Infrastructure

SME network infrastructure: the foundations nobody sees but everyone relies on

Published on
#infrastructure #network #vlan #wifi #sme

Network infrastructure is one of the least glamorous IT expenditures — until the day it fails. At that point, it immediately becomes the board’s top priority, because the entire business grinds to a halt.

After years of emergency interventions at Belgian SMEs, we have identified a recurring pattern: businesses invest in sophisticated SaaS tools, advanced cloud solutions and modern line-of-business applications — yet their network runs on heterogeneous, unmonitored equipment with a configuration that has not been reviewed since the initial installation five to seven years ago.

This guide is intended for business owners and IT managers at SMEs who want to understand what their network should be capable of — and how to assess whether it delivers.

The four components of a solid SME network

1. Routing and segmentation (VLAN)

A flat network — where all your devices sit on the same segment — was acceptable for a 10-person SME in 2010. Today, with IoT devices (printers, cameras, access control systems, Wi-Fi access points), guest devices and production servers coexisting on the same network, it represents a significant security vulnerability.

VLAN segmentation divides your network into distinct logical zones:

  • Production VLAN: servers, NAS, critical equipment — access restricted to authorised devices only
  • User VLAN: workstations and IP phones
  • IoT VLAN: printers, cameras, control systems — isolated from everything else
  • Guest VLAN: internet access only, no visibility into the internal network

This architecture does not require high-end hardware. Managed switches from Cisco Catalyst, Ubiquiti UniFi or HP Aruba are sufficient for most SMEs of 20 to 150 employees.

2. Professional Wi-Fi

Consumer-grade Wi-Fi (ISP router or home access point) is not suitable for professional environments for several reasons:

Performance: consumer devices do not handle high densities of simultaneous users well. Beyond 15 to 20 connected devices, performance degrades significantly.

Security: most consumer access points do not support client isolation (preventing two Wi-Fi devices from seeing each other) or VLAN segmentation per SSID.

Visibility: when problems occur, you have no insight into what is actually happening on your wireless network.

A professional Wi-Fi deployment (Ubiquiti, Cisco Meraki, Aruba Instant On) allows you to define multiple SSIDs with associated VLANs, centralised monitoring and connectivity reports, and proper device roaming between access points.

3. Redundancy and high availability

What is your business’s tolerance for a network outage of 4 hours? Of 8 hours? Of a full day?

For most SMEs, the answer is “none” — or “very low”. Yet many operate with a single internet connection and no automatic failover mechanism.

Baseline measures to improve resilience:

Dual internet access: primary connection (fibre) + backup connection (4G/5G or VDSL) with automatic failover. The monthly cost of a 4G backup connection is typically less than the cost of one hour of business downtime.

Redundancy of critical equipment: your core switch should ideally have a redundant power supply. A failed core switch paralyses the entire network even if internet connectivity is intact.

UPS (uninterruptible power supply): your active network equipment (switches, firewalls, Wi-Fi access points) should be on UPS to absorb micro-outages and voltage fluctuations — the leading causes of premature equipment failure.

4. Monitoring and alerting

An unmonitored network is a network whose problems you discover after your users do. Proactive monitoring lets you detect bandwidth saturation, partial failures or security anomalies before they affect operations.

Monitoring tools do not require deep expertise for an SME. Solutions such as PRTG Network Monitor, Zabbix or the built-in dashboards of Ubiquiti/Meraki allow you to configure email or SMS alerts for:

  • Equipment availability (ping)
  • Bandwidth utilisation (alert thresholds at 70% and 90%)
  • WAN link response times
  • Disk space on NAS and servers

When your network needs an overhaul

These are the signals that indicate it is time to audit your network infrastructure:

  • Your users regularly complain about slowness with no identified cause
  • You have added cloud services (Microsoft 365, SaaS ERP) without reviewing your network architecture
  • You have no network documentation (IP addressing plan, equipment inventory, cabling diagram)
  • Your firewall is the same router your ISP installed
  • You have received no alerts from your network in 6 months — not because everything is fine, but because there is no alerting system

Our approach at ITOPS.be

We conduct network infrastructure audits that produce a tangible deliverable: a status report with gaps identified against best practices, and a prioritised roadmap with cost estimates.

We work primarily with Cisco, Ubiquiti and Fortinet equipment, but our advice is vendor-independent — we recommend what fits your organisation’s budget and needs, not what maximises our margin.

If you have doubts about the health of your network infrastructure, contact us for a 30-minute assessment call. We will ask a few structured questions that allow us to evaluate together whether a more comprehensive audit is warranted.

← Back to blog