McCann Tech

View Original

Ubiquiti’s UniFi Ecosystem Explained

Originally Posted: April 16th, 2020
Last Edited:
February 17th, 2022


Ubiquiti’s UniFi Ecosystem Explained

What Is UniFi?

UniFi is Ubiquiti’s line of networking equipment with different models of wireless access points, routers, switches, security cameras, controller appliances, VoIP phones, and access control products. UniFi equipment exists somewhere between enterprise and cheap home networking gear. It’s in the middle ground, offering more flexibility and features than most consumer-grade brands, but lacking the expense and complexity of enterprise.

UniFi networks come in all shapes in sizes: from a small apartment, up to thousands of devices in a stadium, and a lot of networks in between. You choose the pieces that you need, and you are not required to have a full UniFi stack. You can start with one device and build it out over time. If you only need Wi-Fi, their access points can be connected to any switch, and served packets from any router. If you need a managed switch or router, Ubiquiti makes those too. There are benefits to having all the pieces, but it’s not necessary.

A lot of the value of UniFi is in the Network software, so lets talk about that first.

UniFi OS Software and Applications

Software-Defined Networking

Software-defined networking can be a meaningless buzzword, but the basic definition is that the administration is done in software, separate from the actual networking equipment. With UniFi, you use the UniFi Network application. This is free software that can run on Windows, macOS or Linux. You can run the software on any PC you have, on a physical server, or in a VM or Docker container. It also runs inside the UniFi Dream Machines and UniFi Cloud Keys.

The Network application is used for configuring and monitoring your UniFi network. If you need to make changes to your settings, add additional devices, or upgrade firmware, you’ll do all of that through the Network application. The primary way of accessing the software is in a web browser. Ubiquiti also make mobile applications for Android and iOS which have most of the functions found on the web interface. A few things can be done on the command line via SSH, but in general, UniFi devices are meant to be managed through the GUI.

Network Application

The UniFi Network Management Controller.

The Network application is what ties all UniFi devices together, giving you a web interface to configure them. The software doesn’t need to be running for the network to function. It is only required to be running for configuration and monitoring. Having the software running constantly has benefits, though.

The software monitors and collects statistics about your network. UniFi devices don't have a lot of storage, and they require the software to log information about your network. Having it running all the time also saves you some configuration headaches, especially on a remote network. To get the full benefits of the UniFi ecosystem, I recommend that you have an always-available controller, no matter how it’s hosted.

If you can’t run the software, you can setup a UniFi access point in standalone mode using the UniFi mobile app. An AP in standalone mode is capable of providing Wi-Fi, but its other features are limited. Standalone APs can’t be managed remotely, and have a limited set of features. I’d recommend running the Network application somewhere to set up the access point rather than using standalone mode. Even if you run it temporarily on a PC and turn it off when setup is over, the access point will be less limited and more useful.

When compared to a typical web interface from Netgear, TP-Link, or others, the UniFi Network application is arguably better. It comes with it’s fair share of issues and bugs, but it’s easier to use than most consumer network device interfaces. It definitely has limits though, and doesn’t offer a lot of advanced network settings. It won’t match up well to an enterprise product from Aruba or Cisco. Almost all UniFi products are this way — good for it’s price point, but limited and definitely not my definition of enterprise-grade. I feel that comparing it to expensive software is unfair, since this is free software that comes with inexpensive networking equipment. There are no licenses or upgrade costs to worry about. For what it is, a pretty interface that covers most basic functionality, it gets the job done.

If you’ve never seen the UniFi controller in action, you can use the demo on Ubiquiti’s website.

Cloud Keys and UniFi OS Consoles

See this Amazon product in the original post

If you don’t want a UDM, or don’t want to manage a self-hosted or cloud-hosted UniFi controller, Ubiquiti makes dedicated appliances called Cloud Keys. Cloud Keys are little Linux computers that run the software for you.

The 1st generation Cloud Key is still for sale, but the 2nd generation is much better. The 1st generation devices often ran into issues with database corruption when powered off suddenly. I would not recommend that you buy a 1st gen Cloud Key, even if you find a good deal. Using a Raspberry Pi, or the hardware you already have, would be a better cheap option.

The Cloud Key Gen2 improves performance and fixes the database corruption issue by integrating a built-in battery, which allows for a graceful shutdown when it loses power. The Gen2+ model adds a 2.5” hard drive bay for use with UniFi Protect for video cameras. The Gen2+ comes with a 1 TB hard drive, but can be expanded up to a 5 TB 2.5” HDD, or a 2.5” SSD.

Both of the 2nd Gen Cloud Keys are UniFi OS Consoles. This is Ubiquiti’s term for equipment that runs UniFi applications. Not all UniFi OS Consoles are alike, though. The Cloud Keys only run the software, while devices like the UniFi Dream Machine also have networking features built-in.

Cloud Key Gen2

  • Runs UniFi Network Application and UID

Cloud Key Gen2+

  • 2.5” Hard Drive Bay

  • Runs all UniFi software: Network, Protect, Access, Talk, and UID.

UniFi Dream Machine (UDM)

  • Router, 4-port switch, Wi-Fi access point

  • Runs UniFi Network and UID

UniFi Dream Router (UDR) — Early Access

  • Router, 4-port switch, Wi-Fi access point

  • Runs UniFi Network, Protect, and UID

  • Compared to UDM, adds 5 GHz Wi-Fi 6 support, SD card slot, 128 GB of internal storage and two PoE out ports

UniFi Dream Machine Pro (UDM-Pro) and Dream Machine Special Edition (UDM-SE)

  • Router, 8-port switch

  • Runs all UniFi software: Network, Protect, Access, Talk, and UID

  • 3.5” Hard Drive bay for storing video recordings

  • UDM-SE adds 128 GB of internal SSD storage, PoE out, and upgrades RJ45 WAN port to 2.5 Gbps

UniFi Protect

Ubiquiti’s video camera software is called UniFi Protect. UniFi Protect requires a Cloud Key Gen2+, UDR, UDM-Pro, UDM-SE, or one of the rackmount NVRs to act as your network video recorder. For a few cameras, any of the models with a single hard drive bays should be enough. For setups with multiple cameras, you’ll want to look into getting a NVR or NVR-Pro for more storage space and redundancy.

UniFi Protect supports all of Ubiquiti’s cameras, but only Ubiquiti’s cameras. You cannot hook up other brands of IP cameras to UniFi Protect. Ubiquiti’s cameras can’t be used with other software, either. Despite those limits, Protect is a decent solution for small setups, and it has a good basic software stack. Protect can be used in a web browser, or through it’s iOS and Android apps. The video is stored locally on your device, but you are able to view the video from anywhere via the mobile app or web interface.

The Cloud Key Gen2+ can support up to twenty 1080p cameras, but only 15 if you’re also using it as a network controller. Performance suffers if you come close to those limits, especially with 4K cameras. The UDM-Pro doesn’t specify it’s limits, but I would consider 20 to be the limit until proven otherwise. They both are limited by their support for only a single hard drive.

The basic dedicated NVR supports RAID 1 or RAID 5, and can provide up to 30 days of 4k video storage for 15 cameras or Full HD video storage for 50 cameras with four 8 TB drives. The NVR-Pro has 7 hard drive bays, offering up to 60 days of storage for 20 4K cameras or 60 1080p cameras.

That gives you a sense of the scale that UniFi Protect can handle — It’s not going to replace multi-DVR, multi-building, enterprise security camera solutions, but it’s an option to consider for a home or small business. If having only one physical hard drive to record to is a deal-breaker, invest in the NVR or look for a higher-end solution. If you want more detail on UniFi Protect, Chris from CrossTalk Solutions has a good video which covers the basics of UniFi Protect and the software it replaced, UniFi Video.

UniFi Talk and UniFi Access — Be Cautious

  • UniFi Talk is Ubiquiti’s VoIP phone software.

  • UniFi Access is their access control system, featuring door controllers, doorbells, and card readers.

  • You need a UDM-Pro, UDM-SE, or Cloud Key Gen2+ to run these programs.

  • The UDR (Early Access) can run them as well, but only one at a time.

I’ve never used either of these, but I would be cautious about relying on Ubiquiti for your VoIP or access control. The software looks nice, but Ubiquiti doesn’t have the best track record of consistent software improvement and support. There’s no guarantee that Ubiquiti will continue to support these applications or devices for any set time period. Enterprise solutions cost more, but come with more stability and a longer guaranteed support life.

The current 2nd generation of UniFi Talk phones are the Phone Flex, Phone Touch and Phone Touch Max. If you want to try it out, you can get a free 15 day trial, but after that you’ll have to pay $9.99/month/line, and it’s only available in the US. If you need a VoIP phone solution, I would suggest looking at other vendors first. In the future UniFi Talk may be a good integrated solution, but it’s not fully baked yet. There are many other options out there for VoIP which are better supported and fully-featured. More information and suggestions for alternatives can be found in this Reddit thread.

The first round of UniFi Access devices were released in 2020, and I don’t have any experience with them. If you want more details on UniFi Access, CrossTalk Solutions has a good video which covers it.

UNMS/UISP

Ubiquiti Network Management System (UNMS) was recently rebranded to UISP. UISP is the software made for AirMAX, EdgeMAX, LTU, and other ISP hardware that Ubiquiti makes. These are Ubiquiti’s more professional line of networking products, aimed at Wireless Internet Service Providers (WISPs), and MSPs.

UISP and all the hardware it supports are totally separate from the UniFi ecosystem. UISP is an optional overlay, which provides some of the functionality of the UniFi controller software. It provides basic monitoring and remote access, but UISP is not a central place to configure every device like UniFi is. The split between the lines and the features they support is a bit blurry. Willie Howe has a great video which goes over the main differences between a UniFi Security Gateway and an EdgeRouter.

UniFi Hardware — Briefly

I have a lot of other posts where I discuss UniFi hardware:

I’m not going to reiterate everything from those posts here. Instead, I’ll give a short overview of the various options in the UniFi hardware lines.

Routers/Security Gateways

The classic USG and USG-Pro are the classic router options, which are aging. Ubiquiti calls them Security Gateways because all they do is act as a firewall and router. The UDM and UDM-Pro are not straightforward replacements for the USG and USG-Pro, since they both have an integrated UniFi controller and some additional hardware features. Ubiquiti refers to the Dream Machines as UniFi OS Consoles because they are capable of running the other UniFi applications.

UniFi Routers - All Models

The USG was introduced in 2014, and has been hidden in the US store. It can still be found via search, but Ubiquiti are clearly trying to push people to their newer options. The USG is a basic router which can route at 1 Gbps, but performance quickly suffers as you enable security features, especially the Intrusion Detection System or Intrusion Prevention System (IDS/IPS). With those features all enabled, the USG drops to around 85 Mbps of throughput. VPN throughput is also severely limited.

If that’s not enough for you or you prefer a rackmount model, the USG-Pro is available. The USG-Pro raises the IDS/IPS performance to 250 Mbps and adds 2 SFP ports and a 2nd gigabit Ethernet WAN port. The WAN ports on the USG-Pro are either/or. You can use Ethernet or SFP, but only 2 total at one time.

The UDM is an all-in-one UniFi OS Console, router, switch and access point. The UDM-Pro is a rackmount UniFi OS Console, router and switch. There are some differences between how the built-in controller works in the UDM line and how all other UniFi controllers work, as well as some features possible on the USG line that aren’t available for the UDM yet. Like most things UniFi, the details get complicated.

Ubiquiti has also announced a UDM-SE, and a next-gen UniFi gateway, the UXG-Pro. The UXG-Pro is part of a new line of products which are more direct replacement for the USG and USG-Pro, which Ubiquiti calls Routing Offload. See this Ubiquiti Community post and my UXG-Pro preview for more details.

Switches

There are two main generations of UniFi switches to consider. The 1st generation switches have been around for a few years, but they are still a good value for basic L2 switches with PoE. There are a whole array of models in the 1st generation, going from 8-port desktop models, up to 48 ports with 750 watts of PoE. A common complaint with these models is their loud fans. It’s possible to replace the fans Ubiquiti puts in with quieter fans, or you can throw it in a network closet and forget about it. If you just need basic switching and PoE, the 1st generation models are still worth considering.

See this Amazon product in the original post

The 2nd generation consists of a wide variety of models, including replacements for a lot of the 1st generation models and a higher Pro tier. The basic models are fanless, and offer lower PoE budgets. The Pro models offer PoE++ support, higher PoE budgets, SFP+ uplinks, and basic L3 features like static routing. The Enterprise and XG models add more features on top of that, such as 25 Gbps SFP28 slots and 2.5 Gbps Ethernet ports.

Another unique feature of some of the 2nd generation switches is the small touchscreen on the left side of the device, just like the UDM-Pro has. This screen shows basic statistics and information about the device and the network it’s on. It also integrates with the upcoming Ubiquiti AR feature which lets you use your cell phone to virtually see what is connected on which port.

If you want more details on UniFi switches, refer to my UniFi Comparison Charts, UniFi Switches Explained, and my UniFi Switches Buyers Guide.

Wireless Access Points

There are a lot of UniFi wireless access point models, including many Wi-Fi 6 models. The first thing to consider is form factor. Most UniFi APs are familiar looking white disks, which are traditionally ceiling-mounted. They also have outdoor models, in-wall models, and some point-to-point radios. There is a ton of variety and choices. If you want more detail refer to my UniFi Wireless Access Point Buyer's Guide and UniFi Comparison Charts.

UniFi APs - Omnidirectional Models

Unifi Vs…

UniFi Vs. EdgeMAX

If you know your networking and you’re comfortable with a command line, you should consider EdgeMAX. EdgeMAX products include a whole series of EdgeRouters and EdgeSwitches. They offer more networking features than UniFi.

See this Amazon product in the original post

All EdgeMAX products have their own individual web interface for configuration, but they’re also available on the command line via SSH. EdgeMAX products do not get adopted to the UniFi Controller software, they instead use UISP.

EdgeMAX offers a lot of features which UniFi lacks. Multiple IPs on a WAN port, L3 routing on switches, DNAT/SNAT, VPN failover, RIP, OSPF, BGP, proper QoS, port security, and ACLs. If those acronyms are important for your network, EdgeMAX is a better fit for your routing and switching.

EdgeSwitches and EdgeRouters come in a lot of different hardware configurations. Some of the EdgeSwitches are the same hardware as UniFi switches, with different firmware. If you want more details on the differences between UniFi and EdgeMAX, I’ll again recommend you check out this video from Willie Howe: UniFi vs EdgeMAX.

UniFi Vs. AmpliFi

AmpliFi is Ubiquiti’s brand of consumer Wi-Fi routers. AmpliFi devices don’t use the UniFi controller, web interface, or the UniFi mobile applications. They have their own mobile application, and that’s the only method you have to configure or monitor them. Initial setup can be done in a web browser, but they are meant to be controlled by the mobile application.

Rather than competing with UniFi, AmpliFi devices are better compared to Eero, LInksys Velop, TP-Link Deco, and other consumer mesh networking brands. AmpliFi devices are meant to be plugged in, setup quickly and run without any advanced configuration needed. They are not meant for nerds who like to tinker. If all you need is basic Wi-Fi and a guest network, AmpliFi is worth looking into.

If you want more details on AmpliFi vs. UniFi, refer to my UniFi Dream Machine vs. AmpliFi Alien post.

UniFi Vs. Other Consumer Brands

The UniFi Dream Machine, or the typical USG + Switch + AP UniFi setup, compares favorably to most consumer brands in it’s price range.

See this Amazon product in the original post

I recently tested a $30 router, and the web interface was as bleak as you’d expect. I haven’t tested every brand of consumer Wi-Fi yet, but most of their interfaces are not much better than what Wavlink offers. Most consumer Wi-Fi software is basic, never updated, and junky. For most people that does not matter, but if you’re still reading, I assume it matters to you.

UniFi is made for people who want more control over their network than a typical all-in-one router gives you. Most of it’s competition isn’t as easy to expand with additional switches or access points as UniFi is. That’s one of the big benefits of the UniFi ecosystem. UniFi scores points in it’s favor when it comes to value, expand-ability, and ease of use.

UniFi also has a lot of invisible limits and missing features, especially on the routing and switching side. Make sure to check if features you need are supported before you invest in any new networking equipment. If UniFi is too complicated, AmpliFi is probably a better option. If you sneer at the things UniFi can’t do, look at EdgeMAX or other brands like MikroTik.

UniFi Vs. Enterprise

The only reason I feel compelled to include this section is that Ubiquiti has the term “Enterprise” in a lot of their marketing material. It’s the first word they use to describe the USG on it’s product page.

Enterprise Gateway Router with Gigabit Ethernet. The UniFi Security Gateway extends the UniFi Enterprise System to provide cost-effective, reliable routing and advanced security for your network.

I can agree with cost-effective and reliable. I would consider EdgeMAX to be more of an enterprise product, and UniFi more aimed at consumers, enthusiasts, and small businesses with basic needs. There are far too many features missing from UniFi routers and switches for me to feel comfortable calling them enterprise. For reference, networking is my day job, and most of my experience is with Cisco products. A few of those missing features are things I would consider necessary for what I do at work.

I don’t fault Ubiquiti for trying to sell themselves, but I think the marketing department went a little too far calling the USG an enterprise product. I think it helps to have a realistic expectation of what UniFi devices can do, and what they are good for. It’s not that they are bad products, they just are not enterprise-grade. In some ways, not being an enterprise product is what allows UniFi to excel where it does: user experience and ease of use. UniFi gets bonus points for not having licenses or service contracts to worry about.

Full UniFi Stack Vs. A Mix

I’ve mentioned it multiple times, but it is worth repeating. You do not need to have a full UniFi stack. A lot of enthusiasts turn to UniFi for wireless, but choose a different vendor for routing and switching. A common option is going with open source software for a firewall, like pfSense or OPNsense. In a lot of ways, this is the best of both worlds. You get the good performance and low cost of Ubiquiti’s APs, without being limited to the features they offer on the USG, UniFi switches, or UDM lines. Those are good products if they fit your needs, but they can be limiting for some networks. If you’re interested in seeing an example of UniFi and PFSense coming together, Lawrence Systems has a good video showing that off.

Alternatively, if you need a managed switch to add to your existing network, UniFi makes some well-built switches. If you want a basic home security camera system, UniFi Protect is worth looking into. The best part of the UniFi ecosystem is you can choose any or all of the pieces, and they all work together well. If one piece doesn’t do what you want, swap it out for equipment from another vendor.

Summary

UniFi is a unique ecosystem with a lot to offer. It doesn't offer every feature, especially more advanced features on the routing and switching side. If UniFi fits your requirements, there are a lot of benefits from going with a well-integrated full stack solution. If only one component fits your requirements, UniFi products play well with others. Whatever you choose, I hope it performs well and does what you want. If you have any questions, I have a lot of resources listed at the bottom to get you started on your UniFi journey.

Further Reading

See this gallery in the original post

Additional Resources

Ubiquiti Help Guides

YouTube Channels: