place.”
Since this initial deployment, Wallman and his team have gone on to deploy the Meraki solution in numerous other warehouses and retail locations. Each of the sites seamlessly connects back to an MX400 security appliance located in the Stockholm datacenter via a secure site-to-site VPN connection with each location’s branch MX device. These VPN connections can be configured in three mouse clicks - with security associations, key exchanges, and security policies handled automatically. The site-to-site connections are also self-healing, meaning they automatically update in dynamic IP environments. Instead of going on-site, Wallman and his team can monitor the VPN status from their Meraki dashboard and can enable custom firewall policies to govern the entire VPN network.
“We have deployed to six countries, and only one of these countries has on-site IT staff,” Wallman said. “All we need to deploy equipment is a blueprint and some photos from the site. We monitor and maintain everything from Hydroscand Stockholm HQ.”
Hydroscand employees in offices, warehouses, and retail stores rely on the network to perform their daily functions. Wallman explained, “hand scanners and wireless printers, using the 802.11ac wireless standard on the MR34 access points, have to work for our warehouse employees, otherwise we will not produce anything.” Segmented SSIDs have been created for each type of user to ensure they have access to necessary resources. In the production area, one SSID for the hand scanners and wireless printers has been provisioned. Users accessing the network on company-issued devices authenticate to separate SSID using 802.1X RADIUS login. Another SSID with no LAN privileges, bandwidth limitations, Layer 7 application traffic shaping, and a captive portal has been established for guests.
“A really nice feature with Cisco Meraki is that you can direct a specific SSID to broadcast on an appointed MR34 access point,” described Wallman. “Meraki does all this with a nice GUI that all of the IT staff can understand and manage.” For example, company-owned devices can be tagged with group policies in the dashboard to give them varying bandwidth restrictions at certain times of day. Because company devices are already configured with RADIUS authentication, employees just need to sign into the guest network with any non-corporate devices. This allows Hydroscand to maintain a heightened level of security, while also satisfying employees by providing a network that simply works.
While Wallman’s team has found the configuration tools in dashboard to be incredibly useful during their deployments, they’re also taking advantage of the other built-in features to further optimize the network environment. Using remote tools, the team is able to quickly resolve IP conflicts, add different Active Directory service accounts, lockdown inappropriate web content, shape bandwidth usage by application, and more. Saving time and cost is important to any business, and taking advantage of these tools and the increased coverage of the Meraki APs allows them to do both. Before deploying Meraki, the Oslo warehouse required 16 APs; now with only 10 Meraki MR34 APs, they’re covering not just the warehouse, but also the adjoining office space.
“The Meraki solution works out great. We easily deploy new sites and get reports on what’s going on in our network every day. You get reports with screenshots done for the executive level in minutes,” Wallman said. “Also, you get simplicity - one thing that could take hours to do is now done over a cup of coffee.”