Managing multiple UniFi sites

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
Does anyone have experience managing multiple sites running UniFi AP's/switches where each network is it's own entity (ie. there is no VPN/LAN connectivity) between sites?

I'm looking for a good way to manage AP's for 6-7 small/home office locations from a single controller. Is running a single instance of the UniFi controller in a VPS an option? If so, how can on adopt all the the devices from different networks to this cloud instance?
 

Rain

Active Member
May 13, 2013
240
81
28
Using a "Remote" UniFi Controller is actually a supported option. Here is the support article on it: UniFi - Device Adoption Methods for Remote UniFi Controllers

While I have never had to deploy UAPs across multiple sites with a single controller, I think I would use the DNS method for simplicity. The APs attempt to resolve "unifi" (or "unifi.domain.com" where "domain.com" is the domain passed out by DHCP); if this gets resolved to your VPS running the UniFi controller, the UAPs will appear in the controller and can be adopted. This would make adding UAPs in the future at a given site pretty easy, too; just plug them in!

If controlling DNS isn't an option at a particular location, I'd fall back on simply using SSH and the set-inform command.
 
Last edited:
  • Like
Reactions: audio catalyst

Caleb

Member
Nov 16, 2015
39
8
8
32
I have used the ssh-inform command with good results. I host my parents and siblings unifi products on my homelab unifi controller. I would definitely consider using a VPS in the cloud if this is for production.
 
Jan 4, 2014
88
12
8
Does anyone have experience managing multiple sites running UniFi AP's/switches where each network is it's own entity (ie. there is no VPN/LAN connectivity) between sites?

I'm looking for a good way to manage AP's for 6-7 small/home office locations from a single controller. Is running a single instance of the UniFi controller in a VPS an option? If so, how can on adopt all the the devices from different networks to this cloud instance?
yes, we provide that service to about 35 sites globally from our hosted controller in our own DC

We were using it only for WiFim but for a few smaller sites now manage the complete stack ( FW,Switch and AP) like that

we always try to setup L3 dns adoption ( basically create a cname called unifi , pointing to your controller hostname
the DHCP option interferes with SCCM/WIS and hate hexing :)

Other option would be set-inform, but the downside of that is that you need direct ssh access to the ap, which may be problematic on a remote site
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
yes, we provide that service to about 35 sites globally from our hosted controller in our own DC

We were using it only for WiFim but for a few smaller sites now manage the complete stack ( FW,Switch and AP) like that

we always try to setup L3 dns adoption ( basically create a cname called unifi , pointing to your controller hostname
the DHCP option interferes with SCCM/WIS and hate hexing :)

Other option would be set-inform, but the downside of that is that you need direct ssh access to the ap, which may be problematic on a remote site
I've been thinking about trying a UniFi FW in one or more locations. How are you liking it and does it have DNS services built in for said L3 adoption?
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
Has anyone used Digital Ocean for a VPS? Do they offer elastic (static) public IP's like AWS?
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
I use a cloud key at home to manage my parents network along with mine.

I had to manually set the inform url on the switch and aps to point to my cloud key when I was there.

UniFi - Device Adoption Methods for Remote UniFi Controllers

Yea I manage mine and my parents unifi networks (connected via site-to-site VPN) using my own locally hosted controller in a docker container. Works great.

However, this project is for a small/medium sized business so it needs to be hosted for HA. The adoption part I have worked out as there are many ways to do it (DNS, DHCP, locally setting the inform URL, etc.) but to ensure there are no issues with the new installation I wanted to be sure my VPS IP doesn't change. I've confirmed that it doesn't once set in Digital Ocean.
 
Jan 4, 2014
88
12
8
I've been thinking about trying a UniFi FW in one or more locations. How are you liking it and does it have DNS services built in for said L3 adoption?
it does have the possiblity to add cnames, however the Controller allows you to simply add the controller ip per subnet.
Am about to take reception of the 10G router, so once i have fiddled around with it a bit i'll let you know.

just as an afterthought...
Essentially these are EdgeOS/Vyos routers, abeit they have a unifi shell over them.
it is quite easy to add the required configuration ( bgp,OSPF or what have you) to the device, then add those non gui configurations back to the controller by adding the config.json to the controller.

As i amusing vyos quite extensively on various projects, i would expect to be happy with the device, but will post when i have the chance to actually test it
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
it does have the possiblity to add cnames, however the Controller allows you to simply add the controller ip per subnet.
Can you elaborate on what you mean by this? How does this apply to AP's in different geographical locations all talking up to a cloud controller?
 
Jan 4, 2014
88
12
8
in the controller, network, you can set the ipadress of your controller, which points to any ip address.
i assume underwater they create either their own dns record, or any other l3 adoption method.

still when i have a local server on site,i set the dns method on that anyway :)
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
in the controller, network, you can set the ipadress of your controller, which points to any ip address.
i assume underwater they create either their own dns record, or any other l3 adoption method.

still when i have a local server on site,i set the dns method on that anyway :)
So you're saying you set the WAN IP of hostname of your controller, and when an AP connected to a local USG that is managed by that controller they will automatically tell AP's where the controller is?
 

amalurk

Active Member
Dec 16, 2016
182
42
28
98
Have you tried the DNS method where you make your the local router/DNS resolve unifi to your controller's IP? Did this work? Seems simple enough. I am thinking about expanding my camera's and adding one or more at my mom's and controlling them offsite with a VPS.
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
Have you tried the DNS method where you make your the local router/DNS resolve unifi to your controller's IP? Did this work? Seems simple enough. I am thinking about expanding my camera's and adding one or more at my mom's and controlling them offsite with a VPS.
Currently I have no control over DNS at the locations where I'm looking to setup this VPS to manage.
 

maze

Active Member
Apr 27, 2013
556
84
28
I have about 100 ap's running on a hosted unifi controller. Mainly doing it through dns, since I'v found the dhcp option is kinda crappy (never got it working..?)

Flawless and simple to handle.

If you cant do the dns, just do the ssh inform before deploying it at the customer, or migrate it from the current controller software - easy and simple. You just need tcp/8080 and tcp/udp/3758 or so forwarded - last one is STUN port, dont remember that port fully
 

kalex1114

New Member
Jan 26, 2014
6
0
1
we manage about 50 unifis at 30 sites for clients. You need to open up the ports on the firewall and setup controller somewhere. We host it at our colo but before it was running on aws. Like maze said we do it mostly via DNS entry at client sites but if that is not possible we do ssh inform
 

dwright1542

Active Member
Dec 26, 2015
362
69
28
47
I've got about 400 Unifi items across 25 clients on a single unifi panel. I've had it hosted various places, it sits on Azure right now with a public IP. When installing, we just use the Chrome app, find the IP, SSH in, and then do the set-informs. You need to do it 2x, then adopt, then set-inform again. DNS dosen't work reliably enough. It's been unbelievably solid for jeez, 5 years? We had it in the cloud long before it was en vogue.
 

IamSpartacus

Well-Known Member
Mar 14, 2016
2,280
548
113
If I have a controller with multiple sites and do a set inform on devices in a new location, what site will those devices show up in for the initial adoption? The reason I ask is, I want to give someone access to do device adoption for a specific site but not access to the entire controller. But if the device shows up in a different site, they won't be able to do the adoption.