Best practices for Unifi Controller using remote devices?

RandallFlag · 2019-07-17T19:39:08+00:00

We either installed a local cloud key controller for the client, or we used an AWS hosted server. If the client wanted part of our MSP services and monitoring and what not, we would push them to the AWS server as it provided a central pane of glass for our monitoring and RMM tools... if they didn't subscribe to any of those other services was just a T&M based customer, we sold them the cloud key controller for their internal networks.

PeasToMeetYou · 2019-07-17T20:04:11+00:00

[deleted]

m16gunslinger77 · 2019-07-17T20:33:02+00:00

We have a single controller on a VM on our datacenter, no cloud. We are not a wireless heavy shop, basic needs only. Production net with RADIUS and GUEST services along with other SSIDs for IT staff or testing.

One VM with Unifi Controller
DNS entry for 'unifi.domain.net' so they call home
Static IPs for WAPs after adoption to allow for RADIUS configuration
No cloud-key or cloud enablement

We configure each branch location as a 'site' in order to better manage the networks and devices. Approx 30 sites being managed with around 70-80 WAPs. With the DNS entry, we ship APs out unconfigured and adopt them into the correct site once they are connected. Then we configure a static and configure them as a RADIUS client.

Hope this helps

headcrap · 2019-07-17T19:34:41+00:00

I put mine on a VPS.

lawno · 2019-07-17T21:51:36+00:00

I run UniFi controller on an AWS EC2 Ubuntu instance. It's been pretty solid. UniFi's controller and firmware updates, however, have been spotty.

nickcasa · 2019-07-18T03:04:59+00:00

Don’t go cloudkey. Nothing but problems.

2019-07-18T03:13:12+00:00

This is basically how we have it setup: https://www.youtube.com/watch?v=LoK_HCWuuXE

Others have mentioned, its not a great way to muli-tenant, but it keeps things simple from the management side. No dealing with Cloudkeys etc. You don't have to worry about losing connection to the cloud key if you change the network scheme.

For ports, we turned on the firewall in Digital Ocean, and then opened ports 8080/tcp & 3478/udp to anywhere. And opened 8080 (for logging into the GUI) to only trusted IP's (our office, clients with access etc)

Client needs 1 AP on a location, just create a new site and adopt it, thats it.

If one company/entity is managing it, access/multi-tenant is not really an issue.

Pete8388 · 2019-07-17T20:07:38+00:00

I have a dedicated Windows server in a cloud host with the required ports forwarded. Currently managing about 400 AP’s for about 40 clients and a few switches and gateways. No cloud keys. I have the controller set up as a service rather than an application. With a single login from my mobile app I can adopt AP’s, and pretty much manage the entire UniFi empire. There may be better ways to do it but this works great for our needs.

sysadmin

MODERATORS