Re: Direct wiring
"I don't think I have a single port on a wall or in a floor that's not fully patched in or hasn't been every day since it's install."
The main building I work in was floodwired with what seemed far too many ports (minimum 2 per desk and a few extra for every room) 20 years ago.
As time has gone on, single-occupancy rooms became double and what used to hold 2 desks now holds 4 - and everyone now has a desktop, laptop, at least 1 phone/tablet and often more devices too, all competing for ports.
Installing decent 2/5GHz WAPs (all running at 1-5mW output), WACs, switches, radius and 802.1x has meant that we can mostly cope with the increase. In the rooms that simply can't cope, we've added in-room switches where needed. Networking is also an issue, with a limited number of IPv4s available - so if you switch from wired to wireless you get the same IP assigned (this also provides seamless connectivity)
802.1x is the key though. Authorised machines can connect. Unauthorised ones don't. Phones go into 1 of 2 guest networks - for staff ones the password is tied to their userid (which is forcibly changed every 90 days and has strength checking built in) and for visitors the password will evaporate in 24 hours, unless renewed by reception staff.
I can tell you who's connected, where they are/were, when they logged in/out and go back 12 months. Any sign of malware activity (or plugging in prohibited OSes such as WinXP) gets the port slammed into a remediation VLAN within milliseconds.
Yes, this cost £180k, but the alternative of needing 4 more staff to maintain the network would eat that difference in 2 years anyway. Every port is wired up - because we don't have many spare wallports anyway and at £50/port it doesn't make sense not to - staff time to repatch - and spent waiting for repatching to happen before whoever's at a desk can get back to work - is worth more than that.
If we'd done this using Cisco, it would have been over £500k. The difference between vendors in this respect is refreshing - cisco were very much - "this is our kit, this is our pricing, take it or leave it" and pushing FUD about competitors, whilst the others were all very good about getting the right specv for our network _and_ tweaking the firmware if we found issues (It helps that the competing kit, whilst half the price of Cisco, is a _lot_ more capable and powerful and they don't pull stupid games like charging thousands for 10GB/s longreach optics.)
Yes, we'll do a floodwire refresh, but the fact that upgrading to a large - affordable - adaptive switch network that provides Gb to the desktop (40-100Gb in the core) has already saved us tens of thousands of pounds in staff overheads is good in times of tight budgets.
802.1x is the key to making things work better (especially wifi) but seems overlooked in 90% of installations.