Unifi Network Controller on Azure

· 692 words · 4 minute read
azure · networking · unifi · infrastructure · wireless

Unifi Networking with the controller hosted on Azure - a simple and powerful approach to a Home Network.

Objectives

In this post I’ll show how to deploy a Unifi Network Controller on Microsoft Azure Cloud. The main goal of this effort was to have a lightweight, efficient but yet very capable home network. In order to do so, the number of boxes required on-prem is kept to the bare minimum. The only devices that remained on-prem are a compact PoE Router (Unifi Edge Router PoE) as well as three Unifi Access Points (two pros and one light). This ensures minimal power consumption (still to be measured) as well as a simplified setup. Fortunately there is a fiber connection as uplink, so the wireless setup is required to provide optimal coverage and perfomance to get the most out of the 250/100mbit connection.

Goals

  • Minimum number of boxes required
  • Energy efficient
  • High performance
  • Easy to manage
  • Modern and cool :-)

First things first - the Azure resources have to be deployed. There is an excellent post in the Unifi-forum. Bottom line is the following code to deploy the required resources:

az group create --name Unifi-RG --location EastUS  
az network nsg create --resource-group Unifi-RG --name Unifi-Controller-NSG 
az network nsg rule create --resource-group Unifi-RG --nsg-name Unifi-Controller-NSG --name unifi-http --protocol tcp --priority 1000 --destination-port-ranges 80 8443 8880 8843 --access allow 
az network nsg rule create --resource-group Unifi-RG --nsg-name Unifi-Controller-NSG --name unifi-inform --protocol tcp --priority 1001 --destination-port-ranges 8080 --access allow 
az network nsg rule create --resource-group Unifi-RG --nsg-name Unifi-Controller-NSG --name unifi-stun --protocol udp --priority 1002 --destination-port-ranges 3478 --access allow 
az network nsg rule create --resource-group Unifi-RG --nsg-name Unifi-Controller-NSG --name unifi-throughput --protocol tcp --priority 1003 --destination-port-ranges 6789 --access allow 
az network nsg rule create --resource-group Unifi-RG --nsg-name Unifi-Controller-NSG --name ssh --protocol tcp --priority 1004 --destination-port-ranges 22 --access allow  
az vm create --resource-group Unifi-RG \
--name unifi-controller \
--location EastUS \
--image UbuntuLTS \
--generate-ssh-keys \
--size Standard_B1s \
--nsg Unifi-Controller-NSG \
--public-ip-address-allocation static.

It creates the resource group, the VM, a NSG and allows the required ports for the controller to communicate with the APs and be accessed externally. This is the high level design with the Azure and on-prem resources:

High level Design

Once the Azure resources are up and running, you can access the VM via SSH. Glenn R. has created an awesome script to install the Unifi Controller Software: https://community.ui.com/questions/UniFi-Installation-Scripts-or-UniFi-Easy-Update-Script-or-UniFi-Lets-Encrypt-or-Ubuntu-16-04-18-04-/ccbc7530-dd61-40a7-82ec-22b17f027776

Once sshd into the VM, I used Glenn’s script to install the Controller:

wget https://get.glennr.nl/unifi/install/install_latest/unifi-latest.sh && bash unifi-latest.sh

When the installation is completed, the Controller can be accessed via https://ip.of.your.server:8443.

If everything went well the Controller should be up and running under its respective public IP. DNS is nice but not a must here.

Et voila there it is:

The Controller is now ready to adopt the Unifi hardware. Obviously the Controller is not in the same Subnet as the APs. Therefore the APs have to be informed about how to reach the Controller. A comprehensive description of the different adoption-methods can be found in the unifi-help.

It seems the easiest way here is to just ssh into each AP prior to adoption and do the following:

sudo syswrapper.sh restore-default
set-inform http://ip-of-controller:8080/inform
  • The AP is resetted to factory defaults and
  • knows where to find the Controller for adoption

Yapp, there we go, the APs are adopted and up and running. I will not go over the entire Unifi configuration in this post - it’s well documented by Unifi.

Pretty cool is that the Network can now be managed using the Unifi IOS-App:

I’m pretty happy with the Unifi Hardware. The performance numbers with our 250/100mbit fiber speak for themselves.

The roaming works awesome and with two SSIDs covering 5 and 2.4Ghz the performance and coverage is outstanding.

Wrapup

The goal of a minimal setup has been achieved. No unnessecary boxes on-prem - but outstanding performance and good manageability. In a future post I’ll investigate the options to save resources within Azure in this setup. I have to admit that momentarily I have some credit within my Azure subscription - so until now I did not worry about that. Long-term goal would be to have the most efficient setup possible.

Share