1

Hello all,

I’d like to deploy Ubiquiti soon to a couple of clients. One client has a very old wireless system in place, only 4 wireless and the other currently 13 wireless points need upgrading at an affordable price.

The client with 4 wireless points currently is a small client and the other one much larger.

I’ve not installed Ubiquiti before but doing some research, both clients I was looking at installing the UAP-AC-PRO for the wireless points and for the smaller the client the Cloud Key Controller Device Management UC-CK or the UniFi Cloud Key Controller Gen2 - UCK-G2 as the controller.

For the larger client either the UniFi Cloud Key Controller Gen2 - UCK-G2 or the Cloud Key Controller Gen2 Plus with 1TB HDD - UCK-G2-PLUS as the controller.

However, just need some feedback on this please as I want an interface really that I can simply log into quickly when onsite and remotely.

Thanks everyone for any feedback.

11 Spice ups
2

Unless they have a virtualized infrastructure where you could spin up an OS of Linus or Windows to run the software controller, otherwise use the Cloud Key. I am unsure as to the differences in the ocntrollers you have liseted, but all you need is the basic functionality if all you are doing is offering basic Wifi for these customers.

2 Spice ups
(ckcoder) 3

The controller does not need to be onsite. You could spin up a VM to manage the Unifi equipment remotely. Each site is managed through the same portal but the data is kept separated within the database. There is only one catch, you must setup DHCP options to notify the Unifi equipment where the controller is located. It uses DHCP option 43 with 6 bytes of data. Byte 1 is 1, byte 2 is 4, and then bytes 3-6 are the 4 bytes in your static IP address.

My controller is running on a Linode 2G node. I have about a dozen sites with 1-6 access points each. In addition to the access points, I am also using Unifi switches and have tested one Unifi gateway. The switches work as smoothly as the access points. The gateway device requires a bit of CLI trickery (basically you issue the same “inform” command twice with a minute between them) since the controller is outside of the LAN. The controller is never overly taxed, so dedicated hardware for each site is not necessary.

An external controller like this would give you onsite and remote control of the network. It also gives you the ability to be notified if one of the sites goes down for some reason (power, internet, hardware failure, etc).

1 Spice up
4

I have Ubiquiti hardware at a number of customer sites and they work great. Haven’t seen the need for the Gen2 Cloud Key yet - I just use the original one.

One thing to know about Ubiquiti before you go down that path is that support is mostly community based. There do have paid support options now but haven’t heard on how good it is.

3 Spice ups
5

I can offer some 1st had experience on the WAPs themselves. The organization I currently work at has about 12 of them deployed in 7 different locations (3 different subnets and 2 independent Networks/DHCP Servers). 3 of them are PoE connected from a Cisco PoE Switch. We use the UniFi Software Controller to manage them, which is sufficient for our setup. The controller is installed on an old laptop that sits behind me (not the most ideal setup, but it was there when I started and my manager hasn’t allowed me to change it since, would’ve should’ve but didn’t situation). This allows for the basic usage of the WAPs. Any kind of restrictions from there (MAC, Walled Garden, Etc) is all handled through our DHCP server. I’ve linked below the ones we use.

https://www.amazon.com/Ubiquiti-Networks-Enterprise-AP-Unifi/dp/B00HXT8R2O/ref=sr_1_15?keywords=unifi+ap&qid=1561990755&s=gateway&sr=8-15

We’re actually planning to segregate our network soon, which means we will have 7 subnets, each with their own DHCP Server. At that point, I’ll push to move the Unifi Controller to one of our servers, but we still don’t really have a need for a hardware controller.

There’s only 1 time we had a problem with it and that was when a weekend cleaning crew came in and knocked the network port clear off the wall. But, can’t blame the WAP for that.

For the record, we’re currently using the 5.10.21 Stable Release of the controller with a mix of older V1 and newer V2 WAPs. We are upgrading to the latest version this week and will be updating firmware on all of our WAPs using the “Rolling Upgrade” option in the controller. We don’t have any workers outside of normal business hours, so it’s the perfect time to do it, though we haven’t encountered any problems with the upgrades when having done them in the past.

1 Spice up
6

Unifi controller doesn’t have to be onsite. You can deploy locally with you. And the method of doing so varies- either use the official controller, or run a Linux/Windows VM and installed the controller there (plus you’ll likely save money in the process if budget is a concern for you)…you can also use a Raspberry Pi to install the controller in but I don’t believe this is recommended for a production environment.

1 Spice up
7

The raspberry pi method requires a few hoops to jump through (mainly with java and versioning); if it’s properly locked down I have no adversity to using a rpi in a production environment for things like this or an inexpensive environment monitor but quite a few people don’t feel that rpi are “enterprise” grade to be used in a production environment

2 Spice ups
8

Thanks for the all the excellent replies everyone.

Wasn’t sure if the first generation cloud key controller would be sufficient for 13 wireless points, but that’s my lack of expertise with the Ubiquiti. Also I am sure that I read somewhere that some administrators had issues with the first generation cloud key controller as it freezes up now and again. Any thoughts much appreciated.

Thanks all once again.

9

That’s the only Ubiquiti failure I’ve ever had - the cloud key going offline about once a week and needing to be power cycled. I probably have a dozen out there and only had this one failure. The same device also wouldn’t see the SD card so I was going to replace it anyway.

1 Spice up
10

I can’t tolerate outages like that. Ubiqiti’s network hardware is fairly solid. I rarely run into problems with them. Although one of the software revisions had trouble running past about 90 days, but that was a few years ago. I haven’t had that issue since I instituted automatic rolling updates weekly.

But I have a hard time trusting a compute stick with managing wifi handoff and tracking. Is there any benefit to having a controller at each site over having a single master controller running on a solider infrastructure?

11

There is no reason to get the Gen1 controllers nowadays, Gen2 is the better hardware and will be supported for longer with new firmware upgrades.

Ubiquiti recently started offering a subscription based cloud hosted controller, you can subscribe at https://unifi.ubnt.com . This intended more for the small MSP as the offer is tiered by number of devices:

  • $300/year up to 10
  • $500/year up to 20
  • $700/year up to 30
  • $200 for every additional 10, up to 500

It does allow multi-tenancy so different clients can be covered by a single controller. This is not really the most cost effective solution for single clients, but it is an option.

Another option for you to explore is installing the controller software in a VM or other 24/7 PC or server. The software itself is free, it will just depend on if your client has the hardware capacity. There are Windows, MacOS and Debian/Ubuntu linux versions. you can download it at UniFi - Rethinking IT - Ubiquiti .

1 Spice up
12

You should be fine with a CloudKey Gen2 or a Gen2 Plus.
The original/gen1 (white) controllers did sometimes fail or become unstable if they went through a hard power down, rather than a proper shutdown. Often it is possible to recover them, but sometimes that’s one head ache too many.
With the Gen2 and the Gen2 Plus, they have got a built in battery backup. So if you unplug them, or experience a power failure in general, they go in to a graceful shutdown, avoiding the issues that were seen in the gen1 devices. Ubiquiti gave some good attention to the original issue when they developed the Gen2 and Gen2 Plus.
The difference between the Gen2 and the Gen2 Plus is that the Gen2 Plus includes Ubiquiti’s ‘Protect’ Software which is their new CCTV software offering for using with their cameras. Given the cost difference, £140 vs. £160 here in the UK, we would always go for the Gen2 Plus.
In general, for our customers, we host a Controller and manage the sites centrally. However, a couple of sites had a preference or a technical limitation (intermittent internet connectivity for example) which then made an on-site controller a better choice. But, even with those, you can register an account at Unifi.ubnt.com and then connect the CloudKey (the name of the setting escapes me right now, Cloud Access maybe?) to the Unifi portal. So, you then just login to Unifi.ubnt.com, then from there you can launch in to the CloudKeys at the different sites for remote management. A few good options available.

1 Spice up
13

If you are going with a physical controller - use Gen2 Cloud Keys. The thing to keep in mind is the device limit. I think the device the limit for cloud keys is 50 devices. So, if your customer is larger, or even near that limit I would spin up a Windows or Linux VM. I centralize it across sites within a company. One VM to run all devices.

1 Spice up
14

This is my setup too, I have the controller running in a VM at HQ and all my branches reach it through our VPN tunnels.

1 Spice up
15

I recently bought a couple of the Gen2 Plus controllers and a few cams to connect to them. It’s a smooth and intuitive interfave, but not scalable yet. When they release bigger hardware or allow for a VM, it may work out well.

I’ll keep most of our cameras on Synology for now

16

The CloudKey doesn’t manage handoff. It’s only a platform to push updates to the devices and logs statistics. They’re not needed at all for daily running. On saying that, I prefer to install one per customer, so in the event I need to hand-off the customer to someone else, everything is there.

1 Spice up
17

There are some things that require a controller to be running - either Cloudkey or software - the captive portal feature for instance.

3 Spice ups
18

I will also throw my experience into this ring. I have multiple sites and run my controller in AWS (techsoup discount) on an Ubuntu VM. It is fairly straight forward. The only reason I moved from an onsite VM to AWS was to handle the multiple sites. Also, you don’t even need the CLI setup for the firewall, as it will default to 192.168.1.1, where you can setup the WAN IP if static as well as the controller address. From there, once you have it in the controller, you can also have it insert the controller address via DHCP. So, honestly, if you have the capability to run a VM at the location, there’s no need to spend money the cloud key unless you don’t have experience with linux.

1 Spice up
19

I’ll add that the same applies to Windows, as long as you have the licences for it.

1 Spice up
20

Thanks again guys for excellent replies.

Just a couple of more questions as I gain more knowledge from you guys.

  1. If the cloudkey controller goes down, does the wifi go down or is the cloudkey just for monitoring ?

  2. Would the controller software be fine running on a server OS, whether it be a physical server or VM server ?

Thanks all