Home / The Belton Blueprint
Twenty years of deploying technology for NZ businesses, distilled into a stack we trust.
After deploying and supporting technology for hundreds of New Zealand businesses, we've refined our recommendations to vendors and products that consistently deliver. This isn't a list of products we sell because of margins or kickbacks. It's what we actually use, what we'd recommend to our own family, and what we can support properly when things go wrong.
You don't have to use everything listed here. Many clients come to us with existing systems, and we're happy to support what works. But when you ask us what we recommend for a business starting fresh or ready for a refresh, this is what we recommend.
"The best technology stack is one that works together seamlessly, scales with your business, and can be properly supported when something breaks at 2am."
What follows is our thinking on each layer of a modern business technology environment. Not just what we recommend, but why.
The infrastructure question used to be simple: buy servers, put them in a closet, hope nothing catches fire. Today it's more nuanced. Most businesses we work with end up with a hybrid approach, and that's usually the right answer.
For cloud infrastructure, we're a Microsoft Azure shop. Not because Microsoft pays us to say that, but because it integrates naturally with the Microsoft 365 environment most businesses already use. Azure Active Directory, conditional access policies, seamless authentication. When you need a virtual machine or a cloud-hosted application, keeping it in the Microsoft ecosystem just makes sense.
For businesses that need on-premise servers, whether for compliance reasons, latency requirements, or simply because cloud costs don't make sense for their workload, we spec Lenovo ThinkSystem hardware. Reliable, well-supported, excellent value. We've deployed hundreds of them over the years and they rarely give us trouble.
Endpoint selection matters more than people think. Cheap consumer laptops cost more in the long run: shorter lifespans, worse keyboards, flimsy hinges, and support headaches. We recommend business-grade hardware from the start.
For most users, Lenovo ThinkPad or HP EliteBook laptops hit the sweet spot. Durable, repairable, excellent keyboards, and proper business support channels. For executives and mobile workers who want something premium, Microsoft Surface devices work beautifully with the Windows ecosystem. For creative teams or anyone who simply prefers macOS, we fully support Apple MacBook deployments, including integration with your Microsoft environment via proper MDM.
The goal isn't to push a particular brand. It's to match the right hardware to the right user, ensure it's properly configured and secured, and make sure we can support it when something goes wrong.
This is the easiest recommendation we make: Microsoft 365. Not because we're Microsoft partners, but because nothing else comes close for business productivity. Email, calendar, file storage, collaboration, video meetings, real-time document editing. It all works together, it's constantly improving, and it's what most of your clients and partners are already using.
The key isn't just having Microsoft 365. It's having it properly configured. Security settings tuned appropriately. Conditional access policies protecting your data. SharePoint structured sensibly instead of becoming a dumping ground. Teams deployed in a way that actually helps collaboration rather than creating notification chaos.
Business phone systems have changed dramatically. The traditional PBX in the server room is increasingly rare. Most of our clients either use our Belton VoIP service, which starts at $28/month per user with all the features you'd expect, or Microsoft Teams Phone for organisations that want everything in one app.
For businesses with complex call routing needs, call centre requirements, or those who just prefer a dedicated phone system, we deploy 3CX. It's feature-rich, flexible, and works well whether hosted or on-premise.
Security isn't a product you buy. It's layers of protection, each catching what the others miss. We approach security holistically: identity protection, endpoint security, network security, email security, backup, and monitoring. No single tool does everything, and anyone who tells you otherwise is selling something.
For endpoint protection, we've moved our entire client base to SentinelOne. It's AI-powered, which sounds like marketing buzzword nonsense but actually matters. Traditional antivirus looks for known bad signatures. SentinelOne watches behaviour and stops threats it's never seen before. It also gives us rollback capabilities when ransomware gets through other defences.
Network security means Fortinet FortiGate firewalls for any business with an office. Next-generation firewalls that inspect traffic properly, block threats at the perimeter, and provide secure VPN access for remote workers. We've standardised on Fortinet because their security fabric ties everything together and gives us visibility we can't get from consumer-grade gear.
The old model of security was a castle with a moat: protect the network perimeter and everything inside is trusted. That model died with remote work and cloud applications. Today, identity is the perimeter. Every login is a potential attack surface.
Microsoft Entra ID (formerly Azure AD) handles identity and access management for our clients. Multi-factor authentication on everything. Conditional access policies that check device compliance before allowing access. Single sign-on that reduces password fatigue while improving security. When configured properly, it's genuinely difficult for attackers to compromise accounts even with stolen passwords.
We also run security awareness training, because your team is always the first line of defence. Phishing simulations that catch people in the moment and teach better habits. Regular training on current threats. It's not glamorous, but it works.
Backup isn't exciting until you need it. Then it's the only thing that matters. We've recovered businesses from ransomware attacks, from deleted data disasters, from failed hardware, from employees who accidentally wiped critical files. Every single time, the difference between a minor inconvenience and a business-ending catastrophe was whether backups existed and whether they worked.
Microsoft 365 deserves special attention here because most people assume Microsoft backs up their data. They don't. Not in any useful way. Deleted emails, corrupted SharePoint sites, malicious destruction by a disgruntled employee: Microsoft's retention policies won't save you from most of these scenarios. We deploy third-party backup for every Microsoft 365 tenant we manage.
For on-premise servers and critical workloads, we typically deploy Datto BCDR or Veeam Backup, depending on the requirements. Datto's business continuity solution can spin up a failed server as a virtual machine within minutes, not hours or days. Veeam gives us flexibility for complex environments and is battle-tested in enterprises worldwide.
Everything replicates offsite. Everything is encrypted. Ransomware can't touch properly air-gapped backups. We test restores regularly because a backup you've never tested isn't a backup, it's a hope.
Some IT providers will deploy whatever the client asks for, whatever's cheapest, whatever they can find. That approach creates technical debt, support nightmares, and environments where nothing works together properly.
We standardise on specific vendors because it lets us support you better. Our engineers know these products deeply. When something breaks at 2am, they're not learning on the job. When a vulnerability is announced, we know exactly which clients are affected. When vendors release updates, we've already tested them in our lab.
Standardisation also means your systems work together seamlessly. Microsoft 365 talking to Azure talking to Intune talking to Entra ID. FortiGate firewalls integrated with our monitoring. SentinelOne feeding threat data to our security operations centre. Everything connected, nothing siloed.
That said, we're not rigid. If you have a specific business requirement that our standard stack doesn't meet, we'll find the right solution. If you have existing systems that work well, we're not going to rip them out just to match our preferred vendors. The blueprint is a starting point, not a straitjacket.
Let's design a solution tailored to your business needs and budget.