Deployment Architecture · 02
32-camera NDAA surveillance deployment architecture.
Federal- and institutional-grade surveillance blueprint for a 25,000–40,000 sq ft facility — 32-channel NDAA-compliant camera coverage, multi-IDF fiber topology, dual-NVR storage cluster, and the procurement, compliance, and operational-continuity provisions that determine whether the system passes audit and survives its 5-year service window.
01 / Deployment scenario
The site we're spec'ing.
A representative federal-adjacent or institutional facility — mid-sized government office building, university administrative wing, public-health facility, transportation hub, or critical-infrastructure operations centre. Footprint ~25,000–40,000 sq ft across 2–3 floors or multiple connected structures.
8× 4K AI long-range IR bullets (perimeter, parking, exterior)
6× outdoor vandal domes (building corners, soffits)
4× PTZ cameras (parking + perimeter oversight)
2× Axis Q6135-LE long-range PTZ (large parking lot / approach roads)
6× 4K AI turrets (lobby, primary corridors)
4× indoor IR domes (back-of-house, IT)
2× 4-channel multi-sensor (atrium corners, large-area)
Network footprint:
3 IDF closets (per floor / per wing)
1 MDF (main NVR + management head-end)
Fiber backbone between all IDFs and MDF
Retention & analytics:
30-day baseline, 90-day path on AI-flagged events
Object/person classification metadata stored alongside video
Procurement posture:
NDAA Section 889 compliance documented per-SKU
Federal procurement audit retention: 5+ years
This is the configuration most commonly spec'ed for government agencies, federal contractors, critical infrastructure operators, and institutions receiving federal funds. The architecture scales to 48 cameras without changing the head-end or rewiring the IDF backbones.
02 / System objectives
What this deployment has to deliver.
- →Full NDAA Section 889 compliance across cameras, NVRs, switches, and aggregation gear. Manufacturer documentation retained 5+ years.
- →30-day baseline retention with extensible path to 60- and 90-day depending on vertical (cannabis 90, healthcare 30, critical infra 90+).
- →RAID-6 with hot-spare — survives 2-disk failure plus rebuild-window margin. Surveillance-grade drives only.
- →Multi-IDF fiber backbone — 10G aggregation per closet. Camera traffic isolated on dedicated VLAN per IDF, trunk-aggregated at MDF.
- →Operational continuity ≥ 99.5% — equivalent to ≤44 hours unplanned downtime per year. Designed-against failures listed in §05.
- →AI analytics metadata preserved — line-crossing, intrusion, people/vehicle classification stored alongside video. ~5% storage overhead.
- →Cold-weather startup tolerance — every outdoor camera and IDF cabinet rated for -40°C operating start. Ottawa-region winter reality.
- →Audit-ready procurement records — every SKU traceable to manufacturer compliance letter at point-of-purchase, retained through procurement file lifetime.
03 / Recommended architecture
Three IDF closets, one aggregation backbone, one storage cluster.
Distributed switching at the IDF, centralized recording at the MDF, fiber aggregation between. No single closet failure takes down more than 1/3 of the camera footprint.
IDF-A · West wing / Floor 1 (12 cameras)
24-port managed PoE+ switch (Cisco CBS350-24FP) serving 12 cameras + 2 spare ports + 2 SFP uplinks to MDF over multimode fiber. Local UPS for switch-only continuity during MDF transitions.
IDF-B · North wing / Floor 2 (12 cameras)
Same configuration as IDF-A. AV-Line Netgear M4250 selected here for IGMP multicast tuning where the customer's VMS uses multicast camera distribution.
IDF-C · Outdoor / Loading dock cabinet (8 cameras)
Industrial hardened 8-port PoE+ switch (Antaira LMP-0801G-SFP) inside a NEMA-rated outdoor cabinet. -40°C operating range. Fiber uplink to MDF. Dual DC inputs for redundancy.
MDF · Main head-end
10G SFP+ aggregation switch (UniFi Aggregation) collapses the three IDF fiber uplinks into a single 10G feed to the NVR cluster. Dual Hanwha XRN-3210B2 32-channel NVRs configured for redundant recording (active/active with split camera assignments, or active/standby for full redundancy). RAID-6 with hot-spare on each NVR.
VMS clients (Hanwha Wave, Milestone XProtect, or Genetec Security Center) run on dedicated workstations on a separate VLAN with deny-by-default firewall rules toward the camera VLAN.
04 / Infrastructure topology
Multi-IDF physical & logical map.
Fiber backbone & uplink architecture
│
┌──────────────┼──────────────┐
│ │ │
│ ┌──────────┴──────────┐ │
│ │ Aggregation 10G │ │
│ │ UniFi Agg SFP+ │ │
│ └──┬──────┬──────┬───┘ │
│ │ │ │ │
───┘ 10G SFP+ Multimode/Singlemode └───
│ │ │
[IDF-A] [IDF-B] [IDF-C]
Floor1 Floor2 Outdoor
12 cam 12 cam 8 cam
MDF Aggregation → Dual NVR Cluster (10G NICs)
NVR-1: Channels 1-16 (RAID-6 + hot spare)
NVR-2: Channels 17-32 (RAID-6 + hot spare)
Cross-NVR replication on AI-flagged events: NFS or iSCSI mirror.
Fiber redundancy option: dual diverse-path fiber per IDF for tier-1 deployments.
VLAN architecture
VLAN 15 – PTZ Control (QoS-prioritized; deny multicast)
VLAN 20 – NVR Cluster Mgmt + iSCSI (storage replication path)
VLAN 30 – VMS Workstations (Hanwha Wave / Milestone / Genetec)
VLAN 40 – Switch Out-of-Band Mgmt (SNMP, SSH, syslog)
VLAN 50 – UPS Network Mgmt Cards (SNMP shutdown signaling)
VLAN 99 – Native uplink to IT core (or quarantine)
Inter-VLAN policy: deny-by-default. Allowlist:
VMS workstation → NVR (recording playback, live view)
NVR → cameras (RTSP pull, ONVIF events)
UPS SNMP card → NVR (shutdown trigger at 20% battery)
Switch mgmt → SIEM / log aggregator
PoE budget per IDF
4× 4K AI bullet × 18W = 72W
2× outdoor dome × 15W = 30W
4× 4K AI turret × 16W = 64W
1× PTZ × 30W = 30W
1× indoor dome × 7W = 7W
Total continuous ≈ 203W
Peak (heater + IR full) ≈ 280W → safely within 370W
IDF-B (Netgear M4250, 480W budget):
Same camera mix as IDF-A ≈ 280W peak → comfortable headroom
IDF-C (Antaira LMP-0801G-SFP, 240W budget):
4× outdoor bullet × 18W = 72W
2× PTZ outdoor × 30W = 60W
2× multi-sensor × 22W = 44W
Total peak ≈ 176W → fits within 240W
Multicast: enabled on VLAN 10 with IGMP snooping at every IDF switch. PTZ control isolated on VLAN 15 to avoid multicast flood interference. See PoE Switch Sizing Guide for the budget math.
05 / Storage planning
Storage math, RAID strategy, retention paths.
Per-camera bitrate assumptions
─────────────────────────────────────────────────
4K AI bullet H.265+ On 6 Mbps
4K AI turret H.265+ On 5 Mbps
Multi-sensor H.265+ On 8 Mbps (4 channels combined)
Outdoor dome H.265+ On 3 Mbps
Indoor dome H.265+ On 2 Mbps
PTZ (active) H.265+ On 4-6 Mbps (spikes during pan)
Aggregate (32 cameras, mixed):
Average: ~5 Mbps × 32 = 160 Mbps continuous
Daily volume: 160 × 86400 / 8 / 1024 ≈ 1.65 TB/day
H.265 + SmartStream trade-offs
H.265 (HEVC) cuts bitrate ~40-50% vs H.264 for similar visual quality. SmartStream/Zipstream additionally lowers bitrate in static scenes (warehouses, parking lots at night, locked corridors) by another 30-50%. Trade-off: H.265 decode is heavier on legacy VMS workstations — verify VMS client horsepower before locking the codec choice. Hanwha Wave, Milestone XProtect 2020+, and Genetec Security Center 5.10+ all handle H.265 cleanly. Older client builds may need hardware decode acceleration or fall back to H.264 transcoded streams.
Retention paths & raw capacity
───────────────────────────────────────────────────────
30 days 50 TB ~65 TB raw 8× 10TB disks (60TB R6)
60 days 100 TB ~130 TB raw 14× 10TB or 8× 18TB
90 days 150 TB ~195 TB raw 14× 16TB or 12× 18TB
Analytics metadata overhead: +5%
Hot-spare reservation: +1 disk per array (recommended)
AI-event clip retention (long): separate 6-month archive volume
(NFS-mounted, NAS, or cloud cold storage)
RAID strategy & rebuild windows
RAID-6 with hot-spare is the default. RAID-5 not recommended at modern disk capacities — rebuild windows on 16TB+ disks exceed 24 hours during which a second disk failure means total array loss. RAID-6 survives the second failure during rebuild. Pair with surveillance-grade drives (WD Purple Pro, Seagate SkyHawk AI) — consumer NAS drives fail within 12-18 months under 24/7 write load. See Camera Storage Planning Guide.
Analytics metadata storage
AI-event metadata (line crossings, classifications, dwell-time records) adds ~5% to raw video storage. Bigger win: AI-flagged clips can be selectively retained for 6-12 months on a separate archive volume — instead of retaining 90 days of all-channel 4K, you retain 30 days of full continuous + 12 months of motion/event clips. Cuts storage cost without losing investigative value.
06 / Reliability / operational continuity
Designed-against failures.
UPS runtime sequencing
MDF: Eaton 9PX online double-conversion UPS sized for ~25 min full-load runtime. External battery modules extend to ~90 min on critical-infra deployments. SNMP-monitored — triggers graceful NVR shutdown at 20% battery via shutdown agent. Each IDF: dedicated 1500VA UPS for switch-only continuity (cameras dark for 30 sec during graceful shutdown is acceptable; corrupt NVR data is not).
Graceful shutdown sequence
───────────────────────────────────────────────────────
Normal 100% Online; no action
Warn 30% Email alert; AC-fail logged at central station
Pre-shut 20% NVR archive flush; close active recording files
Shut 15% NVR clean shutdown via SNMP signal
Final 10% Switch shutdown (cameras dark, NVR safe)
Reserve <5% Hard cutoff
Brownout handling
Online double-conversion UPS at the MDF means utility brownouts (sustained ~80V) don't consume battery — output is reconstructed from inverter continuously. Critical for sites with generator-bridged outages where transfer-switch events produce dirty power. Line-interactive UPS at the IDFs is acceptable (less expensive, simpler) because cameras and IDF switches can tolerate brief transfer-time gaps without data corruption.
Surge isolation
APC PNET1GB inline surge protectors on every outdoor cable entry to the building. Grounded to the rack ground bar at each IDF. Outdoor cabinet (IDF-C) gets cabinet-internal surge suppression + grounded enclosure body. Generator-fed sites add isolation transformers on all 120V circuits feeding the rack.
Thermal management
Each IDF rack vented front and rear with fan-assisted exhaust. Switch and NVR SNMP polled for internal temperature; alerts at +40°C, shutdown at +50°C. Outdoor cabinet (IDF-C) gets dual-mode HVAC (heater for -40°C startup, fan for summer). MDF closet sized for full-load thermal dissipation — air conditioning maintenance is part of the system contract.
Reboot storms & cold-weather startup load
After extended power outage, all devices try to boot simultaneously. PoE switches throttle their PoE output during boot — first 60 seconds, ports power up sequentially to avoid bus brownout. Cold-weather startup: IR cameras and heated PTZ pull 2× their steady-state current during warm-up, sometimes for 5-10 min. PoE budget headroom and UPS runtime spec around this. The Antaira LMP industrial switch at IDF-C has hot-start tolerance to -40°C; we don't rely on commercial-grade switches for outdoor cabinet duty.
07 / Failure cascades
The scenarios that take down 30+ channels.
Each of the five below has taken down real institutional surveillance deployments. The architecture is designed against each — but they remain the failure modes worth understanding.
// Cascade · Uplink failure
Fiber cut between IDF and MDF
Single fiber cut takes 8-12 cameras dark instantly. NVR continues recording other IDFs but the affected channels show no signal.
Mitigation: Diverse-path fiber for tier-1 critical infra (two physical fibers via different conduit routes, LACP bonded). For standard institutional: faster fault detection via SNMP alerts and central station signaling.
// Cascade · RAID degradation
Second disk fails during 36-hour rebuild window
Modern 16TB+ surveillance disks take 24-48 hours to rebuild a RAID-5 array. During that window, the array is degraded. A second disk failure means total recording loss.
Mitigation: RAID-6 (2-disk failure tolerance) + hot-spare for automatic rebuild kickoff. Pre-failure disk replacement via SMART monitoring. Surveillance-grade drives only — no NAS or consumer SKUs.
// Cascade · UPS transfer failure
UPS itself fails during outage transfer
Line-interactive UPS has a 4-8ms transfer-time gap. Some NVR power supplies and storage controllers can't tolerate even that gap — resulting in corrupted recording files or RAID inconsistency.
Mitigation: Online double-conversion UPS at the MDF (no transfer gap — output continuously sourced from inverter). Pre-failure UPS battery replacement scheduled at 3-year mark, not waiting for failure.
// Cascade · Multicast flooding
Misconfigured switch leaks multicast across VLANs
VMS multicast streams designed for one VLAN flood across an entire trunk if IGMP snooping is misconfigured. All cameras experience packet loss; live view stutters across every channel; NVR record-rate drops.
Mitigation: IGMP snooping enabled at every switch in the path. Multicast querier configured. Storm-control thresholds set on every camera-facing port. Netgear M4250 AV-Line profile templates address this out-of-box.
// Cascade · Thermal overload
AC fails in IT closet; switch + NVR throttle then shut down
Summer weekend: building HVAC zoned off, IT closet ambient climbs to 35-40°C, PoE switch dialed back to protect MOSFETs, then NVR thermal throttles and finally shuts down. Recording stops without alarm.
Mitigation: SNMP temperature polling at switch and NVR. Email + central-station alert at +40°C threshold. Dedicated AC for the MDF closet — not zoned with general building HVAC. Outdoor IDF-C cabinet uses an industrial-grade switch rated for the actual operating envelope.
08 / Procurement layer
NDAA workflow, lifecycle, audit.
NDAA documentation retention
Every SKU on the BoM is verified against the current manufacturer NDAA Section 889 compliance letter at point-of-purchase. Compliance documentation bundled with the quote, attached to the procurement record, and retained for ≥5 years (federal audit standard). Re-verification at firmware updates that affect component sourcing.
Approved vendor paths
Cameras + NVRs: Hanwha Vision, Axis Communications, i-PRO (default federal-procurement-suitable). Networking: Cisco, Aruba, NETGEAR ProSAFE / M4250, TP-Link Omada (enterprise line only). Avoid: Hikvision, Dahua, OEM-rebranded SKUs that depend on Hikvision/Dahua internals. See NDAA Compliance Checklist for the per-SKU screening process.
Phased procurement (4 waves)
Wave 2 (in-stock): Switches, NVRs, aggregation, UPS systems
Wave 3 (in-stock): Cameras, mounts, surge protection, outdoor cabinets
Wave 4 (post-install): Spare parts, replacement disks, additional batteries
Single BoM, single invoice path, single compatibility-verified shipment cycle.
Firmware lifecycle planning
Every SKU's firmware version recorded at install. Major firmware updates tracked against manufacturer compliance documentation (firmware changes can affect Section 889 status). Updates batched at quarterly windows to minimize per-update validation overhead. Critical-vulnerability patches expedited but logged.
Compatibility validation
Camera → NVR + ONVIF profile (S/T/G) verified per SKU. Multicast support verified at switch + NVR. UPS SNMP shutdown verified end-to-end before deployment. Fiber transceiver compatibility (multimode vs singlemode, SFP vs SFP+) verified at the part-number level — not just the form factor.
Lead-time management
Stocked items: 24-48hr Ottawa-local. Configured items (NVRs with specific drive configurations, custom fiber pre-terminations): 5-14 business days. Long-lead enterprise items (specific switch SKUs in shortage cycles, premium PTZ): 4-8 weeks. Phased waves designed around these bands — no waiting on a single item to ship the rest.
09 / Recommended product stack
Bill of materials.
Every SKU below verified for NDAA Section 889 compliance at point of quote. Compatibility validated end-to-end before shipping. Each links to its product page with deployment context, infrastructure requirements, VMS compatibility, and storage implications.
Cameras · 32 channels
- 8× XNO-9082R 4K AI long-range bullet
- 6× XNV-6081Z outdoor vandal dome
- 4× XNP-6321 PTZ 32x
- 2× Axis Q6135-LE long-range PTZ
- 6× XNV-9082R 4K AI turret
- 4× XND-6080R indoor IR dome
- 2× PNM-9322VQP 4-channel multi-sensor
NVR cluster · MDF
- 2× XRN-3210B2 32-ch enterprise NVR
- 16× WD Purple Pro / Seagate SkyHawk AI 10-18TB disks
- 2× Hot-spare disks (one per NVR)
- Optional NAS archive: 6-month event clip retention
Networking · 3 IDFs + MDF
- 1× Cisco CBS350-24FP · IDF-A
- 1× Netgear M4250 AV-Line · IDF-B
- 1× Antaira LMP-0801G-SFP · IDF-C outdoor
- 1× UniFi Aggregation 10G SFP+ · MDF
- 4× Panduit Cat6 patch panels
- 12× APC PNET1GB surge protection (outdoor entries)
- 2× Tripp Lite SR42UB 42U racks (MDF + IDF-A or B)
Power · UPS + outdoor cabinet
- 1× Eaton 9PX 1500VA · MDF (extendable)
- 2× APC SRT 3000VA · IDF-A & B
- 1× Altronix NetWaySP1B outdoor cabinet (IDF-C)
- 4× Panasonic 42Ah SLA (extended-runtime banks)
Architecture Review
Spec'ing a federal- or institutional-scale surveillance deployment?
Send the facility footprint, IDF count, target retention, and compliance posture. We come back with a sized BoM, NDAA documentation bundle, multi-IDF topology drawing, phased delivery schedule, and end-to-end compatibility verification before any hardware ships.