All Ubiquiti, all the time

stacksofplates

@Dashrender said:

I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.

Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.

Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.

MattSpeller

Watching this thread closely as I'll be doing similar on a larger scale soon

(dumping B/G HP AP's and controllers for something else, switching gear remains the same)

Dashrender

@johnhooks said:

@Dashrender said:

I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.

Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.

Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.

And it may be - but I still have to ask for an SMB, what is missing that you really want? The idea of having VLANs is dieing, if not dead already.

If you're really moving to a @scottalanmiller approved network, it would probably be completely flat, a /23 or /22 where you don't trust any device on the network.

Local servers might be limited to OwnCloud (servers for large amounts of data (or large file size) that are impractical to store offsite or in the cloud), PBXes, application server, etc.

But these and the rest all behave exactly like everything else on the internet. You have a secure connection from you to them and that's it.

Of course you could simplify some of the authentication with things like Azure AD, or Google's ID, or FB's ID, Etc whatever your products support.

scottalanmiller

the Unifi stuff is more expensive and does less, too.

We are using Ubiquiti for firewalls, switches and APs, but only the APs are Unifi series.

stacksofplates

@Dashrender said:

@johnhooks said:

@Dashrender said:

I happen to have one of those switches in house that I will be deploying soon. I'll let you know if I have more options when I manage it directly.

Assuming there are, I mainly like the UniFi stuff because of the simplified pane of glass for bandwidth usage at the switch level like we have at the AP level.

Ya from what I've seen, it's really limited compared to EdgeMax which is just VyOS.

And it may be - but I still have to ask for an SMB, what is missing that you really want? The idea of having VLANs is dieing, if not dead already.

If you're really moving to a @scottalanmiller approved network, it would probably be completely flat, a /23 or /22 where you don't trust any device on the network.

Local servers might be limited to OwnCloud (servers for large amounts of data (or large file size) that are impractical to store offsite or in the cloud), PBXes, application server, etc.

But these and the rest all behave exactly like everything else on the internet. You have a secure connection from you to them and that's it.

Of course you could simplify some of the authentication with things like Azure AD, or Google's ID, or FB's ID, Etc whatever your products support.

You have no routing ability, no VPN capability (could be solved with ZeroTier, but if you only have one or two people using it that might not make sense), I didn't see any firewall or NAT rules, no DNS/DynDNS (EdgeMax uses DNSMasq but it's still usable for simple solutions), not sure about QoS either.

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

scottalanmiller

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

scottalanmiller

@johnhooks said:

You have no routing ability, no VPN capability (could be solved with ZeroTier, but if you only have one or two people using it that might not make sense), I didn't see any firewall or NAT rules, no DNS/DynDNS (EdgeMax uses DNSMasq but it's still usable for simple solutions), not sure about QoS either.

I'm unclear to whom you are addressing this or in regards to which aspect of the design.

stacksofplates

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

stacksofplates

@scottalanmiller said:

@johnhooks said:

You have no routing ability, no VPN capability (could be solved with ZeroTier, but if you only have one or two people using it that might not make sense), I didn't see any firewall or NAT rules, no DNS/DynDNS (EdgeMax uses DNSMasq but it's still usable for simple solutions), not sure about QoS either.

I'm unclear to whom you are addressing this or in regards to which aspect of the design.

Dash. He said:

And it may be - but I still have to ask for an SMB, what is missing that you really want?

This was all in regards to the USG.

scottalanmiller

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

Yes, they all do the same stuff under the hood.

stacksofplates

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

Yes, they all do the same stuff under the hood.

Ok, I didn't realize that. But like I said, I think needing to dig into the cli on the USG kind of defeats the purpose of having everything centrally managed by the controller.

Dashrender

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

Yes, they all do the same stuff under the hood.

Ok, I didn't realize that. But like I said, I think needing to dig into the cli on the USG kind of defeats the purpose of having everything centrally managed by the controller.

I thought I mentioned it's not about fully managing, it's more about the reports/graphs.

Yes it's a bit more expensive...

stacksofplates

@Dashrender said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

@scottalanmiller said:

@johnhooks said:

I think it still runs Linux, so yo could probably do most of that. However that kind of defeats the purpose of being centrally managed.

VyOS, it is extremely capable. We've been on VyOS or its parent Vyatta for a very, very long time.

Ya EdgeMax is, does the USG run VyOS?

Yes, they all do the same stuff under the hood.

Ok, I didn't realize that. But like I said, I think needing to dig into the cli on the USG kind of defeats the purpose of having everything centrally managed by the controller.

I thought I mentioned it's not about fully managing, it's more about the reports/graphs.

Yes it's a bit more expensive...

Ah I missed that.