This past week I was called upon to make some upgrades to our wireless buildout at my company’s corporate office. Some quick background: that office supports a user base of about seven people day to day, but because most of our workforce is remote, there can be signficantly more on-site at times. This past week, we had several out-of-towners around (including myself and my boss), so things were under more stress than usual.
Anyway, the first day I was on site my boss (who is technical but not from a systems/networking perspective) noticed a signficant difference in Internet performance between wireless and wired connections at the home office. We use Skype pretty extensively for video chat, so if somebody has a marginal Internet connection it tends to get noticed pretty quickly. I ran some additional tests and found that being on wireless was cutting performance of the Internet connection by almost 50% (let alone the effect on local performance, though there are very few local services). After hours, I re-ran my tests and found that things were pretty much back to normal. Okay, seems like a load issue.
We also had some (comparatively minor) signal strength issues in parts of the office (which was frustrating given it’s small size). I had also been dealing with a compatibility issue between the existing access point (built into our Sonicwall TZ205W firewall) and the Intel wireless cards on a pair of Lenovo X220 laptops that was causing their connections to drop periodically, requiring the wireless card to be disabled and re-enabled in order to get things going again. Because I’m remote, I had temporarily re-enabled the access point built into our Cisco UC320W PBX for the two affected people to use until I could investigate. The two units are right next to each other in the rack, so I have little doubt crowding the spectrum even more was unhelpful.
My boss was putting some pressure on me to deal with the issues in some fashion, and I was not overly happy with the existing wireless infrastructure. Given the signal strength issues, it seemed like a second or third AP would be a good idea. I looked into a couple of different options. First on my list was adding SonicPoints (Dell-Sonicwall’s standalone AP solution). That got discarded quickly because I needed them the next day and I didn’t have access to a vendor with both stock and an appropriate shipping commitment. (Side note: I wish Dell would better integrate Sonicwall purchasing into their direct ordering chain. When I bought the initial firewall, I had to figure out where the Sonicwall store was hidden on their site, and it didn’t even ship from Dell – it was dropshipped from Ingram Micro.)
I also looked at Meraki (same issue) before I came to Ubiquiti. I had heard of them before, and the buzz on Reddit (r/sysadmin and r/networking) was mostly positive. To boot, I could get a 3 pack kit from Amazon overnighted for just over $200. (It’s no substitute for a good IT vendor like CDW or MoreDirect, but Amazon Prime is *amazing* for certain things. We’ve saved buckets of money on shipping because of it.) I went ahead and ordered the basic kit – 3 of their standard model access points, mounting hardware and PoE injectors. As promised, it arrived the next day.
Setup was almost totally painless – the hardest part was figuring out where to put the access points . Note that the UniFi uses a non-standard PoE standard, so if you already have PoE on your network, you’ll need to get their adapter. I didn’t have PoE at this office, so no problem. I set up the injectors on the correct run (thank goodness I had everything well documented and labeled!), put out the access points and installed the controller software.
The other quirk here is said controller software – rather than having a web interface, the UniFi uses a Java app installed on a Windows or Mac PC (no Linux support I could find, though I also haven’t tried) to configure the access points. The machine running the controller software will also act as the Web server if you elect to use a captive portal for a guest network. This was the first little hitch I ran into – I didn’t have a suitable machine! I have no servers on site (or with direct connectivity), and because of our legacy as a remote company, everybody uses laptops. I did some quick digging on Ubiquiti’s site and found that I was okay after all. Once a config is applied, the controller machine isn’t necessary unless you are using a captive portal. The APs will go into a standalone mode and keep their config indefinitely.
Knowing that, I went ahead and used my laptop for now (we’ll eventually have at least a minimal server infrastructure there, for a domain controller, and I will move it at that point). The software is pretty slick – I was immediately prompted to upload a floorplan for the office (if I had one, which I did). I was then able to place the access points on the map, exactly where they were in the office. If you were managing a sizable deployment, it seems like that would be super handy.
I quickly configured a pair of networks, for employees and guests and was able to jump right on from a test machine. That’s about the extent of the testing I’ve done so far – I don’t yet have any employees on the new network (which will happen soon), but it seems to work well. I saw signficantly better performance than through the Sonicwall, though still less than I would have liked (project for later, I guess!).
My initial impressions of the UniFi platform are very positive:
- Inexpensive and widely available.
- Popular (easy to get help if needed)
- Scalable (I could add additional APs as easily as plugging them in and adding them to the network via the management controller).
- Lots of features (captive portal, etc)
The big cons I see thus far (not many):
- Non-standard PoE requires adapters if you already have a PoE investment
- No Linux support for management interface
- Requires an always-on machine for captive portal functionality (which most people probably already have anyway).
I’ll update as I play with them more and my impressions change.