Building A Corporate Family Network

Being a network or system administrator is an around the clock job. Family reunions can sometimes involve an unending line of questions about personal computers, phones, and other consumer level challenges. I think of the similarities to owning a pickup truck and getting calls from friends asking for your assistance to move or transport something bulky. 

To keep family functions focused on family, I decided to use the opportunity as a case study and finish an IT project that involved replacing and standardizing everyone’s home networking and hardware components with enterprise grade gear that would be both incredibly reliable and easy to troubleshoot remotely if need be.  This opportunity also allowed me to implement a true monitoring system that can then send alerts if something isn’t functioning properly.  By doing this, the laundry list of IT questions at family reunions went from many to essentially none, as everyone benefited from great uptime and the minor issues never grew to major catastrophes.

Each home network was configured independently and isolated as its own and did not require my main Minneapolis data center to function. From there, a VPN server/client relationship was linked to each firewall which is unlike a traditional IPSEC environment where each IP address can theoretically be accessed between sites.  The goal was to simply access the firewall and configure NAT  rules over the VPN to access ICMP and HTTP on any device requiring monitoring or troubleshooting.

Every home has the same basic hardware setup:

Edgerouter Firewall  — The Ubiquiti EdgeRouter X was specifically chosen due to its low cost, small footprint, and amazing performance for home and small business use. It has built in OpenVPN, IPSEC, and other protocols as well as the ability to assign each Ethernet interface to a different network which is not really necessary for residential use but is still nice to have.

Ubiquiti Unifi AC WiFi – The Unifi lineup is incredibly powerful and customizable for its price point. I posted a similar article about this multi-home network setup on a social media channel and a handful of users inquired about the purpose of splitting up the Unifi ecosystem by choosing the EdgeRouter firewalls as opposed to the Unifi Security Gateway.  My first and only answer is that the EdgeRouter performs the same necessary duties at less than half the cost.

Polycom Phone – Easily the best VoIP phone on the market is the Polycom VVX series. I purposefully chose this phone because of the attention to audio quality.  The speakerphone is incredibly adaptive, each microphone is thoughtfully engineered and has great adaptive processing built into the firmware of the phone.  Some family members are a little hard of hearing and for the few who struggle with hearing loss, having this high quality voice option for extended phone calls was an absolute game changer.

Fine tuning the network was relatively easy as every setup involved the same choreographed tasks. Configuring the monitoring and management interfaces is an ongoing process as the hardware and software updates evolve. Initially it was easy to simply spin up the Ubiquiti Network Management System to gain insight on any connectivity or bandwidth issues on the EdgeRouters, but of course the Unifi system utilizes its own separate management interface for WiFi so over time the amount of these systems grew. Consolidating the monitoring/alerting was a simple process of moving all of the data to a Nagios XI virtual machine. This allowed me to reduce all of the noise and troubleshooting processes that meant accessing three or four tabs and login screens.

Some houses have exterior driveway and entrance Cameras that route back to a main Network Video Recorder (NVR) as it eliminates the need to pay monthly for storage and can be easily maintained without a mess of hardware at each location. This is also important because rather than finding out days or even weeks later, I get real-time e-mail alert if one of the cameras goes offline or is producing errors.  

Easily the best byproduct of this network setup is having the ability to test enterprise network environment tasks in an unobtrusive manner. As the network grows so too does the list of possible expansions. Recently the Internet of Things (IoT) side of monitoring has become a front and center attraction. Being able to monitor temperatures, water levels, gas flow, and other various aspects of the house or even specific tasks like refrigerator/freezer monitoring have taken only a matter of minutes to set up. If a refrigerator is left open by accident, for example, the centralized monitoring system (Nagios XI) will fire off a notification to whomever needs to close the door.  In other words, I am able to delegate autonomously the information without having to do anything on my end.  Nagios XI simply lets the appropriate family members know what is going on with their network, appliances, yard, etc without me having to pick up a phone. If issues arise, I can then use the VPN network to dial into the devices most likely to cause any trouble. The list of devices able to be dialed into is limited as laptops, tablets, workstations, etc are very volatile so monitoring their performance 24/7 is not necessary.  Some workstations and laptops have dial-in software that can be activated when the user activates the function which saves a significant amount of time in troubleshooting.