Unifi controller on Google VM

[apostolakisl]

I know a number of folks on here use unifi.  I just moved my controller over to google and the process went smoothly.  I just followed the steps from Petri.  I modified the part where he opens up the unifi controller to all outside traffic and instead white listed just the 3 ip's of my locations controlled.  If I need to access my controller from outside of those areas, I just vpn into one of them.  I also didn't install an ssl key.  But I was shocked that it took no trouble-shooting at all.  Once I entered the new inform ip address on my old controller, it took only seconds for the new controller to be up and running.  Hopefully it will actually be free.

 

 

[mwester]

I've often wondered a bit at this part of the Unifi model...  I just don't see how it makes sense -- so I have my Unifi controller running in my basement, beside the firewall/router and the rest of the network gear.

Maybe I'm missing something -- if something goes wrong with your Unifi gateway or other core component such that you lose internet, how does it help you that your sole source of control is out in a data center somewhere in the internet?  Seems a bit of a chicken/egg thing, no?

[Teken]

Why didn't you use their own cloud portal service??

[apostolakisl]

15 hours ago, mwester said:

I've often wondered a bit at this part of the Unifi model...  I just don't see how it makes sense -- so I have my Unifi controller running in my basement, beside the firewall/router and the rest of the network gear.

Maybe I'm missing something -- if something goes wrong with your Unifi gateway or other core component such that you lose internet, how does it help you that your sole source of control is out in a data center somewhere in the internet?  Seems a bit of a chicken/egg thing, no?

Offiste controller is a beautiful and slick thing.  Something I have never had a problem with in 2 years of operation.  When you have 3 sites (and soon to be 4), keeping your controller onsite is only onsite for one of them.  If you want all sites on the same controller, then you need to open ports.  Otherwise you have 3 separate controllers which is far less slick.  Also you can't connect the sites via vpn using the simple single button vpn option.  Plus it is so nice to manage all of your sites from one controller.  Finally, a hosted controller that is free is of course cheaper than buying something for hosting at home and it would be hard to match the reliability of a professional hosting service.  And lastly, if the controller goes down, you don't actually lose any functionality.  The controller is only needed for logging and for making changes, the controller is not actually controlling anything during operations, the devices run just the same without a controller.  When I first started using Unifi stuff, I didn't keep my controller running all the time.  The only downside to that is not getting logs.  Even if your offsite controller goes down and you really really need to change some settings in a hurry, you aren't SOL.  Just restore your backup to a local controller, ssh into your devices and set inform to the local ip.  Trick is to remember that the ssh password is set by the controller to a randomly generated password and is buried in the controller menu.  Not knowing this will frustrate the stink out of you when you don't understand why your devices aren't accepting the controller password during an ssh login.  

Plus, if your gateway goes down, you are kind of SOL until you replace it no matter what.  When you get your new one, you just set inform to the ip of the controller and a few seconds later you are up and running.  Plus, I'm not sure what has happened here, but a couple of new devices I just installed seemed to get the inform ip automatically.  As soon as I powered them up, they immediately showed up for adopting in my offiste controller.  I guess they got that IP by querying the other unifi devices on the same lan?

 

5 hours ago, Teken said:

Why didn't you use their own cloud portal service??

The portal service is a portal, it is not a controller.  You can pay for them to host your controller if you want.  The portal just accesses the controller, same as the UD portal just access your ISY, it isn't your ISY.