docs(deployments): single-site pattern
This commit is contained in:
@@ -0,0 +1,99 @@
|
||||
# Single-site deployment
|
||||
|
||||
The default deployment pattern. Most customers start here.
|
||||
|
||||
## Topology
|
||||
|
||||
`R+1`: 1 router + 1 Cell + N cameras + optional operator workstation.
|
||||
|
||||
```
|
||||
Internet (WAN)
|
||||
│
|
||||
▼
|
||||
┌──────────┐
|
||||
│ Blocao │
|
||||
│ Router │
|
||||
└────┬─────┘
|
||||
┌────────┴────────────┐
|
||||
│ │
|
||||
VLAN-10 VLAN-20
|
||||
Cameras (N) Cell
|
||||
192.168.10/24 192.168.20.10
|
||||
│
|
||||
├── cam-01 (PoE)
|
||||
├── cam-02 (PoE)
|
||||
├── cam-03 (WiFi 5GHz)
|
||||
└── cam-04 (...)
|
||||
```
|
||||
|
||||
## Hardware shopping list (4-cam example)
|
||||
|
||||
| Item | Model | Notes |
|
||||
|---|---|---|
|
||||
| Router | GL.iNet GL-MT6000 | 4×2.5GbE LAN + 1×2.5GbE WAN, WiFi 6E |
|
||||
| Cell | Banana Pi BPI-W3 + 1TB NVMe + 4TB HDD | RK3588 with 6 TOPS NPU |
|
||||
| Cameras | 4× Reolink RLC-820A or equivalent | 4K, ONVIF, PoE |
|
||||
| PoE switch | Mikrotik CSS610-8P-2S+IN | 8 PoE+ ports + 2 SFP+ |
|
||||
| UPS | Any 600W+ | Cell + router for 30min |
|
||||
|
||||
Approximate hardware cost: €1,500-2,500 depending on cameras chosen.
|
||||
|
||||
## Install procedure
|
||||
|
||||
1. **Prep at office**:
|
||||
- Flash router with Blocao firmware (image from CI artifacts).
|
||||
- Verify Balena fleet has the Cell stack ready.
|
||||
- Pre-configure site ID and network parameters in the wizard if known.
|
||||
|
||||
2. **On site**:
|
||||
- Mount cameras, run cabling.
|
||||
- Connect: cameras → PoE switch → router LAN port (trunked VLAN), Cell → router LAN port, WAN cable to upstream router/modem.
|
||||
- Power on router first, then Cell, then cameras.
|
||||
|
||||
3. **First boot**:
|
||||
- From a laptop on VLAN-30 (or via Tailscale if pre-provisioned), open `http://blocao-router.local/`.
|
||||
- Wizard runs. Installer goes through 6 steps (~15 minutes).
|
||||
- Provisioning completes; redirects to SYNOPSIS.
|
||||
|
||||
4. **Camera onboarding**:
|
||||
- From CAMS panel, click ADD CAMERA.
|
||||
- Auto-discovery finds cameras in VLAN-10.
|
||||
- For each: authenticate, force password rotation, test stream, name, save.
|
||||
- Verify event flow in SYNOPSIS.
|
||||
|
||||
5. **Verification**:
|
||||
- HEALTH panel shows all green.
|
||||
- MQTT panel shows events flowing.
|
||||
- Walk in front of a camera, confirm event in MQTT live tail.
|
||||
|
||||
6. **Handover**:
|
||||
- Customer-side admin gets operator credentials.
|
||||
- Walk through FORENSICS panel with sample data.
|
||||
- Document case management workflow if applicable.
|
||||
|
||||
Estimated time on site: half a day for an experienced installer with prepped hardware.
|
||||
|
||||
## What customer sees
|
||||
|
||||
Day 1 after install: cameras recording, events being detected, console accessible from mgmt VLAN or via Tailscale.
|
||||
|
||||
Day 30: 30 days of footage retained, queries work across that range, evidence packs exportable for any case.
|
||||
|
||||
Day 90: typical first review meeting. Customer feedback informs config tweaks (zone definitions, retention overrides, model thresholds).
|
||||
|
||||
## Common gotchas
|
||||
|
||||
- **Camera vendor portal phone-home blocked**: cameras may show "cloud disconnected" in their own UI. This is intentional. Show the customer the DNS sinkhole stat for reassurance.
|
||||
- **WiFi cameras drop**: 2.4GHz is congested, 5GHz has range issues. Use cabled cameras when possible; HaLow as the future option for distance.
|
||||
- **WAN flaky**: hub bridge will queue events and reconnect. Customer doesn't need to do anything.
|
||||
- **Wrong NTP**: chrony with NTS is the default. If a customer has a strict internal NTP server, configure it in the wizard step.
|
||||
- **Operator forgets password**: recovery via console port on the router (physical access) or hub-side Keycloak admin reset.
|
||||
|
||||
## Limits of single-site
|
||||
|
||||
- One Cell ≈ 8-12 cameras at 1080p H.265 with full Frigate. Beyond that, scale to `R+2` (two Cells).
|
||||
- Local storage limit: see [`../01-architecture/storage-retention.md`](../01-architecture/storage-retention.md).
|
||||
- No cross-site queries (need hub).
|
||||
- No central operator audit (need hub).
|
||||
|
||||
For single-site only, the customer doesn't need a hub subscription. Standalone mode (configured in wizard step 5) skips hub registration entirely.
|
||||
Reference in New Issue
Block a user