Thursday, September 21, 2017

Using The The Ubiquiti Unifi Controller Federated Cloud

UBNT_Alternate_Logo_RGB

Continuing on with some of my recent posts I wanted to put some quick information out there about the Ubiquiti operated Unifi Federated Cloud.  There are multiple ways to run the Unifi Controller I have talked about.  You can run a public cloud based option, locally on windows, Mac, or Linux, or most recently on the Unifi Cloud Key.  Something all these options share is the ability to federate them into a cloud view located at http://unifi.ubnt.com that is operated and maintained by Ubiquiti.  There are a few things I’ve played with thus far that people may find of interest.

Connecting to the Ubiquiti Unifi Cloud

The first thing you need to do is create a login at http://unifi.ubnt.com or use an existing one.  Once you login you will not see much, but once your account is created you can connect any number of Unifi Controllers to it.  Log into the Unifi Controller click “Cloud Access” on the left side.

UBNT_Cloud_Setup

Click “Enable Cloud Access” and you will be asked for the credentials you just setup and click “Enable Cloud Access”

UBNT_Cloud_creds

Once complete the Unifi Controller will show it’s connected and you have the option of removing or disabling access.  Basically that’s it to get it connected.

UBNT_Cloud_Done

Once you have competed this you can log back into http://unifi.ubnt.com and see the Unifi Controllers you have connected.  In the case below you can see both a software based install and a Unifi Cloud Key.

UBNT_Cloud_Dashboard

Working with the Unifi Federated Cloud

Once you get things connected there is a couple interesting things about the way the architecture appears to work.  Initially what you notice is you can see dashboard information about not only a controller but all sites configured in that controller.

UBNT_Cloud_Site

This is useful for basic information, but what is really cool is you can click “Launch Site” and be connected to the controller.  The way this works is it first tries a direct connection.  So if you are on the LAN where the controller IP is located, as in the case with a local Cloud Key, you will be directed to that local IP address and connected.  If you are NOT local to it the site uses WebRTC to tunnel to the controller.  So even if your external to your LAN based controller you can still connect to it securely without any port forwarding rules.  That’s pretty cool and just works, with some exceptions I’ll speak to in a bit.

Adding Additional Administrators

There are really two ways to add additional administrators depending on how they will connect.

  • Locally
  • Via the UBNT Cloud

As best I can tell you can add people to both, but I have not tried to see if there is any username conflicts.  What happens is a little different depending on how you add the new administrator.  If you log into the Unifi Controller and click “Admins” on the left side you are presented with a few options.

UBNT_Cloud_Admins

Let me try to explain the difference the little check box marked “Invite to SDN” does.  If you UNCHECK this box this will send an E-Mail directly from the controller.   The email the user is sent will contain the direct controller’s URL to accept the invitation.  It is worth noting this requires that SMTP server settings are configured in the Unifi Controller.  When they click the local link the controller must be locally accessible and then they will create what appears to be a local password.  They will then have access directly to the controller.

If you check the “Invite to SDN” box they will be sent an email with a link to unifi.ubnt.com where they can use an existing account or create a new one to access the controller.  This does NOT appear to create any ‘local’ account with a password.  They must connect first to the UBNT cloud to then be connected to the controller with an SSO hook.

I will continue testing this with the help of a few people to confirm that the user accounts are in fact separate and maybe provide some feedback to Ubiquiti.  It feels a little confusing and kludgy at the moment.  I suspect like everything they do it will get better over time.

Mobile Access Using Unifi Federated Cloud

The Unifi Federated Cloud is Mobile formatted, however you cannot actually “Launch” site from iOS as it does not support WebRTC.  Android does and it should work from those devices.  The screen below shows the Unifi Federated Cloud from an iOS browser.

UBNT_Cloud_Mobile

The iOS app that has been released unfortunately at the moment will not let you connect to unifi.ubnt.com as a controller, but that is being worked on.  It is the main reason the iOS App was released to provide the same functions on iOS eventually as what the website already does for Android without waiting for Apple to support WebRTC.

Also the Unifi Controller UI itself will not have responsive capabilities until the upcoming V5 which has some really nice improvements to it.  The below screen shot is courtesy of UBNT-Brandon showing the V5 interface from a responsive mobile device.  I’m sure I will post more on this to come.

V5image

What’s next is for me to try to migrate my default site that runs my house and office from the Unifi Cloud Controller software installed version to the local Unifi Cloud Key.  I have an idea already of the process, but also I need to see what will be involved in moving other sites to individual cloud keys as the “default” sites.  I have a feeling that will not be as easy or clean.

About Chris Colotti

Chris is currently a Sr. Cloud Solutions Architect for Tintri. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her decorated apparel business as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years. Now he spreads both the word of technology and fitness along with the Team Beachbody Business through his blogs.

One comment

  1. I’m pretty interested in picking up Ubiquiti products for my MSP. The idea of having multiple cloud keys at different clients accessible through a single pane of glass is very compelling, but I’m concerned that the user management aspect is too clunky and not secure enough. If I need to have multiple techs sharing a username and password that’s no good. It’s not much better having to invite them from each and every controller. I can only imagine what the process to REMOVE somebody would be….

Leave a Reply

Scroll To Top
%d bloggers like this: