The UDM Pro, My thoughts and overview

The Ubiquiti Dream Machine Pro

The big brother to the normal “Dream Machine” is a much more serious device It's rack mountable after all… It's been around long enough to gather some ideas about where this machine would sit and in what situation…

What is it?

It's a firewall or gateway device for your network .. Ubiquiti describe it as:

All-in-one enterprise security gateway & network appliance for small to medium-sized businesses. 

So let's get our feet wet.

Like the UDM ( Dream Machine ) The Pro includes the Unifi Controller Running Locally. It actually includes all the controllers such as Protect The other two are still beta so we can't talk about them but it also means that in reality they don't exist as a product yet.

The Unifi Controller is the brains and management console for the whole network, by inciding it on this machine you don't need a cloud key or an external server to run it really convenient and the inclusion of Protect for Security Camera Recording puts everything into one device.

While the UDM includes an access point, the UDM Pro Doesn't which makes sense when it is meant for a rack.

Specs

This machine is a beast - with 10G Connections on both the LAN and WAN. 

  • 1.7Ghz quad Core - 4G Ram
  • Dual 1Gbs RJ45 and 10G SPF+ WAN with Failover.
  • 10G SPF+ LAN,
  • 8 Port switch.
  • 3.5" HDD Bay ( for Protect )

The version of the Unifi Controller is a little different then the version for Network install or Cloud key variants and comes with a couple of extra features, 

And it's more than capable of having DPI and IDS/IPS enabled without causing to much of a performance hit.

It also runs the new UniFi OS; and cloud management functionality. 

Vs The Dream Machine

Both of these devices are in the same family the three differences are:

  1. The Pro Is Way Faster.
  2. The UDM has an integrated access point
  3. The Pro includes protect.

This is simply a case of needs and use case, Do you need Protect? or the extra expense of switches and access points to go with it. The non PRO variant though just has a better “Fit”

Vs the USG (Unified Security Gateway)

The old reliable USG and USG PRO 4 are getting a bit long in the tooth, but they still perform great and they are still being updated and maintained.

They also have the advantage of functionality and you can do a lot more with them due to the history of the firmware and how the underlying operating system came about. Of course with the USG you need a seperate controller, with Both the UDM variants it's built into one device.

The downside is that the USG doesn't have the performance that many internet connections require.

I'm going to say this now, If you have a USG, with a cloud Key+ or Network controller and you don't need the extra network performance then - as of the time of publishing it's not worth replacing them I fully expect that to change though.

Thoughts

The UDM Pro Is a nice device, But ….

  • The way the switch is handled, means you probably won't want to use it.
  • It's NOT POE… which is a good thing..
  • Running the controller locally.. It's not multi-site. And you can't use a different controller install.
  • Running the controller on your edge device isn't best security practice.
  • Protect is running on a single Hard Drive
  • It's missing features that will probably come but likely to late.
  • The fail-over is only on the internet connection.

Who is it for?

I've recommended the UDM in some situations, It works great in a home setting providing a professional network, and it looks smart too…. 

If you want Protect or you know you will have dedicated access points then the UDM Pro is worth considering, but don't rule out the USG Pro 4 just yet. 

It's Software really

It's not the device that as a Managed Service Provider i would want them to make and the change in operating system has caused a few problems. But i believe it's an investment in the future. The initial teething problems have largely been resolved but until it has feature parity with the USG it's hard to see where this is going.

But it's all software and software takes time so we need to let it grow up a bit… it's still young but i would buy one. Deploy? 

It could have been amazing if only…

Just in case you're wondering what i would have done differently….

  • Lose the switch
  • Lose the Hard drive.
  • 4 SFP+ Ports assignable as LAN or WAN
  • Remotely adoptable.

The rest is software… So it's a wait and see… And when i can justify getting one for testing we'll go more in depth.