Hardware & Workspace.
The physical layer. Workstations, displays, peripherals, mobile test devices, network and power, backup and disaster recovery, the travel kit, and the procurement & refresh policy. Everything below the operating system and above the desk. Layer 1 of the stack map.
Owned by the Studio Lead. Read by everyone who uses Studio-issued hardware. Reviewed annually; spec sheets updated whenever a new machine is procured.
How to use this doc.
Hardware is where most studios either over-spend on theatre or under-spend on reliability, and both failures look the same in an engagement retrospective — a demo that didn’t ship, a client call that dropped, a migration that corrupted because a laptop failed without a backup. The goal of this doc is to get hardware decisions off the founder’s plate and onto a set of named tiers with named refresh windows, so the next decision is “time to refresh the Sprint Lead’s machine” rather than “what laptop should we buy this year?”
Our baseline philosophy: buy quiet, reliable, portable, Apple silicon. Every Studio role runs on Mac. Every role has a named tier. Every tier has a named refresh window. Everything else in this doc flows from that three-line policy.
Reading order
- If you are onboarding: read §02 and §03 to understand which tier your role maps to, then §08 if you’ll travel for a sprint.
- If you are the Studio Lead: read end-to-end annually and during the Quarterly Review’s infrastructure block.
- If a machine has failed: skip to §07 (Backup & Recovery) and follow the disaster recovery playbook — then come back to §09 to source the replacement.
Hardware at a glance.
L1 Physical decomposes into seven things we own: workstations, displays, peripherals, mobile QA fleet, network and power, backup infrastructure, and the travel kit. Each has a named tier policy and a refresh window. Everything is capex, tagged in Wave, and rolls up to the Year-N hardware envelope below.
| Category | Tier policy | Typical unit cost | Refresh | Section |
|---|---|---|---|---|
| Workstations | Role-tiered (A/B/C) | $2,200–$5,400 | 30 months | §03 |
| Primary display | One 5K per workstation | $1,300–$1,600 | 48 months | §04 |
| Peripherals | Keyboard + pointer + mic/cam | $400–$900 / desk | 36 months | §04 |
| Mobile QA | Shared fleet, 4 devices | $2,800 total | 24 months | §05 |
| Network + power | Fiber + UPS + backup LTE | $600 + $80/mo | 60 months | §06 |
| Backup + DR | 3-2-1 rule | $250 + $30/mo | Ongoing | §07 |
| Travel kit | One per Sprint Lead | $700 / kit | 36 months | §08 |
Capex envelope by year
| Year | Headcount | Capex spend (annualized) | Notes |
|---|---|---|---|
| Year 1 | 1 (founder) | $7,500–$9,000 | One full workstation tier A, one QA fleet, travel kit. |
| Year 2 | 2–3 | $12,000–$16,000 | Second workstation (tier A or B), second desk, expanded QA fleet. |
| Year 3 | 4–6 | $22,000–$30,000 | Third + fourth workstation, refresh cycle on year-1 machines kicks in. |
Primary workstations.
Three tiers, named by the workload they serve. Every Studio role maps to exactly one tier. Tier is a function of what the role does day-to-day, not of seniority — a senior Sprint Lead and a junior Sprint Lead are both tier B, because the workload is the same shape.
Tier map by role
| Role | Tier | Machine | Rationale |
|---|---|---|---|
| Agent Engineer | A | MacBook Pro 16” M5 Max | Local model inference, Docker, multi-repo agentic workflows. Heaviest workload in the Studio. |
| Sprint Lead | B | MacBook Pro 14” M5 Pro | IDE + browser + Figma + Linear + calls. Medium workload; portability matters as much as power. |
| Governance Architect | B | MacBook Pro 14” M5 Pro | Writing-heavy with occasional runtime inspection. Same machine as Sprint Lead for inventory simplicity. |
| Studio Lead | C | MacBook Air 15” M5 | Calls + docs + finance. Low compute, high reliability, maximum quiet. |
| QA / Utility | C | Mac mini M5 (desk-only) | Demo rig, shared QA desktop, or low-cost team addition. |
Tier A — Agent Engineer workstation
Tier A is the only tier that prioritizes raw compute. The 64 GB unified memory is the line item most Studios get wrong by under-speccing — once you run Docker, a local model for offline testing, and a full IDE+browser workload concurrently, 32 GB becomes a constant swap battle. Over-spec memory, under-spec storage (we lean on iCloud + the backup stack in §07 for spillover).
Alternatives. (1) Mac Studio M5 Max + 16” MacBook Air as companion — viable if the Agent Engineer is > 80% desk-bound; adds ~$1,800 but gives headroom for heavier local inference. (2) 14” M5 Max instead of 16” — acceptable for an engineer who prefers portability; accept the slightly worse thermals. Not acceptable: M5 Pro instead of Max (memory ceiling too low), or any PC workstation (breaks our single-OS discipline).
Tier B — Sprint Lead / Governance Architect
Tier B is the Studio’s most-bought tier. Balanced for a role that spends the morning in an IDE and the afternoon on a client call from a client site. 36 GB is the floor — not 18, not 24. The difference between 18 and 36 shows up the first time a Sprint Lead opens Chrome with 40 tabs, Figma, VS Code, Zoom, and a Docker container concurrently.
Alternatives. (1) Base M5 Pro with 24 GB — $600 cheaper, accept that memory pressure will show up in month 6 and refresh earlier. (2) 16” M5 Pro — acceptable if the Sprint Lead prefers a larger daily-carry; adds ~$400 and ~0.6 kg. Not acceptable: MacBook Air in this role; the sustained workload thermally-throttles the fanless design.
Tier C — Studio Lead & utility
Tier C is for roles that never run Docker, rarely open an IDE, and spend most of their day in a browser, docs, and Zoom. The Air’s fanless design is an asset here — the Studio Lead is on more client calls than anyone else in the Studio, and the audible fan on a Pro is a real and measurable distraction.
Alternatives. (1) Mac mini M5 + external display — viable for a pure desk role (a permanent QA station or a demo rig) and the cheapest option in the lineup at ~$1,100. (2) 13” MacBook Air — acceptable for travel-heavy roles but the smaller display meaningfully hurts finance/spreadsheet workflows.
Setup standard — every workstation
- FileVault 2 enabled before first login. Recovery key escrowed to the Studio Vault (see USO-ST-06 §03).
- 1Password and the Studio SSH config installed from the onboarding Brewfile.
- Time Machine target configured to the studio NAS or iCloud Drive + Backblaze (see §07).
- Asset tag applied to the bottom case; serial, owner, purchase date, and AppleCare end date logged in the Airtable asset register.
- Standard apps installed: 1Password, Slack, Linear, Figma, Notion, Loom, Zoom, VS Code or Zed, Claude desktop, Raycast, Rectangle.
- MDM: enrolled in Jamf Now (or Mosyle — see §09 alternative) before the device leaves the Studio Lead’s desk.
Displays & peripherals.
The desk setup is one standard for all tiers. The laptop differs; everything else is identical. This makes onboarding trivial (“you know this desk, you’ve used this desk”), and it means any workstation can be swapped into any desk during a failure or refresh without reconfiguration friction.
The desk, top to bottom
Studio Display 27” 5K.
Apple Studio Display (nano-texture). 5120 × 2880, P3 wide color. Powers + charges the laptop over a single Thunderbolt cable. One-cable desk is the ergonomic point.
Ergotron LX arm.
Single-monitor arm, desk-clamped. Brings the display to neutral eye level (top of screen at or just below eye height). Non-negotiable ergonomics line item.
Magic Keyboard.
Apple Magic Keyboard with Touch ID, numeric pad. Wired USB-C for zero-latency authentication and reliable reconnection after sleep.
Magic Trackpad.
Apple Magic Trackpad, space black. Gesture parity with the laptop trackpad matters more than mouse preference — we standardize on trackpad.
Shure MV7+.
Dynamic broadcast mic on a desk arm. USB-C to the display. Every Sprint Lead’s audio is studio-quality on Zoom by default, which meaningfully raises perceived professionalism.
Studio Display camera.
The display’s 12 MP Center Stage camera is now good enough to skip a dedicated webcam. Tier A engineers who want better can add a Logitech MX Brio as a $200 upgrade.
Ergonomic baseline
Every desk meets the same ergonomic standard: display at eye-height, wrists neutral, chair adjusts in five axes, feet flat to the floor. The Studio default chair is a Herman Miller Aeron (size B) secondhand or an IKEA Markus on the budget tier. Desk height: electric sit-stand, 64–128 cm travel range, programmed to two positions per user.
| Component | Standard | Budget alternative | Unit cost |
|---|---|---|---|
| Display | Apple Studio Display 27” nano-texture | Studio Display standard glass | $1,600 / $1,300 |
| Arm | Ergotron LX | Amazon Basics single arm | $180 / $60 |
| Keyboard | Magic Keyboard w/ Touch ID + numeric | Magic Keyboard w/ Touch ID (no numeric) | $230 / $180 |
| Pointer | Magic Trackpad (space black) | Magic Trackpad (silver) | $150 |
| Mic | Shure MV7+ on boom | Laptop internal mic | $330 / $0 |
| Chair | Herman Miller Aeron (used) | IKEA Markus | $700 / $300 |
| Desk | Uplift V2 sit-stand (commercial) | IKEA Bekant sit-stand | $900 / $380 |
Mobile test fleet.
Most of what the Studio builds is back-of-house agent infrastructure, not mobile apps — but every engagement has at least one surface a human uses from a phone: a Slack alert, a Lnk.Bio page, a short Loom, a preview URL the Executive Sponsor opens on their commute. A minimal shared QA fleet catches the class of bug that only shows up at 375 pixels wide.
The four devices
| Device | Why | Refresh | Unit cost |
|---|---|---|---|
| iPhone 17 (current) | Modern iOS · Safari 18 parity · dominant in the Studio’s client base. | 24 months | $900 |
| iPhone SE (2024) | Older chipset · smallest supported screen (375 px) · still > 8% of visitor traffic. | 36 months | $430 |
| Pixel 9 | Modern Android · stock Chrome · covers Google ecosystem expectations. | 24 months | $700 |
| iPad Pro 11” | Tablet breakpoint validation · client call backup device · travel kit (see §08). | 36 months | $800 |
Fleet discipline
- All four devices live in one shared drawer labeled
QA fleet. Never leave the Studio. - Each is enrolled in MDM with a Studio Apple ID (for Apple devices) and a Studio Google Workspace account (for the Pixel).
- Each device runs one test browser: Safari on iPhones and iPad, Chrome on Pixel. No other browsers installed — QA on the primary.
- The fleet is wiped and re-enrolled at every major OS release (iOS 19, Android 17) so that “what the majority of users experience” stays accurate.
- No client credentials are saved on any fleet device. See USO-ST-06 §05 for why.
BrowserStack alternative
A cloud device farm (BrowserStack, Sauce Labs, LambdaTest) is an acceptable alternative to a physical fleet when the Studio is < 2 people. Monthly cost ~$40; trades the capex of ~$2,800 for a recurring opex line. Why we still run physical devices: the haptic and network realism of a real device catches bugs a cloud emulator misses — specifically anything involving PWA installs, push notifications, or real cellular network throttling. Past year-two headcount, run both.
Network, power, redundancy.
Network and power are what clients never see until they break, and they are the single most common cause of “the Friday demo failed” retrospectives in the industry. The Studio runs a belt-and-suspenders network — primary fiber, LTE failover, UPS on every critical desk — because an hour of downtime during a Gate call is worth more than a year of the monthly cost.
Primary network
Symmetrical gigabit fiber at the Studio address. Provider varies by city — the spec we hold to is ≥ 500 Mbps up, < 20 ms latency to US-East-1, static IP. The static IP is what allows us to allowlist the Studio from client VPNs when an engagement requires it.
Use when
- Every workstation, every desk, by default.
- Primary path for client calls, agent deploys, and video recording.
Alternatives
- Gigabit cable — acceptable if no fiber provider serves the address. Watch asymmetric upload; many cable tiers cap upload at 35 Mbps, which tanks Zoom quality on multi-party calls.
- Starlink — a valid primary for rural or travel Studios; latency 40–60 ms but stable. We run it as backup, not primary.
A Peplink Balance 20X or UniFi Dream Machine with a cellular modem on a carrier independent of the fiber provider. The gateway auto-fails-over on a fiber outage in < 5 seconds and notifies the Studio Slack. Monthly data allowance of 100 GB/month is plenty for a fiber outage even under heavy video.
Use when
- Fiber outage of any duration.
- Scheduled ISP maintenance windows (we ignore them; failover handles).
Alternatives
- Manual tethering from a Sprint Lead’s phone — acceptable for < 30-minute outages; annoying and slow for anything longer.
- Second fiber provider — best-in-class, but overkill until year-three with multi-room Studios.
- Starlink-as-failover — viable and cheaper than cellular per GB once engagement exceeds 3 active sprints.
Router & Wi-Fi
We run a UniFi stack: a Dream Machine Pro as the gateway, one or two U7 Pro access points depending on desk count. VLANs split Studio workstations from the QA fleet from IoT (printers, cameras). SSIDs: umbra-studio (primary), umbra-iot (QA fleet + printers), umbra-guest (clients, visitors; rate-limited, no LAN access). Per-client VPN allowlisting uses the Dream Machine’s static IP routing.
Power & UPS
- Every critical desk has a CyberPower CP1500AVRLCD UPS or equivalent — 1500 VA / 900 W, ~20 minutes of runtime under full workstation + display load.
- The UniFi rack and the fiber ONT share a dedicated APC Smart-UPS 1500 — longer runtime, rack-mount, manageable.
- UPS alarms route to the Studio Slack via the UniFi integration.
- UPS batteries are replaced on a 36-month schedule, regardless of condition. Past that, sag under load is the common failure mode and it fails silently.
Backup & disaster recovery.
Three copies of important data, on two media, with one off-site — the classic 3-2-1 rule, applied at the workstation level and the Studio level. Without it, a single laptop theft becomes an existential incident. With it, the worst case is a two-hour restoration and a quarterly post-mortem entry.
RTO & RPO targets
| Scenario | RTO (time to working) | RPO (max data lost) | Path |
|---|---|---|---|
| Single laptop failure | ≤ 4 hours | ≤ 1 hour | iCloud Drive + Time Machine + Backblaze restore. |
| Laptop loss / theft | ≤ 24 hours | ≤ 1 hour | Remote wipe via MDM + Apple Store walk-in + restore. |
| Studio NAS failure | ≤ 48 hours | ≤ 24 hours | NAS restore from Backblaze B2; engagements continue from cloud copies. |
| Ransomware / full breach | ≤ 72 hours | ≤ 24 hours | See USO-ST-06 §07 incident playbook; restore from immutable cloud snapshot. |
Three layers of backup
iCloud Drive.
Desktop + Documents + Drive folders sync to iCloud. RPO seconds. Enabled on all Macs. 2 TB plan per user.
Time Machine.
Hourly snapshots to the Studio NAS (Synology DS224+). Per-machine sparse bundle. 8 TB capacity per user slot.
Backblaze B2.
Nightly encrypted backup of the NAS to Backblaze B2. Retained 90 days. ~$30/month at typical Studio volumes.
Studio NAS
A Synology DS224+ with two 8 TB WD Red drives in SHR (essentially RAID 1) is the Studio’s local second-media target. Lives on the UniFi rack. SMB shares: timemachine/, archive/ (the frozen engagement archive per §06 of USO-ST-04), vault/ (contracts mirror). Drives are rotated on a 5-year schedule; we replace one at a time and let SHR resilver, so the NAS is never offline.
Quarterly restore test
- During the Quarterly Studio Review (see USO-ST-01 §09), one random workstation is restored end-to-end from backup to a spare disk.
- Success is measured as: < 4 hours total time, < 1 hour RPO, and all Studio apps launchable post-restore.
- Any failure of the above blocks the quarter’s close and produces a Studio-SEV-1 post-mortem.
- A log of the test result (date, machine, time, outcome) is appended to the post-mortem Notion database.
Travel & off-site kit.
The travel kit exists so that a Sprint Lead who flies to a client site on Monday morning never has to improvise. The same bag, the same cables, every trip. Weight target: < 4.5 kg including laptop. Total kit cost: ~$700 excluding the laptop. Refreshed every 36 months or sooner if a strap fails.
The kit, piece by piece
| Item | Model | Purpose | Unit cost |
|---|---|---|---|
| Bag | Aer Travel Pack 3 Small (21 L) | Personal-item sized; TSA-friendly laptop pocket. | $260 |
| Charger | Anker Prime 100W GaN, 3-port | Charges Mac + iPhone + backup device concurrently. | $110 |
| Cables | USB-C + Lightning + HDMI + MagSafe 3 (spare) | Every plug the kit might ever need. | $90 |
| Hub | CalDigit TS4 Mini (travel) | Adds HDMI + Ethernet + SD to any room’s TV. | $100 |
| Mic | DJI Mic Mini (single receiver + TX) | Better-than-laptop audio from any conference room. | $160 |
| Presentation clicker | Logitech R500 | Wireless, reliable, two-AAA format. | $45 |
| Backup phone battery | Anker 10k MagSafe | Powers an iPhone through a long travel day. | $60 |
| AirTag | Apple AirTag (in the bag) | Non-negotiable since 2022. Named on the Studio Find My. | $29 |
Off-site workstation hygiene
- VPN always-on when on untrusted Wi-Fi. The Studio uses Tailscale; see USO-ST-06 §03 for the specific rules.
- No public charging via USB data cables. Power-only cables live in the kit; data cables stay home.
- Screen privacy film applied to every Tier B / Tier C laptop that travels. Applied once; lasts the lifetime of the machine.
- No client data downloaded to the laptop beyond what is strictly necessary for the on-site session (see P-06 in USO-ST-01 §02).
- Nightly hotel-room check: bag, laptop, kit, phone, wallet, ID. Five items, thirty seconds, every night.
Procurement, refresh, disposal.
The purchase is the easy part. What most studios skip — and what causes year-three problems — is the asset register, the refresh trigger, and the disposal path. This section defines all three.
Where we buy
Apple Business account linked to the Studio Mercury card. Zero-markup, fastest ship times, MDM-ready (devices arrive pre-enrolled in Jamf Now). Handles every Mac, iPad, iPhone, Studio Display, AirTag, and most peripherals.
Use when
- Any Apple-made product.
- AppleCare+ extension purchases.
Alternatives
- Apple Refurbished — acceptable for Tier C machines and iPads; 1-year warranty vs new 1-year, saves 10–15%.
- B&H / Adorama — use for non-Apple display options and legitimate tax exemption workflows in NY/NJ.
For the non-Apple half of the desk — Shure mics, CalDigit docks, ergonomic arms, Anker chargers, UniFi gear. Reliable fulfillment, good return policy, strong business account pricing.
Use when
- Any non-Apple peripheral, network, or AV gear.
Alternatives
- Amazon Business — acceptable for commodity items; worse return experience on high-value gear.
- Ubiquiti direct — required for UniFi SKUs that don’t distribute through retail.
MDM & asset enrollment
Every Studio device — Mac, iPhone, iPad — is enrolled in Jamf Now (free tier up to 3 devices, then ~$4/device/month). MDM handles: remote wipe, FileVault recovery-key escrow, app deployment, OS update enforcement. The alternative, Mosyle, is broader (Apple-only and a touch cheaper) and an acceptable swap; we picked Jamf for distributor familiarity.
The asset register
One Airtable base, one row per device. Fields: asset_id, model, serial, owner, purchase_date, applecare_end, assigned_desk, refresh_due, status (active / staging / disposed). The refresh_due column auto-calculates 30 months after purchase for Tier A/B, 36 months for Tier C. The Studio Lead’s quarterly checklist includes a glance at any row where refresh_due is within 90 days.
Refresh triggers
- Scheduled. The tier’s refresh window has elapsed.
- Thermal. The machine is demonstrably throttling during normal workload — user reports persistent fan noise, sustained > 90°C under typical IDE use.
- Battery. Apple’s battery condition has dropped below 80% or the cycle count exceeds 1,000.
- OS support. Apple has dropped macOS support for the chip generation (5–7 years out; rare for Apple silicon).
- Damage. Screen, keyboard, or port damage that AppleCare+ won’t cover.
Disposal path
- Wipe. Full erase via Jamf Now — includes cryptographic erasure of FileVault keys.
- De-register. Removed from MDM, Apple Business account, and the asset register (status = disposed).
- Route. Option A: Apple Trade-In for credit against the next purchase (default). Option B: donate to a verified nonprofit with a written wipe certificate. Option C: e-waste via a certified R2 recycler. Never resold to individuals — the compliance risk is not worth the marginal value.
- Log. Disposal date and route appended to the asset register for the 7-year audit trail.
Hardware checklist.
The Studio Lead’s recurring hardware work collapses into the list below. If this list runs on schedule, the rest of this doc stays invisible — which is the point.
On every new hire
- Tier identified (A / B / C) per §03.
- Workstation ordered from Apple Business with MDM pre-enrollment.
- Desk provisioned to the §04 standard.
- Travel kit assembled and delivered to the hire’s desk on day one.
- Asset register row created with all fields populated.
- Onboarding Brewfile + apps installed per §03 setup standard.
- Backup stack enabled and first Time Machine completes within 24 hours.
Weekly (5 minutes)
- Glance at the UniFi Slack alerts channel for any UPS or failover events that went untriaged.
- Confirm the NAS health widget is green in the Studio’s dashboard.
Quarterly (60 minutes)
- Run the §07 restore test during the Studio Review’s infrastructure block.
- Scan the asset register for any row within 90 days of
refresh_due; trigger procurement if needed. - Battery health audit — pull cycle counts across the fleet via MDM; flag any > 900 cycles.
- Review AppleCare+ end dates; renew any expiring within 180 days.
- Travel kit restock audit — confirm every kit is complete and within its 36-month refresh window.
Annually (half day)
- Refresh this doc — spec sheets, unit costs, tier maps.
- Re-evaluate primary vendors (Apple Business, B&H) against alternatives.
- Re-run the capex envelope for the coming year; lock it into the Wave budget template.
- Physical audit of every device against the asset register — lost, stolen, unaccounted-for devices are Studio-SEV-2 incidents.
- Re-review the ergonomic baseline in §04 for new evidence — chairs wear out, monitor-arm limits change.