Files
wdmUI/docs/04-deployments/single-site.md
T

4.1 KiB
Raw Blame History

Single-site deployment

The default deployment pattern. Most customers start here.

Topology

R+1: 1 router + 1 Cell + N cameras + optional operator workstation.

                Internet (WAN)
                     │
                     ▼
                ┌──────────┐
                │  Blocao  │
                │  Router  │
                └────┬─────┘
            ┌────────┴────────────┐
            │                     │
       VLAN-10                VLAN-20
       Cameras (N)            Cell
       192.168.10/24          192.168.20.10
       │
       ├── cam-01 (PoE)
       ├── cam-02 (PoE)
       ├── cam-03 (WiFi 5GHz)
       └── cam-04 (...)

Hardware shopping list (4-cam example)

Item Model Notes
Router GL.iNet GL-MT6000 4×2.5GbE LAN + 1×2.5GbE WAN, WiFi 6E
Cell Banana Pi BPI-W3 + 1TB NVMe + 4TB HDD RK3588 with 6 TOPS NPU
Cameras 4× Reolink RLC-820A or equivalent 4K, ONVIF, PoE
PoE switch Mikrotik CSS610-8P-2S+IN 8 PoE+ ports + 2 SFP+
UPS Any 600W+ Cell + router for 30min

Approximate hardware cost: €1,500-2,500 depending on cameras chosen.

Install procedure

  1. Prep at office:

    • Flash router with Blocao firmware (image from CI artifacts).
    • Verify Balena fleet has the Cell stack ready.
    • Pre-configure site ID and network parameters in the wizard if known.
  2. On site:

    • Mount cameras, run cabling.
    • Connect: cameras → PoE switch → router LAN port (trunked VLAN), Cell → router LAN port, WAN cable to upstream router/modem.
    • Power on router first, then Cell, then cameras.
  3. First boot:

    • From a laptop on VLAN-30 (or via Tailscale if pre-provisioned), open http://blocao-router.local/.
    • Wizard runs. Installer goes through 6 steps (~15 minutes).
    • Provisioning completes; redirects to SYNOPSIS.
  4. Camera onboarding:

    • From CAMS panel, click ADD CAMERA.
    • Auto-discovery finds cameras in VLAN-10.
    • For each: authenticate, force password rotation, test stream, name, save.
    • Verify event flow in SYNOPSIS.
  5. Verification:

    • HEALTH panel shows all green.
    • MQTT panel shows events flowing.
    • Walk in front of a camera, confirm event in MQTT live tail.
  6. Handover:

    • Customer-side admin gets operator credentials.
    • Walk through FORENSICS panel with sample data.
    • Document case management workflow if applicable.

Estimated time on site: half a day for an experienced installer with prepped hardware.

What customer sees

Day 1 after install: cameras recording, events being detected, console accessible from mgmt VLAN or via Tailscale.

Day 30: 30 days of footage retained, queries work across that range, evidence packs exportable for any case.

Day 90: typical first review meeting. Customer feedback informs config tweaks (zone definitions, retention overrides, model thresholds).

Common gotchas

  • Camera vendor portal phone-home blocked: cameras may show "cloud disconnected" in their own UI. This is intentional. Show the customer the DNS sinkhole stat for reassurance.
  • WiFi cameras drop: 2.4GHz is congested, 5GHz has range issues. Use cabled cameras when possible; HaLow as the future option for distance.
  • WAN flaky: hub bridge will queue events and reconnect. Customer doesn't need to do anything.
  • Wrong NTP: chrony with NTS is the default. If a customer has a strict internal NTP server, configure it in the wizard step.
  • Operator forgets password: recovery via console port on the router (physical access) or hub-side Keycloak admin reset.

Limits of single-site

  • One Cell ≈ 8-12 cameras at 1080p H.265 with full Frigate. Beyond that, scale to R+2 (two Cells).
  • Local storage limit: see ../01-architecture/storage-retention.md.
  • No cross-site queries (need hub).
  • No central operator audit (need hub).

For single-site only, the customer doesn't need a hub subscription. Standalone mode (configured in wizard step 5) skips hub registration entirely.