I play a Tesla cracker on TV, and have 22 years in enterprise InfoSec, but in real life I'm a real estate developer. I build houses of
ICF with
concrete interfloor decks and
roofs (non-combustible, seismic-safe), and certified by the
Intnl PassivHaus Institute.
It is a real problem to get wifi and cell in these concrete structures, on all three floors, and I've done alot of research. First of all I don't trust anyone else's cloud (including Tesla's), so take that for what you will. Second, a security axiom is 'simple is safe' -- smaller attack surface.
I must do something about comms infrastructure in these houses, so my configuration is to have a quality AP, centrally-located on the third and second floor ceilings,
each on ethernet to a PoE router/firewall appliance in the first floor equipment room. There is fiber-to-the-homes so an ethernet hardwire direct from the fiber ONT to the router/firewall. No silly internet provider's router/antennae to rent from them, which is likely compromised and would be ineffective here anyway.
The AP on the second floor is configured as master, and the one on the third floor is slaved, so they are coordinated with transparent handoff.
So my homeowners have excellent wifi on all three floors. And when they set their phones to wifi calling, at home excellent reception with transparent handoff. No need for an expensive cell booster like
weboost. (wifi calling is inherently IPSec)
As time goes on they can upgrade to an AP that also handles wifi6, bluetooth, Z-Wave, etc if they want. Need NAS or something else? Attach it to the router in the equipment room.
I've been asked what my support model is for this... my support model is that no other developer of 'workforce' housing cares to do this. I provide a notebook for each homeowner describing the comms and (radical) HVAC systems. If they care to read they can maintain their systems. If not, who is washing the feet of 95% of Americans who never update their firmware?