Cloud hosting Unifi controller



  • I'm deploying 4 Unifi APs at my new location. Trying to decide where is the best place to host the controller software and ran across this site.

    http://www.unifibox.com/

    Is it just me, or does $15/month seem like a lot for this service? When you're managing dozens or more, this might be worthwhile, but even then maybe not. Why not just stand up your on VM in something like Digital Ocean - I'm sure a baseline VM would be less, right?

    FYI, for now I've just installed it on one of internal servers and I have VPN to all my locations.



  • That does sound like a lot... I think it would be cheaper to stand up your own EC2 instance to run the controller then 15$ a month... although I haven't run the numbers yet.

    Digital Ocean is a good option as well.



  • Now that they have a linux controller (not sure when that came along) you should be able to get any barebones VM to run this for next to nothing.

    I just looked over the specs -it's limited to a single site and 64 APs.

    The 'you own your own controller' option is $200/month - no way that make sense for anyone willing to do their own maintenance on the VM.



  • @Dashrender said:

    Now that they have a linux controller (not sure when that came along) you should be able to get any barebones VM to run this for next to nothing.

    I just looked over the specs -it's limited to a single site and 64 APs.

    The 'you own your own controller' option is $200/month - no way that make sense for anyone willing to do their own maintenance on the VM.

    Linux controller has been out for a long time... at least as long as I've been watching/using their products.



  • For some reason when we first learned about these years ago, I was thinking they only had a windows controller, but it's been a while since I paid attention.


  • Service Provider

    @Dashrender said:

    For some reason when we first learned about these years ago, I was thinking they only had a windows controller, but it's been a while since I paid attention.

    I'm pretty sure that that is true.


  • Service Provider

    @coliver said:

    That does sound like a lot... I think it would be cheaper to stand up your own EC2 instance to run the controller then 15$ a month... although I haven't run the numbers yet.

    Digital Ocean is a good option as well.

    DO is cheaper and way easier than EC2. EC2 doesn't let you see the console. Only makes sense if you are using Chef or Puppet or similar.





  • I seem to remember a conversation with @JaredBusch stating that he uses one for the office.


  • Service Provider

    I use the windows controller right now. It is on a VM in a datacenter. I keep meaning to migrate it to Linux, but that is extremely low on my priority list.



  • If you have a Virtual Infrastructure already internally, I'd just bring up a Ubuntu VM on that.



  • @thecreativeone91 said:

    If you have a Virtual Infrastructure already internally, I'd just bring up a Ubuntu VM on that.

    yeah I could have done that, but that would be a LOT more work than just installing the Windows setup, which I did on one of my DCs.

    Why Ubuntu instead of CentOS?



  • @Dashrender said:

    @thecreativeone91 said:

    If you have a Virtual Infrastructure already internally, I'd just bring up a Ubuntu VM on that.

    yeah I could have done that, but that would be a LOT more work than just installing the Windows setup, which I did on one of my DCs.

    Why Ubuntu instead of CentOS?

    The Ubqitui stuff doesn't run as well on CentOS. How is that all lot more work? Also I would not install the controller on a Domain Controller.



  • @coliver said:

    Linux controller has been out for a long time... at least as long as I've been watching/using their products.

    It was what came out first, the Windows stuff came later because people complained but, it didn't take them long to bring out the windows stuff. It's all java anyway.



  • @thecreativeone91 said:

    @Dashrender said:

    @thecreativeone91 said:

    If you have a Virtual Infrastructure already internally, I'd just bring up a Ubuntu VM on that.

    yeah I could have done that, but that would be a LOT more work than just installing the Windows setup, which I did on one of my DCs.

    Why Ubuntu instead of CentOS?

    The Ubqitui stuff doesn't run as well on CentOS. How is that all lot more work? Also I would not install the controller on a Domain Controller.

    Why? FYI I have three DCs, though one is going away really soon.

    It's a lot more work because I'd have to download and install a Linux distro before I could get to work setting up the APs. Since I had a Windows platform, it was just - install and done.



  • @Dashrender said:

    @thecreativeone91 said:

    @Dashrender said:

    @thecreativeone91 said:

    If you have a Virtual Infrastructure already internally, I'd just bring up a Ubuntu VM on that.

    yeah I could have done that, but that would be a LOT more work than just installing the Windows setup, which I did on one of my DCs.

    Why Ubuntu instead of CentOS?

    The Ubqitui stuff doesn't run as well on CentOS. How is that all lot more work? Also I would not install the controller on a Domain Controller.

    Why? FYI I have three DCs, though one is going away really soon.

    It's a lot more work because I'd have to download and install a Linux distro before I could get to work setting up the APs. Since I had a Windows platform, it was just - install and done.

    You really don't want extra applications running on Top of Domain Controllers.


  • Service Provider

    @thecreativeone91 said:

    You really don't want extra applications running on Top of Domain Controllers.

    I call BS on this. It is a waste of a VM to be DC only when you are a full windows shop. Running any kind of basic application on a DC hurts nothing and makes more efficient use of your licensing.



  • @JaredBusch said:

    @thecreativeone91 said:

    You really don't want extra applications running on Top of Domain Controllers.

    I call BS on this. It is a waste of a VM to be DC only when you are a full windows shop. Running any kind of basic application on a DC hurts nothing and makes more efficient use of your licensing.

    It's actually a major security issue. We fire people for this. You get two VOSEs with 2012 Standard anyway.


  • Service Provider

    @JaredBusch said:

    @thecreativeone91 said:

    You really don't want extra applications running on Top of Domain Controllers.

    I call BS on this. It is a waste of a VM to be DC only when you are a full windows shop. Running any kind of basic application on a DC hurts nothing and makes more efficient use of your licensing.

    We run all of our DCs dedicated.



  • This is the offical Best Pratice related to DCs

    these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software

    It's quiet a big security issue with your DCs running other applications.


  • Service Provider

    In a small shop, but only quite small, I'd be willing to double duty my DCs, but only with limited, first party services. DNS and DHCP obviously. But file serving for example. I think DC + FS is a common and sensible use of a license in a small shop if the other VM license needs to be used for something else. But things like databases and third party application serving I really never want to see combined on a DC.


  • Service Provider

    @thecreativeone91 said:

    these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software

    Is that the Microsoft quote?



  • @scottalanmiller said:

    @thecreativeone91 said:

    these permitted applications and services should be comprised only of what is required for the computer to host AD DS and possibly DNS, plus any system security software such as antivirus software

    Is that the Microsoft quote?

    Yep



  • Best practice is most clearly to keep DCs separate. I think that there are good cases where it can make sense to combine some other tasks into that role, but the best practice is pretty clear. I think that the biggest issues start to arise around failover. If you have two DCs, the AD function will failover in one way. How do you then deal with other things running on one of the DCs?

    If you only have a single DC this isn't a problem. And it is probably when you have only one that you are most likely to want to combine roles.



  • In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.



  • @Dashrender said:

    In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.

    $800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.

    But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.


  • Service Provider

    @Dashrender said:

    It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.

    Who is giving you prices that high? $600 - $700 is more the normal range and that's two VMs.


  • Service Provider

    Plus you don't necessarily need a Windows license for every VM. Once you are breaking things out there is more and more possibility that you will mix in other operating systems like Linux and FreeBSD that add discretion without licensing costs. Like for a dedicated application server or a database server, those are very popular UNIX roles.



  • @thecreativeone91 said:

    @Dashrender said:

    In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.

    $800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.

    OK I pulled this number out of my ass, I haven't bought any licenses recently!



  • @thecreativeone91 said:

    @Dashrender said:

    In a situation where you have a Datacenter license on your VM host, sure stand up an individual server for each process you need to support - but I don't. It's not worth $800+ to me to purchase another Windows license. That said - when things slow down in a few weeks (after the new building goes live), I'll probably just migrate this to a linux box.

    $800+? You can get Server 2012 r2 Standard for around $700 which comes with 2 VOSE.

    But, Really is $700 that much for security? When an application runs on your DC it has access to your whole AD/Global Catalog. That's the major issue. If buying another server licenses is too much then just do linux.

    No it doesn't. Not unless the app is running as a user who has more rights than is needed.