As 2024 winds down, I’m proud to say we’ve wrapped one of the most foundational technical initiatives at TTG Imaging Solutions – a company-wide network rebuild, and we did it the right way.
For the past several months, we’ve been traveling from site to site, tearing out aging infrastructure and replacing it with our standardized corporate stack. Before we came onboard, TTG was running Meraki firewalls and switches across the board. And to put it bluntly – I think Meraki is the worst network stack on the market.
Yes, it’s easy to set up. But that’s where the praise ends. Back at the consulting firm, we used to call them “Fisher Price: My First Firewall.” Anything even slightly complex is either unsupported or locked behind an interface that doesn’t trust the user to know what they’re doing. Add in the fact that your hardware literally bricks if you don’t pay your license, and it’s an easy no for me.
With our Meraki licenses coming up for renewal in January, we made the call: rip and replace.
The Stack
Our standard stack at TTG is battle-tested:
-
FortiGate firewalls for proper policy control, VPN, and security posture
-
Aruba switches and APs for enterprise-grade L2/L3 networking and scalable wireless
This is the same tech we used to get Digirad through HITRUST, and it’s what we’re using now to unify TTG’s network nationwide.
Our standard network topology runs two ISP connections, each delivered to a different member switch on the core Aruba stack via LACP-bonded ports assigned to a dedicated WAN VLAN. The switch stack is configured as a pure Layer 2 fabric – all Layer 3 routing is handled by the FortiGate firewalls. The FortiGates connect back into the same switch stack over a separate LACP uplink, also VLAN-tagged for segmentation. All edge devices – including Aruba APs, VoIP phones, and workstations – connect directly to the switch stack. This design simplifies traffic control, centralizes routing policy at the firewall layer, and delivers a clean, resilient architecture with full failover capability across both the WAN and LAN paths.
Training the Team
TTG has two systems administrators – Adrian Huerta and Michael Ha – both smart, driven, and eager to learn, but still early in their careers. I knew this project would be a perfect opportunity for a hands-on mentorship.
So we ran it I do / you watch → You do / I watch style:
-
Houston: I flew out with Adrian. I handled the rebuild myself while he shadowed me and absorbed the full process – from patching to firewall configuration.
-
Pittsburgh: Same playbook, but this time with Michael.
-
Stokesdale: Our final site of the year – I brought them both, and they did the work. I was there as a safety net, but they ran the show. And they crushed it.
Watching them step up, ask smart questions, and get their hands dirty was easily one of the best moments of my year. It was a win not just for our infrastructure – but for our team’s future.
Our Wiring Philosophy
Another core piece of this project was how we document and deploy.
For the last five years, we’ve ditched the traditional “switch port X → patch panel Y” spreadsheet approach. Instead, we treat each individual cable as an object in a relational database – we number and label each one, then build mappings in Airtable where:
-
Patch panels and switches are tables
-
Cables are reference objects
-
Each cable is associated with its config, type, VLAN, and destination
Because of this, we were able to pre-configure every switch and firewall before arriving onsite, knowing exactly what every port would be doing. By the time we showed up to each office, 95% of the work was done – we plugged in, powered on, and everything just worked.
This system saved hours of guesswork and rewiring, and it’s now our nationwide standard.
70 Flights Later…
With OTIS launching, physical inventory completed, board meetings, and this network rebuild tour, I officially hit a personal record this year – 70 flights in 2024.
This last trip to Stokesdale? It put me over the top into United 1K status. So, while I hope to travel a bit less in 2025… at least when I do, I’ll be flying in style.
Wrapping It Up
Every TTG site is now running the same clean, secure, and fully documented network stack. The project gave our junior team members real-world experience, improved our security posture, and eliminated the Meraki anchor that’s been dragging us down for too long.
And now – with that project complete – it’s time to unplug for a minute.
Happy holidays, happy new year, and wishing all of you the very best in 2025.
– Vince