Multi-tenant townhome complex
Residential • Greater Houston service area
Problem
The property manager had recurring incidents of missed package theft footage, unstable Wi-Fi in shared corridors, and no clear way to isolate guest devices from management systems.
Environment
- 18-unit townhome block with detached garages and shared alley access
- Mix of aging Cat5e runs and unmanaged switches
- Legacy consumer cameras with inconsistent recording retention
Constraints
- No full rewiring budget in phase one
- Needed to keep internet online during migration
- Residents required isolated guest Wi-Fi with captive portal
What we deployed
- Replaced core with UniFi gateway + 10G aggregation switch
- Created VLAN segmentation for management, CCTV, IoT, residents, and guests
- Installed 22 PoE cameras with role-based dashboard views
- Configured retention policy (30 days motion-indexed, 7 days continuous on critical zones)
- Added alert routing for perimeter and package-room events
Before / after outcomes
- Video retrieval time dropped from ~20 minutes manual hunt to under 90 seconds
- Documented 42% drop in after-hours nuisance incidents over first 90 days
- Guest traffic isolated with zero crossover incidents into management network
Stack used
- UniFi Dream Machine Pro
- UniFi Protect
- PoE switching
- VLAN ACLs
- Cloudflare Tunnel for secure remote access
Architecture diagram (text)
Internet -> UDM Pro -> [VLAN10 Mgmt | VLAN20 CCTV | VLAN30 Resident | VLAN40 Guest] -> PoE camera rings + AP mesh
Site photos and topology screenshots are shared during discovery calls and proposal review.
“We moved from 'maybe the camera caught it' to a system our team can actually trust in real incidents.”
Specialty medical office
Healthcare • On-site + remote support
Problem
Frequent VoIP call drops, delayed EHR sync, and flat network topology that mixed medical devices with guest access. Staff lost time daily to reconnect workflows.
Environment
- 2-floor clinic, 34 endpoints, 8 shared workstations
- HIPAA-sensitive traffic and multiple vendor-managed diagnostic devices
- Dual-WAN available but failover never configured correctly
Constraints
- Cutover needed outside patient hours
- No downtime for refrigeration and alarm telemetry
- Security controls required without disrupting vendor support tools
What we deployed
- Implemented segmented network zones for admin, clinical, imaging, VoIP, guest
- Deployed policy-based routing + tested dual-WAN failover
- Introduced monitored VPN access for approved vendors only
- Set QoS for VoIP and EHR traffic prioritization
- Built incident runbooks and recovery checklists for office manager
Before / after outcomes
- Measured VoIP MOS score improvement from 3.1 to 4.3
- EHR sync delays reduced by 63% at peak hours
- Recovered from ISP outage in 38 seconds during live test
Stack used
- UniFi gateway
- Site-to-site VPN
- QoS shaping
- Syslog + uptime checks
- Automated config backups
Architecture diagram (text)
Dual ISP -> Gateway HA logic -> Segmented switches -> Secure APs -> Clinic apps + voice + diagnostics by policy
Site photos and topology screenshots are shared during discovery calls and proposal review.
“Our front desk stopped apologizing for dropped calls, and our doctors stopped waiting on sync jobs.”
High-end custom residence
Smart home • Single-family, 6,800 sq ft
Problem
Family had a fragile patchwork of hubs and apps. Scenes failed unpredictably, camera notifications were noisy, and remote access was handled with weak defaults.
Environment
- 120+ connected devices across lighting, HVAC, access, and AV
- Multiple ecosystems with overlapping automations
- Vacation property requiring robust remote observability
Constraints
- Must preserve luxury finishes (minimal visible hardware)
- Owners needed straightforward controls for guests and house staff
- Privacy-first requirement: no open inbound ports
What we deployed
- Rebuilt automation logic around deterministic scenes and occupancy states
- Migrated critical flows to local-first controllers with cloud fallback
- Implemented alert tiers (security-critical vs convenience events)
- Configured geofenced routines and power-outage recovery checks
- Added admin dashboard for one-click health status
Before / after outcomes
- False-positive security notifications reduced by ~70%
- Night-time scene reliability improved from sporadic to 99%+ execution
- Owner support requests dropped from weekly to near-zero after handoff month
Stack used
- Home Assistant
- UniFi Protect
- Matter + Zigbee bridge
- Tailscale
- Automated alerting
Architecture diagram (text)
Sensors/locks/cameras -> Local automation controller -> Policy engine -> Alerts (mobile/email) + secure remote tunnel
Site photos and topology screenshots are shared during discovery calls and proposal review.
“For the first time, the house feels intelligent instead of complicated.”
Regional retail showroom
Commercial • Two-store pilot rollout
Problem
Retail team needed centralized camera operations, reliable guest Wi-Fi analytics, and standardized deployment patterns before scaling to additional stores.
Environment
- Mixed ISP quality across sites
- Point-of-sale, digital signage, and inventory scanners on same flat LAN
- Limited in-house IT staff
Constraints
- Pilot must prove repeatability and cost predictability
- Remote support model required for non-technical store managers
- Strict opening-hour uptime targets
What we deployed
- Created a reference architecture with per-store VLAN templates
- Containerized monitoring stack for single-pane dashboards
- Configured camera policies per zone (cash wrap, entrances, stock room)
- Defined standardized commissioning checklist for new locations
Before / after outcomes
- Reduced new-site bring-up from 3 days to same-day commissioning
- Cut avoidable truck rolls by 48% through remote diagnostics
- Established architecture now used as baseline for expansion planning
Stack used
- UniFi Site Manager
- Grafana + Loki
- Structured VLAN templates
- Remote support runbooks
Architecture diagram (text)
HQ monitoring plane <-> Store gateway templates -> policy-enforced networks -> cameras/POS/guest isolated by role
Site photos and topology screenshots are shared during discovery calls and proposal review.
