Any help wold be nice...suggestions on my setup
You need to choose based on 1. whether you understand VLANs (or willing to learn about them) and are willing to use them and buy equipment that supports them for slightly more.
The fear that your BI computer might happen to be broken, personally I think that's a long shot concern, but in that case your capability to video record your cameras is compromised so you'll want to focus on fixing that ASAP anyway.
If you don't understand how VLANs work and aren't willing to do research and learn, then maybe VLANs aren't for you. I believe MANAGED switches will typically run a little more, so going this way may cost you a little more for the added capabilities a managed switch provides.
I'm no network engineer, but I like to learn, so I am tinkering with VLANs to learn more about them on a small scale. I am mostly playing with VLANs so I can handle segregating multiple wifi devices onto their proper networks (IoT devices, AV equipment, cellphones, guest cell/computer, trusted equipment) on a single AP with a single SSID.
But I also love the KISS principle and I'm cheap I have a configuration more like your diagram with the BI computer as a "single point of failure". You will find BOTH camps here (VLAN and Idiot-Proof), just depends on how much work you want to put into it. I did it the Idiot-Proof way because:
1. misconfiguring VLAN's might actually give me a sense of security when it is insecure because of some bonehead thing I did setting the VLANs up
2. Managed switches cost more
3a. I personally don't have significant issues keeping by Windows machines up and running and find
Blue Iris in particular quite reliable (but I also run it on bare metal).
3b. Since my only interface to the cameras is via the Blue Iris webserver, I notice really quickly when it's offline, because I have it onscreen in the house about 16 hours a day.
4. setting it up that way virtually all camera video is on a completely segregated camera network ( I do have some remote cameras that have to come in over a VPN tunnel thru my main router/firewall).