No job too small!
This is a familiar slogan you often see tradesmen use in the local paper! It’s not something that we at ACC have ever proactively advertised, but even though we’re typically to be found rooting around in the enterprise networks of large sized businesses, we are still very much up for helping the smaller, local business too.
The interesting thing is, even though a small business involves a far less technology than your typical multinational mega-corp, it’s often the case that SME networking projects turn out to be MORE of a challenge. Lower budgets, lack of onsite IT expertise, no network kit standardisation and fragmented IT service providers. These are all factors that sometimes make working with SME networks a little bit like knitting a Cashmere scarf from a live goat.
We are optimising big business networks all the time, so we thought; why not take the Enterprise networking methodologies we are familiar with, and shrink these right down to create a small sized Smart Networking ‘outfit’, specifically for SME customers? Our aim: To ‘re-tailor’ the SME network by decking it out with ‘Savile Row’ type network apparel, just with an M&S price tag!
And it wasn’t long before we got our first opportunity to cut some of our new SME Smart Networking cloth…
We were invited to upgrade the network of a small, but fast-growing Woking based firm of financial advisors and our first ‘discovery visit’ revealed a familiar SME networking story.
The company had migrated to VOIP phones a few years back, with the help of a (very good) Voice Internet Service Provider (VISP). This company, Bellcom Communications, had provided the SIP VOIP accounts, an affordable VDSL router and the line itself.
Another IT company had taken care of the office WIFI solution which needed to be replaced as it was rather old and not particular ‘joined up’ with the network.
There was nothing particularly ‘wrong’ with the setup – and the VISP, Bellcom had done a marvellous job at providing the business with a reliable, jitter free IP telephony. The network had been specified when the business was much smaller. It was an ‘everything on the same network’ sort of design, which is a very common type of small network, found in very small businesses, all over the UK.
There comes a point though, when the business needs to evolve outside of the ‘single box’ network. With our SMB Smart Networking package, we were going to replace this with a new ‘platform’ of affordable ‘Enterprise Class’ products, building a solid base that would enable the network to effortlessly grow with the business for many years to come.
Our solution contained just three fully integrated ‘Smart Networking’ products from Allied Telesis.
So lets crack on and we'll show you have we took an SME to SBN - because it takes just three products to make a ‘Smart Business Network’ on a shoe string budget..
AR 4050S: The Secure Firewall Router at the core of the SME Smart Network
The AR4050S, is one of our favourite Allied Telesis devices, and is an extremely capable foundation stone to build a small business smart network around.
For offices that need high availability, the AR4050S is fully rack-able, and there is also a special rack tray (AT-RKMT-J15) which enabled you to mount two of them side by side in 1U. For more information on this option please see our the blog post: Allied AR4050S: The Smart Network Integrated Security Platform That Saves You Management Cost, Time… And Space!
So here's a quick run down of a typical SME AR4050S setup:
- Enable Allied AMF master for control, and backup of Allied AMF capable devices on the network (3 AMF node licenses are included with the AR 4050S)
- Create PPPoE client configuration for 1 of the two WAN ports
- Configure cellular 4G WAN device support for automatic WAN backup
- Restrict certain protocols / applications for the 4G WAN using SD-WAN (software defined WAN)
- Create secure VLAN for OFFICE, VOICE and GUEST networks
- Create NAT & Firewall rules to segregate networks
- Created configuration for ‘Psudo-Wire’ solution to stretch network to another site when needed so both sites can exist on the same L2 network.
- Enable SNMP for advanced enterprise monitoring back to our NOC
Although the VDSL router provided by BellCom was capable of operating in PPPoE ‘bridge’ or ‘passthrough’ mode, we decided it would be a better idea instead to replace this unit with a much simpler and more streamlined VDSL modem which Bellcom happily supplied us with.
Smaller, even less expensive versions of the AR4050S are also available – the AR3050S, AR2050V and of course, the ‘Mighty Maggot’ AR2010V! Talk to us about the specification differences if you are interested in lowering the cost of the solution further.
AT-GS970M/10PS-30: A Powerful Mini Switch That Delivers PoE+
The Allied GS970M/10PS is an excellent choice for a lower cost, but high specification 10 port PoE+ switch.
The business owner did not want to pay to ‘flood wire’ the rented premises as he did not know how long they were going to stay there. Instead, an ‘island’ approach was favoured where switches were located not centrally, but instead on each island of five staff members, three islands in total. This cut the cost of the cabling job by about £1,000, and although placing better quality switches on each island did add cost, if the business did decide to move, the switches could go with them – the cabling would not!
IP phones were connected directly to the GS970, with workstation network connectivity then supplied by the IP phones ‘PC’ passthrough port.
Passing through PC network connections like this on VOIP handsets can be problematic, and more complicated if you are considering using tagged VLANs. The GS970M however has a neat feature called LLDP-MED (Link Layer Discovery Protocol for Media Endpoint Devices) and Voice VLAN support. With this configured, the customers’ existing VOIP phones (which thankfully supported LLDP) automatically configured themselves over to the special ‘Voice VLAN’ we created, the PC device on the passthrough connector as not configured for LLDP-MED, remained on the OFFICE VLAN. The result is complete separation of VOIP and DATA, with an extremely simple (and familiar to the business) Switch > Phone > PC cabling setup.
In addition to LLDP-MED, the GS970M also supports Allied Telesis AMF, so not only is this switch and others fully manageable from the AR4050, but their configurations are backed up to the AR4050 nightly too. If any switch were one day to fail, an advanced replacement with factory settings could be plugged in, the device would be seen by the AR 4050, triggering the AMF restore to be re-provisioned, LLDP-MED setup and all!
Like the AR4050, the GS970M is SNMP monitor-able, enabling us to keep a much better eye on things from our NOC.
Read more about the GS970M/10PS and other switches in the same range over on the decided product page.
AT-MWS1750AP Wireless Access Point: The rugged, secure and easy to manage wireless workhorse
With the core fire-walling, routing and desktop VOIP/office network switching taken care of the final part of the puzzle was wireless. A brilliant aspect of running the MWS 1750AP with an AR 4050 firewall, is that the AR has its own Wireless Access Controller built in, completely free, which supports up to five Allied Telesis wireless APs.
This means that without having to perform any setup on the AP itself, we were able to use the AR 4050s Wireless Controller, to create three different wireless networks in no time at all.
2.4GHZ WLAN for legacy devices on the OFFICE VLAN
5 GHZ WLAN for newer devices supporting faster wireless on the OFFICE VLAN
2.4 GHZ WLAN for a completely segregated & locked down GUEST VLAN
The addition of the wireless Guest VLAN means that clients are now able to get WIFI for outbound internet access, with zero risk of touching anything internal.
All the WIFI setup was done on the AR4050, so in the event the AP needs to be replaced, as the complete configuration is on the AR device, it’s simply to push the config back out to the replacement AP. It’s just as easy to also add new APs to the network to extend coverage.
The MWS1750AP was patched in to take its power from the GS970M.
Finally, with SNMP functionality, this AP also is fully monitored back to the NOC to enable us to get a full 360-degree network visibility.
The SMB, 1-2-3 for Smarter Networking!
So, there you have it. We transformed a small ‘single box’ SME network, to one that now has far more in common with some of the larger Enterprise networking projects we work on.
It’s was simple a case of 1-2-3: Firewall, Switch, AP!
Our Allied Telesis Solution 11-point checklist to enable Smart Networking in the SME:
- Standardise network equipment and ensure they integrate
- Centralise configuration and management of all devices
- Separate networks with secure VLANS
- Create isolated voice optimised ‘Voice VLAN’ for IP telephony
- Create secure 'padded cell' guest WIFI solution for customers to use
- Put systems in place (AMF etc) to make it easy to upgrade and secure all network kit from one point
- Deploy full remote monitoring on all devices and network interfaces
- Look to reduce expenditure on cabling work – you can’t take it with you!
- Stick to very tight budget
- Make it fast and non disruptive to deploy
- Future proof for further growth for additional physically separate offices with functionality such as VPN and ‘Stretched L2 networking’ (Psudo-Wire)
Could your SME or small remote office benefit from a smart networking solution such as this? Why not get in touch with us today, and allow us to smarten up your network!
No Comments