IT Cost Savings Detailed Deployment Report

Prepared for My next amazing customer

Network Infrastructure Assessment: Technical Deployment Details

The focus is on replacing Legacy Hardware with Cloud-Managed PoE models to achieve energy optimization and enable remote management.

Proposed AEON Equipment (Illustrative Technical Part Numbers)

Component	Illustrative AEON Model	Technical Specification	Typical Use-Case
Cloud Gateway / Firewall	AEON-GW-XG	CPU: Quad-core 2.2GHz. Throughput: 4 Gbps+ IDS/IPS. Ports: (2) 10G SFP+ WAN/LAN, (8) GbE RJ45. Power: Redundant AC power supplies.	Core network routing, stateful firewall, VPN concentrator.
PoE Core Switch	AEON-SW-24-410W	Ports: (24) GbE RJ45, (4) 10G SFP+ Uplinks. PoE Standard: IEEE 802.3at (PoE+), 410W total budget.	Centralized connectivity for IP Phones, Cameras, and Access Points.
Wireless Access Point	AEON-AP-6E-PRO	Standard: Wi-Fi 6E (802.11ax). Bands: 2.4 GHz (2x2), 5 GHz (4x4), 6 GHz (4x4). Power: PoE+ (802.3at) requirement.	High-density wireless coverage and separation of internal/guest traffic.

Network Topology and VLAN Configuration

The core topology utilizes the AEON-GW-XG as the Layer 3 boundary, enforcing inter-VLAN routing and firewall policies. The AEON-SW-24-410W acts as the distribution layer, providing tagged (trunk) ports to the Access Points and Access Control Hubs.

VLAN ID	Subnet (Example)	Description	QoS Tagging (DSCP)
VLAN 10	192.168.10.0/24	Corporate Data (Staff PCs, Servers, NVR)	Best Effort (0)
VLAN 20	192.168.20.0/24	VoIP Telephony (IP Phones, SIP Trunks)	Expedited Forwarding (EF) (46)
VLAN 30	192.168.30.0/24	Guest Wi-Fi (Isolated from internal network)	Low Priority (8)
VLAN 40	192.168.40.0/24	Security/CCTV (IP Cameras, Access Hubs)	Assured Forwarding (AF) (24)

Deployment / Integration Requirements

Port Configuration: All switch ports connecting to Access Points (AEON-AP-6E-PRO) and Security Hubs (AEON-AC-Hub) must be configured as 802.1Q Trunks, allowing VLAN 40 (Security) and VLAN 30 (Guest) traffic, with VLAN 10 (Corporate) set as the Native/PVID where necessary for the AP management plane.
Legacy Hardware Elimination: All proprietary physical servers for security functions must be migrated to the new Unified Cloud Platform (AEON-VMS-Pro) before the old network is decommissioned.
Cloud Management: Access to the AEON Cloud Controller portal is required for initial configuration and remote maintenance.

Facilities, Security & Guest Management

The core goal is a Unified Cloud Platform to integrate Access Control, Video Surveillance, and Visitor Management (VMS), eliminating disjointed systems and manual processes.

Proposed AEON Equipment (Illustrative Technical Part Numbers)

Component	Illustrative AEON Model	Technical Specification	Role in Unified System
Unified Console / NVR	AEON-VMS-Pro	Form Factor: 2U Rackmount with 4x 3.5" HDD bays (RAID 5 for redundancy). Connectivity: Dual 10Gbps SFP+. Code: Runs the AEON Protect (CCTV) and AEON Access (Door Entry) applications.	Central data and application host for security, storing all video footage locally.
Access Control Hub	AEON-AC-Hub-POE	Power: PoE++ (802.3bt) for power redundancy to locks. I/O: 4x Lock terminals, 4x Reader ports (Wiegand/OSDP), 4x AUX inputs (REX/Door Sensor).	Connects to electric locks, door sensors, and Exit Buttons; provides power and network connectivity.
IP Camera	AEON-CAM-G6-Dome	Resolution: 4K/8MP. Power: PoE+ (802.3at). Code Use: AI-powered object detection and tamper detection, linked to the AEON Protect application on the VMS-Pro.	Video surveillance, event recording, and security gap closure.

System Integration and Data Flow

CCTV & Door Entry Integration: IP Cameras (VLAN 40) and Access Hubs (VLAN 40) are powered by the AEON-SW-24-410W (PoE+ ports). All data is streamed to the AEON-VMS-Pro on VLAN 10 (Corporate Data Network).
Event Correlation: The AEON Access application logs an entry event (e.g., card swipe, mobile credential). It automatically triggers the AEON Protect application to capture a 30-second video clip from the associated AEON-CAM-G6-Dome, correlating the access event with video verification, thereby eliminating security gaps.
VMS Automation: The Automated VMS (AEON-VMS-Kiosk) runs an application that uses an API touchpoint (e.g., Microsoft Graph API or Google Workspace Admin SDK) to instantly notify the host upon guest check-in via their work chat application (Teams or Meet).

Deployment / Integration Requirements

Door Hardware Specs: Precise voltage (e.g., 12V DC) and current draw for existing electric strike/maglocks to ensure the AEON-AC-Hub-POE can provide adequate power over PoE++.
Mobile Credential API: Integration with the organization's Identity Provider (IdP) (e.g., Azure AD/Entra ID or Google Workspace) is required to issue Mobile/QR Code Credentials to staff and block access upon de-provisioning.
VMS API Key: Provisioning of a dedicated service account and API key/token for the automated guest check-in kiosk to access the necessary communication API for host notification.

Telephony & Communication Systems: Cloud VoIP Migration

The recommendation is to consolidate all voice services under a single Cloud-hosted VoIP provider, eliminating legacy PBX hardware and duplicated subscription fees.

Platform & Protocol Details

Component	Protocol / Standard	Deployment Detail	Integration Point
Cloud VoIP PBX	SIP (Session Initiation Protocol)	UCaaS platform hosted by the vendor (AEON-VOICE-Suite).	SIP Trunking to PSTN.
Collaboration Integration	Teams SIP Gateway or Direct Routing	Connects the Cloud PBX to Microsoft Teams/Zoom Phone application endpoints.	Teams Admin Center for configuration.
IP Phones (Optional)	SIP (e.g., Poly VVX or Yealink T-series)	Devices connect to the VLAN 20 (VoIP), powered by the AEON-SW-24-410W (PoE+).	Auto-provisioning via DHCP Option 66 pointing to the AEON-VOICE-Suite server URL.

Firewall and Port Requirements

The AEON-GW-XG Firewall must be configured to allow outbound traffic for SIP signaling and RTP media.

SIP Signaling: TCP Port 5061 and/or TCP/UDP Port 5060 (depending on the AEON-VOIP vendor).
RTP Media: UDP Port Range 10000-20000 (or similar range specified by the vendor) for high-quality audio streams.
QoS Implementation: The AEON-GW-XG must prioritize VLAN 20 (VoIP) traffic using DSCP EF (46) tags to ensure high-quality call service across the network.

Deployment / Integration Requirements

LNP (Local Number Portability): A signed Letter of Authorization (LOA) and the Customer Service Record (CSR) are legally required to port existing Direct Dial-In (DDI) numbers and the main company number to the new SIP provider.
Network Readiness Check: A pre-migration assessment (MOS score) must be conducted to ensure low latency, jitter, and packet loss on the network before migration to guarantee consistent call quality.

Operational Systems & IT Support: Automation & Consolidation

The strategy uses Identity Provider (IdP) integration for automated license management and workflow tools for efficiency.

SaaS Consolidation and License Right-Sizing

Initiative	Technical Process Flow (API-Driven)	API Touchpoint Required
Automated License Removal	HR/IDP Integration: When an employee's status changes to "Terminated" in the HR system, a workflow is triggered in the IdP (Azure AD/Entra ID or Google Workspace). This workflow calls the Licensing API of all integrated SaaS platforms to immediately revoke/reclaim the user's licenses (e.g., Microsoft 365, Salesforce).	Microsoft Graph API (/users/{id}/licenses) or Google Admin SDK Licensing API
SaaS Consolidation Audit	Discovery Tool Integration: A SaaS Management Platform (SMP) is integrated via Read-Only API access to the financial system (e.g., QuickBooks/Xero) and IdP to detect all currently used software subscriptions, users, and usage patterns to identify redundant and underused apps.	SaaS Vendor-Specific APIs (e.g., HubSpot, Dropbox) and Finance System APIs.

Data Migration and Workflow Automation

Data Migration (SharePoint/Google Workspace): All legacy local databases and shared network drive content are migrated to the centralized cloud platform. This requires using a certified migration tool that can preserve file metadata and complex permissions (ACLs).
Workflow Automation Tool (e.g., Power Automate/Notion): Automation logic is built using drag-and-drop interfaces to replace manual processes.
- Touchpoint: Utilizes the API connectors of various services (e.g., email, CRM, finance) to orchestrate tasks across applications.
- Example Code Use: A new Power Automate workflow is deployed that triggers upon a new "Invoice Approval" entry in a SharePoint list, sends a notification via Microsoft Teams API to the finance manager, and updates the status in the central system.

Smart Cloud Storage (Archival Tiers)

Policy Definition: A data lifecycle policy is created, for example: Any file in the primary cloud storage (e.g., Azure Files/Google Drive) not accessed for 90 days and older than 1 year is flagged as "cold".
Automated Movement: Cloud services' built-in automation rules (Storage Lifecycle Management) are configured to automatically move the flagged data to the designated Archival Storage Tier (e.g., Azure Archive or Amazon Glacier) via a backend process, significantly reducing recurring monthly cloud fees.

Back to Home