Zero Downtime Since Deployment — Enterprise Infrastructure for a Leading NYC Architecture Firm

A fully redundant switching fabric

Access Layer

Six Cisco Catalyst 9300 switches form the access layer as a single logical stack, providing nearly 300 ports across the office floor. The top stack member — a multi-gigabit variant — is dedicated exclusively to wireless access point uplinks, supporting 5 Gbps per AP uplink with headroom for future 10 Gbps capacity. The stack was specified with 8-port 10GbE expansion modules to provide significant uplink headroom beyond what the licensing tier requires.

Beyond data-plane stacking (each inter-switch link operates at 480 Gbps, dual cables per switch providing 960 Gbps of intra-stack capacity), Cisco StackPower connects the power supplies of all stacked switches into a single logical power domain. A switch member remains fully operational even if both of its local PSUs fail simultaneously, provided the aggregate pool has sufficient capacity from neighboring members. Every switch carries dual PSUs on independent 30-amp UPS circuits — defense-in-depth at the power layer.

Core Layer

Dual Cisco Catalyst 9500 switches operate via StackWise Virtual — a unified control plane in which both chassis are simultaneously active and authoritative. Neither chassis can enter a split-brain state. From the perspective of any connected device, the two physical switches are a single logical entity.

This enables true cross-chassis EtherChannel: all 12 access-to-core uplinks function as a single bundle, providing 120 Gbps of aggregate bandwidth between layers with simultaneous throughput and link-level redundancy — and no spanning tree blocking. Both core switches carry redundant PSUs on independent circuits.

Firewall & WAN

A SonicWall NSA 4700 pair operates in active/passive HA, selected specifically for its ability to sustain full deep-packet inspection at 10 Gbps line rate. The site runs a 10 Gbps primary WAN circuit with a 1 Gbps backup — the 4700 was sized to ensure the firewall is never the throughput ceiling at either circuit speed. Downstream connectivity from each firewall to the core uses four bonded 10GbE links (40 Gbps per firewall). Failover is automatic and stateful, typically converging within 2–3 seconds. Both units carry redundant power on independent circuits.

Thermal Management

The server room presented a challenge common in built-out office environments: extending dedicated precision cooling would have required tens of thousands of dollars in additional ductwork and chiller capacity — not viable given the space geometry. RSystems specified and installed a dedicated HVAC unit within the server room with a hot-aisle/cold-aisle design: cold supply air directed at rack front faces, hot exhaust captured and ducted into an adjacent room. Stable operating temperatures have been maintained since deployment.

Dual-controller SAN with 80 Gbps aggregate bandwidth

Primary SAN — Synology UC3200

Selected specifically for its dual active-active iSCSI controllers. Each controller has its own processor, RAM, and dedicated network interfaces. Path failover on controller failure occurs at the hardware level with nanosecond-range latency — no controller election, no convergence delay, no VM I/O timeout. Both controllers serve I/O continuously.

Disk configuration: 8 × 16TB SAS HDD with 4 × 1.92TB SAS SSD read/write cache tier. The cache tier handles small-block, high-IOPS workloads; spinning disk handles large sequential transfers. The tiering engine dynamically promotes and demotes data based on access patterns.

iSCSI connectivity: 8 discrete 10GbE interfaces, each with a unique IP address, all running Jumbo Frames (MTU 9000) — 80 Gbps of raw iSCSI bandwidth. Each ESXi host uses 3 dedicated 10GbE NICs for iSCSI, providing 9 host-side paths in aggregate, closely matched to the 8 appliance-side paths. The network fabric was deliberately over-provisioned relative to the storage appliance's maximum sustainable I/O throughput — the disk array is the ceiling, not the network. That is by design.

Three precision tuning optimizations were applied: ALUA MPIO for intelligent path selection that avoids unnecessary inter-controller traffic; Round-Robin IOPS threshold reduced from 1,000 to 1 (distributing I/O across all 8 active paths simultaneously rather than allowing a single path to carry disproportionate load); and EtherChannel hashing algorithms coordinated across Cisco switch and VMware vSwitch layers to ensure balanced traffic distribution across all physical links.

Secondary SAN — Synology SA3200D

Active/passive dual-controller unit serving as backup target and extended services platform. The SA3200D was chosen over a second UC3200 for its support of native cloud replication to AWS S3, DNS services, and additional data management capabilities required by the firm's workflow. The trade-off — a few seconds of failover latency versus nanoseconds on the primary — is acceptable on the backup tier where brief interruptions are tolerable.

Cloud-managed access control, provisioned through Entra

RSystems deployed PDK as the firm's physical access control platform, integrated directly with Microsoft Entra ID (Azure AD) as the identity source of truth.

The integration eliminates a manual provisioning step that is easy to miss and costly to overlook. When a new employee is added to Entra, PDK automatically creates their access control profile and sends them an invite to enroll their smartphone as a credential. No fob to issue, no IT ticket to file, no separate admin console to manage.

Staff use their phones at door readers via NFC and Bluetooth Low Energy — a faster and more reliable experience than physical credentials, and one that scales gracefully as the organization grows. Offboarding is equally automatic: removing a user from Entra revokes their building access without any additional action.