It is company with a small data centre, a large Head Office and number of small to medium branches.
The APs will be IAP capable anyway, but due to the number of offices, we want all APs to be centrally managed, so multiple IAP with virtual controllers is not the best option.
Each AP will have 4 SSID, some bridged to the local networks and a guest SSID tunnelled back to the controller.
A requirement is for the bridged ones to continue to operate in case connection to controller is lost. The tunnelled guest networks are not critical.