Very surprised I haven’t seen any comment on this on here.
I’d love to see Wendell do a video about this, because it is one total cluster…keys to the kingdom in someone’s breached LastPass, all source code stolen, linux VMs set up by hacker in the Ubiquity internal networks, and Ubiquity’s legal department covering the whole lot up.
A ubiquiti controller can be fully self-hosted, it has the option to use a cloud account which can be a super administer for a system if you so choose to hook it up (or other access level).
The physical devices can be allowed to connect to talk outwards to the internet to get firmware updates, but this too can be done manually by downloading what firmware you need from their site manually and then uploading it to the controller firmware/update cache and then you can roll it out to your environment.
I agree that this sort of compromise is unacceptable for Ubiquiti but lets forget that they’re one of the only vendors who doesn’t force a cloud account outright. At least not yet anyway which is why they’re still a compelling option.
They’re serving ads to controller management pages now, as an extra F You.
Personally I’ve had less than satisfactory performance from their stuff, I spent nearly £1200 on two full sets of Unifi gear for my house and mother-in-law’s house. After far too much messing about and stuff just not working, I ended up returning it all. I’m familiar with Unifi, too - I have two sites with a lot of APs and switches, and countless APs at work, so it wasn’t a “lol, not set up n00b” situation that was causing the issues.
I think there’s better solutions out there for the same money, or less. For home and MIL’s I went Asus AiMesh, and it’s been perfect, it Just Works ™.
I recently set up a UDM-Pro for a business. There was no option in the entire setup process to just use a local account. You must have an internet connection, and the super-admin account has to be cloud based.
I tried setting it up with a cloud account, adding a local account, then removing the original account but that didn’t work.
Doesn’t matter what it’s running on. At work we run it off a Gen 1 CloudKey (heap of crap), at one non-profit I look after it runs off Debian Linux, and the other non-profit it runs off a Docker. Since the newest controller update it insists you link it to the cloud.
Very unfortunate. I haven’t liked the direction Ubiquiti has been going in for a while now. I’m going to start evaluating Mikrotik to replace everything. Thankfully for me, Ubiquiti almost never EOL’s or updates their network hardware so I should get a decent price selling it despite its age.
My APs can’t talk to the internet - they can only reach my controller running on my domain over https; and I checked, and they require a valid cert. (For adoption I SSH into them).
The controller is where they download the updates from, and also download the configs from and report metrics.
The controller is running on Debian and I haven’t updated to the very latest version (running one behind latest at the moment) but I haven’t seen ads in it.
I do not have “remote login” or any cloud features enabled in the controller - other than controller checking for updates.
I do not use their routers and don’t plan to (i like to tinker with routers and roll my own), I do have a USW Flex switch coming.
Mikrotik doesn’t have a good security track record either - they tend to be more locked down / less OpenWRT and less GPL friendly compared to Ubiquiti hardware. (In case you have old 802.11n Ubiquiti hardware that’s been EOLed, try OpenWRT … albeit that platform is pretty old so while you may end up running wpa3 somehow, ymmv).