This page focuses on the hardware, placement, protection, environmental, and supportability standards for business network equipment. This standard defines that business network equipment must be installed, protected, and supported as critical infrastructure. This protects uptime, improves security, and supports predictable operations. Firewalls, switches, wireless access points, and NAS or SAN devices are not casual plug-in devices. They are core business systems that require proper placement, clean power, controlled access, and supportable design. By following this standard, we create a more reliable, secure, and repeatable network environment that is easier to monitor, maintain, and scale.

Policy Summary #

• Business-critical network equipment must be installed in a secure, supportable location appropriate to the device type and business need.
• Core network equipment such as firewalls, core switches, and primary NAS or SAN devices should be installed in a server room, network room, rack, or locked cabinet, not in open offices or unsecured shared spaces.
• Network equipment must be protected by properly sized UPS and surge protection, with remote monitoring where supported.
• Environmental conditions must be appropriate for the equipment, including temperature, humidity, airflow, and clean intake air.
• Access to core network equipment must be controlled and limited to authorized personnel.
• Network equipment must be labeled, documented, and deployed in a clean, structured, and repeatable way.
• Business firewalls, managed switches, business-class wireless access points, and business storage devices must be used for production environments.
• Supportable licensing, active vendor support, and current firmware or software management are required for security and reliability.
• Consumer-grade or unsupported network equipment may be limited to best-effort support (15 minutes) and may not meet business uptime, security, or compliance expectations.

Related Standards:

• For Network topology, redundancy levels, internet design, wireless design, structured cabling, MDF/IDF standards, and documentation expectations are covered in Network and Internet.
• For server room requirements, see Server Infrastructure Standards.
• For temperature, humidity, monitoring placement, and environmental control guidance, see Server Room Environmental Control Standards.
• For contamination control, air quality, and cleaning expectations, see Server Room Air Quality and Cleaning Standards.
• For power protection, UPS, surge protection, and managed power guidance, see Power Protection Standards: UPS and Surge Protectors.

1) Secure Placement and Physical Protection #

• Firewalls, core switches, NAS or SAN devices, controllers, and other core network equipment must be installed in a secure and supportable location.
• Preferred locations include a server room, network room, wall-mounted rack, floor rack, or locked cabinet designed for IT equipment.
• Do not place core network equipment on desks, floors, window sills, storage shelves, or other unsecured and unstructured locations.
• Access points may be installed in open business areas when required for coverage, but placement must still be intentional, documented, and protected from avoidable tampering or damage.
• Small branch or edge devices should still be placed in the most secure and supportable location reasonably available.

2) Environmental Requirements #

• Environmental conditions must match the manufacturer requirements for temperature, humidity, airflow, and cleanliness.
• Core network equipment should not be installed in spaces with uncontrolled heat, moisture, dust, oil mist, chemical exposure, or other contamination risks unless the design specifically accounts for those conditions.
• Airflow must not be blocked at intake or exhaust openings.
• Devices must be protected from dirty air, excessive dust, and contamination buildup that can shorten hardware life or affect cooling.
• Where environmental exposure is elevated, use better room design, filtered cabinets, hardened device selection, or relocation into a cleaner space.

3) Power Protection and Runtime #

• Core network equipment must be protected by properly sized UPS systems.
• Firewalls, switches, wireless controllers, and NAS or SAN devices should not rely only on a basic surge strip where uptime matters.
• Remote monitoring of UPS health, battery status, and runtime is preferred.
• Managed power is strongly recommended for ISP equipment, firewalls, and other critical edge devices where remote restart improves recovery time.
• Where generators are present, UPS runtime must bridge generator transfer time plus a safety buffer.

4) Structured Installation and Documentation #

• All network equipment must be installed in a clean, labeled, and supportable manner.
• Structured cabling is required for production environments.
• Patch panels, switch ports, uplinks, power feeds, VLAN roles, SSIDs, controller dependencies, and device names should be documented clearly.
• Cable management must protect airflow and serviceability.
• Installations should support repeatable troubleshooting, clean maintenance, and future growth.

5) Device Class Standards #

Firewalls #

• Production environments must use a business-class firewall with active licensing and vendor support where required.
• The firewall must be sized for the real internet speed, security inspection load, VPN use, and future growth.
• The firewall is critical infrastructure and should be installed in a secure, powered, and monitored location.

Switches #

• Production switching should use managed business-class switches.
• Switch sizing must account for port count, PoE requirements, uplink needs, redundancy goals, and growth.
• Core and distribution switching should be installed in a rack, cabinet, or similarly supportable location.

Wireless Access Points #

• Wireless access points should be business-class devices selected for coverage, density, and management requirements.
• Placement should prioritize coverage quality, cable supportability, and security, not convenience alone.
• Ceiling and wall placement is acceptable when it supports the design and is documented clearly.

NAS and SAN Devices #

• Business storage devices must be installed in a secure, stable, and properly powered location.
• Storage systems should not be treated like simple external drives or office shelf devices when they support business operations, backups, or shared data.
• Storage design must account for redundancy, backups, warranty coverage, and environmental protection.

6) Monitoring and Management #

• Core network equipment should support centralized monitoring and alerting.
• Monitor device health, power status, link status, firmware or software lifecycle, and environmental dependencies where applicable.
• Track warranty status, license status, backup status, and configuration protection for critical devices.
• Alerts must reach the appropriate team quickly enough to reduce downtime risk.

7) Warranty, Licensing, and Supportability #

• Production network equipment should maintain active warranty or support coverage appropriate to business impact.
• Support renewals and security licensing should be planned before expiration.
• Unsupported, end-of-life, or unlicensed equipment may create security, reliability, and recovery limitations.
• Devices without active vendor support may be limited to best-effort assistance and may require upgrade or replacement planning.

8) Cleaning and Contamination Expectations #

• External cleaning and contamination prevention are preferred over repeated internal device cleaning.
• In a clean, well-designed environment, repeated internal cleaning of network equipment should not be normal.
• If devices require repeated internal cleaning to remain reliable, treat that as an environmental design issue and correct the room, cabinet, filtration, or placement strategy.
• Dust removal is the most common and lowest-risk cleaning objective. Sticky contamination, corrosion, oil residue, or chemical buildup usually indicate a higher-risk environmental mismatch.

9) Minimum Standard #

• Business-class network equipment
• Secure and supportable placement
• UPS and surge protection
• Structured cabling and labeling
• Controlled access for core devices
• Environmental conditions appropriate to the equipment
• Basic documentation and supportability

10) Preferred Standard #

• Rack or cabinet-based installation for core equipment
• Centralized monitoring and alerting
• Managed power for ISP edge and firewall recovery
• Active warranty, licensing, and vendor support
• Environmental fit matched to the device and location
• Documented, clean, and repeatable installation standards