Company L was about to move its office, and wanted to update its network. Since it begun as a small start-up, its current network was mostly ad-hoc, with multiple un-managed switches scattered throughout the office, home based access points being placed where wireless connectivity was required. Now that L had grown enough to require an expansion into a bigger office, it wanted to re-think its computer network. With that, Megatron Technology was called in for our network design expertise.

With most office networks, L did not need any features which required additional administrative processes to maintain. Instead, what L needed was high availability, the ability to handle a large number of wireless users in a small area, and some LAN points for static devices such as printers and copiers.

L also needed to integrate the wireless network with its existing active directory, and that traffic going to and from its data center be encrypted.

Our first recommendation was to implement a network rack to house all core equipment, with a UPS to provide surge protection and power during an electrical outage. Since the architects had not catered for a server room, we recommended a smaller sized 12 RU rack to be wall mounted. L's interior designers required that the rack be hidden out of sight, so it was agreed that the rack would be suspended by a metal bracket attached to the ceiling.

With the rack in place, Megatron Technology laid several Category 6 ethernet cables to provide LAN access to static devices such as printers, copiers, and access points. A patch panel was provisioned within the rack for scalability and better cable management.

Several high-density access points were then installed. Megatron Technology recommended access points with internal omni-directional antennae, and these access points were ceiling mounted with an overlapping coverage area. With 20MHz channels on the 2.4GHz band, we configured access points to use channels 1, 6, and 11 in a round-robin fashion to prevent collisions. We also configured access points to automatically steer clients onto the 5GHz band.

All access points were powered with a Power over Ethernet capable switch to reduce the cabling cost and complexity.

For the first hop, a UTM capable firewall was implemented, and load balancing was configured across two WAN links. VLANs and trunks were then configured, with the firewall acting as a "router-on-stick", with link aggregation for redundancy. This provides scalability, allowing the network to add more VLANs without having to provision additional physical connections.

Lastly, an IPSEC VPN was set up between the data center and the office, and the Active Directory was integrated using LDAP.

Since the hardware chosen was cloud managed, it was quick and easy to on-board administrators to the network, and it was cost effective to engage a third-party vendor for network maintenance, since most issues could be rectified remotely.