1. Commerce
  2. NetSuite Point of Sale (NSPOS)
  3. NSPOS Security Guide
  4. NSPOS Network Components

NSPOS Network Components

This NetSuite Point of Sale (NSPOS) chapter covers the typical NSPOS network configurations, including information about payment gateways, alternate register-database setups and money management using the integration with NetSuite ERP.

Integration with NetSuite ERP via Replication Server

NSPOS integrates with the NetSuite application to provide Enterprise Resource Planning (ERP) tools for managing items, pricing, and other aspects of a retail business. This integration occurs through a periodic synchronization process that includes a cloud-based replication server.

Each NetSuite account for NSPOS includes at least one integration user dedicated to handling the synchronization connection between NetSuite ERP and the replication server. Integration users are configured during the initial implementation.

To maintain performance during peak periods, a customer can have up to three integration users set up for an account. Each integration user requires a separate NetSuite license.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 

Token Based Authentication (TBA)

We support token-based authentication (TBA) for integration user accounts. This integration setup does not require users to enter a token when they log into NetSuite ERP or NSPOS. However, the Token-based Authentication box must be checked for the integration account on the Enable Features page. If a customer has multiple integration accounts, TBA is only required for a single account.

Register Synchronization

Sales associates use item, price and promotion data saved to the register when they scan items for sales and make other transactions. This data originates in NetSuite and is pushed to the registers in frequent synchronization downloads. Also called a down sync, these downloads ensure registers have the most current information available.

This periodic synchronization method provides a level of independence for each register. An NSPOS register can easily operate in “offline” mode if an internet connection becomes temporarily unavailable. It is an advantage over POS applications that require uninterrupted communications with a host server.

Transactions and other entries made at registers periodically upload to NetSuite. Also called an up sync, these updates adjust inventory levels for item movement in and out of stores, log payments, and modify customer information and history.

Third-Party Payment Gateway Connections

Each NSPOS register typically connects to a payment gateway. These are third-party applications selected by retail businesses to handle credit or debit card authorizations and other payment types that require special handling.

When the cashier or the customer swipes a credit card as payment, the POS sends the purchase amount and other information to the payment gateway. The gateway processes the payment and returns an authorization code stating that the payment is accepted or rejected.

Payment transactions using the gateway are performed via a PIN pad. Routing payment activity through a PIN pad or other peripheral devices via the internet removes the need to route credit card data through the NSPOS application.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 

For more information about the payment-gateway integration and contact points for the providing third parties, see Payment Gateways in the NetSuite Point of Sale Administrator Guide.

Transport Layer Security (TLS) Versions

NSPOS and the majority of its optional payment gateways support TLS 1.2 or later only. Previous versions of TLS have been deprecated and are not supported.

As a security measure, you can update certain Windows 10 registry keys to prevent TLS 1.1 and earlier from running on a register. The update also blocks obsolete Secure Sockets Layer (SSL) encryption protocol versions 3.0 and earlier from executing.

To block TLS 1.0 – 1.1 and SSL 2.0 – 3.0:

  1. Start a new file in your desired text editor, such as Windows Notepad®.

  2. Use copy/paste to add these lines:

    • Windows Registry Editor Version 5.00

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.1\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 2.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Client] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    • [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL 3.0\Server] "DisabledByDefault"=dword:00000001 "Enabled"=dword:00000000

    Tip:

    You might need to remove bullet symbols that were included in the copy after pasting from this list.

  3. Save the file with an REG extension. For example, save the file as Disable_Obsolete_TLS_SSL.reg.

    Registry update file in Notepad

  4. Run the file as an Administrator.

  5. Restart the workstation.

An alternative is to use Windows PowerShell® to update the registry keys. Run the commands as an administrator via the PowerShell console or PowerShell ISE. Restart the workstation to apply the update.

Store Server Architecture

A typical NSPOS setup uses standalone register connections to NetSuite ERP via the replication server. Each register has its own database.

For large retailers, NSPOS can operate under a Store Server Architecture model. This model configures a subset of registers within a single store as server terminals. These terminals act as database hubs and receive updates from the replication server. Then we set other registers in the store to be POSClient terminals that rely on the data held in the server terminals. The server terminals can act both as registers and databases, handling the information required for the POSClient terminals to process transactions.

The three types of register configurations in NSPOS are:

  • Standalone – Typical NSPOS register.

  • Server with POS – Server terminal that is also available as an NSPOS register..

  • POSClient – NSPOS register dependent on a Server with POS connection for database functions and most communication with the replication server. If a server terminal becomes unavailable, its POSClient terminals will no longer function due to the lack of a database.

For more information, see Store Server Architecture in the NetSuite Point of Sale Administrator Guide.

Note:

Although Server with POS terminals handle most communication with the replication server, POSClient terminals use replication server connectivity for displaying reports, processing returns, and a portion of sales order functionality.

Money Management Integration

NSPOS manages the current balance in each cash drawer and can track the flow of cash to each of the other holding points. The integration with NetSuite ERP General Ledger and account-charting tools provide methods for assigning the accounts to which financial operations will post.

The integration updates business accounts through synchronizations from the register – via your replication server – to a NetSuite ERP implementation. As a result, a business has the ability to track every money movement that occurred in every retail location, including cash drawer disbursements for services like window cleaning.

The NSPOS Administrator Guide provides details on the following money management areas:

Additional details about general ledger accounts and other integrated NetSuite money management features can be found in the NetSuite ERP Help Center.

Database Security via Windows Group Policies

NSPOS uses Windows accounts and integrated Windows authentication for accessing the database. To increase account security, set your Windows® group policies as depicted:

Windows Group Policy setup 1 Windows Group Policy setup 2 Windows Group Policy setup 3

The database configuration should follow these recommendations:

  • Because Windows Authentication mode is more secure than SQL Authentication, we recommend using Windows Authentication. For additional information, see the Microsoft site: Choose an Authentication Mode.

    If an environment requires using SQL Authentication, it is vital to implement and enforce a strong password policy. You can find helpful information on the Microsoft site: Overview of SQL Server Security.

  • Disable default accounts (such as the SA account) and rename them. Do not use default accounts for SQL Server management.

  • Do not load a database application other than NSPOS into the SQL Server.

  • Configure Microsoft SQL Server Express to only listen on the localhost connection. Disable listening on any transport that is not needed for NSPOS to function.

Backward Compatibility for NSPOS upgrades

NSPOS includes an upgrade feature called Backward Compatibility. This feature promotes register availability by allowing server upgrades to the latest release without requiring immediate register upgrades. Registers running the previous release can continue communicating with the upgraded server until time is available to complete the upgrades.

Backward Compatibility can help avoid downtimes that might occur if all registers in a store are upgraded at the same time. Compatibility is applicable to the previous and current major release only.

General Notices