Meraki Bells and Whistles
-
@scottalanmiller said in Datto AP60:
@Dashrender said in Datto AP60:
@scottalanmiller said in Datto AP60:
@Dashrender said in Datto AP60:
I suppose Meraki could be good - if you need all those bells and whisles, but if not, UBNT gear is every bit as cloudable by setting up your own controller on a publicly accessible host, like many of us have done.
What bells and whistles? We replace them with UBNT because they are better, not because they are less. I'm not aware of anything special from Meraki outside of their WAN accelerator which is really only useful on VPN connections.
With the Meraki demo's I've seen you can block access to certain services directly at the AP instead of the firewall, or set limitations for those services at the AP level - if you can block, say Youtube at the AP level with UBNT, I'm unaware of that.
I would consider that bloat, not a feature. Can't think of any situation where you'd want a firewall in your wireless device. That's not exactly bad, but it would be quite a stretch to call it a feature.
Those who have it seem to love it. Can it be done at the firewall level - likely, but if you only need it to affect a specific AP for some reason - but yeah... I hear ya.. don't get me wrong... You start explaining these things to customers and they suddenly start seeing why the extra spend on Meraki isn't worth it.
-
-
@dbeato said in Datto AP60:
@scottalanmiller said in Datto AP60:
@DustinB3403 said in Datto AP60:
@scottalanmiller said in Datto AP60:
We replace them with UBNT because they are better, not because they are less.
You absolutely have to be replacing this not only because Ubiquiti offers a better product, but because the TCO is way cheaper than the cost of Meraki's gear as well.
Actually, that pretty much never happens. That they are cheaper makes customers jump at it, but typically we replace the Merakis because of a failing that the UBNT fixes.
What failing? And the problem is not Meraki or Ubiquiti here. However when it comes to so called security experts they talk about Security Controls on APs which is very interesting and they leave out Ubiquiti because they don't have any.
Lack of features or flexibility, generally. Or that configuration costs, rather than unit costs, are so much higher that while it might be a cost factor, isn't a cost of the device factor.
-
@DustinB3403 said in Datto AP60:
@dbeato said in Datto AP60:
Security Controls
These should not be at the individual AP though.
Exactly. I mean there must be some niche for this, but it seems absurdly niche.
-
@scottalanmiller said in Datto AP60:
@dbeato said in Datto AP60:
@scottalanmiller said in Datto AP60:
@DustinB3403 said in Datto AP60:
@scottalanmiller said in Datto AP60:
We replace them with UBNT because they are better, not because they are less.
You absolutely have to be replacing this not only because Ubiquiti offers a better product, but because the TCO is way cheaper than the cost of Meraki's gear as well.
Actually, that pretty much never happens. That they are cheaper makes customers jump at it, but typically we replace the Merakis because of a failing that the UBNT fixes.
What failing? And the problem is not Meraki or Ubiquiti here. However when it comes to so called security experts they talk about Security Controls on APs which is very interesting and they leave out Ubiquiti because they don't have any.
Lack of features or flexibility, generally. Or that configuration costs, rather than unit costs, are so much higher that while it might be a cost factor, isn't a cost of the device factor.
what flexibility don't they have? or what feature are they missing?
specifics please. -
Security controls on the AP would only maybe make sense for the smallest possible use cases.
Where an organization has literally zero additional resources to separate these processes.
-
@Dashrender said in Datto AP60:
Those who have it seem to love it.
People claim that they love Nutanix, too. But there is a huge difference between "we love it compared to doing it well" and "we love it because we didn't realize that there was an actual good solution." Meraki, while historically being a decent product, falls into the latter category today I find. It's not "bad" absolutely, it's just "bad" compared to the real world marketplace. It's like the Model T, it was good when it first came out. But if you were to buy one today and claimed it was a good vehicle, people would think you were crazy.
-
@DustinB3403 said in Datto AP60:
Security controls on the AP would only maybe make sense for the smallest possible use cases.
Where an organization has literally zero additional resources to separate these processes.
I'm not sure how one can get this small. If you are big enough to have APs, you'd be already past this size. If you were a home user with one person, you are already past this size, lol.
-
@dbeato said in Datto AP60:
@scottalanmiller said in Datto AP60:
@dbeato said in Datto AP60:
@scottalanmiller said in Datto AP60:
@DustinB3403 said in Datto AP60:
@scottalanmiller said in Datto AP60:
We replace them with UBNT because they are better, not because they are less.
You absolutely have to be replacing this not only because Ubiquiti offers a better product, but because the TCO is way cheaper than the cost of Meraki's gear as well.
Actually, that pretty much never happens. That they are cheaper makes customers jump at it, but typically we replace the Merakis because of a failing that the UBNT fixes.
What failing? And the problem is not Meraki or Ubiquiti here. However when it comes to so called security experts they talk about Security Controls on APs which is very interesting and they leave out Ubiquiti because they don't have any.
Lack of features or flexibility, generally. Or that configuration costs, rather than unit costs, are so much higher that while it might be a cost factor, isn't a cost of the device factor.
I see, so bottom line factors.
Right. Like sometimes people won't complex things done on Meraki that takes more time and it is faster and cheaper to replace them with stuff that does it out of the box. If that out of the box required more annual costs and a big uplift, obviously that wouldn't work. So that UBNT isn't more expensive is certainly important. But it is that UBNT generally saves money on the engineering immediately, and since the cost of the UBNT because "zero or less", it's like the customer is paid to switch to it. That they save long term is a bonus, but if it was break even, would still do it.
-
@Dashrender said in Datto AP60:
@scottalanmiller said in Datto AP60:
@dbeato said in Datto AP60:
@scottalanmiller said in Datto AP60:
@DustinB3403 said in Datto AP60:
@scottalanmiller said in Datto AP60:
We replace them with UBNT because they are better, not because they are less.
You absolutely have to be replacing this not only because Ubiquiti offers a better product, but because the TCO is way cheaper than the cost of Meraki's gear as well.
Actually, that pretty much never happens. That they are cheaper makes customers jump at it, but typically we replace the Merakis because of a failing that the UBNT fixes.
What failing? And the problem is not Meraki or Ubiquiti here. However when it comes to so called security experts they talk about Security Controls on APs which is very interesting and they leave out Ubiquiti because they don't have any.
Lack of features or flexibility, generally. Or that configuration costs, rather than unit costs, are so much higher that while it might be a cost factor, isn't a cost of the device factor.
what flexibility don't they have? or what feature are they missing?
specifics please.A bit. Meraki either lacks the full command line flexibility of UBNT or makes it much more difficult to do. And performance. Meraki just don't keep up with UBNT at all. Performance is arguably a "feature" but when one can do the job and one can't, it's kind of a feature.
-
@scottalanmiller what are you doing at the command line of a UAP?
-
@Dashrender said in Datto AP60:
With the Meraki demo's I've seen you can block access to certain services directly at the AP instead of the firewall
Keep in mind that doing this...
- Makes the AP a firewall, just with a different label. It's still a firewall.
- Can be done with Ubiquiti for cheaper.
So while Ubiquiti requires two discrete devices to do this and Meraki just one. The two Ubiquiti devices are cheaper to buy than the one Meraki, and that's just up front. The Meraki always has the annual cost, and the UBNT does not. So other than the minor aesthetics of only having one device, the Ubiquiti option seems vastly better here since you get more flexibility, more power, more features, at dramatically lower cost.
This is akin to how people tout ZFS over XFS be saying "can XFS do RAID"? No, XFS is a discrete component and uses MD, ZFS, BtrFS, LVM, or hardware for its RAID portion. You can do anything with XFS than you can with ZFS, but not under the label of XFS. One is comparing a stack of components, one is comparing just one component of the stack. So it makes ZFS sound impressive because it's apples and oranges.
That's what Meraki is doing here. It's giving you an "all in one" and promoting the features of a part that you don't want included in there. But if you did the same in a better way, you get a better result. It's a bundling and labeling trick to make something bad sound good, but it's not.
-
@Dashrender said in Datto AP60:
@scottalanmiller what are you doing at the command line of a UAP?
We don't, the idea of configuring APs to do really anything is a Meraki problem. Another reason to replace them. I'm talking Unifi vs. Meraki, not Unifi AP vs Meraki AP. It's a network, not a single device.
-
The reason to replace Meraki APs with Unifi APs is that the management of them becomes free instead of requiring separate accounts, dashboards, etc. By removing the Meraki APs, you get a single pane of glass to the network.
-
@scottalanmiller said in Datto AP60:
n the one Meraki, and that's just up front. The Meraki always has the annual cost, and the UBNT does not. So other than the
OK that makes sense... But managing 20 firewalls (one after each AP) yet keeping the network flat sounds HUGELY painful at min.. where the Meraki interface handles that all for you.
Mind you I've never used a Meraki beyond a single AP and I did little more than setup an SSID on it and just use it as an AP.
-
@scottalanmiller said in Datto AP60:
@Dashrender said in Datto AP60:
@scottalanmiller what are you doing at the command line of a UAP?
We don't, the idea of configuring APs to do really anything is a Meraki problem. Another reason to replace them. I'm talking Unifi vs. Meraki, not Unifi AP vs Meraki AP. It's a network, not a single device.
aww.. OK I get it now with the command line talk.
-
@scottalanmiller said in Datto AP60:
The reason to replace Meraki APs with Unifi APs is that the management of them becomes free instead of requiring separate accounts, dashboards, etc. By removing the Meraki APs, you get a single pane of glass to the network.
What? Meraki has devices for all the network components - APs, Switches and Firewalls - sounds like a single pain of glass to me.
with UBNT, you have to run Unifi gear to get that single pain of glass (Unifi AP (OK we all run those) Unifi switches - which most people crap on around - especially JB, and Unifi Security Gateways - which suck because you can't manage advanced settings in any way other than json files).
-
@Dashrender said in Datto AP60:
OK that makes sense... But managing 20 firewalls (one after each AP) yet keeping the network flat sounds HUGELY painful at min.. where the Meraki interface handles that all for you.
You'd use UNMS to manage those firewalls with Ubiquiti as each site very likely has their own configurations that they need setup.
-
@Dashrender said in Datto AP60:
What? Meraki has devices for all the network components - APs, Switches and Firewalls - sounds like a single pain of glass to me.
You are totally missing the big picture. THOSE get replaced because of complexity. It was you who singled out the AP apart from the rest of the solution. When those complex pieces get replaced because you need the power and flexibility of Ubiquiti, then you have to replace the Meraki APs to get a single pain of glass.
-
@Dashrender said in Datto AP60:
with UBNT, you have to run Unifi gear to get that single pain of glass (Unifi AP (OK we all run those) Unifi switches
Right, which was the point because we had just established needed UBNT for flexibility.