I have a good deal of experience with Mikrotik's offerings, and I am not looking to power networks I support with a patchwork of different systems that each have their own interface.
Most of the value proposition of the Unifi lineup is I can look at a single website that I host and see the WiFi clients connected to an access point, what switch feeds that access point internet (and whether its linked at gigabit or 100Mbps), uptime on all devices involved in the stack, whether the client has poor WiFi quality, trouble DHCPing, etc.
The single pane of glass to view everything when I am many miles from the networks I support is essential. Compared to when these sites were on PFSense before migrating, these networks have improved uptime, rapid remediation of issues, and changing VLANs, SSIDs and labeling each client on the network is a snap.
Edit: Borrowed /u/bpye's single pane of glass term
It's definitely not all the new controllers, although with the UDM line you might be right. I think there's a huge intersection between people who would buy those specific devices and people who are perfectly happy to have remote access to their control plane in the cloud.
It is also about dark patterns. I never had the cloud option enabled. One night after a long day I upgraded the controller software. I noticed a message like “do you want to login?” and wasn’t awake enough to realise that it asked for my ui.com account and that after that cloud management was enabled and my phone switched to authenticate from a direct connection with the local credentials to using the ui.com credentials.
It looks like what I was referring to is that they recently made the initial controller setup on the cloudkey require a cloud account [1], but you can migrate to local only after the initial setup.
So the only remaining 'local only' from start to finish is for self-hosted I guess.
I have a cloud key gen2 plus and do not have a UI.com account. I would classify getting the network controller setup without having one initially "mildly annoying but worth it".
I'm also floored at the number of people who are spinning the existence of a self-hosted controller as somehow a bad thing...?
The UDM and UDM-Pro force you to set up a UI.com account, and cannot be used with external Unifi controllers like one you might run on a server, PC or cloud key (Ubiquiti's management software on a Power over Ethernet powered dongle, does not require a UI.com account).
They do - first thing I did though was then go in and add a local account, and disable remote access (I have a wireguard tunnel that terminates on a server behind my firewall if I need remote access).
I don't use a UI.com account to connect to the Unifi controller I host (as I don't need their inconsistently working NAT traversal to get to my controller), hopefully the networks I support are safe due to not being entangled with Ubiquiti's cloud infrastructure.
Anyone who is forced to get a UI.com account (eg: UniFi Dream Machine and UDM-Pro owners) should change their credentials and do a factory reset on their routers and Access Points ASAP.
> do a factory reset on their routers and Access Points ASAP
This is a miserable user experience. If you do a reset and don’t know the SSH password on APs or cameras you get to spend a hellish few hours crawling though ceiling insulation, climbing ladders and physically resetting devices. It’s so shit. I’ve just done it, but not due to security concerns, but instead because of a UDM-P crapping out randomly.
This is why I like having the controller in a virtual machine offsite. Factory resetting the router and pairing it to the same site in the separate controller gets me back to the same exact place I expect to be.
With the UDM series, the integrated controller ensures you lose everything if you have to factory reset, site to site VPNs have to be manually configured, and numerous other minor annoyances crop up (like UI.com not always being able to connect to the controller).
>If you do a reset and don’t know the SSH password on APs or cameras
Who's fault is that if you don't have it? First thing I do when I set a new site up is record all the vital information like that for when I will inevitably need to recover stuff.
It should be standard backup/disaster recovery practices - for ANY system. Making sure you have critical information BEFORE you really need it is preparedness 101.
Most of the value proposition of the Unifi lineup is I can look at a single website that I host and see the WiFi clients connected to an access point, what switch feeds that access point internet (and whether its linked at gigabit or 100Mbps), uptime on all devices involved in the stack, whether the client has poor WiFi quality, trouble DHCPing, etc.
The single pane of glass to view everything when I am many miles from the networks I support is essential. Compared to when these sites were on PFSense before migrating, these networks have improved uptime, rapid remediation of issues, and changing VLANs, SSIDs and labeling each client on the network is a snap.
Edit: Borrowed /u/bpye's single pane of glass term