When you need to upgrade or refresh the CCTV and Integrated
Security Applications in high-security custodial spaces, look no further
than to your UK Network Designer & Manufacturer, AMG Systems.


The UK’s custodial estate has varying levels of security needs that depend on the category of the site, the number of packages coming onto the network, and the need to utilise existing infrastructure that was mainly installed to cater to an analogue security system.

Get in touch with the team today, call us on +44 (0)1767 600777 or you can email


Existing topology

To keep costs to a minimum the existing infrastructure will always be analysed with a view to re-use, where possible. There are certain considerations on older, multimode fibre installations relating to the distance and Ethernet bandwidth associated with 62.5/125 multimode fibre. 

There are other considerations to make, often relating to the topology of the existing fibre. Many sites have the fibre installed in a fibre ring. Historically this would have given a resilience when connecting layer 2 Ethernet products which utilise healing protocols, such as RSTP (rapid spanning tree protocol). 

RSTP operates by closing off ports using software to stop data travelling continuously around a fibre optic ring that could cause broadcast storms. The protocol will only open those closed ports should a fibre break, enabling all network traffic to travel on an alternate route. 

This data routing uses the MAC addresses of all devices on the network; at the point of a fibre loss RSTP will instruct all the devices on the network to reconverge (flush the MAC address table) to allow communication to take place so the network devices can re-build a new MAC address table to cater for the change of topology caused by the fibre break. 
Reconvergence time will differ dependent on the number of devices on the network. In a large prison with high camera numbers this time can very often exceed acceptable losses of network transmission. 
On these occasions AMG would always advise the use of layer 3 network switches. At layer 3, ring healing protocols like OSPF (open shortest path first) can be applied to significantly reduce network downtime when re-routing traffic due to a broken fibre ring. 
Moving to layer 3 will add complexity to the network design and very often lead to a low-level design document (LLD) being required. The LLD will map the data flow on the network and cater for all the tiers.  

External Cameras

Very often external CCTV will need full segregation from internal CCTV cameras in terms of the network. This can be achieved at layer 2 by using separate hardware for each package. 
At layer 3 this segregation can be achieved by using sub-nets and Vlans that can still intercommunicate. The layer 3 routing capability of the core switch/es will then allow cross communication of the Vlan traffic. This means the internal and external network only ever meet at the core eliminating the need for two separate networks, with all the additional hardware and infrastructure that physical separation would entail. 


3-tiered architecture

Access Layer – This is layer that takes all network data in, CCTV cameras, Access control, PIDS, Cell-call etc. All data is then fed to the distribution layer.
Distribution Layer – This is the layer of the network that communicates up to the core. In existing ring topologies it is here that we would connect the fibre ring. 

Core Layer – Your core switch/es are the backbone of your network and critical to the successful operation of the network. This is where you will connect your servers, recording systems and workstations. Utilising a virtual chassis capability will allow you to use 2 separate core switches that operate as one device, usually connected using a 40Gbt DAC cable. Having a diverse connection (patch) from each core switch to every switch on the distribution later will give you resilience in the control room. Should either switch fall over the network will continue to run seamlessly. This is with the use of LAGs (Link Aggregation), that allows two physical connections to act as a single connection in the network, adding resilience or additional bandwidth. LAGs are designed at LLD stage and configured onto the switches to offer this performance.
Virtual Chassis designed networks remove single points of failure.
For very high secure sites, this virtual chassis can also be replicated at the distribution and access layers.


We have discussed how best to design a network on existing fibre rings however, if there is the chance to influence the fibre installation, we would advise a star topology with diverse paths to each of the core switches. This will still use layer 3 protocols but offers far simpler user-ability. 

AMG Systems offer a network design service that will take you through all these steps to ensure you deliver a network that utilises existing infrastructure, is on specification and offers the right level of resilience for each site. 


















For more information about
AMG products and services,
please fill out the form and
one of our team will be
in touch to assist you soon.

Thank you