Metals Manufacturing Plant Upgrade

by 2 weeks ago - last edited 2 weeks ago

I was approached about upgrading the network for a metals manufacturing facility recently that had the following requirements:


* A unified network (they had two office spaces, each on it's own network)

* Consistent WiFi throughout the facility for new machinery and staff use

* Wired networking for office/CAD systems (all were wireless)

* Improvement of cell phone reception


The facility was built into flex warehouse space. Each 'bay' was a brick rectangle with a large garage door in between. They also were 'staggered' approximately 4-5' feet with ramps getting you from one to the other. If you've never been inside a plant like this (this was my 2nd upgrade like this) - 'offices' are usually wood/sheetrock boxes built inside the space. In this case the original office was in the middle bay (and where the Internet modem/WiFi was) and then the upper bay had an 'admin' office connected via  patch cable strung through trusses hooked to it's own router creating a second 'island'. They were building a third office next to that and also adding a new computer controlled plasma cutter that needed shared folder access to load cut data files for jobs (wired or wireless). They not only manufacture but also repair heavy machinery/truck trailers/etc and built large custom assemblies. So employees working on these like to have music playing, etc from phones and were begging for WiFI access to save data. 


They wanted all the PCs & printers wired, but the floor machinery was OK with WiFi. On paper - not a very complex job - just longer cable runs than usual (150+ ft) and an access point in each bay. But the trick is running the wire through metal trusses, brick walls, etc. Plus every upward facing surface is covered in 1/8" or so on ultra fine metal dust. Fun!


When I do long runs like this I like to pre-cut the wire and run it all at once - saves time being up in the ceiling (they thankfully had a scissor lift I used) tying up the cable bundle. Even better - they said they've punch the hole through between bays to run the bundle of LAN cables through. AWESOME. 


So I lay out a bundle of, oh, 10 cables for the upper bay from the main office. I figure I'll snake the bundle through the wall and then secure the cables from there to the offices. Yes this wastes a little cable but not much if you're careful (and make sure you have enough so you aren't short on one Man Happy ) and saves a ton of time. So I get everything laid out and then go to thread the bundle through. Instead of one big hole, they'd punched 3 small ones. Before I realized this - I'd carefully coiled the cable on the scissor so I could snake the bundle through the wall. Well, now that I had to thread three separate mini bundles through - I was in CAT6 tangle hell. Finally got everything untangled, used a cable comb to split the 3 mini bundles and finally got it through. Sigh.


Each bay was unique. The middle bay had this massive crane mounted on huge steel girders running the length of one side of the bay end to end. The lower bay was huge and ceilings very high (15ft) The upper bay had the lowest ceiling (basically the ceilings were even the floors dropped 4-5 ft per bay) with forklift paths throughout - meaning we needed to avoid the AP getting clipped. So mounting the access points was going to be a challenge. Didn't want to mount the access points on the huge I beam. In the middle bay the crane structure also presented challenges and we needed to get the access point down below it if possible.


Thankfully the universal mount plates are available for the UAP-AC-Pros (pretty much all we deploy these days), so we could mount it to just about any type of electrical box. But we wanted to use plastic as much as we could to avoid wireless interference. So for < $10 in parts from Lowe's we created these mounts:

IMG_20181126_141239.jpgThis was just < 3' long

Yes - the entire mounting setup cost less than teh mount plate Man Happy The 3.5" round boxes had offset EMT holes, which I was worried would cause the plastic conduit to warp over time because the AP was off center. But before I drilled my own hole in the center - I realized the UAC plates don't center mount (because of cable access) So at the correct orientation - the access point is just about centered on the conduit. The metal boxes on top allow for secure mounting to the girders using toggle bolts. 


Here is the upper bay mount ready for an access point:




We mounted it just off the edge of the main forklift path - which put it closer to a welding station. But avoids it getting accidentally hit. We'll see what the welding does to the retry rates (there are three stations up here side by side and a 4th farther away). 


This is the middle bay point. It's hard to tell from the angle but this puts the access point even with the bottom of the bulk of the crane structure, allowing clearer signal paths:IMG_20181127_132230.jpg



That large beam to the left is the crane track.


Metals manufacturing creates a TON of metal dust that gets everywhere. So we used the water seals on the access points - especially because the wire area was exposed. Given the way the universal mounts are setup, there's not a lot of leeway, but by snipping part of the rubber so it would push upward, we got a pretty decent seal to keep grit out of the wiring area:IMG_20181127_135458.jpgYou can see the small area where we snipped the rubber so give the wire clearance but still help keep things sealed.

We did not put safety cables on the blue boxes from the ceiling - if any part of the mount failed the CAT6 cable would hold it for sure. But easy enough to do with thin aircraft cable and a crimper if code/inspector required it.


They also wanted to install a Verizon cell phone Fem2Cell repeater. The trick with these is they need a reliable GPS signal. So we figured we could get a decent signal if we could get the GPS antenna away from all the metal - hoping the signal would get through the thin metal roofing. So we used some extra plastic conduit to 'float' the GPS antenna near the ceiling of the middle bay:




We got 8-9 satellites locked in with that and their cellphones work reliably again!


The actual backoffice networking was pretty straightforward - space was tight, so we mounted it above their mini fridge for easy access and also to allow a previously installed camera DVR to sit in the cabinet:IMG_20181127_145900.jpg



From bottom up you have a Cyber Power 500VA UPS, the Camera DVR, Zyxel NSG50 router, UniFi 24 Port PoE Switch, and the Fem2Cell sitting on top (wall mounting was optional and it worked fine just sitting there). The Spectrum gear was already mounted in a corner on plywood - we left it there and ran it's power strip to the cabinet UPS.


Yes - we use a Zyxel router. They offer real time content filtering, anti-virus scanning, intrusion/anomaly detection/prevention, etc. and at a great price point. We primarily deploy Zyxel USG40/60 routers. But they don't have cloud management (well they do - but it costs and it's not great) But the routers are incredibly powerful and configurable. The NSG series was Zyxel's attempt to move router management into the cloud. This was the first client we used an NSG with and found the router functionality was nowhere near as powerful as the USG40 even though the cloud management was nice. The lack of configurability surprised us as you can tell they're heavily based off the USG40 HW & local software. So they SHOULD be able to do everything the USG40/60 can - but the cloud stuff isn't there. But they're gradually expanding the ability of the cloud mgmt setup - so we use these with clients that don't need the level of flexibility the USG40's provide (one glaring omission is the ability to apply different content filter templates to different networks/VLAN/Machine groups - think Public WiFi). That's on the roadmap.


We have two wireless networks. The main LAN for office/machinery PCs (which talk to each other) and printers. Then a second VLAN for staff wireless access.


We'd deploy UniFi USGs in a heartbeat because we LOVE the UniFi controller (we run ours in the Amazon cloud and it's been fantastic. We manage dozens of client and I think we pay $20/mon in AWS fees). But the content filtering is holding us up (since they have IDS already, that's one of 3). The Anti-virus functionality on the Zyxel is sort of useless since most viruses use encrypted connections and the USG40/60 don't do SSL Inspection (but the USG110 does - which we use with larger clients). Plus we deploy powerful endpoint cloud managed security on client PCs we manage - so if the UniFi USG got content filtering along with the IDS they currently have - we'd definitely switch.



{"location":{"title":"Graham, NC, USA","placeId":"ChIJ1c2n6E8rU4gRbuGJRFDZsuQ"},"addedProducts":[{"id":"unifi-ac-pro","count":3},{"id":"unifiswitch-24-250w","count":1},{"id":"unifi-professional-mounting-plate","count":3}],"solved":"","numbers":"","description":"","mainImage":"184016iA64E29755B4EF257"}