Röther Beteiligungs GmbH, the company behind MODEPARK RÖTHER, has been family-run and enjoyed a regional presence since 1972. Today the business’s main focus is on being able to offer the latest trends from the hottest fashion brands along with a great customer experience, which today means providing shoppers with public Wi-Fi. The staff at the some 50 stores also require a secure network connection with the data centre at the company headquarters located in Michelfeld, Baden-Württemberg, which is why Röther decided to completely rethink its IT network. The idea was to transform the open network into a clearly structured, secure, centrally managed network that is segmented according to the stores’ various use cases. In addition to a firewall concept with one firewall appliance per branch, the existing network switches were to be replaced and access points protected by a central network access control (NAC) solution. In this way, Röther wanted to ensure visibility of all devices logged into the network and deny access to any that could pose a risk. Röther Beteiligungs GmbH were keen to ensure that deployment always follows the same formula regardless of the stores’ floor plans to allow new locations to be quickly and easily integrated into the network.

Bechtle has helped us achieve our objectives of centralised IT, public WLAN in all stores and the easy onboarding of new shops, with the result being a stable network landscape and transparent IT environment that our administrators can leverage to handle our future growth. Thanks to Bechtle, we are now able to quickly and easily onboard new stores.

Robert Schwarz, Head of IT, Röther Beteiligungs GmbH


Once Bechtle had presented several ideas regarding the new network to Röther, the decision was made to install one Sophos SG 125 Security Appliance per store, which would act as the gateway between the network segments and the local internet connection. Moreover, the Sophos Security Appliance provides a whole range of security features such as web control and a virus scanner. Each store also received new 48-port HPE Aruba switches to allow each of them reliable, secure and easy access to the Ethernet. Best of all, these switches can also be installed by people who are less adept at IT. Using these switches, Bechtle segmented the stores’ networks into virtual, script-based LANs (VLANs) chosen according to fundamental security criteria. The switches, clients, cash registers, card machines, building services, printers, store IT management, WLAN segmented into internal and external, and scanners were each allocated a VLAN meaning that 10 to 20 access switches were needed per store. Bechtle tested out its hardware concept at the MODEPARK RÖTHER store in Heilbronn before rolling it out to all others. Together with Bechtle, Röther decided to go with the centralised and efficient macmon Network Access Control (NAC) solution, which automatically protects Röther Beteiligungs GmbH’s entire network from unwanted devices through policies assigned to each individual switch port. And thanks to user-specific reports, Röther now has a complete overview of all devices logged into the network at any one time. Simple and intuitive, macmon’s NAC allows Röther to centrally manage each store from the Michelfeld data centre. macmon NAC even alerts admins to misconfigurations and means Röther Beteiligungs GmbH’s IT team is always on the ball when it comes to IT accesses, segments and incidents no matter which switch is used.

Business benefits.

Bechtle utilised its in-depth knowledge of individual manufacturers to configure and install a total of 470 HPE Aruba switches, several VLANs and one Sophos Security Appliance per store—all during ongoing business and without any major disruptions. The work even continued when the stores were forced to close as result of COVID-19 as sales continued and stock replenished. With macmon Network Access Control, each MODEPARK RÖTHER store in Austria and Germany now enjoys secure and segmented network access and the company’s IT department can centrally manage all devices logged into the network without committing too many resources.