Kennards Hire cuts cost with VoIP deployment

Deploys centralised security management for new voice network

Kennards Hire is expecting to cut maintenance costs by ditching individual PABXs at more than 140 sites across Australia and New Zealand.

The new centralised system has already been rolled out with the aid of Essential Data + Voice (EDV) to most of the company's Australian sites.

"We've literally got about five sites left on the list to roll out before we can call it a wrap-up," said Mitch Hirsch, network engineer for the family-owned Australian company.

"I'd say the last five sites have a few issues in terms of infrastructure, but we'd be looking mid-March to have 140 sites complete and then the work would start on bringing New Zealand into the mix as well."

Previously the company had been using traditional Samsung PABXs at each site, Hirsch said.

Recurring upgrade and maintenance costs prompted a shift away from the setup. The cost of management was also a factor.

"That was probably the biggest factor," Hirsch said, "being able to change a setting globally involved a tech spending a day [at the site].

"Another key one was failover scenario — if a branch lost power or there was construction out on the street and they cut the copper lines it would involve three parties: The branch to call us, us to call Telstra, Telstra to take an hour to put a divert on.

"And that was just to recover a few calls while the PABX was being fixed. Then there was the same process to have that reverted back once power or whatever it was restored."

Kennards has now shifted to a centralised VoIP-based system. The company had already centralised the delivery of its ERP system through application virtualisation.

"Seeing that for number one and a few other things that we'd centralised, we just saw the benefits of that type of architecture," Hirsch said.

Kennards Hire network engineer Mitch Hirsch

"We'd been playing round with VoIP in our heads for some time," Hirsch said. "It just never seemed feasible with the state of the network links in terms of their bandwidth and their cost at the time.

"It really took a couple of years for that technology to drop in price and some VoIP solutions to mature — I know VoIP has been around for quite some time but really it's been adopted by so many people [now]."

"When I originally presented this solution to Kennards one of the key things that traditional telephony lacks in a distributed retail environment is that when you go with PABXs like the Samsungs or other traditional digital systems you either have to take a compromise in features or you have to spend a lot of money," said Michael Wolff, EDV solutions architect.

"A key deliverable for us was to deliver the full enterprise telephony features that you expect in the head office out to any and all the branches...

"At the same time we had to ensure that each branch maintained its own identity. So if you were ringing Kennards in Walgett you would get in Kennards in Walgett, not a central call centre that would put you through to Kennards in Walgett."

Each branch now has a 512/512Kbps Telstra Ethernet Lite link back to Kennards primary data centre, Global Switch in Ultimo, as well as an already existing ADSL-based link for data.

"They both terminate on a Fortinet firewall device, which offers PoE," Hirsch said. Fortinet's FortiGate-94D-POE is used both as a switch and a security appliance (Kennards has also deployed FortiAP-223B Wi-Fi access points at its branch).

Internet traffic is governed at the branch level, while everything else is routed via Kennards data centre.

"If someone comes in [to a branch] with a laptop that has a zero day threat on it, sure it can clobber that branch in theory but the rest of the environment would be isolated, so it allow Kennards to have really, really strict policies on what traffic crosses their WAN," Wolff said.

"There is no open policy between the data centre and head office into each branch — there is strictly the traffic that is required for that branch to function allowed to go through that branch."

The setup avoids having "140 sites sharing a single 10, 20 or 30Mbps link" for Internet, Wolff said.

"We've done a lot of work locking down the Fortinet firewalls and I'm pretty sure the only ports allowed out to the Internet from a branch perspective are port 80 and 443 — the rest are only allowed to traverse to our DCs," Hirsch said.

Fortinet's FortiManager-1000C appliance is used to centrally manage the setup.

Follow Rohan on Twitter: @rohan_p

Join the Computerworld newsletter!

Error: Please check your email address.

Tags Essential Data + VoiceFortinetvoice over IPvoipCase studiessecurityKennards HireEDVCase Study

More about FortinetGlobal SwitchKennards HireSamsungVoIP

Show Comments

Market Place