Help me choose network and security infrastructure for an office
June 16, 2016 10:41 AM   Subscribe

We're looking at moving into a shared office building with a couple of other companies, in total about 40 people plus a small specialized school with another 50 students or so. This is a very nice opportunity, and I've been tasked with figuring out the shared network and related (phone, access control) infrastructure. I have a pretty good idea of what to get, but I'm not as up to date on options as I used to be, and I might be missing stuff. Help me with suggestions for good, economical equipment options.

The building will house a couple of smaller film production and distribution companies, our company, which does film postproduction, and a small film school that will start out with 30 students or so, and grow over time to maybe 70 students.

I want to set up a shared VoIP system (I'm getting a company to quote this for me, since configuring Asterisk and that kind of stuff is not my core area), which, along with WiFi access points, security cameras, and probably access control, I'd like to run over an Power over Ethernet network to avoid excess wiring.

For the actual network, I want to wire the building with Cat6 or better. Most people will have GbE drops (maybe 40 in total, not counting the infrastructure that'll run on a PoE switch), but we and a few others will probably want to have some 10GbE ports, maybe around 10-20 in total. We also already have a Mellanox 18-port FDR IB switch that can do 10/40GbE as well, so I'm thinking I'll want a decent sized GbE switch with at least one 10GbE (or 40GbE) uplink port, and a moderately sized 10GbE switch with a 40GbE uplink port, and I'll tie it all together with the Mellanox switch.

Ideally, at least the GbE switch and probably also the 10GbE switch should either have VLAN capability or be L3 switches, so I can zone them for better security and separate the different companies.

On the PoE infrastructure side, I'm thinking of getting maybe 6 Ubiquiti UniFi AC access points (two per floor), plus standard SIP VoIP phones. The part I have the least knowhow about is security and access control. Ubiquiti have decent-looking and fairly cheap network surveillance cameras and recorders, but I don't know if they're any good, and access control is an unknown for me, so if there are other systems that integrate both, that'd be interesting. Also, I'm not 100% sure if I can put all this on one PoE switch, or whether for security reasons it'd be better to put the cameras and access control (and maybe phones) on a separate one.

Ideally, I'd like to have a simple to administer access control system with proximity card locks on some doors (maybe 10-20 doors in total in the building, definitely not much more), and a system to assign access per card. Being able to require PIN codes and/or biometrics on some doors would be a nice option. Also, for the school, they're interested in using the same system for student access cards, which would require a system by the entrance where people could wave a card and a security guard could get their photo up on screen with their current status. Nothing overly complicated, really, but it'd be nice to have all this in an integrated system, without breaking the bank, since this is not a huge deployment.

So, do people have ideas about network switches, whether the access points I'm thinking about are any good, and what providers are good for security stuff, I'm all ears. Help me out here, first hand experience is particularly welcome. We have a budget, but it's not huge, so good value for money is important.
posted by Joakim Ziegler to Computers & Internet (3 answers total) 4 users marked this as a favorite
I'll be watching this carefully, as I'm doing something similar right now.

Re: CAT6, get S/FTP, which is a bit pricey, but worth it. Pull two lines for every run; it's barely added costs, but will save you a lifetime of headache when one line has an issue.

Get local Cat6-to-cat6 runs in certain areas, say, from a wall to a ceiling in an event space, so that you can future-proof your building with HDMI baluns for a projector.

ISP: what's your bandwidth like?

APs: I'm also getting the Unifi APs - they seem pretty highly recommended, and the higher-end alternative that was recommended to us, Meraki, is too pricey.

As for access control/security - no idea! There's a lot of solutions out there that have 4g/cellular hookup so that they don't go down when your internet goes down, which seems pretty prudent, but I don't have any personal experience with it.
posted by suedehead at 11:45 AM on June 16, 2016

Response by poster: We get 200Mbps symmetrical FTTP from one provider, and we're planning on getting at least one other provider to get failover/extra bandwidth (probably another 100Mbps, but possibly not symmetrical, either fiber or something cable-like).

The SonicWall and related products mentioned in the other thread look kind of interesting, I see they also have a series of WiFi access points (SonicPoint) that go with them, and on the other hand, Ubiquiti has firewalls and cheap PoE gigabit switches with 10GbE uplinks, does anyone have experience with any of these, or opinions on Ubiquiti vs. Sonic for these things.

Ubiquiti seems perhaps a bit more consumer-oriented, but their administration and monitoring software looks really simple and friendly. I had originally figured I'd just set up a small Linux box as a firewall, but it might be that something like SonicWall or the Ubiquiti UniFi Security Gateway might be a better option.
posted by Joakim Ziegler at 12:55 PM on June 16, 2016

For access control, I'm looking at a managed system. It's a continual expense (in my case, $2500 setup costs / $100 monthly for 100 rfid cards for 1 door, NYC). On the flip side, this means that nobody in-house would have to do maintenance, and the system would be connected / managed by a security company who can call the police. In the interest of stability, I think this is not a horrible setup, and probably will ease more headaches than rolling-my-own system that will fail every once in a while at the most opportune of times, leaving me liable. YMMV.

In general, I think getting a standalone box as a firewall is a very good idea. You're paying for uptime, not functionality; something that works 99.99% of the time vs. something that works 99% of the time. Do you really want to be the person to be called all the time because your chosen equipment fails 100x more often? (0.01% vs 1%)

Also- we hired a tech consultant. They not only gave us peace of mind, but we're also able to broker deals with used tech equipment or monthly payment plans instead of buying equipment upfront. We didn't end up doing those plans, but it would have come in helpful as unexpected savings would we have needed it.
posted by suedehead at 9:01 PM on June 16, 2016

« Older How often can I work out? (Strength training)   |   Queering gestation Newer »
This thread is closed to new comments.