Friday, November 22, 2019

Large Multi-Tenant Office block - How would you build?

I wanted to pick your brains around a network design project I am currently looking at.

Situation:Large company in an office block is moving out and the owner is splitting the site in to 150 small offices for different tenants. The site is across 5 buildings but all on the same site. Internally there are very little changes as it was split in to small offices anyway.

Current:Every office is already cabled back to around 15 racks all with patch panels. All current switches are coming out. but all structured cable will remain in place.Every rack has fibre linked back to one location (with exception of 2 which are daisy chained from one another)Connectivity is provided by 1Gbps leased line connection from a main provider, this will remain in place and will have public IPs available (a 2nd can be added if required)Wifi APs are present on site and will remain, they are WPA2-Enterprise compatible

To be:Each tenant to have their own connection which they will pay for as part of their rent, as an optional extra almost, but will be required unless a separate line is to be brought in for them.Connection is to be accessible via WIFI and wired lan, each connection should allow port forwarding and the ability to assign a public IP if required and allow VPN access in their network.Customers to be able to logon to panel and see usage, devices connected etc, order additional products such as speed increases

Question:So my question is how would you do it? What equipment would you use? How would you set it up? What Monitoring/Management would you use?

My plan was to do the following;

  1. Mikrotik Cloudcore Router which would contain VLANS and VPN access (1 VLAN for each tenant)
  2. Freeradius Radius Server (Daloradius) to manage vlan logon for WIFI via WPA-Enterprise
  3. Switches (Open to ideas but have used Dell 1100Series successfully for smaller projects)
  4. Network management via single panel including monitoring of tenant usage (not sure on this)

The above I believe is the most simple, but what else could be done? Could we set it up almost as an ISP where every tenant has their own IP address, would that offer more control such as filtering? As we have not started anything yet I have a blank sheet and don't worry too much about budget. Funding is available for this.

Thanks all

Edit: detail



No comments:

Post a Comment