Law firm is a double edge sword in this. They probably are good at law things.
But their attitude in the answers on tech things seems to be “whatever as long as those blinking things it works”, and I am not really surprised because law folks usually aren’t the most tech geeks in the word. So they will probably don’t understand what you say anyway so you must talk money and “office language” with these people.
Do they even know what poe is or do they just smile and say something diffuse so they sound like they know what you are talking about?
Fortunately I followed your advice and sought some things in writing from the client and further the other party involved. As it turns out, that provider is not working with installing what they have given the impression their systems are. The camera system is not PoE but just a basic Lorex system with the ability to carry audio and video and can be accessed remotely over the internet. It also appears the locking system is something similar, so according to them, all that is required is for them to be connected to the switch (or in this case, a port on the router).
It further turns out that they are the force encouraging the client to purchase the routers I pointed to in a previous post. Personally, I feel the client deserves better and I have laid out my perspective for them. However, I can only lead the horse to the water, so it is up to the client to determine which way they go. What I have insisted on is the final choice be communicated in writing to ALL the parties involved and it must include the liability of each clearly stated. Of course I am going o have it reviewed by another attorney before agreeing.
Given that the security installer is forcing a specific router selection, it might be wise to suggest that they handle the whole thing. There is little for you to add in this situation.
As an aside, the security installer sounds like they are amateurs - Lorex is really low end and if it is not even a poe based system, the future roadmap for the client system is not being considered and will require a complete rip-out and re-do at some point. Personally, I’d walk away from this project.
Advice fully noted. What I am also understanding is that the security installer is not able to deal with their network issues so it would create some challenges for the client if I walk away.
That being said, I am considering the walk away option only to secure my reputation. However I do not want it to be seen by the client or suggested by anyone else that I am doing so as a means of forcing/pressuring the client to support my position.
Never mind the reputation... its the time/effort you will have to spend sorting out that shitshow. Its like when you turn up to a client that wants "just a bit of a tidy up" and you open the comms cabinet and it looks like a bomb went off in there. There are times that a "nope. **** this. Someone else can tidy that mess" is a given. Or you quote them silly money and then giggle and cry at same time when they say yes...
Maybe view this as two competing approaches... the client should consider a one-stop-shop for their IT needs and/or should request quotes from other providers to understand their options. Some approaches are not easily compatible with each other and this may be the case here.
^^^ This is important!
By walking away, you are not forcing them to do anything. You're simply saying that you want to ensure that you can provide reliable and high quality service (and network performance), and that cannot guarantee that quality when other parties are dictating the technology stack. Car dealership maintenance is somewhat similar (aside from the huge profit margins on the OEM stuff): they will not install aftermarket components because they can't guarantee the quality and do not want to be held liable for issues that may arise.
Thanks to all for their valuable input and the advice has been well taken. Since I formally advised the client that I no longer have an interest in dealing with this job, there seems to have been a flurry of activity. This has gotten to the point where I am getting calls from a member of their team (a Snr partner of the firm) for us to setup a meeting to work out the matter.
Having moved on from that, there are 2 things I would like to get for you guys. (1) I am changing out some equipment at home and I have so far replaced my old WAP/Extender with a D-Link DAP-1330 that I got as a trade with an associate. Given this project, I found a TP-Link AC1350 Gigabit WiFi Router (Archer C59) that was cheap. I am figuring that using these at home would give me the room to play around in and get more familiar with OpenWRT while being only a danger to myself. Feedback would be appreciated.
(2) I will be going after more small business networks to support and I am expecting at least gateway security will be a concern/consideration. Being more experienced, can you guys suggest the minimum D-Link small business with/without PoE that should be looked at for use?
I can't speak to DLink products, but Ubiquiti Unifi and TP-Link Omada are often good options for small businesses -- pretty inexpensive and good quality hardware (firmware on Unifi can be an issue, but when you have a stable version, it can be great). Typically the integrated nature of their controllers with the gateway, switches, and APs makes it desirable to run completely within their ecosystem (i.e. no OpenWrt on those devices).
Generally speaking, for business grade installations, you'll want to have a router that is not wifi enabled, and then have purpose built APs serving your Wifi. PoE is a great method for handling the APs, so a good PoE switch ties everything together.
You can certainly run OpenWrt on the gateway and/or AP devices, but typically this means more administration work is required, and sometimes it can be more complex.
ah the "oh shit" moment. This is where you tell them to pony up the cash and give you the authority or they find some other fool to sort their trainwreck.
Regarding equipment. Psherman and I have similar views.
Get a decent router (no wifi included) for your gateway/router. Your primary router should only handle traffic. Use POE switches for your cameras etc and regular VLAN capable switches for everything else. Unifi with stable firmware is good. Their AP's just run. You do NOT want to do bandaid solutions for corporate wifi. It will only bite you in the ass. Do it properly or just forget it.
Realistically you will want new or refurbished with warranty for a business or at least have a spare available/quickly sourced. A spare or two on shelf for hardware failures is a worthy investment especially with supply chain shortages. No one wants to spend on IT till it is broken.
Regarding routers. Using Ubiquiti gear is good, but using ARM routers or x86 boards for a main router with OpenWrt is feasible. What you need to detail and work out is how much logging you require. What logging you will be required to keep for auditing or filtering. What HR will want from it etc. There will always be someone who will try bending the rules. Make sure the rules are agreed, published and signed for. That way there is a clear cut path for removal of access/firings.
And lastly? ALWAYS remember ass covering 101. Document it and get it signed off on.