Hero Stories

Ticketek Case Study: Complex network build with Cradlepoint wireless failover

Written by Michelle Lewis | Oct 12, 2022 11:02:22 AM

The Challenge

With all of Ticketek’s digital ticketing and payment systems dependent on network connectivity, any outage, downtime, or performance lag would be disastrous to the flow of patrons into the stadium. However, providing reliable and flexible connectivity for a wide range of locations is challenging for several reasons.

Unscalable cost of MPLS

With the need to bring its own network to each facility, Ticketek had been using MPLS, which was reliable but far too expensive — especially given the need to scale the business.

Strict POS data security guidelines

Ticketek processes hundreds of thousands of customer credit cards every year, and has to comply with the Payment Card Industry Data Security Standards (PCI-DSS) strict regulatory and security requirements.

Manual deployment and ongoing management

Managing connectivity and data security for edge networking at multiple sites is very difficult. Configurations regarding WAN connections and VPNs alone require constant attention and frequent adjustments, which is expensive at best and impossible at worst with a lean IT team.

Images: Venues with Ticketek infrastructure

The Solution

As a Cradlepoint 5G Premier Partner and a Telstra Platinum Mobility Partner, MobileCorp was uniquely positioned to deploy an integrated wireless and fixed network, and from the ground up build out a multi-path secure network to meet Ticketek’s business needs.

Delivering cost benefits

A key driver for Ticketek was cost reduction. The move away from Telstra MPLS to Telstra NBN with Telstra 4G as failover would deliver savings of 30-40% arising from reduced cost of deployment, reduced speed to deployment, and lower operating costs.

Moving from MPLS to NBN and SD WAN

Ticketek has 300-500 subnets in its entire WAN including multiple subnets in AWS, multiple subnets that have been classified as corporate subnets in locations like offices, and then every event that TEG supplies ticketing for, they all have their own subnets. So for example the Melbourne Cricket Ground has two subnets.

It's probably one of the largest networks in Australia, yet nobody knows that's the case because of the number of locations and the complexity relating to the interoperability that's required between two networks operating within the one environment - the staff network and the client side.

"The solution we ultimately decided to implement using the NBN, Cradlepoint edge routers, hosted in AWS, needed to achieve what was required with such a varied network."

Cradlepoint routers as intelligent backbone

For Ticketek's networking and business continuity needs at event venues throughout Australia, MobileCorp proposed Cradlepoint’s NetCloud Service for Branch and hybrid WAN edge routers supporting LTE, 5G, wired broadband, and Wi-Fi.

Each router includes Unified Edge security — including easy VPN setup — through NetCloud, which MobileCorp uses to provide centralised management of connectivity and network security.

Shifting hosting to AWS

The change from a current hosting provider to AWS meant created a need to effectively build a bridge between those two locations and a bridge between the existing MPLS and the IPSec tunnels that were created for each of those locations.

Safeguarding patron processing and protecting against ticketing fraud

On a typical day of the AFL grand finals in a typical year, about 100,000 people will attend the event as patrons or customers. Another 2-3000 people will work in the stadium.

Anything to do with ticketing or access control - including validation of all staff members accreditation - that traffic is going through the Ticketek network.

There is also a need to be constantly vigilant against ticketing fraud by enabling integrated real time data analysis at the edge.

Ensuring business continuity should the NBN connection be compromised was critical.  Cradlepoint edge devices with built-in failover to 4G would provide this safeguard.

Protection of payments

Ticketek is required to meet the PCI-DSS Level 3.2 requirements. This is the Payment Cards Industry data security standards. The solution required the most robust security baked into the solution. These details will not be shared for obvious reasons but the objective was to build out a zero-trust architecture.

MobileCorp Network Managed Service

To complement Ticketek's lean IT management team, MobileCorp would provide a fully managed environment for Ticketek centred around a responsive technical support desk >that covers the edge router; logging tickets associated with carrier network faults;  and the interconnection between staff, ticketing venues, and the cloud.

 

The Outcomes

The migration project is being deployed in two initial stages. The first stage included deployment at all of Australia's major event venues.  Stage 2 is expanding the new network footprint into regional, seasonal and semi-permanent venues. In time, approximately 350 locations will be managed.

Ticketek Head of IT, Matthew Coutts, describes the benefits of the upgraded network migration which is being deployed and managed by MobileCorp.

💎 Cost savings of $250,000 per annum

MobileCorp's migration of Ticketek to a hybrid WAN network using NBN for primary connectivity and cellular broadband as backup through the one Cradlepoint router enhances reliability and ease of management, while costing much less per site than MPLS. 

""It wasn't just cost, but cost was definitely the major driver. Prior to this journey, Ticketek was very much 100% on the Telstra MPLS network and whilst I can say that it was relatively rock solid, the cost was ridiculous.

"So I wanted to get rid of the MPLS network because it just wasn't conducive for what we wanted to achieve.  If I wanted large pipes that would have been expensive, and so we were looking at alternatives.

"We expect to save about $250,000 per year just on our fixed venue connections.”

💎 Business continuity with seamless failover and failback

With cellular-enabled hybrid WAN edge routers in place, Ticketek can configure automatic, instant failover from a wired link to cellular and then back to wired once the primary link is available again. Plus, using 4G LTE as an additional connection provides link diversity to remove the potential for outages in the 'last mile'.

“Cradlepoint provides a seamless failover to 4G and back to the physical connection without an interruption occurring, which was crucial for us, because at any one time, we are processing ticket sales or providing venue connectivity to hundreds of thousands of patrons at large events."

💎 Agility and scalability

The proliferation of annual 'pop up' events like the Gold Coast 600 Supercars, the Splendour in the Grass Music Festival near Byron Bay, or the relocation of NRL games during the pandemic to grounds like the Sunshine Coast Stadium that had never before hosted a first grade game, means operational agility is essential. Utilising a hybrid WAN gives Ticketek the ability to scale at speed. As the 5G network fills in, this agility will grow. 

An example is an event like the Supercars with a street circuit of almost 3kms, there are only a limited number of entry points for ticketing purposes.

"We need a data service wherever box offices happen to be or wherever gates where you get your ticket validated happen to be."

💎  Future-proofed for 5G

With 5G fast becoming widespread across Australia, Ticketek also took into account scalability and future-proofing. The company sought more bandwidth at the network’s edge, along with robust routing and networking capabilities that would optimise efficiency and costs.

Initially Ticketek deployed Cradlepoint AER1600, then over time moved to AER2200, and now utilise 5G embedded E300s.

Cradlepoint is widely acknowledged as the global leader in delivering 5G edge solutions and hardware, and MobileCorp is Australia's leading Cradlepoint Elite Partner.

“Cradlepoint wireless edge solutions can do everything I want them to do right now, and they have the ability to do everything I want them to do in the future — including 5G.”

💎 Comprehensive built-in security options

The Cradlepoint NetCloudTM solution allows MobileCorp off-site visibility and management of information security as part of the hub-and-spoke system. The wireless edge routers have built-in application-aware, zone-based firewall, IPS/IDS, content filtering, and VPN capabilities that can be configured from anywhere. Group policies can be applied to support the many subnets that are spread across widespread offices.

"Ticketek processes about $2 billion every year. As a result, we need to be on PCI DSS 3.2 and as part of meeting those compliance obligations, we are audited regularly throughout the year. Ticketek is, in a sense, holding money in trust for the venue or promoter who is putting on the event, so as a result of that, at any one time, one of them could request us to be audited independently.

"So, it does involve penetration testing, it does involve a variety of security testing and they do get a person with laptop running all the tools to see what can be connected to, what can't be connected to. Especially from the venue perspective, I know that's all going through and being blocked by Cradlepoints."

“I have a lot of faith in Cradlepoint being able to deliver the security and reliability I want.

💎 Centralised network monitoring and control


Ongoing visibility and flexibility is provided via cloud-based network management by MobileCorp. The Cradlepoint NetCloudTM instance enables MobileCorp and Ticketek to continuously monitor connectivity uptime and the out-of-band management allows remote trouble-shooting without the new for a truck roll.

“If I want to make a change, I can send my request to the guys at MobileCorp and then that update has been implemented within a matter of minutes where-ever my endpoint are, through NetCloud Manager. That agility is absolutely fantastic.

"In the past, when there is a problem you know it's been a nightmare to try and get something resolved. With MobileCorp, if I have a problem, it’s usually resolved within a matter of minutes."

 

To discuss MobileCorp Network and Wireless WAN ServicesContact Peter Jonson

Managed Services Director

 e. peter@mobilecorp.com.au 

m. 0400 299 909