Solved

Need some advice on a VOIP and Data hardware solution...

Posted on 2013-11-16
18
639 Views
Last Modified: 2013-12-07
I have a project coming up soon, a 4 story office space building which will supply business tenants with phone and internet.  Each floor will have about 50 businesses which will be about 100 people on each floor.  

I will be using a NEC SV8300 phone system to support each company with phones and there own greeting.  I am also thinking of using TZ215 to run the wireless end of things on each floor, using an NSA 2400 to run SIP through for the phones system and using 2 different netgear switches...one for phone and another for data/internet.

I really need to know will the NSA 2400 handle all the voip traffic and what equipment is best to use on this project.  Thanks
0
Comment
Question by:PowerC280
  • 10
  • 7
18 Comments
 
LVL 24

Assisted Solution

by:diverseit
diverseit earned 500 total points
ID: 39654287
Hi PowerC280,

So essentially you will be supporting 400 users for Internet & VoIP? Are they all separate businesses, meaning they need Security Context so that there is no peer snooping (which I'd definitely recommend)?

Are you providing them only the connection to the Internet or are you also providing the firewall management too? I only ask for topology & architecture reasons.

Keep in mind that users do not equal Nodes! So when you read below understand a Node is anything given an IP address...so one user could potentially equal 4 or more nodes (PC, laptop, smartphone, tablet).

Which device will be handling the LAN and VPN traffic - the TZs?

Firewalls for Wireless (and possibly LAN depending on your answers to my questions above).

Here are a few options for you:
1. Setup a managed switch per floor running to one firewall...like a NSA 5600 (http://www.sonicwall.com/us/en/products/NSA_5600.html), which would handle 499-999 Nodes, provide 400 VLANs and support up to 96 SonicPoints (depending on the material used in the building you could have up to 20 APs/floor). You could even run your VoIP through this unit as well...QoS, Multi-WAN and Full H323-v1-5, SIP support would allow you to do this very well.
2. The TZ 215/floor would be pretty under-gunned. It would only provide support for 25-49 Nodes. I recommend the NSA 2600/floor (http://www.sonicwall.com/us/en/products/NSA_2600.html) which would more adequately support 100-499 Nodes.

Are you planning on have a TZ 215 on each floor providing roughly 10 VAPs (~1 SSID per business)?

They sound like pretty good sized floors...you will most likely need more Access Points to accommodate this. I'd recommend SonicPoints (http://www.sonicwall.com/us/en/products/Clean_Wireless_Series.html#tab=Compare).

Firewall for VoIP distribution.

Is the NSA 2400 is only handling VoIP traffic? I'd check to make sure the specs and overall throughput would support 400 users.

Let me know if you have any questions?
0
 

Author Comment

by:PowerC280
ID: 39654795
Thank you guys for a quick response.  I will be posting 2 visio layout, first layout will be with all the equipment on one floor the second layout will be where each floor will house there own equipment.  I am working on this now and should have the first layout by 3 or 4pm eastern.

Ben
0
 

Author Comment

by:PowerC280
ID: 39654817
Sonicwall Devices:

So I could run the whole building with the NSA 5600 or put a NSA 2400 on each floor.  Would it be better if each floor having its own equipment just incase a device or so goes down?
0
 

Author Comment

by:PowerC280
ID: 39655094
Here is a diagram of all equipment in one location with data/voice on the same network:


Floor 1 – 3 sonicpoint Ni with 2 data and 2 voice ports

Floor 2 –-4 sonicpoint Ni with 100 data/voice together

Floor 3 - 4 sonicpoint Ni with 100 data/voice together

Floor 4 - 4 sonicpoint Ni with 100 data/voice together

Floor 5 - 4 sonicpoint Ni with 100 data/voice together

Floor 6 – 3 sonicpoint Ni with 20 data/voice together


NEC SV8300 or NEC 3C (VOIP)

All Switches will come with POE

Router/Firewall – NSA 5600

Wireless – Sonicpoint Ni

SIP Trucking will be used for data/voice (how much bandwidth do I need?)  I project 100k per call

Is it true that having both data and voice going through my network I may run into issues?

Each business should have their own private ip address where no other business can snoop.

Must support multimedia

Can I have the NSA 5600 take care of the data end and the NSA 2400 take care of the voice through the same network?

PLEASE RECOMMEND THE BEST SONICWALL HARDWARE AND IF I SHOULD USE DELL OR NETGEAR SWITCHES FOR THIS APPLICATION AND HOW MANY I NEED. THANKS
Project-X.pdf
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39655111
I need to better understand your business model...are you providing a managed firewall service?
0
 

Author Comment

by:PowerC280
ID: 39655132
Dirwall service???
0
 

Author Comment

by:PowerC280
ID: 39655146
Office Space Building


We are going to provide phone services (each company will have the capability to setup there own greeting for their business)

We will provide internet to all businesses, either private or public (please advise)

East company will be able to print to a local printer only.  They will not be able to snoop each others network.

Wireless will be configured for guest only (general internet)
0
 
LVL 24

Accepted Solution

by:
diverseit earned 500 total points
ID: 39656596
"East company..." What about the West companies...who is going to take care of them? LOL It looks like the keyboard got the better of both of us. I meant managed firewalls...not dirwalls! LOL.

Anyway, the reason I asked about the business model is that I need to understand where your liability ends...basically what you are responsible for providing and keeping up. It makes a difference in the execution and planning.

I've been down this road before...we were pitching to provide basically the same thing...buy tons of bandwidth in bulk, then distribute it to each tenant while providing the firewall management as well. The firewall management was optional but we pushed it due to our business model.

But it comes down to two distinct paths: A) be the ISP (buy a large block & route it out (no FW)), or B) be the manage firewall/network provider (ISP, FW, VoIP, etc).

In "A" it's easier...just buy a few switches or module switch and provide Internet access only. In "B" you cross the line into their (each tenants') network, which is where the complexity grows.

Here is where "B" comes down to really understanding the offering or business model in more depth...for example if you are going into this under the premise that you'll be providing these tenants with either the same level of service or higher than what their IT staff or provider would be offering, there are many things to consider. Under this notion, are you going to provide the options for Multi-WAN fail-over, HA, VPN Site-to-Sites, GVC, SSL-VPN, Wireless Guest Services (WGS), UTM security like CGSS applied per tenant? Each tenant will have different business needs and these types of services would be provided by their IT staff or IT providers so therefore they need to be offered to each tenant IMO. Basically, there has to be built-in value...and more than you have to do this if you buy space from us.

I will address concept "B" as this is what I think you are more aligned with.

Firewall.
I'd recommend NSA 5600 with HA (High Availability) and consolidate all traffic (data & voice) thereby all data & voice would have redundancy, which will add a tremendous amount of value too. You will be able to assign Interfaces, VLANs, and Zones (basically Security Context) and apply CGSS via Zones, IP Segment or through App Rules (Recommended). You'll be able to provide VPNs to each tenant as well as VPN failover.

Switches.
I'd recommend possibly a Cisco Catalyst. Not the typical 24 or 48 port switches because you'll eat up switchports creating adequate uplink bandwidth. But rather something with cards...a modular switch because they are built with a high bandwidth backplane.

WAPs.
The SonicPoints are a good bet because of their functionality and support,however, you could save at least 5x the cost using a solution like Ubiquiti but you wouldn't have the support and SonicWALL does so for that reason alone I'd be more inclined to go with SonicPoints.

Internet Connections.
I definitely go with multiple WAN connections (different providers if possible). At least dual WANs for data and voice. Bandwidth is going to be a number's game...of what are you offering on your menu of options (fixed or tiered levels, etc.)

Your Questions

SIP Trucking will be used for data/voice (how much bandwidth do I need?)  I project 100k per call
Here again, it's really a numbers game. If you get a 135x135 then that would provide each tenant (assuming there are 40) approx. 3.375x3.375 Mbps. This is also assuming that everyone will be allotted the same amount without an option to expand.

Is it true that having both data and voice going through my network I may run into issues?
No...that is ridiculous!

Each business should have their own private ip address where no other business can snoop.
Not a problem for the NSA 5600. Each business would get their own Interface, subnets and Zones, which would provide security specifically through Zone Access Rules ({tenant_A Zone} > {tenant_B Zone} Any, Any, All, Discard or Deny and vice versa)

Must support multimedia
Again, not a problem for the NSA 5600.

Can I have the NSA 5600 take care of the data end and the NSA 2400 take care of the voice through the same network?
As I said before I recommend consolidating all traffic into the NSA 5600 running HA that way you have redundancy/fail-over on ALL traffic. I wouldn't get an NSA 2400 for voice but rather get 2 dedicated Internet feeds and load balance/fail-over them for voice traffic running into the NSA 5600.

Hope that helps!
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 

Author Comment

by:PowerC280
ID: 39656827
diversit....should I put all equipment in one location or should each floor have its own equipment and run cat 6 and fiber from each floor to connect to the 5600 and phone equipment that will be on the main floor?
0
 

Author Comment

by:PowerC280
ID: 39656863
So you wouldn't recommend neither the Dell or Sonicwall Switches....

I want to get the stackable switches and I was going to connect each switch via SFP.

What cisco catalyst do you recommend?

So I will be able to issue private IP's to the tenant appose to Public using the NSA 5600?
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39657923
diversit....should I put all equipment in one location or should each floor have its own equipment and run cat 6 and fiber from each floor to connect to the 5600 and phone equipment that will be on the main floor?
There is literally no reason to physically separate the switches...everything should be located centrally in your server room/wiring closet, with the exception of your SonicPoints obviously.

So you wouldn't recommend neither the Dell or Sonicwall Switches....
I like Cisco Switches. SonicWALL doesn't make switches but if they did they'd probably be my goto (provided that they make their switches the same way they make their firewalls).

I want to get the stackable switches and I was going to connect each switch via SFP.
see below...

What cisco catalyst do you recommend?
Take a look at these...http://www.cisco.com/en/US/products/ps10902/Products_Sub_Category_Home.html

So I will be able to issue private IP's to the tenant appose to Public using the NSA 5600?
To my understanding this is what you are wanting to do...provide this service, so yes, you'd be providing and managing their firewall and thereby giving them Public and Private addresses.
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39661794
Have I answered all your questions?
0
 

Author Comment

by:PowerC280
ID: 39664044
You have answered all my questions....I am putting everything together and  post the outcome of what equipment and infrastructure I decided to go with.

Ben
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39664053
Terrific!
0
 

Author Closing Comment

by:PowerC280
ID: 39703260
This guy is on point...I did what he recommended and everything is working great.  Sorry it took so long to respond I have been working at the site.

Ben
0
 
LVL 24

Expert Comment

by:diverseit
ID: 39703633
No apology necessary! You're welcome! I'm glad I could help and thanks for the points!
0
 

Author Comment

by:PowerC280
ID: 39703875
You are welcome...
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now