// ENTERPRISE AND MULTI-SITE · HANS STUDY

Networks for organizations that operate at more than one location

Distributed branch networks. Campus consolidation. Security platform federation across dozens of sites. The difference between an organization where 50 sites operate as one network and an organization where they operate as 50 separate problems is mostly architecture. Independent advisory.

What is different about multi-site environments

The technical complexity of an enterprise environment scales nonlinearly with site count. Two sites is a VPN. Five sites is a ring with some redundancy. Fifty sites is an architecture problem, an operations problem, and a procurement problem at once. The same is true for physical security platforms: federating Genetec across 50 sites is a different exercise than deploying it once. Wireless coverage at scale, network access control across heterogeneous device populations, and consistent baseline configuration across distributed switching are all fundamentally architectural problems that show up in operations.

Most multi-site environments grew incrementally without an architecture, then hit a point where the operational cost of inconsistency caught up. The work is to put architecture back into the environment without taking it offline.

Where independent advisory adds value

Multi-site network architecture

Hub-and-spoke, full mesh, regional aggregation, SD-WAN, and the cost-versus-resilience trade-offs at each. Architecture documentation that gives an operations team a defensible target state.

Campus and branch consolidation

For organizations consolidating data centres, branches, or acquired environments. Phased cutover, address space rationalization, identity consolidation, and operational continuity during the work.

SD-WAN and branch refresh

Vendor selection, architecture design, and the practical work of cutting over from a legacy MPLS environment to SD-WAN without surprising the application teams. Realistic expectations for what each vendor actually delivers in production.

Wireless at scale

Predictive design, validation, controller architecture, and operational handoff for distributed wireless deployments. Ekahau, CWNP discipline, and field-tested patterns across Aruba, Cisco, and Juniper Mist.

Network access control deployment

802.1X across heterogeneous device populations. ClearPass, Cisco ISE, and the practical work of getting NAC to actually deploy across dozens of sites without shutting the business down on a Monday morning.

Security platform federation

Genetec federation, Milestone interconnect, multi-site C-CURE 9000 environments. Independent platform advisory without partner-program incentives.

Standards and frameworks in scope

  • ISO/IEC 27001, information security management
  • NIST SP 800-53, security controls (when contracts require)
  • NIST SP 800-171, for organizations with CUI exposure
  • TIA-942, data centre infrastructure standard
  • TIA-606, administration of telecommunications infrastructure
  • CIS Critical Security Controls, practical control prioritization
  • CMMC 2.0, for organizations supporting DoD supply chain
  • CPCSC, for organizations supporting Canadian defence supply chain

What field experience looks like

I have worked on enterprise and multi-site environments across Canada and the United States. The work has covered campus network architecture, multi-site SD-WAN refresh, wireless deployment at scale, NAC rollout across heterogeneous device populations, distributed Genetec deployment, and the operational documentation that determines whether the network team can actually run the environment after handoff. The advisory draws on direct field experience across the major enterprise platforms (Cisco, Aruba, Juniper, Alcatel-Lucent, Palo Alto, Fortinet) and on the operational reality of running networks across many sites at once.

For organizations doing a refresh or consolidation, an independent architecture review before the design is committed produces the largest change in outcome.

Independent oversight at the architectural layer

Architecture review, vendor proposal review, owner's representative engagement during integrator delivery, and post-deployment audit are all available as discrete engagements. No retainer required. The earliest point of engagement is also the highest-impact point.

Start a conversation