Hacker News new | past | comments | ask | show | jobs | submit login
Show HN: Managed UniFi Controller Hosting (cloudbit.io)
46 points by baconomatic 62 days ago | hide | past | web | favorite | 46 comments

I've been using Hostifi for a year+ I think now. If anyone is looking for a similar service, I highly recommend: https://hostifi.net

Pricing is better IMO if you have any serious number of devices. The founder has created as an open startup (https://rchase.com) and has been making good profit, so less concern of it going under too. No offense to OP on that, but switching to something like this can be a bunch of time personally, so want a clear path for startup.

Finally, and this is an personal story I know. But the support on Hostifi is fantastic. They have a knowledge base and their team is more than happy to help when issues come up. Which is great because I love the software, but am not a personal expert.

+1 for hostifi. i've been using them for my home AP's for a couple years now. i sent tech support a couple questions and reilly himself emailed me back. great guy and he was very, very helpful.

Question, since a number of folks have chimed in about using various cloud hosted controllers: how do you initially setup the network (given that you presumably need the router to have internet access to connect to the cloud controller), and how do you handle it if there's an internet connectivity problem? My office currently has an internal network VM that runs the controller, and we might move to a Cloud Key, but I'm curious how folks handle having a cloud controller for their Unifi router when their Unifi router might lose internet. Or are most folks using the controllers to manage Ubiquiti wifi hotspots without using the USG as their main router?

We're a small shop of around 20 desktops or so, 2 switches, and 1 router, with a couple external static IPs. I can see the benefit for trying to orchestrate multiple sites using a cloud controller, but I'd be worried about doing it for a single site given internet issues, unless there's something I'm missing.

Hi Joe! At https://hostifi.net we have tons of people using the USGs and connecting them to the cloud server. The USG actually is the only UniFi device that has a web gui and it has configuration options for setting up the WAN before you adopt it specifically to solve that problem - how to get internet up so you can adopt to a cloud server.

If you have a couple static IPs at one site though, keep in mind that the USG can only do one static IP (without having to dive into CLI), so for any more advanced network like that most people are using a different router vendor but sticking with the UAPs and UniFi switches for the rest of the network.

We also have lots of people using both the built-in hotspot portal pages as well as external portals just fine.

As others have mentioned, if the controller goes down, the networks do not go down. All of the device settings are stored locally and don't depend on the controller, the only exception being that the hotspot pages do require the controller to be online in order to work.

> If you have a couple static IPs at one site though, keep in mind that the USG can only do one static IP (without having to dive into CLI)

It is doable though. I have a JSON file of the extra configuration needed to setup the additional WAN IPs and the needed port forwarding. Someone even made a codepen tool to make that configuration[1]. Is that custom configuration not possible with hostifi?

> As others have mentioned, if the controller goes down, the networks do not go down. All of the device settings are stored locally and don't depend on the controller, the only exception being that the hotspot pages do require the controller to be online in order to work.

So while I'm aware the network does not require the controller to be online in order for the devices to work, the problem is that, if there's an internet problem, one of the first places I look to see what the issue is is ... the controller. So with an external controller, if there isn't some extra step I'm missing to deal with internet outages, I'm essentially stuck if I'm trying to figure out what the problem is and change the configuration.

1. https://community.ui.com/questions/Tool-Map-Multiple-WAN-IP-...

> config.gateway.json Yes you can do it in the json file, and that works on https://hostifi.net

> Internet down There's not really anything you would need to change on the controller to fix a WAN issue that you couldn't fix by changing the WAN settings on the USG's web interface... Never had a problem so far with it anyway, with 25,000+ UniFi devices that people have connected to HostiFi. Also, one benefit of a WAN down situation with the cloud controller is you get a notification email about it. On a local controller you won't get a WAN down notification email because... well, it can't send it.

Devices keep running even if the controller goes down. Just no Config updates during outage unless you connect directly to device and change there.

I have a cloud key on each site, and use the unifi cloud controller. No VPNs, no problems. Actually surprised anyone does anything else!

How is this different from or any better than Ubiquiti's Cloud Controller hosting?

Also based on your pricing it is cheaper to buy a Cloud Key if you plan to use your devices longer than 10 months.

You're assuming that there is just one location, and if so, it is cheaper to buy a Cloud Key than use a service like this or https://hostifi.net

The benefit comes in when you have many locations, and can replace a bunch of Cloud Keys with a single server, and have someone else manage updates for you and help with support questions.

At HostiFi 90% of my customers are IT service providers who use the service to replace a ton of Cloud Keys with the single server.

Ubiquiti's cloud offering is very expensive ($299/year base fee + $199/year for each +10 devices), and from customers who have told me about it before they switched to HostiFi, the support is not good, they don't keep the servers updated, and you can't get access to use a custom domain name/modify some of the stuff under the hood.

Instead of having to configure potentially tens of different site-to-site VPN connections to connect every site to your head office where you controller is located, you're hosting it on the internet which makes implementation easier.

I would never ever trust a Ubiquiti product being open on the internet though - especially their software products. Too many issues with their firmware on their "carrier"-classed radios, as well as buggy integration with UNMS makes me a bit wary.

> Instead of having to configure potentially tens of different site-to-site VPN connections to connect every site to your head office where you controller is located, you're hosting it on the internet which makes implementation easier.

Unifi offers a cloud controller as hosted service, see https://help.ubnt.com/hc/en-us/articles/360006288413.

Central control of multiple sites without having to mess with VPNs.

Why would you need any vpns?

Especially if the vpns are setup from the controller you create a delicate chicken-and-egg problem. How are you to provision it the first time?

You also open up yourself to the problem of accidentally locking sites out and having to reconfigure each site from within.

You are overthinking this. If you have a VM running the controller, or a cloud key, on your internal network, you would need to VPN in to manage them remotely.

No? If you have any remote sites you need it to be directly accessable from the internet anyway. Or am I missing something?

Now you might not like that, but realize that this service is exactly that.

You might be comforted by the fact that a breach of the controller doesn't affect your internal networks.

...until you realize that having control over the controller means root access on all of your sites. So it shouldn't be that comforting.

I'm not advocating that any enterprise use this service. I run a WAN with 4 local sites (on a MetroE MPLS network) and a remote office via a VPN tunnel. So this is not my first rodeo.

I would never use a cloud-based WiFi controller for the very reasons you specify, and that means that if I need to remotely manage Wifi while I'm out of the office, I'm using a VPN.

A lot of companies don't have the same security concerns. That's all I'm saying. And some for those who, say, manage wifi access intended for the public at multiple sites, like a Hotel or coffeeshop chain for example, this might be just the ticket. They don't have to setup and maintain a bunch of individual controllers, and can centralize everything in one console, and let someone else maintain the server it runs on.

I agree, but the more or less equivalent alternative isn't setting up a bunch of controllers.

It's buying one cloud key, opening one port in the firewall and ensuring you have a dyndns or something to the site with the cloud key.

L3 hosting and UniFi is now unfortunately just one of the many, many areas where it feels like Ubiquiti just kind of quit on it many years ago. It's really unfortunate but I've really gotten that sinking feeling about the platform for the last year or two now, with their killing of the forums and no replacement/upgrade for the bug/feature tracking part being the final straw. But overall they seem to show a lot of the classic signs of basic internal dysfunction, tons of effort expended on surface gloss and re-skinning things over and over again (yet then failing to even quickly bring feature parity up), lots of basic features and even merely keeping internal components up to date disregarded, ever increasing technical debt in the hardware line due to failure to update and replace now ancient kit (which instead they still sell new at full price). Something is going to have to give at some point. Unfortunately I don't see anything else in the same position either. It's such a depressing waste of potential.

"Something is going to have to give at some point."

Former Ubiquiti employee here.

The CEO is insanely toxic. Insulting people in the company Slack, publicly firing people on the spot, constantly trying to micromanage everything, shutting down entire offices without warning. It's crazy.

So much wasted potential. Most of the good employees left or were fired while i was there. Projects were changed or cancelled monthly. No one knew what was going on.

Robert Pera throwing the mFI team under the bus was super classy. Worst. EOL. EVER.


UDM and Protect are shining examples of "never rewrite your product from scratch." USG XG was an unmitigated disaster. Dropping controller support for Broadcom-based APs was ridiculous. All seem to be technical debt driven decisions.

Holy. Shit.

If I were to pick the single best indicator of a terrible leader, it would be blaming subordinates for things they are resonspible for. Even if it is 100% the teams fault, the manager is, you know, suppossed to manage them away from such failure.

No organization with such a CEO can survive. We sell unifis at work and I have some in my home, but I will look elsewhere now.

Late, but thank you for sharing that. I participated and enjoyed the old community a lot, and was a big proponent of UBNT gear for many years. Seeing the downward spiral commence from the outside has been a real downer and I wondered what was going on internally. I figured it had to be something at the management level, but I'm bummed to have it confirmed nonetheless. Appreciate all the hard work you folks put in over the years, it was fantastic kit and a really promising overall solution. I wish there was something comparable, or that maybe Robert Para would finally step down/get pushed out.

I finally switched to UniFi equipment after hearing for years how much better it is than consumer WiFi equipment.

Oh man, what a headache.

Depending how one configured things, there’s at least 3 ways to provision devices - all 3 incompatible and will cause issues with each other. User manuals refer to Apps no longer in existence. In no instance have I had a “just works” experience. In two instances the option I needed to configure was not available through any of the 3 (4?) dashboards and I had to resort to sshing into the device.

4 weeks later I’m still experiencing ISP fiber modem disconnect issues every 48 hours and can not connect remotely to debug. The impression I get is 90% of the performance “gains” one gets from switching from Asus to Ubiquiti come from dedicating one $300 piece of hardware (which overheats) for each network function (firewall, switch, router, AP) rather than using a single threaded all-in-one device. Then people still bolt on accessory devices like pi-holes when a USG should be perfectly capable of performing the task.

The provisioning was a PITA and I only use the WiFi access point, not their router, but at least for me the WiFi reliability and signal quality is night-and-day compared to my "old" (2015/6-era) TP-Link Archer C7 router/WAP. I'm not sure what design details lead to this -- poking around via SSH, they're just running Linux with hostapd controlling Atheros interfaces (perhaps just solid engineering on antennas plus choosing a well-supported WiFi chipset?) -- but qualitatively there is definitely a difference in my experience!

I'm not a big fan of their Ubiquiti Device Discovery Tool, I always recommend using SSH method for adoption which is very reliable: https://support.hostifi.net/en/articles/3044211-unifi-cloud-...

They have a UDM and UDM-Pro in early acces that handles the all-in-one device scenario you mentioned.

I'm not sure if this all-in-one game is going to work. IMO, Unifi's hardware apart from their Wireless offerings is limited compared to other players in a similar price range. They should stick to what they're best at, which for me is their Wireless range and build around that.

In our case, we ended up using Mikrotik devices for our physical layers and Unifi as our APs. So far, the performance of the Wifi devices is excellent (though tuning high density configs was a bit of a pain), and the Mikrotiks give us exceptional control over the behaviour of the network topology.

Playing to the strengths of each vendor was the way to go for us. Worked out way cheaper as well.

They're definitely ignoring a big part of their market that made them successful initially.

Do you think there's a potential for disruption in this market?

>Do you think there's a potential for disruption in this market?

Yes absolutely, and UniFi itself provides a template and easy window because the hardware is now so dated. A similar management system but properly extended with solid certificate management and support, nice RADIUS, better L3/L2 (L3 master, L2 hardware fallback), friendly VLAN, gateway device that can actually handle stuff like Pihole, friendly WireGuard backing and usage, and hardware in general that moves forward towards >1G would be very interesting to a lot of people currently on UniFi but beginning to feel the winds of obsolescence blowing. Specific selling point of zero-cloud tie-in (beyond if you yourself want to run it on a cloud service), controller in container or VM standard. Have something (like algo and many others do) to generate mobile profiles, or offer hooks to MDMs or both for ease of deployment.

As far as I know there isn't really anything that does a nice job of putting all this stuff together, despite it arguably being something foundational that more and more people should be doing. Using Let's Encrypt, good automatic cert usage should be trivial. VLANs and VPN are something everyone with IOT should be thinking about. Etc. None of this is radical new technology, just quality implementations and a good GUI bringing together existing stuff, and with zero remote service reqs beyond the optional signing authority (and it should support just running your own root, let the appliance have a USB to make use of HSMs like a Yubikey too). I mean, I'd be delighted if there was no opening here because there is someone else already doing all this like UBNT was working towards too before the current state of affairs, but as far as I know there isn't. Higher end stuff in the market isn't that friendly, you need to be a real expert, the low end integrated stuff is the long standing shit show and/or a bunch of totally standalone components, and "smart" integrated stuff is all cloud sub.

Nobody who has 5 devices will pay $10/mo for this; they are all doing what I am: booting the controller on-demand (or some other local solution). Less than $10pa would seem appropriate (and I'd snap that up in a heartbeat).

At https://hostifi.net we are working on 2 new plans launching soon, a 5 device $3.99/month or $39/year plan and a 3 site, 15 device plan at $9.99/month or $99/year. Trying to find the price point for those small install/home users is tricky. Our primary customers are the IT/MSP business owners who manage all of their customer networks from one server.

Hi, would you make this also as a downloadable and on-premise version to run on my own homelab? That would be cool!

I doubt it would make sense for them to do it. Most of the heavy lifting is from the controller which you could run anyway on prem and for FREE.

The cloud deployment AFAIK would allow for better multi-tenant management, and SaaSifying the management experience.

From personal experience, running the controller on a Pi in your home network is good enough for most scenarios. Plus if you want to customize, you can poke around the APIs and wire up what you want. It's pretty powerful once you get the hang of it, and there are some fabulous libraries available thanks to community contributions on Github.

This seems like a weird product, considering its just a single-use VPS. If you're using a DC with NPS (or not, just plain ol PSK) in the sky, your ubiquiti controller just goes on there anyway.

Some clients just allow access via site-to-site vpns. Seems like a better solution than paying for a VPS to host free software

Fair point..."free" often means "without regard for time" however. Even though I don't have a use for this one, I pay for various services which I could do/run myself, because I only have 24 hours a day.

I've been running my controller on a raspberry pi for a few years without any issues

I'd like to move mine to a Pi, but I'm a little concerned about storage. Do you store the controller database on the internal SD card or do you have it on a more robust external/network storage device?

Store everything on the SD card but make sure to create a backup image, just in case.

I've been running one in AWS on a micro instance and I don't like running it. I'd have paid for this had I seen it when I was doing this.

This is a great passive income type of business.

Here's a nearly identical version that a number of folks use: https://hostifi.net/

Thanks for the mention! It's certainly not passive though (like I thought it was going to be when I started it lol), I'm working on it 40+ hours/week and just hired our first support engineer, Safwan. He used to work for Ubiquiti support for 2 years before he joined this month. We've got over 25,000 Ubiquiti devices connected across ~600 servers. The daily work involves helping people with support questions, demos, migrations, testing UniFi updates, rolling them out to the servers, setting up SSL certs, and developing new features. We're working on a new website currently as well.

Cool. Nice little business you build there :)

ubiquity are totally going to find a way to block this.

If they did, they'll have to stop offering the controller for free, but that would really hurty their SMB/Enterprise adoption.

Look good

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact