PDF(79.0 KB) View with Adobe Reader on a variety of devices
Updated:May 21, 2007
Constellation Brands deploys a Unified Wireless Network to mobilize employees and guests.
Founded in 1945 as a small producer of fine wines, Constellation Brands is now the second-largest beverage alcohol company in the United States. It is also the largest wine-producing company in the world, by volume. With more than 250 beverage alcohol brands marketed in nearly 150 countries and production facilities all over the world, the company has gross sales of more than US$5 billion annually.
In the spring of 2006, Constellation moved its Barton Brands division to a multitenant office building in Chicago. Barton's office covered four floors of the building, and the company's two-person network administration team was in charge of providing ubiquitous Wi-Fi coverage to all four floors. Employees needed to be able to carry their laptop computers between meetings on different floors, without losing their connection to the corporate network. The company also wanted to provide Wi-Fi Internet access to its guests: suppliers and potential customers who might need to check in with their own home offices.
Security is a concern for every wireless network administrator, but it is a larger concern for networks that reside in large cities, because stealing nearby Wi-Fi signals is an easy and commonplace practice among city residents who do not want to pay for Internet access. Urban networks also are prone to frequent attacks by unauthorized users.
"With regard to the wireless Internet access for guests, we did not want it to be wide open and free," says Marty Bognanno, manager of network infrastructure for North America at Constellation. "We are in a shared tenant building, and we did not want everyone else in that building to be able to jump on our network."
Constellation also had to consider the fact that there would be no on-site network administrator at the Chicago office. "I am the network administrator for all North American operations, and I have only one employee," Bognanno says. "We needed a network we could manage remotely, from our New York headquarters."
Constellation decided to deploy a Unified Wireless Network from Cisco
®, which offered superior management and security features, in addition to the ability to integrate with the company's existing Cisco Ethernet infrastructure. The solution is composed of 40 Cisco Aironet
® 1200 Series Access Points deployed across the four floors of the Chicago office, managed centrally at company headquarters by a Cisco 4400 Series wireless LAN controller and Cisco Wireless Control System (WCS) management software. WCS includes site survey tools, in addition to advanced management, security, and network diagnostic features.
"We used the WCS to do our site survey," Bognanno says. "We plugged in floor plans, and the WCS told us where we should place access points and how many we needed."
Bognanno also took advantage of the Cisco network's ability to support multiple service set identifiers (SSIDs) on a single network, enabling different levels of access for different groups. Barton Brands employees have full wireless access to the corporate network, which allows them to get into enterprise resource planning systems, customer relationship management databases, and other confidential information. The corporate SSID is hidden from guests; guests gain basic Internet access through a separate SSID and log-in page. Constellation was already using Cisco Secure Access Control Server software to enforce privileges for its wired network, and Bognanno was pleased to find that ACS also allows network administrators to control wireless access.
The Unified Wireless Network also supports advanced security protocols, including Extensible Authentication Protocol Transport Layer Security (EAP-TLS). In addition to a client password, EAP-TLS requires a client-side certificate to gain access to the wireless network.
"The cost benefits have come from not having to bring in other employees or outside contractors to build and manage the wireless network. All the intelligence is done through the Wireless Control System."
- Marty Bognanno, manager of network infrastructure for North America at Constellation Brands
In conjunction with the WCS software, Bognanno also deployed a Cisco 2700 Series Wireless Location Appliance. The appliance helps to pinpoint the exact location of rogue access points, which is important in multitenant buildings: the staff can see whether the rogues have actually infiltrated one of the four floors occupied by Barton Brands or whether they are unsecured access points whose signals are bleeding through from another floor.
Constellation protects its investment with a Cisco SMARTnet service contract, which includes 24-hour access to the Cisco Technical Assistance Center, next-business-day hardware replacement, and ongoing software updates.
Bognanno says the remote management capabilities of the Unified Wireless Network have saved the company significant time and money. The two-person network administration staff can perform network upgrades and repairs remotely, mitigating the need for the staff to pay for-and make time for-wireless-related business trips.
"We have a very small staff that is basically responsible for all the company's network deployments in North America," Bognanno says. "The cost benefits have come from not having to bring in other employees or outside contractors to build and manage the wireless network. All the intelligence is done through the Wireless Control System."
The management tools in the network save the team a great deal of time in terms of troubleshooting, as well, Bognanno says. And this results in greater productivity for both the network administrators and the network users.
"A beautiful thing is that in conjunction with the WCS, the location appliance shows me exactly where all of the clients and access points on the network are," Bognanno says. "If someone calls with a problem I can tell exactly where they are and what access point they are near, instead of spending time trying to figure out where the problem might be."
As for the employees who use the network, they can roam among the four floors of their office without losing a connection, which lets them maximize the time that they spend collaborating with their colleagues on job functions such as planning new brand launches, managing inventories, negotiating and updating contracts, and communicating with customers.
"They can go from the 14th floor to the 17th floor and still be connected at any time," Bognanno says. "And the ability to keep the guest network separate from the corporate network is one of the largest benefits, because we know our data is secure."
Bognanno also appreciates the added layer of protection that EAP-TLS provides.
"There is a college dormitory in a building right next to the Chicago office," he says. "I have seen the kids next door trying to do de-authentication attacks on some of our access points. We cannot stop them from attempting the attacks, but now we know they will not be successful."
The success of the Chicago network has persuaded Constellation to replace the standalone access points in its Fairport, New York corporate headquarters with lightweight access points. The company expects to deploy wireless network access to the rest of its North American facilities, as well.
"Now that we have had success in Chicago we are going to expand the network to our sales offices and wineries," Bognanno says. "Eventually we are probably rolling out wireless access to at least 50 facilities in North America."
The central management features of the Unified Wireless Network will allow for remote configuration of access points at each of the sites, and the WCS will allow for remote site surveys.
"All that we will need is a pair of hands to plug in the access points," Bognanno says.