Jump to content
RESET Forums (homeservershow.com)

RESET 66 - Unifi

Recommended Posts

Hey Dave,


A few things that might help and others:


Haven't used the UDM yet (I'm waiting for the UDM Pro which is still in final beta), but...

My understanding is that you can restore a CloudKey controller backup to the UDM built-in CloudKey.  Personally, in your configuration, I wouldn't physically reconfigure and move coax feeds and equipment.  I would install the UDM in the basement replacing existing gear with just a simple cable swap.  Sure, you're wasting the built-in AP, but everything else is much more straightforward.  

Theoretically, you should be able to restore your cloudkey backup, and have almost the same network up and running in just a few minutes.  Then you can start deconstructing or reconfiguring more at your leisure rather than necessity of getting the network up and running for the entire household with no downtime 🙂



In your review of your existing setup, IMHO, the primary benefit of Unifi, even more than the wide choice of physical AP units and mounting options, is the extensive configurability and monitoring/status options.


You kinda touched at this towards the end of the podcast, but the ability to limit the radio power, turn off the auto settings, and assign the Wi-Fi channels (especially the crowded 2.4 GHz frequency) to non-overlapped channel numbers is a big win for anyone trying to fix dead spots or avoid buying extra AP's as a "brute force" solution to solving coverage. (Not that there is anything wrong with that; sometimes spending $100 on an extra AP instead of spending hundreds of dollars of time and effort to tweak, is the right choice.)


It wasn't clear that you are full exploiting the Unifi flexibility to fix your Ring camera/doorbell problems.  First thing I usually do with a Unifi setup is to create a 2.4 GHz only SSID and enable it only on the AP radio that is physically the right unit for the Doorbells (or any IoT device that only supports 2.4GHz) to connect.  Overriding the autoconnect/automatic behavior in Ring and other devices and forcing the connection to a specific AP solves almost all the Wi-Fi problems with these and similar devices that have somewhat dumb Wi-Fi firmware or less than ideal reliability.


It's worth the trouble to re-program the SSID inside the Ring or other device and the results are much better than just having multiple AP's hoping they are in range.

I'm really curious whether the UDM will be successful in bringing Unifi to the general consumer market, but I'm skeptical it will really be able to displace Eero, Google, Orbi, and other true consumer gear.


One irony is that right now the early adopters of the UDM are all sophisticated Unifi users and that thing doesn't fit and looks awful in their otherwise beautiful rack porn photos they have been posting 🙂


Granted the UDM is a lot cheaper than buying the equivalent individual parts, but there are advantages to being modular too.  Easier service, not losing everything if a non-critical module goes down, etc.  There will always be a lively discussion between modular or integrated that goes all the way back to mainframes with terminals versus minicomputers and later PC's, so not trying to re-ignite that long standing debate, but merely point out that saving money isn't always the most significant reason to choose one over another.


In the case of Unifi, both fans and users are primarily looking for new functionality.  Personally, I would prefer to see some new capabilities made available, regardless of whether it is all-in-one or requires a new box.  I can work around price and modularity issues, but I can't work around the lack of a critical feature.

So, to bring this home, the only feature that UDM provides that doesn't exist in the current gear is the new USG router/firewall.  Specifically, the UDM is rated to handle 1 Gbps speeds with full hardware speed packet analysis and intrusion processing.  The current USG is only able to handles 100mbps and is severely taxed in performance at that speed.

This is significant because consumer fiber and high speed home Internet connections have zoomed from 3 mbps to over 1 Gbps in many urban and metropolitan areas.

Since you mentioned you don't have a USG in your current setup, I think you aren't in a good position to really understand the difference provided by the UDM versus the existing Unifi gear.  I know some Unifi users prefer to use a separate router or the 
Ubiquiti EdgeRouter products because of these limitations and thus don't have the integrated management provided by using the USG.

On a positive note, the UDM finally removes the insecure PPTP VPN protocol, but has not yet added support for OpenVPN for incoming VPN (to connect back to your home when you are away, or to use your home network as your own private VPN Internet gateway instead of a paid service), and that is a bit disappointing.

Edited by SpivR
  • Like 2
Link to post
Share on other sites

Great post and follow up of this podcast.  I've chatted about it before but that is exactly what I did for the Ring setup.  I realized there was a problem and used the Unifi setup to create a special 2.4Ghz SSID just for the doorbells. I haven't had an issue since.


I hope that the UDM is successful but I don't have high hopes for it unless they get it into some hands of influencers. Perhaps we has users can adopt it to our friends and family networks to get the word out and sell some units.


I heard about UDM Pro and that it is a Rackmount unit. I can't wait to get mine fired up and take advantage of having all that extra information and try USG for the first time. I do think I'll miss some of the parental control options I have used in the past though.  If all else fails I still have Gryphon, Untangle, and Synology RT2600ac laying around.  


You brought up a good point about bandwidth that I had in my notes yet didn't mention.  Spot on with the throughput. It's a shame the USG doesn't have anything more to give but nice to see UDM at Gig speed on paper.


Thank you for your post. Always nice to hear from you guys that are so knowledgable and talented on this stuff.  That goes for about 99% of this forum!  I still learn every day from you guys. 

Link to post
Share on other sites

The main reason I'm looking at the UDM Pro (when it is released) is because of the larger hard drive option for Unifi Protect.  Rack mount capability is ok, but until the UDM Pro is released, there simply is no other way to get more than 5 GB for the Unifi Protect NVR.


The current Cloudkey+ is sweet, you can remove the built-in 1 TB drive and replace it with a 5TB drive without any tools (nice carrier tray), but it is still a single spinning drive and a laptop grade 2.5".  The UDM Pro accommodates a larger 3.5" drive - but still a single spindle.

With the more powerful processor on the UDM and UDM Pro, and the linux base, they could certainly port or add parental control software at some point.  Don't know if they are considering that, but it certainly would make sense if they want to be a complete consumer/family network solution.

A discussion for another day, but the Unifi Protect camera system is truly in a class by itself.  I agree the cameras are not cheap (cheap like the WyzeCam for $25), but other than the Unifi 4K camera (awesome video, but way overpriced) the rest of the Unifi cameras are reasonably priced ($80 to $200 approx) given they are PoE, outdoor rated, and include a wealth of mounting options just like the AP's.


Looking at them compared to Wyze, Logitech, Arlo, and other gadgets, they are certainly more expensive, but when you look at the whole Unifi Protect product (NVR box, mobile, web, AppleTV apps), and features (continuous local recording, no monthly fees, alerts, motion clips in addition, RTSP interface options) you can only get there with much more expensive legacy CCTV products that have software that looks and runs like it was written in 1980's.

I saw my neighbor running around their house with a ladder very upset. I asked what he was doing and he said they were leaving on a trip and forgot the change the batteries in all their cameras so he was trying to get it done before they had to leave.

I know battery cameras are easier to install than PoE, but for a realistic security solution, I, and most of the consumers-not-geeks I know, do not want to be running around with a ladder changing batteries all the time.  🙂


Link to post
Share on other sites

Good to hear a Reset podcast again Dave.

I’m also curious about the Dream Machine. I’ve currently got a 45/15 internet connection going into a UniFi USG-3 but can’t run the IDS/IPS feature without having CPU spikes, so additional capacity to run full intrusion protection would be nice. It would also give me an additional AP coverage in the area the USG is currently in. The only drawback I can see is the lack of UniFi Protect functionality. If it included that then it would be a no brainer for me and probably a lot of home / SOHO users. I’m hopeful they may offer in future a separate Protect device which can be used as either a stand alone unit or a failover / expansion device to an existing Cloudkey G2+ If that was on the roadmap I’d take the plunge now for the UDM.

As it stands the Pro version would be the better option, although the price remains to be set and it would require a major redesign of my network layout to accommodate a rack device somewhere discrete in the house.

Link to post
Share on other sites

Unlikely they will do anything for Protect other than the UDM Pro.

Their philosophy seems to be that the CK2+ is the starter/soho Protect and that it what should be added to a UDM.  The built-in CK2 is really just firmware/software and doesn't have to be used.

That's actually what I run now - a CK2 for the controller and a separate CK2+ with only the Protect function active.  Arrived at that configuration incrementally, but would probably still do that anyway. Since the protect has a hard drive, I prefer not taking down the controller at the same time when (not if) I have to do a hard drive replacement on the CK2+.

The UDM Pro (as currently spec'd) is still not really ideal for Protect as it has only a single drive and no drive expansion.  At least it has 3.5" instead of 2.5" drive, but really don't understand why Unifi is dragging it's feet giving us more.

They took away the ability to build your own NVR with their software (a controversial decision, but they are a business not a charity) but make it really distasteful when they don't give any decent storage options.  Would prefer to be debating whether their storage options are overpriced or a good value, but right now we have nothing except the baseline they offer.

Edited by SpivR
Link to post
Share on other sites

It looks like there would be space in the UDM-Pro for another drive in a Raid config as well - missed opportunity by Ubiquiti?


Link to post
Share on other sites

Probably wasn't designed with the right power supply and cooling.  Might also affect noise and EMI emissions.


Otherwise, really stupid they didn't provide the sheet metal and power connection to support another drive, but the focus on the UDM Pro is rack mount form factor, not being a total all-in-one solution as they didn't include any PoE ports which is also stupid unless again power supply and cooling would push the cost higher and complicate the design from what they have.

  • Like 1
Link to post
Share on other sites

for sure. a little tin can on your end table may be power/noise constrained, as soon as you say RACK trying to constrain power or noise seems oxymoronic.

Link to post
Share on other sites
10 hours ago, nrf said:

for sure. a little tin can on your end table may be power/noise constrained, as soon as you say RACK trying to constrain power or noise seems oxymoronic.



OTOH, having had to guide hardware boxes thru regulatory approval when I was a product manager at Cisco, I know first hand everything you can do to maximize approval on the first pass can really help.  If your goal is hitting a cost target and release date, even though a rack form factor has a lot of potential, power, heat, and emissions are still really big issues and having to iterate to add more shielding, cooling fans, etc. can really delay things quite a bit.

In a big company, you can also lose your testing "slot" and be forced to wait while in small companies, scheduling with an outside lab is also expensive if you have to go back multiple times.

Edited by SpivR
Link to post
Share on other sites

yes the old MVP concept. maybe the next iteration... or someone can engineer an addon :)


is this hitting any bullseyes for anyone?

Edited by nrf
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...