Taco Bueno taps ConSentry for more than switching

LANShield gear has NAC, aspects of content filtering

When restaurant chain Taco Bueno ran out of access ports it decided to buy ConSentry switches in part because they helped fill security and access control needs that other switches couldn't.

The company can block access to Web sites with the switches, partially filling the role of content filtering gear that the company would like to use, but for which IT money is too tight, says John Rowe, network administrator for the Farmers Branch, Texas-based restaurants. (Compare access switches.)  

"The content filtering always got knocked off the budget," he says, despite the fact that department managers complained that some employees accessed the Internet too much or visited sites they shouldn't.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

When restaurant chain Taco Bueno ran out of access ports it decided to buy ConSentry switches in part because they helped fill security and access control needs that other switches couldn't.

The company can block access to Web sites with the switches, partially filling the role of content filtering gear that the company would like to use, but for which IT money is too tight, says John Rowe, network administrator for the Farmers Branch, Texas-based restaurants. (Compare access switches.)  

"The content filtering always got knocked off the budget," he says, despite the fact that department managers complained that some employees accessed the Internet too much or visited sites they shouldn't.

The two LANShield switches add 100 ports to the network, including uplinks. They enforce access controls for visitors who try to use the network, as well as block access to certain types of applications and traffic. Controlling banned traffic types such as streaming music, streaming video, peer-to-peer and instant messaging has reduced traffic on the on the network by a quarter, Rowe says. "We had policies written up for it but no way to enforce it," he says.

Taco Bueno's network has about 300 users divided among headquarters and 165 restaurants that connect via Cisco PIX 800 series routers over DSL or partial T-1 lines to a Cisco 7204 WAN router. About 30 stores have Check Point VPN-1 gateways for tunneling WAN traffic. (Rowe is considering using Check Point gear in all the restaurants. "I'm not sure what we're going to do," he says.)

The individual restaurants access the headquarters data center for SQL, DNS and application servers. Sophos antivirus updates are pushed out over the WAN to the remote sites, as are Windows updates via Windows Server Update Services. The central site also pushes updates to the point-of-sales systems in individual restaurants.

Headquarters was served by a three-switch Cisco 3750 core stack with 216 ports that is the backbone of the network, but they were tapped out for access ports, Rowe says. With more users and need for powering VoIP phones, the company had to have more access switch ports.

He considered additional Cisco switches and HP switches, but they didn't offer significantly expanded features vs. the Cisco switches he already had. "There wasn't much additional value for what we were looking for," he says.

The IT department was eyeing content filtering to restrict what Internet sites were reachable as well as network access control, Rowe says. The ConSentry switches he chose don't do comprehensive content filtering, but they can block access to sites. The switches can block domains per port, URLs, sites that contain certain keywords, he says.

"It's helped us cut down on bandwidth just through [blocking] streaming music, streaming video, peer-to-peer and IM," he says. "I know it's not as granular as a box that just does content filtering, but it gave us an opportunity to upgrade our switch environment plus… be a little bit more secure."