e-Play case study

Background

An innovator in the DVD rental business, e-Play, LLC operates in an especially challenging and demanding security environment. The company operates automated DVD-vending kiosks at store locations under its own name, or under a privately-branded label.

The kiosks are unique in the industry for their ability to not only rent DVDs and handle returns, but also to rent game disks, accept used DVDs and games for trade-in, and verify disk playability. The robotics inside are incredibly complex, with the ability to accept, store, manage, and retrieve thousands of disks with absolute precision and reliability. The security demands are equally sophisticated. The kiosks not only accept credit and debit cards, but also secure other transactions including issuing store credits and crediting accounts.

The Challenge

The challenges of securing and connecting the e-Play kiosks are multiple and diverse - PCI compliance; connection over multiple types of wireless networks including 3G cellular uplinks, extremes of temperature encountered in exterior locations, enterprise-class reliability to keep revenue streams flowing, centralized management of remote kiosks spread across hundreds or thousands of miles, and the need for a security solution with low per-unit cost, efficient provisioning, and the ability to fit within a tight form factor.

The Watchguard® Solution

With hundreds of kiosks to roll out - and projections for thousands more - e-Play exercised extraordinary due diligence in selecting its security solution. "We did a lot of trial and analysis, speed testing, performance and compatibility testing," declares David Stellmack. "We looked at WatchGuard, Sonicwall, and some solutions from Cisco. We also looked at some less-robust SOHO things from companies like Linksys and D-Link, but they didn't offer the level of enterprise performance and manageability we needed. For bang for the buck, performance and ability, WatchGuard was unmatched."

A WatchGuard Firebox® Edge X10e protects each kiosk, and maintains a secure VPN tunnel to the e-Play data center. A WatchGuard 3G Extend unit hardwired to the Edge device handles the connection with the local 3G cellular carrier. This gives e-Play flexibility to switch connection types depending on local availability, or for future cellular-technology upgrades. Where appropriate, e-Play can also swap in a WatchGuard Firebox Edge X10e-W for Wi-Fi connections.

Benefits

For Stellmack, security is the paramount concern. "We do triple-DES VPN-encrypted tunnels," he explains. "A lot of other kiosk solutions favor an SSL-processing solution model, but we wanted the full firewall protection and VPN protection of the WatchGuard appliance. I don't know that other kiosk vendors are deploying anything even close to enterprise-level security for credit card transactions.

"We would rather be over-secure than under-secure. WatchGuard provides that capability."

Reliable Revenue Generation

An out-of-order kiosk represents a revenue loss and an expensive truck roll for repairs. "Sometimes a kiosk in need of repair can be a long way from headquarters," says Stellmack. "Our outdoor units have to handle temperature changes and work within the confines of the kiosk for long periods of time.

"Our failure rate is extremely low, and we've had very few WatchGuard units fail. Recently, we actually did the numbers and the reliability was 99.8%."

Complete Enterprise Security from WatchGuard

At the data center, a pair of WatchGuard Peak™ X8500e devices, running in high-availability mode, terminate the other end of the VPN tunnel and protect the e-Play servers. In fact, "for our security, we're 100% WatchGuard," says Stellmack. "We looked at other firewall solutions, and from a cost vs. performance perspective, I think that the WatchGuard appliance is extremely competitive. It offers a very compelling business case for protecting mission critical infrastructure.

"At our headquarters we have a WatchGuard Core™ X750e in front of our corporate network that protects our desktops. And there are two Core X1250e devices that we chose to deploy for our new online reservation architecture. So while our kiosk system is primarily concerned with credit-card security, we'll be using WatchGuard for Web security as well.

"As we grow and add more kiosks, the WatchGuard manageability comes more and more into play for us. Using the WatchGuard System Manager tool to get reporting and information out of the kiosks, to monitor the performance of the actual bandwidth, and that sort of thing will be extremely important to us."

PCI Compliance in the Kiosk Marketplace

All kiosks accepting credit cards in the e-Play network need to meet the stringent Payment Card Industry Data Security Standard (PCI DSS) requirements put in place to protect against costly data breaches that compromise confidential customer information. With the WatchGuard appliances deployed, e-Play was able to build and maintain a secure network, protect cardholder's personal data, implement strong access control measures, and regularly monitor and test networks. The implementation of an efficient, multi-layered solution results not only in PCI compliance, but also a healthy network and a company-wide culture of security.

Custom Tool to Drive Down Production Costs

WatchGuard stepped in to work with e-Play to drive down the cost of securing the kiosk. In particular, the kiosk production line at e-Play is a unique environment for deploying a networking product. Explains Stellmack, "WatchGuard understood that it's very important to cut the man-hours to reduce time and cost. So they developed a high-throughput, large-scale deployment configuration tool specifically for us to quickly roll out the X10e devices. With the tool that their team built for us, we were able to slash the deployment time of each box by about 70%.

"That's not something that I could readily get from a lot of other vendors. I honestly thought that maybe three or four months out I'd have something. We had it in a matter of days. It was just incredible, the level that WatchGuard went above and beyond to address the specific needs of our environment and our unique way of using and deploying their products."

Under-Promising and Over-Delivering

"We've had really excellent support from the WatchGuard teams and engineers," declares Stellmack. "They've worked with us to customize, architect, and improve the stability and functionality of the solutions. They've just been tremendous.

"The individuals at WatchGuard have gone out of their way and exceeded my expectations as far as under-promising and over-delivering, every time out. The reality is that the partnering relationship that we've had has been very fruitful for both WatchGuard and e-Play. It's allowed us to grow together, as they've customized the products to meet our special and specific needs."

« Return to top »